github
diff --git a/‎csharp/ql/lib/change-notes/2024-07-19-added-sources.md
Lines changed: 4 additions & 0 deletions b/‎csharp/ql/lib/change-notes/2024-07-19-added-sources.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎csharp/ql/lib/ext/System.Configuration.model.yml
Lines changed: 5 additions & 0 deletions b/‎csharp/ql/lib/ext/System.Configuration.model.yml
Lines changed: 5 additions & 0 deletions
diff --git a/‎csharp/ql/lib/ext/System.Diagnostics.model.yml
Lines changed: 5 additions & 0 deletions b/‎csharp/ql/lib/ext/System.Diagnostics.model.yml
Lines changed: 5 additions & 0 deletions
diff --git a/‎csharp/ql/lib/ext/System.model.yml
Lines changed: 5 additions & 0 deletions b/‎csharp/ql/lib/ext/System.model.yml
Lines changed: 5 additions & 0 deletions
diff --git a/‎csharp/ql/lib/ext/generated/Microsoft.Android.Build.Ndk.model.yml
Lines changed: 5 additions & 0 deletions b/‎csharp/ql/lib/ext/generated/Microsoft.Android.Build.Ndk.model.yml
Lines changed: 5 additions & 0 deletions
diff --git a/‎csharp/ql/lib/ext/generated/Microsoft.Extensions.Configuration.UserSecrets.model.yml
Lines changed: 5 additions & 0 deletions b/‎csharp/ql/lib/ext/generated/Microsoft.Extensions.Configuration.UserSecrets.model.yml
Lines changed: 5 additions & 0 deletions
diff --git a/‎csharp/ql/lib/ext/generated/Microsoft.Extensions.DependencyModel.Resolution.model.yml
Lines changed: 5 additions & 0 deletions b/‎csharp/ql/lib/ext/generated/Microsoft.Extensions.DependencyModel.Resolution.model.yml
Lines changed: 5 additions & 0 deletions
diff --git a/‎csharp/ql/lib/ext/generated/System.Collections.Generic.model.yml
Lines changed: 4 additions & 1 deletion b/‎csharp/ql/lib/ext/generated/System.Collections.Generic.model.yml
Lines changed: 4 additions & 1 deletion
diff --git a/‎csharp/ql/lib/ext/generated/System.IO.model.yml
Lines changed: 5 additions & 0 deletions b/‎csharp/ql/lib/ext/generated/System.IO.model.yml
Lines changed: 5 additions & 0 deletions
diff --git a/‎csharp/ql/lib/ext/generated/System.Net.Http.model.yml
Lines changed: 0 additions & 8 deletions b/‎csharp/ql/lib/ext/generated/System.Net.Http.model.yml
Lines changed: 0 additions & 8 deletions
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added some new `local` source models. Most prominently `System.IO.Path.GetTempPath` and `System.Environment.GetFolderPath`. This might produce more alerts, if the `local` threat model is enabled.
@@ -15,3 +15,8 @@ extensions:
       - ["System.Configuration", "SettingElementCollection", False, "Clear", "()", "", "Argument[this].WithoutElement", "Argument[this]", "value", "manual"]
       - ["System.Configuration", "SettingsPropertyCollection", False, "Clear", "()", "", "Argument[this].WithoutElement", "Argument[this]", "value", "manual"]
       - ["System.Configuration", "SettingsPropertyValueCollection", False, "Clear", "()", "", "Argument[this].WithoutElement", "Argument[this]", "value", "manual"]
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: neutralModel
+    data:
+      - ["System.Configuration", "ApplicationSettingsBase", "GetPreviousVersion", "(System.String)", "source", "manual"]
@@ -22,3 +22,8 @@ extensions:
       - ["System.Diagnostics", "TraceListenerCollection", False, "get_Item", "(System.Int32)", "", "Argument[this].Element", "ReturnValue", "value", "manual"]
       - ["System.Diagnostics", "TraceListenerCollection", False, "get_Item", "(System.String)", "", "Argument[this].Element", "ReturnValue", "value", "manual"]
       - ["System.Diagnostics", "TraceListenerCollection", False, "set_Item", "(System.Int32,System.Diagnostics.TraceListener)", "", "Argument[1]", "Argument[this].Element", "value", "manual"]
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: neutralModel
+    data:
+      - ["System.Diagnostics", "Process", "get_ProcessName", "()", "source", "manual"]
@@ -870,3 +870,8 @@ extensions:
       - ["System", "ValueTuple<T1,T2>", False, "get_Item", "(System.Int32)", "", "Argument[this].Field[System.ValueTuple`2.Item2]", "ReturnValue", "value", "manual"]
       - ["System", "ValueTuple<T1>", False, "ValueTuple", "(T1)", "", "Argument[0]", "Argument[this].Field[System.ValueTuple`1.Item1]", "value", "manual"]
       - ["System", "ValueTuple<T1>", False, "get_Item", "(System.Int32)", "", "Argument[this].Field[System.ValueTuple`1.Item1]", "ReturnValue", "value", "manual"]
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: neutralModel
+    data:
+      - ["System", "Environment", "get_SystemDirectory", "()", "source", "manual"]
@@ -13,6 +13,11 @@ extensions:
       - ["Microsoft.Android.Build.Ndk", "NdkTools", False, "get_ToolPrefixPath", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
       - ["Microsoft.Android.Build.Ndk", "NdkVersion", False, "NdkVersion", "(System.String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
       - ["Microsoft.Android.Build.Ndk", "NdkVersion", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: sourceModel
+    data:
+      - ["Microsoft.Android.Build.Ndk", "Ndk", False, "get_NdkPath", "()", "", "ReturnValue", "environment", "df-generated"]
   - addsTo:
       pack: codeql/csharp-all
       extensible: neutralModel
 
@@ -5,6 +5,11 @@ extensions:
       extensible: summaryModel
     data:
       - ["Microsoft.Extensions.Configuration.UserSecrets", "PathHelper", False, "GetSecretsPathFromSecretsId", "(System.String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: sourceModel
+    data:
+      - ["Microsoft.Extensions.Configuration.UserSecrets", "PathHelper", False, "GetSecretsPathFromSecretsId", "(System.String)", "", "ReturnValue", "environment", "df-generated"]
   - addsTo:
       pack: codeql/csharp-all
       extensible: neutralModel
 
@@ -7,6 +7,11 @@ extensions:
       - ["Microsoft.Extensions.DependencyModel.Resolution", "CompositeCompilationAssemblyResolver", False, "CompositeCompilationAssemblyResolver", "(Microsoft.Extensions.DependencyModel.Resolution.ICompilationAssemblyResolver[])", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"]
       - ["Microsoft.Extensions.DependencyModel.Resolution", "ICompilationAssemblyResolver", True, "TryResolveAssemblyPaths", "(Microsoft.Extensions.DependencyModel.CompilationLibrary,System.Collections.Generic.List<System.String>)", "", "Argument[0]", "Argument[1].Element", "taint", "df-generated"]
       - ["Microsoft.Extensions.DependencyModel.Resolution", "ICompilationAssemblyResolver", True, "TryResolveAssemblyPaths", "(Microsoft.Extensions.DependencyModel.CompilationLibrary,System.Collections.Generic.List<System.String>)", "", "Argument[this]", "Argument[1].Element", "taint", "df-generated"]
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: sourceModel
+    data:
+      - ["Microsoft.Extensions.DependencyModel.Resolution", "DotNetReferenceAssembliesPathResolver", False, "Resolve", "()", "", "ReturnValue", "environment", "df-generated"]
   - addsTo:
       pack: codeql/csharp-all
       extensible: neutralModel
 
@@ -13,6 +13,10 @@ extensions:
       - ["System.Collections.Generic", "CollectionExtensions", False, "GetRuntimeAssets", "(System.Collections.Generic.IEnumerable<Microsoft.Extensions.DependencyModel.RuntimeAssetGroup>,System.String)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
       - ["System.Collections.Generic", "CollectionExtensions", False, "GetRuntimeFileAssets", "(System.Collections.Generic.IEnumerable<Microsoft.Extensions.DependencyModel.RuntimeAssetGroup>,System.String)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
       - ["System.Collections.Generic", "CollectionExtensions", False, "GetRuntimeGroup", "(System.Collections.Generic.IEnumerable<Microsoft.Extensions.DependencyModel.RuntimeAssetGroup>,System.String)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
+      - ["System.Collections.Generic", "CollectionExtensions", False, "GetValueOrDefault<TKey,TValue>", "(System.Collections.Generic.IReadOnlyDictionary<TKey,TValue>,TKey)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
+      - ["System.Collections.Generic", "CollectionExtensions", False, "GetValueOrDefault<TKey,TValue>", "(System.Collections.Generic.IReadOnlyDictionary<TKey,TValue>,TKey)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
+      - ["System.Collections.Generic", "CollectionExtensions", False, "GetValueOrDefault<TKey,TValue>", "(System.Collections.Generic.IReadOnlyDictionary<TKey,TValue>,TKey,TValue)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
+      - ["System.Collections.Generic", "CollectionExtensions", False, "GetValueOrDefault<TKey,TValue>", "(System.Collections.Generic.IReadOnlyDictionary<TKey,TValue>,TKey,TValue)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
       - ["System.Collections.Generic", "CollectionExtensions", False, "GetValueOrDefault<TKey,TValue>", "(System.Collections.Generic.IReadOnlyDictionary<TKey,TValue>,TKey,TValue)", "", "Argument[2]", "ReturnValue", "taint", "df-generated"]
       - ["System.Collections.Generic", "CollectionExtensions", False, "Remove<TKey,TValue>", "(System.Collections.Generic.IDictionary<TKey,TValue>,TKey,TValue)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
       - ["System.Collections.Generic", "CollectionExtensions", False, "TryAdd<TKey,TValue>", "(System.Collections.Generic.IDictionary<TKey,TValue>,TKey,TValue)", "", "Argument[0].Element", "Argument[2]", "taint", "df-generated"]
@@ -139,7 +143,6 @@ extensions:
       - ["System.Collections.Generic", "ByteEqualityComparer", "GetHashCode", "()", "summary", "df-generated"]
       - ["System.Collections.Generic", "ByteEqualityComparer", "GetHashCode", "(System.Byte)", "summary", "df-generated"]
       - ["System.Collections.Generic", "CollectionExtensions", "AddRange<T>", "(System.Collections.Generic.List<T>,System.ReadOnlySpan<T>)", "summary", "df-generated"]
-      - ["System.Collections.Generic", "CollectionExtensions", "GetValueOrDefault<TKey,TValue>", "(System.Collections.Generic.IReadOnlyDictionary<TKey,TValue>,TKey)", "summary", "df-generated"]
       - ["System.Collections.Generic", "CollectionExtensions", "InsertRange<T>", "(System.Collections.Generic.List<T>,System.Int32,System.ReadOnlySpan<T>)", "summary", "df-generated"]
       - ["System.Collections.Generic", "Comparer<T>", "Compare", "(System.Object,System.Object)", "summary", "df-generated"]
       - ["System.Collections.Generic", "Comparer<T>", "Compare", "(T,T)", "summary", "df-generated"]
 
@@ -247,6 +247,11 @@ extensions:
       - ["System.IO", "UnmanagedMemoryStream", False, "UnmanagedMemoryStream", "(System.Byte*,System.Int64,System.Int64,System.IO.FileAccess)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
       - ["System.IO", "UnmanagedMemoryStream", False, "UnmanagedMemoryStream", "(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
       - ["System.IO", "UnmanagedMemoryStream", False, "UnmanagedMemoryStream", "(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64,System.IO.FileAccess)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: sourceModel
+    data:
+      - ["System.IO", "Path", False, "GetTempPath", "()", "", "ReturnValue", "environment", "df-generated"]
   - addsTo:
       pack: codeql/csharp-all
       extensible: neutralModel
 
@@ -65,14 +65,6 @@ extensions:
       - ["System.Net.Http", "SocketsHttpPlaintextStreamFilterContext", False, "get_PlaintextStream", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
       - ["System.Net.Http", "StreamContent", False, "StreamContent", "(System.IO.Stream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
       - ["System.Net.Http", "StreamContent", False, "StreamContent", "(System.IO.Stream,System.Int32)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
-  - addsTo:
-      pack: codeql/csharp-all
-      extensible: sinkModel
-    data:
-      - ["System.Net.Http", "StringContent", False, "StringContent", "(System.String)", "", "Argument[0]", "js-injection", "df-generated"]
-      - ["System.Net.Http", "StringContent", False, "StringContent", "(System.String,System.Net.Http.Headers.MediaTypeHeaderValue)", "", "Argument[0]", "js-injection", "df-generated"]
-      - ["System.Net.Http", "StringContent", False, "StringContent", "(System.String,System.Text.Encoding)", "", "Argument[0]", "js-injection", "df-generated"]
-      - ["System.Net.Http", "StringContent", False, "StringContent", "(System.String,System.Text.Encoding,System.String)", "", "Argument[0]", "js-injection", "df-generated"]
   - addsTo:
       pack: codeql/csharp-all
       extensible: neutralModel
-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* Added some new `local` source models. Most prominently `System.IO.Path.GetTempPath` and `System.Environment.GetFolderPath`. This might produce more alerts, if the `local` threat model is enabled.