C#: Remove some false positives and add more true positives for cs/invalid-string-format.

Author: michaelnebel

csharp/ql/lib/semmle/code/csharp/frameworks/Format.qll

@@ -41,6 +41,7 @@ private class StringAndStringBuilderFormatMethods extends FormatMethod {
 private class SystemConsoleAndSystemIoTextWriterFormatMethods extends FormatMethod {
   SystemConsoleAndSystemIoTextWriterFormatMethods() {
     this.getParameter(0).getType() instanceof StringType and
+    this.getNumberOfParameters() > 1 and
     exists(Class declType | declType = this.getDeclaringType() |
       this.hasName(["Write", "WriteLine"]) and
       (
@@ -67,6 +68,7 @@ private class SystemDiagnosticsDebugAssert extends FormatMethod {
 private class SystemDiagnosticsFormatMethods extends FormatMethod {
   SystemDiagnosticsFormatMethods() {
     this.getParameter(0).getType() instanceof StringType and
+    this.getNumberOfParameters() > 1 and
     exists(Class declType |
       declType = this.getDeclaringType() and
       declType.getNamespace().getFullName() = "System.Diagnostics"

csharp/ql/src/API Abuse/FormatInvalid.ql

@@ -29,7 +29,6 @@ private predicate invalidFormatString(
   source.getNode().asExpr() = src and
   sink.getNode().asExpr() = call.getFormatExpr() and
   FormatInvalid::flowPath(source, sink) and
-  call.hasInsertions() and
   msg = "Invalid format string used in $@ formatting call." and
   callString = "this"
 }