C#: Update Sqlinjection test query output with new results.

michaelnebel · michaelnebel · commit 344770f06ac2 · 2022-08-10T11:08:27.000+02:00
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjection.expected
@@ -5,6 +5,10 @@ edges
 | SqlInjection.cs:68:33:68:52 | access to property Text : String | SqlInjection.cs:69:56:69:61 | access to local variable query1 |
 | SqlInjection.cs:68:33:68:52 | access to property Text : String | SqlInjection.cs:70:55:70:60 | access to local variable query1 |
 | SqlInjection.cs:82:21:82:29 | access to property Text : String | SqlInjection.cs:83:50:83:55 | access to local variable query1 |
+| SqlInjection.cs:92:21:92:29 | access to property Text : String | SqlInjection.cs:93:42:93:52 | access to local variable queryString |
+| SqlInjection.cs:92:21:92:29 | access to property Text : String | SqlInjection.cs:93:42:93:52 | access to local variable queryString : String |
+| SqlInjection.cs:93:27:93:53 | object creation of type SqlCommand : SqlCommand | SqlInjection.cs:94:50:94:52 | access to local variable cmd |
+| SqlInjection.cs:93:42:93:52 | access to local variable queryString : String | SqlInjection.cs:93:27:93:53 | object creation of type SqlCommand : SqlCommand |
 | SqlInjectionDapper.cs:20:86:20:94 | access to property Text : String | SqlInjectionDapper.cs:21:55:21:59 | access to local variable query |
 | SqlInjectionDapper.cs:29:86:29:94 | access to property Text : String | SqlInjectionDapper.cs:30:66:30:70 | access to local variable query |
 | SqlInjectionDapper.cs:38:86:38:94 | access to property Text : String | SqlInjectionDapper.cs:39:63:39:67 | access to local variable query |
@@ -13,7 +17,10 @@ edges
 | SqlInjectionDapper.cs:66:86:66:94 | access to property Text : String | SqlInjectionDapper.cs:67:42:67:46 | access to local variable query |
 | SqlInjectionDapper.cs:75:86:75:94 | access to property Text : String | SqlInjectionDapper.cs:77:52:77:56 | access to local variable query |
 | SqlInjectionSqlite.cs:17:51:17:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:17:51:17:68 | access to property Text |
+| SqlInjectionSqlite.cs:22:23:22:71 | object creation of type SQLiteCommand : SQLiteCommand | SqlInjectionSqlite.cs:42:45:42:47 | access to local variable cmd |
 | SqlInjectionSqlite.cs:22:41:22:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:22:41:22:58 | access to property Text |
+| SqlInjectionSqlite.cs:22:41:22:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:22:41:22:58 | access to property Text : String |
+| SqlInjectionSqlite.cs:22:41:22:58 | access to property Text : String | SqlInjectionSqlite.cs:22:23:22:71 | object creation of type SQLiteCommand : SQLiteCommand |
 | SqlInjectionSqlite.cs:31:49:31:61 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:31:49:31:66 | access to property Text |
 | SqlInjectionSqlite.cs:37:45:37:57 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:37:45:37:62 | access to property Text |
 nodes
@@ -26,6 +33,11 @@ nodes
 | SqlInjection.cs:70:55:70:60 | access to local variable query1 | semmle.label | access to local variable query1 |
 | SqlInjection.cs:82:21:82:29 | access to property Text : String | semmle.label | access to property Text : String |
 | SqlInjection.cs:83:50:83:55 | access to local variable query1 | semmle.label | access to local variable query1 |
+| SqlInjection.cs:92:21:92:29 | access to property Text : String | semmle.label | access to property Text : String |
+| SqlInjection.cs:93:27:93:53 | object creation of type SqlCommand : SqlCommand | semmle.label | object creation of type SqlCommand : SqlCommand |
+| SqlInjection.cs:93:42:93:52 | access to local variable queryString | semmle.label | access to local variable queryString |
+| SqlInjection.cs:93:42:93:52 | access to local variable queryString : String | semmle.label | access to local variable queryString : String |
+| SqlInjection.cs:94:50:94:52 | access to local variable cmd | semmle.label | access to local variable cmd |
 | SqlInjectionDapper.cs:20:86:20:94 | access to property Text : String | semmle.label | access to property Text : String |
 | SqlInjectionDapper.cs:21:55:21:59 | access to local variable query | semmle.label | access to local variable query |
 | SqlInjectionDapper.cs:29:86:29:94 | access to property Text : String | semmle.label | access to property Text : String |
@@ -42,18 +54,23 @@ nodes
 | SqlInjectionDapper.cs:77:52:77:56 | access to local variable query | semmle.label | access to local variable query |
 | SqlInjectionSqlite.cs:17:51:17:63 | access to field untrustedData : TextBox | semmle.label | access to field untrustedData : TextBox |
 | SqlInjectionSqlite.cs:17:51:17:68 | access to property Text | semmle.label | access to property Text |
+| SqlInjectionSqlite.cs:22:23:22:71 | object creation of type SQLiteCommand : SQLiteCommand | semmle.label | object creation of type SQLiteCommand : SQLiteCommand |
 | SqlInjectionSqlite.cs:22:41:22:53 | access to field untrustedData : TextBox | semmle.label | access to field untrustedData : TextBox |
 | SqlInjectionSqlite.cs:22:41:22:58 | access to property Text | semmle.label | access to property Text |
+| SqlInjectionSqlite.cs:22:41:22:58 | access to property Text : String | semmle.label | access to property Text : String |
 | SqlInjectionSqlite.cs:31:49:31:61 | access to field untrustedData : TextBox | semmle.label | access to field untrustedData : TextBox |
 | SqlInjectionSqlite.cs:31:49:31:66 | access to property Text | semmle.label | access to property Text |
 | SqlInjectionSqlite.cs:37:45:37:57 | access to field untrustedData : TextBox | semmle.label | access to field untrustedData : TextBox |
 | SqlInjectionSqlite.cs:37:45:37:62 | access to property Text | semmle.label | access to property Text |
+| SqlInjectionSqlite.cs:42:45:42:47 | access to local variable cmd | semmle.label | access to local variable cmd |
 subpaths
 #select
 | SqlInjection.cs:34:50:34:55 | access to local variable query1 | SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | SqlInjection.cs:34:50:34:55 | access to local variable query1 | Query might include code from $@. | SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | this ASP.NET user input |
 | SqlInjection.cs:69:56:69:61 | access to local variable query1 | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | SqlInjection.cs:69:56:69:61 | access to local variable query1 | Query might include code from $@. | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | this ASP.NET user input |
 | SqlInjection.cs:70:55:70:60 | access to local variable query1 | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | SqlInjection.cs:70:55:70:60 | access to local variable query1 | Query might include code from $@. | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | this ASP.NET user input |
 | SqlInjection.cs:83:50:83:55 | access to local variable query1 | SqlInjection.cs:82:21:82:29 | access to property Text : String | SqlInjection.cs:83:50:83:55 | access to local variable query1 | Query might include code from $@. | SqlInjection.cs:82:21:82:29 | access to property Text : String | this TextBox text |
+| SqlInjection.cs:93:42:93:52 | access to local variable queryString | SqlInjection.cs:92:21:92:29 | access to property Text : String | SqlInjection.cs:93:42:93:52 | access to local variable queryString | Query might include code from $@. | SqlInjection.cs:92:21:92:29 | access to property Text : String | this TextBox text |
+| SqlInjection.cs:94:50:94:52 | access to local variable cmd | SqlInjection.cs:92:21:92:29 | access to property Text : String | SqlInjection.cs:94:50:94:52 | access to local variable cmd | Query might include code from $@. | SqlInjection.cs:92:21:92:29 | access to property Text : String | this TextBox text |
 | SqlInjectionDapper.cs:21:55:21:59 | access to local variable query | SqlInjectionDapper.cs:20:86:20:94 | access to property Text : String | SqlInjectionDapper.cs:21:55:21:59 | access to local variable query | Query might include code from $@. | SqlInjectionDapper.cs:20:86:20:94 | access to property Text : String | this TextBox text |
 | SqlInjectionDapper.cs:30:66:30:70 | access to local variable query | SqlInjectionDapper.cs:29:86:29:94 | access to property Text : String | SqlInjectionDapper.cs:30:66:30:70 | access to local variable query | Query might include code from $@. | SqlInjectionDapper.cs:29:86:29:94 | access to property Text : String | this TextBox text |
 | SqlInjectionDapper.cs:39:63:39:67 | access to local variable query | SqlInjectionDapper.cs:38:86:38:94 | access to property Text : String | SqlInjectionDapper.cs:39:63:39:67 | access to local variable query | Query might include code from $@. | SqlInjectionDapper.cs:38:86:38:94 | access to property Text : String | this TextBox text |
@@ -65,3 +82,4 @@ subpaths
 | SqlInjectionSqlite.cs:22:41:22:58 | access to property Text | SqlInjectionSqlite.cs:22:41:22:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:22:41:22:58 | access to property Text | Query might include code from $@. | SqlInjectionSqlite.cs:22:41:22:53 | access to field untrustedData : TextBox | this ASP.NET user input |
 | SqlInjectionSqlite.cs:31:49:31:66 | access to property Text | SqlInjectionSqlite.cs:31:49:31:61 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:31:49:31:66 | access to property Text | Query might include code from $@. | SqlInjectionSqlite.cs:31:49:31:61 | access to field untrustedData : TextBox | this ASP.NET user input |
 | SqlInjectionSqlite.cs:37:45:37:62 | access to property Text | SqlInjectionSqlite.cs:37:45:37:57 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:37:45:37:62 | access to property Text | Query might include code from $@. | SqlInjectionSqlite.cs:37:45:37:57 | access to field untrustedData : TextBox | this ASP.NET user input |
+| SqlInjectionSqlite.cs:42:45:42:47 | access to local variable cmd | SqlInjectionSqlite.cs:22:41:22:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:42:45:42:47 | access to local variable cmd | Query might include code from $@. | SqlInjectionSqlite.cs:22:41:22:53 | access to field untrustedData : TextBox | this ASP.NET user input |
