Migrate StringContent sink to CSV format

Author: tamasvajk

csharp/ql/src/semmle/code/csharp/dataflow/ExternalFlow.qll

@@ -87,6 +87,7 @@ private module Frameworks {
   private import semmle.code.csharp.security.dataflow.flowsources.Local
   private import semmle.code.csharp.security.dataflow.flowsinks.Html
   private import semmle.code.csharp.dataflow.LibraryTypeDataFlow
+  private import semmle.code.csharp.security.dataflow.XSS
 }
 
 /**

csharp/ql/src/semmle/code/csharp/security/dataflow/XSS.qll

@@ -16,6 +16,7 @@ module XSS {
   import semmle.code.csharp.security.dataflow.flowsources.Remote
   private import semmle.code.csharp.dataflow.DataFlow2
   private import semmle.code.csharp.dataflow.TaintTracking2
+  private import semmle.code.csharp.dataflow.ExternalFlow
 
   /**
    * Holds if there is tainted flow from `source` to `sink` that may lead to a
@@ -119,6 +120,10 @@ module XSS {
     string explanation() { none() }
   }
 
+  private class ExternalXssSink extends Sink {
+    ExternalXssSink() { sinkNode(this, "xss") }
+  }
+
   /**
    * A data flow source for cross-site scripting (XSS) vulnerabilities.
    */
@@ -406,12 +411,9 @@ module XSS {
   /**
    * An expression passed as the `content` argument to the constructor of `StringContent`.
    */
-  private class StringContent extends Sink {
-    StringContent() {
-      this.getExpr() =
-        any(ObjectCreation oc |
-          oc.getTarget().getDeclaringType().hasQualifiedName("System.Net.Http", "StringContent")
-        ).getArgumentForName("content")
+  private class StringContentSinkModelCsv extends SinkModelCsv {
+    override predicate row(string row) {
+      row = ["System.Net.Http;StringContent;false;StringContent;;;Argument[0];xss"]
     }
   }
 }