C#: Convert cs/missing-access-control to inline expectations test.

Author: michaelnebel

csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/MVCTests/MissingAccessControl.expected

@@ -1 +1 @@
-| ProfileController.cs:9:25:9:31 | Delete1 | This action is missing an authorization check. |
+| ProfileController.cs:10:25:10:31 | Delete1 | This action is missing an authorization check. |

csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/MVCTests/MissingAccessControl.qlref

@@ -1 +1,4 @@
-Security Features/CWE-285/MissingAccessControl.ql
+query: Security Features/CWE-285/MissingAccessControl.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql

csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/MVCTests/ProfileController.cs

@@ -1,19 +1,23 @@
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Authorization;
 
-public class ProfileController : Controller {
+public class ProfileController : Controller
+{
     private void doThings() { }
     private bool isAuthorized() { return false; }
 
     // BAD: This is a Delete method, but no auth is specified.
-    public ActionResult Delete1(int id) {
+    public ActionResult Delete1(int id) // $ Alert
+    {
         doThings();
         return View();
     }
 
     // GOOD: isAuthorized is checked.
-    public ActionResult Delete2(int id) {
-        if (!isAuthorized()) {
+    public ActionResult Delete2(int id)
+    {
+        if (!isAuthorized())
+        {
             return null;
         }
         doThings();
@@ -22,35 +26,42 @@ public ActionResult Delete2(int id) {
 
     // GOOD: The Authorize attribute is used.
     [Authorize]
-    public ActionResult Delete3(int id) {
+    public ActionResult Delete3(int id)
+    {
         doThings();
         return View();
     }
 
 }
 
 [Authorize]
-public class AuthBaseController : Controller {
+public class AuthBaseController : Controller
+{
     protected void doThings() { }
 }
 
-public class SubController : AuthBaseController {
+public class SubController : AuthBaseController
+{
     // GOOD: The Authorize attribute is used on the base class.
-    public ActionResult Delete4(int id) {
+    public ActionResult Delete4(int id)
+    {
         doThings();
         return View();
     }
 }
 
 [Authorize]
-public class AuthBaseGenericController<T> : Controller {
+public class AuthBaseGenericController<T> : Controller
+{
     protected void doThings() { }
 }
 
-public class SubGenericController : AuthBaseGenericController<string> {
+public class SubGenericController : AuthBaseGenericController<string>
+{
     // GOOD: The Authorize attribute is used on the base class.
-    public ActionResult Delete5(int id) {
+    public ActionResult Delete5(int id)
+    {
         doThings();
         return View();
     }
-}
+}