Fix test expectations

egregius313 · egregius313 · commit 45e1be875c18 · 2024-03-01T12:52:00.000-05:00
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected b/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected
@@ -5,4 +5,4 @@ nodes
 | StoredXSS.cs:22:60:22:86 | call to method GetString : String | semmle.label | call to method GetString : String |
 subpaths
 #select
-| StoredXSS.cs:22:44:22:86 | ... + ... | StoredXSS.cs:22:60:22:86 | call to method GetString : String | StoredXSS.cs:22:44:22:86 | ... + ... | This HTML or JavaScript write depends on a $@. | StoredXSS.cs:22:60:22:86 | call to method GetString | stored (potentially user-provided) value |
+| StoredXSS.cs:22:44:22:86 | ... + ... | StoredXSS.cs:22:60:22:86 | call to method GetString : String | StoredXSS.cs:22:44:22:86 | ... + ... | $@ flows to here and is written to HTML or JavaScript. | StoredXSS.cs:22:60:22:86 | call to method GetString : String | User-provided value |
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjection.expected
@@ -1,5 +1,16 @@
 edges
+<<<<<<< HEAD
 | SqlInjection.cs:32:21:32:26 | access to local variable query1 : String | SqlInjection.cs:34:50:34:55 | access to local variable query1 | provenance |  |
+=======
+| SecondOrderSqlInjection.cs:25:119:25:145 | call to method GetString : String | SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | provenance |  |
+| SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | SecondOrderSqlInjection.cs:35:59:35:60 | access to local variable fs : FileStream | provenance |  |
+| SecondOrderSqlInjection.cs:35:42:35:76 | object creation of type StreamReader : StreamReader | SecondOrderSqlInjection.cs:38:35:38:36 | access to local variable sr : StreamReader | provenance |  |
+| SecondOrderSqlInjection.cs:35:59:35:60 | access to local variable fs : FileStream | SecondOrderSqlInjection.cs:35:42:35:76 | object creation of type StreamReader : StreamReader | provenance |  |
+| SecondOrderSqlInjection.cs:38:35:38:36 | access to local variable sr : StreamReader | SecondOrderSqlInjection.cs:38:35:38:47 | call to method ReadLine : String | provenance |  |
+| SecondOrderSqlInjection.cs:38:35:38:47 | call to method ReadLine : String | SecondOrderSqlInjection.cs:40:31:40:33 | access to local variable sql : String | provenance |  |
+| SecondOrderSqlInjection.cs:40:31:40:33 | access to local variable sql : String | SecondOrderSqlInjection.cs:40:31:40:40 | call to method Trim : String | provenance |  |
+| SecondOrderSqlInjection.cs:40:31:40:40 | call to method Trim : String | SecondOrderSqlInjection.cs:45:57:45:59 | access to local variable sql | provenance |  |
+>>>>>>> 1ebb89f785 (Fix test expectations)
 | SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | SqlInjection.cs:33:21:33:40 | access to property Text : String | provenance |  |
 | SqlInjection.cs:33:21:33:40 | access to property Text : String | SqlInjection.cs:32:21:32:26 | access to local variable query1 : String | provenance |  |
 | SqlInjection.cs:67:25:67:30 | access to local variable query1 : String | SqlInjection.cs:69:56:69:61 | access to local variable query1 | provenance |  |
@@ -50,7 +61,20 @@ edges
 | SqlInjectionSqlite.cs:56:31:56:33 | access to local variable sql : String | SqlInjectionSqlite.cs:56:31:56:40 | call to method Trim : String | provenance |  |
 | SqlInjectionSqlite.cs:56:31:56:40 | call to method Trim : String | SqlInjectionSqlite.cs:56:25:56:27 | access to local variable sql : String | provenance |  |
 nodes
+<<<<<<< HEAD
 | SqlInjection.cs:32:21:32:26 | access to local variable query1 : String | semmle.label | access to local variable query1 : String |
+=======
+| SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | semmle.label | ... + ... |
+| SecondOrderSqlInjection.cs:25:119:25:145 | call to method GetString : String | semmle.label | call to method GetString : String |
+| SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | semmle.label | object creation of type FileStream : FileStream |
+| SecondOrderSqlInjection.cs:35:42:35:76 | object creation of type StreamReader : StreamReader | semmle.label | object creation of type StreamReader : StreamReader |
+| SecondOrderSqlInjection.cs:35:59:35:60 | access to local variable fs : FileStream | semmle.label | access to local variable fs : FileStream |
+| SecondOrderSqlInjection.cs:38:35:38:36 | access to local variable sr : StreamReader | semmle.label | access to local variable sr : StreamReader |
+| SecondOrderSqlInjection.cs:38:35:38:47 | call to method ReadLine : String | semmle.label | call to method ReadLine : String |
+| SecondOrderSqlInjection.cs:40:31:40:33 | access to local variable sql : String | semmle.label | access to local variable sql : String |
+| SecondOrderSqlInjection.cs:40:31:40:40 | call to method Trim : String | semmle.label | call to method Trim : String |
+| SecondOrderSqlInjection.cs:45:57:45:59 | access to local variable sql | semmle.label | access to local variable sql |
+>>>>>>> 1ebb89f785 (Fix test expectations)
 | SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | semmle.label | access to field categoryTextBox : TextBox |
 | SqlInjection.cs:33:21:33:40 | access to property Text : String | semmle.label | access to property Text : String |
 | SqlInjection.cs:34:50:34:55 | access to local variable query1 | semmle.label | access to local variable query1 |
@@ -118,6 +142,8 @@ nodes
 | SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | semmle.label | access to local variable sql |
 subpaths
 #select
+| SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | SecondOrderSqlInjection.cs:25:119:25:145 | call to method GetString : String | SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | This query depends on $@. | SecondOrderSqlInjection.cs:25:119:25:145 | call to method GetString : String | this database input |
+| SecondOrderSqlInjection.cs:45:57:45:59 | access to local variable sql | SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | SecondOrderSqlInjection.cs:45:57:45:59 | access to local variable sql | This query depends on $@. | SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | this file stream |
 | SqlInjection.cs:34:50:34:55 | access to local variable query1 | SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | SqlInjection.cs:34:50:34:55 | access to local variable query1 | This query depends on $@. | SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | this ASP.NET user input |
 | SqlInjection.cs:69:56:69:61 | access to local variable query1 | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | SqlInjection.cs:69:56:69:61 | access to local variable query1 | This query depends on $@. | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | this ASP.NET user input |
 | SqlInjection.cs:70:55:70:60 | access to local variable query1 | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | SqlInjection.cs:70:55:70:60 | access to local variable query1 | This query depends on $@. | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | this ASP.NET user input |
@@ -136,4 +162,5 @@ subpaths
 | SqlInjectionSqlite.cs:33:49:33:66 | access to property Text | SqlInjectionSqlite.cs:33:49:33:61 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:33:49:33:66 | access to property Text | This query depends on $@. | SqlInjectionSqlite.cs:33:49:33:61 | access to field untrustedData : TextBox | this ASP.NET user input |
 | SqlInjectionSqlite.cs:39:45:39:62 | access to property Text | SqlInjectionSqlite.cs:39:45:39:57 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:39:45:39:62 | access to property Text | This query depends on $@. | SqlInjectionSqlite.cs:39:45:39:57 | access to field untrustedData : TextBox | this ASP.NET user input |
 | SqlInjectionSqlite.cs:44:45:44:47 | access to local variable cmd | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:44:45:44:47 | access to local variable cmd | This query depends on $@. | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | this ASP.NET user input |
+| SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | This query depends on $@. | SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | this file stream |
 | SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | SqlInjectionSqlite.cs:49:51:49:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | This query depends on $@. | SqlInjectionSqlite.cs:49:51:49:63 | access to field untrustedData : TextBox | this ASP.NET user input |
