C#: update 'code' sink kind to 'code-injection'

Author: Jami Cogswell

csharp/ql/lib/ext/ServiceStack.Redis.model.yml

@@ -3,30 +3,30 @@ extensions:
       pack: codeql/csharp-all
       extensible: sinkModel
     data:
-      - ["ServiceStack.Redis", "IRedisClient", True, "Custom", "(System.Object[])", "", "Argument[0]", "code", "manual"]
-      - ["ServiceStack.Redis", "IRedisClient", True, "ExecCachedLua", "(System.String,System.Func<System.String,T>)", "", "Argument[0]", "code", "manual"]
-      - ["ServiceStack.Redis", "IRedisClient", True, "ExecLua", "(System.String,System.String[])", "", "Argument[0]", "code", "manual"]
-      - ["ServiceStack.Redis", "IRedisClient", True, "ExecLua", "(System.String,System.String[],System.String[])", "", "Argument[0]", "code", "manual"]
-      - ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsInt", "(System.String,System.String[])", "", "Argument[0]", "code", "manual"]
-      - ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsInt", "(System.String,System.String[],System.String[])", "", "Argument[0]", "code", "manual"]
-      - ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsList", "(System.String,System.String[])", "", "Argument[0]", "code", "manual"]
-      - ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsList", "(System.String,System.String[],System.String[])", "", "Argument[0]", "code", "manual"]
-      - ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsString", "(System.String,System.String[])", "", "Argument[0]", "code", "manual"]
-      - ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsString", "(System.String,System.String[],System.String[])", "", "Argument[0]", "code", "manual"]
-      - ["ServiceStack.Redis", "IRedisClient", True, "LoadLuaScript", "(System.String)", "", "Argument[0]", "code", "manual"]
-      - ["ServiceStack.Redis", "IRedisClientAsync", True, "CustomAsync", "(System.Object[])", "", "Argument[0]", "code", "manual"]
-      - ["ServiceStack.Redis", "IRedisClientAsync", True, "CustomAsync", "(System.Object[],System.Threading.CancellationToken)", "", "Argument[0].Element", "code", "manual"]
-      - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecCachedLuaAsync", "(System.String,System.Func<System.String,System.Threading.Tasks.ValueTask<T>>,System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"]
-      - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsIntAsync", "(System.String,System.String[])", "", "Argument[0]", "code", "manual"]
-      - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsIntAsync", "(System.String,System.String[],System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"]
-      - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsIntAsync", "(System.String,System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"]
-      - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsListAsync", "(System.String,System.String[])", "", "Argument[0]", "code", "manual"]
-      - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsListAsync", "(System.String,System.String[],System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"]
-      - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsListAsync", "(System.String,System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"]
-      - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsStringAsync", "(System.String,System.String[])", "", "Argument[0]", "code", "manual"]
-      - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsStringAsync", "(System.String,System.String[],System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"]
-      - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsStringAsync", "(System.String,System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"]
-      - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsync", "(System.String,System.String[])", "", "Argument[0]", "code", "manual"]
-      - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsync", "(System.String,System.String[],System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"]
-      - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsync", "(System.String,System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"]
-      - ["ServiceStack.Redis", "IRedisClientAsync", True, "LoadLuaScriptAsync", "(System.String,System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"]
+      - ["ServiceStack.Redis", "IRedisClient", True, "Custom", "(System.Object[])", "", "Argument[0]", "code-injection", "manual"]
+      - ["ServiceStack.Redis", "IRedisClient", True, "ExecCachedLua", "(System.String,System.Func<System.String,T>)", "", "Argument[0]", "code-injection", "manual"]
+      - ["ServiceStack.Redis", "IRedisClient", True, "ExecLua", "(System.String,System.String[])", "", "Argument[0]", "code-injection", "manual"]
+      - ["ServiceStack.Redis", "IRedisClient", True, "ExecLua", "(System.String,System.String[],System.String[])", "", "Argument[0]", "code-injection", "manual"]
+      - ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsInt", "(System.String,System.String[])", "", "Argument[0]", "code-injection", "manual"]
+      - ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsInt", "(System.String,System.String[],System.String[])", "", "Argument[0]", "code-injection", "manual"]
+      - ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsList", "(System.String,System.String[])", "", "Argument[0]", "code-injection", "manual"]
+      - ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsList", "(System.String,System.String[],System.String[])", "", "Argument[0]", "code-injection", "manual"]
+      - ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsString", "(System.String,System.String[])", "", "Argument[0]", "code-injection", "manual"]
+      - ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsString", "(System.String,System.String[],System.String[])", "", "Argument[0]", "code-injection", "manual"]
+      - ["ServiceStack.Redis", "IRedisClient", True, "LoadLuaScript", "(System.String)", "", "Argument[0]", "code-injection", "manual"]
+      - ["ServiceStack.Redis", "IRedisClientAsync", True, "CustomAsync", "(System.Object[])", "", "Argument[0]", "code-injection", "manual"]
+      - ["ServiceStack.Redis", "IRedisClientAsync", True, "CustomAsync", "(System.Object[],System.Threading.CancellationToken)", "", "Argument[0].Element", "code-injection", "manual"]
+      - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecCachedLuaAsync", "(System.String,System.Func<System.String,System.Threading.Tasks.ValueTask<T>>,System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"]
+      - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsIntAsync", "(System.String,System.String[])", "", "Argument[0]", "code-injection", "manual"]
+      - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsIntAsync", "(System.String,System.String[],System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"]
+      - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsIntAsync", "(System.String,System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"]
+      - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsListAsync", "(System.String,System.String[])", "", "Argument[0]", "code-injection", "manual"]
+      - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsListAsync", "(System.String,System.String[],System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"]
+      - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsListAsync", "(System.String,System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"]
+      - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsStringAsync", "(System.String,System.String[])", "", "Argument[0]", "code-injection", "manual"]
+      - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsStringAsync", "(System.String,System.String[],System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"]
+      - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsStringAsync", "(System.String,System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"]
+      - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsync", "(System.String,System.String[])", "", "Argument[0]", "code-injection", "manual"]
+      - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsync", "(System.String,System.String[],System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"]
+      - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsync", "(System.String,System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"]
+      - ["ServiceStack.Redis", "IRedisClientAsync", True, "LoadLuaScriptAsync", "(System.String,System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"]

csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll

@@ -211,7 +211,7 @@ module ModelValidation {
     )
     or
     exists(string kind | sinkModel(_, _, _, _, _, _, _, kind, _) |
-      not kind = ["code", "sql", "xss", "remote", "html"] and
+      not kind = ["code-injection", "sql", "xss", "remote", "html"] and
       not kind.matches("encryption-%") and
       result = "Invalid kind \"" + kind + "\" in sink model."
     )

csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll

@@ -97,5 +97,5 @@ class RoslynCSharpScriptSink extends Sink {
 
 /** Code injection sinks defined through CSV models. */
 private class ExternalCodeInjectionExprSink extends Sink {
-  ExternalCodeInjectionExprSink() { sinkNode(this, "code") }
+  ExternalCodeInjectionExprSink() { sinkNode(this, "code-injection") }
 }

csharp/ql/test/library-tests/dataflow/external-models/sinks.ext.yml

@@ -4,7 +4,7 @@ extensions:
       extensible: sinkModel
     data:
     # "namespace", "type", "overrides", "name", "signature", "ext", "spec", "kind", "provenance"
-      - ["My.Qltest", "B", false, "Sink1", "(System.Object)", "", "Argument[0]", "code", "manual"]
+      - ["My.Qltest", "B", false, "Sink1", "(System.Object)", "", "Argument[0]", "code-injection", "manual"]
       - ["My.Qltest", "B", false, "SinkMethod", "()", "", "ReturnValue", "xss", "manual"]
       - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "ReturnValue", "html", "manual"]
       - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "Argument", "remote", "manual"]