C#: Add some source/sink model generator test examples.

Author: michaelnebel

csharp/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.ext.yml

@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: sinkModel
+    data:
+      - [ "Sinks", "NewSinks", False, "Sink", "(System.Object)", "", "Argument[0]", "test-sink", "manual"]

csharp/ql/test/utils/modelgenerator/dataflow/Sinks.cs

@@ -12,6 +12,10 @@ public class NewSinks
     public string TaintedProp { get; set; }
     public string PrivateSetTaintedProp { get; private set; }
 
+    // Sink defined in the extensible file next to the test.
+    // neutral=Sinks;NewSinks;Sink;(System.Object);summary;df-generated
+    public void Sink(object o) => throw null;
+
     // New sink
     // sink=Sinks;NewSinks;false;WrapResponseWrite;(System.Object);;Argument[0];html-injection;df-generated
     // neutral=Sinks;NewSinks;WrapResponseWrite;(System.Object);summary;df-generated
@@ -78,6 +82,15 @@ public void WrapPropPrivateSetResponseWriteFile()
         var response = new HttpResponse();
         response.WriteFile(PrivateSetTaintedProp);
     }
+
+    // Not a new sink because a simple type is used in an intermediate step
+    // SPURIOUS-sink=Sinks;NewSinks;false;WrapResponseWriteFileSimpleType;(System.String);;Argument[0];test-sink;df-generated
+    // neutral=Sinks;NewSinks;WrapResponseWriteFileSimpleType;(System.String);summary;df-generated
+    public void WrapResponseWriteFileSimpleType(string s)
+    {
+        var r = s == "hello";
+        Sink(r);
+    }
 }
 
 public class CompoundSinks

csharp/ql/test/utils/modelgenerator/dataflow/Sources.cs

@@ -34,4 +34,36 @@ public ConsoleKeyInfo WrapConsoleReadKey()
     {
         return Console.ReadKey();
     }
+
+    // Not a new source because a simple type is used in an intermediate step
+    // SPURIOUS-source=Sources;NewSources;false;WrapConsoleReadLineGetBool;();;ReturnValue;local;df-generated
+    // neutral=Sources;NewSources;WrapConsoleReadLineGetBool;();summary;df-generated
+    public bool WrapConsoleReadLineGetBool()
+    {
+        var s = Console.ReadLine();
+        return s == "hello";
+    }
+
+    public class MyConsoleReader
+    {
+        // source=Sources;NewSources+MyConsoleReader;false;ToString;();;ReturnValue;local;df-generated
+        // neutral=Sources;NewSources+MyConsoleReader;ToString;();summary;df-generated
+        public override string ToString()
+        {
+            return Console.ReadLine();
+        }
+    }
+
+
+    public class MyContainer<T>
+    {
+        public T Value { get; set; }
+
+        // SPURIOUS-source=Sources;NewSources+MyContainer<T>;false;Read;();;ReturnValue;local;df-generated
+        // summary=Sources;NewSources+MyContainer<T>;false;Read;();;Argument[this];ReturnValue;taint;df-generated
+        public string Read()
+        {
+            return Value.ToString();
+        }
+    }
 }