github
diff --git a/‎csharp/ql/test/library-tests/dataflow/fields/FieldFlow.expected‎
Lines changed: 198 additions & 0 deletions b/‎csharp/ql/test/library-tests/dataflow/fields/FieldFlow.expected‎
Lines changed: 198 additions & 0 deletions
diff --git a/‎csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected‎
Lines changed: 153 additions & 0 deletions b/‎csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected‎
Lines changed: 153 additions & 0 deletions
diff --git a/‎csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected‎
Lines changed: 199 additions & 0 deletions b/‎csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected‎
Lines changed: 199 additions & 0 deletions
diff --git a/‎csharp/ql/test/query-tests/Likely Bugs/UnsafeYearConstruction/UnsafeYearConstruction.expected‎
Lines changed: 8 additions & 0 deletions b/‎csharp/ql/test/query-tests/Likely Bugs/UnsafeYearConstruction/UnsafeYearConstruction.expected‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.expected‎
Lines changed: 9 additions & 0 deletions b/‎csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.expected‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.expected‎
Lines changed: 14 additions & 0 deletions b/‎csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.expected‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.expected‎
Lines changed: 9 additions & 0 deletions b/‎csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.expected‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎csharp/ql/test/query-tests/Security Features/CWE-078/StoredCommandInjection.expected‎
Lines changed: 3 additions & 0 deletions b/‎csharp/ql/test/query-tests/Security Features/CWE-078/StoredCommandInjection.expected‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected‎
Lines changed: 3 additions & 0 deletions b/‎csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎csharp/ql/test/query-tests/Security Features/CWE-089/SecondOrderSqlInjection.expected‎
Lines changed: 3 additions & 0 deletions b/‎csharp/ql/test/query-tests/Security Features/CWE-089/SecondOrderSqlInjection.expected‎
Lines changed: 3 additions & 0 deletions
@@ -3,6 +3,14 @@ edges
 | Program.cs:15:27:15:38 | ... + ... | Program.cs:17:37:17:43 | access to local variable endYear |
 | Program.cs:23:31:23:34 | year | Program.cs:26:39:26:42 | access to parameter year |
 | Program.cs:33:18:33:29 | ... - ... | Program.cs:23:31:23:34 | year |
+nodes
+| Program.cs:13:39:13:50 | ... - ... | semmle.label | ... - ... |
+| Program.cs:13:39:13:50 | ... - ... | semmle.label | ... - ... |
+| Program.cs:15:27:15:38 | ... + ... | semmle.label | ... + ... |
+| Program.cs:17:37:17:43 | access to local variable endYear | semmle.label | access to local variable endYear |
+| Program.cs:23:31:23:34 | year | semmle.label | year |
+| Program.cs:26:39:26:42 | access to parameter year | semmle.label | access to parameter year |
+| Program.cs:33:18:33:29 | ... - ... | semmle.label | ... - ... |
 #select
 | Program.cs:13:39:13:50 | ... - ... | Program.cs:13:39:13:50 | ... - ... | Program.cs:13:39:13:50 | ... - ... | This $@ based on a 'System.DateTime.Year' property is used in a construction of a new 'System.DateTime' object, flowing to the 'year' argument. | Program.cs:13:39:13:50 | ... - ... | arithmetic operation |
 | Program.cs:17:37:17:43 | access to local variable endYear | Program.cs:15:27:15:38 | ... + ... | Program.cs:17:37:17:43 | access to local variable endYear | This $@ based on a 'System.DateTime.Year' property is used in a construction of a new 'System.DateTime' object, flowing to the 'year' argument. | Program.cs:15:27:15:38 | ... + ... | arithmetic operation |
 
@@ -6,6 +6,15 @@ edges
 | TaintedPath.cs:12:23:12:45 | access to property QueryString | TaintedPath.cs:38:25:38:31 | access to local variable badPath |
 | TaintedPath.cs:12:23:12:45 | access to property QueryString | TaintedPath.cs:40:49:40:55 | access to local variable badPath |
 | TaintedPath.cs:12:23:12:45 | access to property QueryString | TaintedPath.cs:53:26:53:29 | access to local variable path |
+nodes
+| TaintedPath.cs:12:23:12:45 | access to property QueryString | semmle.label | access to property QueryString |
+| TaintedPath.cs:14:50:14:53 | access to local variable path | semmle.label | access to local variable path |
+| TaintedPath.cs:19:51:19:54 | access to local variable path | semmle.label | access to local variable path |
+| TaintedPath.cs:27:30:27:33 | access to local variable path | semmle.label | access to local variable path |
+| TaintedPath.cs:33:30:33:33 | access to local variable path | semmle.label | access to local variable path |
+| TaintedPath.cs:38:25:38:31 | access to local variable badPath | semmle.label | access to local variable badPath |
+| TaintedPath.cs:40:49:40:55 | access to local variable badPath | semmle.label | access to local variable badPath |
+| TaintedPath.cs:53:26:53:29 | access to local variable path | semmle.label | access to local variable path |
 #select
 | TaintedPath.cs:14:50:14:53 | access to local variable path | TaintedPath.cs:12:23:12:45 | access to property QueryString | TaintedPath.cs:14:50:14:53 | access to local variable path | $@ flows to here and is used in a path. | TaintedPath.cs:12:23:12:45 | access to property QueryString | User-provided value |
 | TaintedPath.cs:19:51:19:54 | access to local variable path | TaintedPath.cs:12:23:12:45 | access to property QueryString | TaintedPath.cs:19:51:19:54 | access to local variable path | $@ flows to here and is used in a path. | TaintedPath.cs:12:23:12:45 | access to property QueryString | User-provided value |
 
@@ -8,6 +8,20 @@ edges
 | ZipSlip.cs:62:72:62:85 | access to property FullName | ZipSlip.cs:83:57:83:68 | access to local variable destFilePath |
 | ZipSlip.cs:62:72:62:85 | access to property FullName | ZipSlip.cs:91:58:91:69 | access to local variable destFilePath |
 | ZipSlipBad.cs:9:59:9:72 | access to property FullName | ZipSlipBad.cs:10:29:10:40 | access to local variable destFileName |
+nodes
+| ZipSlip.cs:16:52:16:65 | access to property FullName | semmle.label | access to property FullName |
+| ZipSlip.cs:19:31:19:44 | access to property FullName | semmle.label | access to property FullName |
+| ZipSlip.cs:24:41:24:52 | access to local variable destFileName | semmle.label | access to local variable destFileName |
+| ZipSlip.cs:32:41:32:52 | access to local variable destFilePath | semmle.label | access to local variable destFilePath |
+| ZipSlip.cs:36:45:36:56 | access to local variable destFilePath | semmle.label | access to local variable destFilePath |
+| ZipSlip.cs:40:41:40:52 | access to local variable destFilePath | semmle.label | access to local variable destFilePath |
+| ZipSlip.cs:62:72:62:85 | access to property FullName | semmle.label | access to property FullName |
+| ZipSlip.cs:69:74:69:85 | access to local variable destFilePath | semmle.label | access to local variable destFilePath |
+| ZipSlip.cs:76:71:76:82 | access to local variable destFilePath | semmle.label | access to local variable destFilePath |
+| ZipSlip.cs:83:57:83:68 | access to local variable destFilePath | semmle.label | access to local variable destFilePath |
+| ZipSlip.cs:91:58:91:69 | access to local variable destFilePath | semmle.label | access to local variable destFilePath |
+| ZipSlipBad.cs:9:59:9:72 | access to property FullName | semmle.label | access to property FullName |
+| ZipSlipBad.cs:10:29:10:40 | access to local variable destFileName | semmle.label | access to local variable destFileName |
 #select
 | ZipSlip.cs:24:41:24:52 | access to local variable destFileName | ZipSlip.cs:19:31:19:44 | access to property FullName | ZipSlip.cs:24:41:24:52 | access to local variable destFileName | Unsanitized zip archive $@, which may contain '..', is used in a file system operation. | ZipSlip.cs:19:31:19:44 | access to property FullName | item path |
 | ZipSlip.cs:32:41:32:52 | access to local variable destFilePath | ZipSlip.cs:16:52:16:65 | access to property FullName | ZipSlip.cs:32:41:32:52 | access to local variable destFilePath | Unsanitized zip archive $@, which may contain '..', is used in a file system operation. | ZipSlip.cs:16:52:16:65 | access to property FullName | item path |
 
@@ -6,6 +6,15 @@ edges
 | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | CommandInjection.cs:32:39:32:47 | access to local variable userInput |
 | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | CommandInjection.cs:33:40:33:48 | access to local variable userInput |
 | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | CommandInjection.cs:34:47:34:55 | access to local variable userInput |
+nodes
+| CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | semmle.label | access to field categoryTextBox |
+| CommandInjection.cs:26:27:26:47 | ... + ... | semmle.label | ... + ... |
+| CommandInjection.cs:26:50:26:66 | ... + ... | semmle.label | ... + ... |
+| CommandInjection.cs:28:63:28:71 | access to local variable userInput | semmle.label | access to local variable userInput |
+| CommandInjection.cs:28:74:28:82 | access to local variable userInput | semmle.label | access to local variable userInput |
+| CommandInjection.cs:32:39:32:47 | access to local variable userInput | semmle.label | access to local variable userInput |
+| CommandInjection.cs:33:40:33:48 | access to local variable userInput | semmle.label | access to local variable userInput |
+| CommandInjection.cs:34:47:34:55 | access to local variable userInput | semmle.label | access to local variable userInput |
 #select
 | CommandInjection.cs:26:27:26:47 | ... + ... | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | CommandInjection.cs:26:27:26:47 | ... + ... | $@ flows to here and is used in a command. | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | User-provided value |
 | CommandInjection.cs:26:50:26:66 | ... + ... | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | CommandInjection.cs:26:50:26:66 | ... + ... | $@ flows to here and is used in a command. | CommandInjection.cs:25:32:25:46 | access to field categoryTextBox | User-provided value |
 
@@ -1,4 +1,7 @@
 edges
 | StoredCommandInjection.cs:24:54:24:80 | call to method GetString | StoredCommandInjection.cs:24:46:24:80 | ... + ... |
+nodes
+| StoredCommandInjection.cs:24:46:24:80 | ... + ... | semmle.label | ... + ... |
+| StoredCommandInjection.cs:24:54:24:80 | call to method GetString | semmle.label | call to method GetString |
 #select
 | StoredCommandInjection.cs:24:46:24:80 | ... + ... | StoredCommandInjection.cs:24:54:24:80 | call to method GetString | StoredCommandInjection.cs:24:46:24:80 | ... + ... | $@ flows to here and is used in a command. | StoredCommandInjection.cs:24:54:24:80 | call to method GetString | Stored user-provided value |
@@ -1,4 +1,7 @@
 edges
 | StoredXSS.cs:24:60:24:86 | call to method GetString | StoredXSS.cs:24:44:24:86 | ... + ... |
+nodes
+| StoredXSS.cs:24:44:24:86 | ... + ... | semmle.label | ... + ... |
+| StoredXSS.cs:24:60:24:86 | call to method GetString | semmle.label | call to method GetString |
 #select
 | StoredXSS.cs:24:44:24:86 | ... + ... | StoredXSS.cs:24:60:24:86 | call to method GetString | StoredXSS.cs:24:44:24:86 | ... + ... | $@ flows to here and is written to HTML or JavaScript. | StoredXSS.cs:24:60:24:86 | call to method GetString | Stored user-provided value |
@@ -1,4 +1,7 @@
 edges
 | SecondOrderSqlInjection.cs:21:119:21:145 | call to method GetString | SecondOrderSqlInjection.cs:21:71:21:145 | ... + ... |
+nodes
+| SecondOrderSqlInjection.cs:21:71:21:145 | ... + ... | semmle.label | ... + ... |
+| SecondOrderSqlInjection.cs:21:119:21:145 | call to method GetString | semmle.label | call to method GetString |
 #select
 | SecondOrderSqlInjection.cs:21:71:21:145 | ... + ... | SecondOrderSqlInjection.cs:21:119:21:145 | call to method GetString | SecondOrderSqlInjection.cs:21:71:21:145 | ... + ... | $@ flows to here and is used in an SQL query. | SecondOrderSqlInjection.cs:21:119:21:145 | call to method GetString | Stored user-provided value |