C#: update 'html' sink kind to 'html-injection'

Author: Jami Cogswell

csharp/ql/lib/ext/System.Web.model.yml

@@ -3,10 +3,10 @@ extensions:
       pack: codeql/csharp-all
       extensible: sinkModel
     data:
-      - ["System.Web", "HttpResponse", False, "BinaryWrite", "", "", "Argument[0]", "html", "manual"]
-      - ["System.Web", "HttpResponse", False, "TransmitFile", "", "", "Argument[0]", "html", "manual"]
-      - ["System.Web", "HttpResponse", False, "Write", "", "", "Argument[0]", "html", "manual"]
-      - ["System.Web", "HttpResponse", False, "WriteFile", "", "", "Argument[0]", "html", "manual"]
+      - ["System.Web", "HttpResponse", False, "BinaryWrite", "", "", "Argument[0]", "html-injection", "manual"]
+      - ["System.Web", "HttpResponse", False, "TransmitFile", "", "", "Argument[0]", "html-injection", "manual"]
+      - ["System.Web", "HttpResponse", False, "Write", "", "", "Argument[0]", "html-injection", "manual"]
+      - ["System.Web", "HttpResponse", False, "WriteFile", "", "", "Argument[0]", "html-injection", "manual"]
   - addsTo:
       pack: codeql/csharp-all
       extensible: summaryModel

csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll

@@ -211,7 +211,7 @@ module ModelValidation {
     )
     or
     exists(string kind | sinkModel(_, _, _, _, _, _, _, kind, _) |
-      not kind = ["code-injection", "sql-injection", "xss", "remote", "html"] and
+      not kind = ["code-injection", "sql-injection", "xss", "remote", "html-injection"] and
       not kind.matches("encryption-%") and
       result = "Invalid kind \"" + kind + "\" in sink model."
     )

csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/Html.qll

@@ -23,7 +23,7 @@ private import semmle.code.asp.AspNet
 abstract class HtmlSink extends DataFlow::ExprNode, RemoteFlowSink { }
 
 private class ExternalHtmlSink extends HtmlSink {
-  ExternalHtmlSink() { sinkNode(this, "html") }
+  ExternalHtmlSink() { sinkNode(this, "html-injection") }
 }
 
 /**

csharp/ql/test/library-tests/dataflow/external-models/sinks.expected

@@ -5,4 +5,4 @@ invalidModelRow
 | Sinks.cs:11:30:11:40 | access to local variable argToTagged | remote |
 | Sinks.cs:14:27:14:36 | access to local variable fieldWrite | sql-injection |
 | Sinks.cs:20:20:20:22 | access to local variable res | xss |
-| Sinks.cs:27:20:27:25 | access to local variable resTag | html |
+| Sinks.cs:27:20:27:25 | access to local variable resTag | html-injection |

csharp/ql/test/library-tests/dataflow/external-models/sinks.ext.yml

@@ -6,6 +6,6 @@ extensions:
     # "namespace", "type", "overrides", "name", "signature", "ext", "spec", "kind", "provenance"
       - ["My.Qltest", "B", false, "Sink1", "(System.Object)", "", "Argument[0]", "code-injection", "manual"]
       - ["My.Qltest", "B", false, "SinkMethod", "()", "", "ReturnValue", "xss", "manual"]
-      - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "ReturnValue", "html", "manual"]
+      - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "ReturnValue", "html-injection", "manual"]
       - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "Argument", "remote", "manual"]
       - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "", "sql-injection", "manual"]