Adress reveiw comments - update tests to path-problem and support all this qualifiers

Author: joefarebrother

csharp/ql/lib/semmle/code/csharp/frameworks/Razor.qll

@@ -251,17 +251,17 @@ private MethodCall getAPageCall(PageModelClass pm) {
         ["Page", "RedirectToPage"])
 }
 
-private MethodCall getImplicitThisCallInVoidHandler(PageModelClass pm) {
+private MethodCall getThisCallInVoidHandler(PageModelClass pm) {
   result.getEnclosingCallable() = pm.getAHandlerMethod() and
   result.getEnclosingCallable().getReturnType() instanceof VoidType and
-  result.hasImplicitThisQualifier()
+  result.getQualifier() instanceof ThisAccess
 }
 
 private class PageModelJumpNode extends DataFlow::NonLocalJumpNode {
   PageModelClass pm;
 
   PageModelJumpNode() {
-    this.asExpr() = [getAPageCall(pm), getImplicitThisCallInVoidHandler(pm)].getQualifier()
+    this.asExpr() = [getAPageCall(pm), getThisCallInVoidHandler(pm)].getQualifier()
   }
 
   override DataFlow::Node getAJumpSuccessor(boolean preservesValue) {

csharp/ql/test/query-tests/Security Features/CWE-079/XssPageModels/TestModel.cs

@@ -10,7 +10,7 @@ class TestModel : PageModel {
     private string source() { return "x"; }
 
     public async Task<IActionResult> OnPostAsync() {
-        Name = source();
+        this.Name = source();
         return Page();
     }
 

csharp/ql/test/query-tests/Security Features/CWE-079/XssPageModels/test.expected

@@ -1,2 +1,25 @@
-| TestPage.cshtml:5:16:5:25 | access to property Name | TestModel.cs:13:16:13:23 | call to method source | TestPage.cshtml:5:16:5:25 | access to property Name | Xss |
-| TestPage.cshtml:5:16:5:25 | access to property Name | TestModel.cs:18:16:18:23 | call to method source | TestPage.cshtml:5:16:5:25 | access to property Name | Xss |
+edges
+| TestModel.cs:13:9:13:12 | [post] this access : TestModel [property Name] : String | TestModel.cs:14:16:14:21 | this access : TestModel [property Name] : String |
+| TestModel.cs:13:21:13:28 | call to method source : String | TestModel.cs:13:9:13:12 | [post] this access : TestModel [property Name] : String |
+| TestModel.cs:14:16:14:21 | this access : TestModel [property Name] : String | TestPage.cshtml.g.cs:63:35:63:48 | access to property Model : TestModel [property Name] : String |
+| TestModel.cs:14:16:14:21 | this access : TestModel [property Name] : String | TestPage.cshtml:5:16:5:20 | access to property Model : TestModel [property Name] : String |
+| TestModel.cs:18:9:18:12 | [post] this access : TestModel [property Name] : String | TestModel.cs:18:16:18:23 | this access : TestModel [property Name] : String |
+| TestModel.cs:18:16:18:23 | call to method source : String | TestModel.cs:18:9:18:12 | [post] this access : TestModel [property Name] : String |
+| TestModel.cs:18:16:18:23 | this access : TestModel [property Name] : String | TestPage.cshtml.g.cs:63:35:63:48 | access to property Model : TestModel [property Name] : String |
+| TestModel.cs:18:16:18:23 | this access : TestModel [property Name] : String | TestPage.cshtml:5:16:5:20 | access to property Model : TestModel [property Name] : String |
+| TestPage.cshtml.g.cs:63:35:63:48 | access to property Model : TestModel [property Name] : String | TestPage.cshtml:5:16:5:20 | access to property Model : TestModel [property Name] : String |
+| TestPage.cshtml:5:16:5:20 | access to property Model : TestModel [property Name] : String | TestPage.cshtml:5:16:5:25 | access to property Name |
+nodes
+| TestModel.cs:13:9:13:12 | [post] this access : TestModel [property Name] : String | semmle.label | [post] this access : TestModel [property Name] : String |
+| TestModel.cs:13:21:13:28 | call to method source : String | semmle.label | call to method source : String |
+| TestModel.cs:14:16:14:21 | this access : TestModel [property Name] : String | semmle.label | this access : TestModel [property Name] : String |
+| TestModel.cs:18:9:18:12 | [post] this access : TestModel [property Name] : String | semmle.label | [post] this access : TestModel [property Name] : String |
+| TestModel.cs:18:16:18:23 | call to method source : String | semmle.label | call to method source : String |
+| TestModel.cs:18:16:18:23 | this access : TestModel [property Name] : String | semmle.label | this access : TestModel [property Name] : String |
+| TestPage.cshtml.g.cs:63:35:63:48 | access to property Model : TestModel [property Name] : String | semmle.label | access to property Model : TestModel [property Name] : String |
+| TestPage.cshtml:5:16:5:20 | access to property Model : TestModel [property Name] : String | semmle.label | access to property Model : TestModel [property Name] : String |
+| TestPage.cshtml:5:16:5:25 | access to property Name | semmle.label | access to property Name |
+subpaths
+#select
+| TestPage.cshtml:5:16:5:25 | access to property Name | TestModel.cs:13:21:13:28 | call to method source : String | TestPage.cshtml:5:16:5:25 | access to property Name | Xss |
+| TestPage.cshtml:5:16:5:25 | access to property Name | TestModel.cs:18:16:18:23 | call to method source : String | TestPage.cshtml:5:16:5:25 | access to property Name | Xss |

csharp/ql/test/query-tests/Security Features/CWE-079/XssPageModels/test.ql

@@ -1,3 +1,7 @@
+/**
+ * @kind path-problem
+ */
+
 import csharp
 import semmle.code.csharp.security.dataflow.XSSQuery
 import semmle.code.csharp.security.dataflow.XSSSinks
@@ -14,6 +18,8 @@ module TestXssTrackingConfig implements DataFlow::ConfigSig {
 
 module TestXss = TaintTracking::Global<TestXssTrackingConfig>;
 
-from DataFlow::Node source, DataFlow::Node sink
-where TestXss::flow(source, sink)
+import TestXss::PathGraph
+
+from TestXss::PathNode source, TestXss::PathNode sink
+where TestXss::flowPath(source, sink)
 select sink, source, sink, "Xss"