C#: Take more sources and sinks into account when reporting in the te…

…lemetry queries.

csharp/ql/lib/semmle/code/csharp/security/cryptography/EncryptionKeyDataFlowQuery.qll

@@ -3,6 +3,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.frameworks.system.security.cryptography.SymmetricAlgorithm
 
 /** Abstract class for all sources of keys */
@@ -11,7 +12,7 @@ abstract class KeySource extends DataFlow::Node { }
 /**
  * A symmetric encryption sink is abstract base class for all ways to set a key for symmetric encryption.
  */
-abstract class SymmetricEncryptionKeySink extends DataFlow::Node {
+abstract class SymmetricEncryptionKeySink extends SinkExprNode {
   /** override to create a meaningful description of the sink */
   abstract string getDescription();
 }

csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll

@@ -5,6 +5,7 @@
 
 import csharp
 private import semmle.code.csharp.dataflow.internal.ExternalFlow
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 
 module HardcodedSymmetricEncryptionKey {
   private import semmle.code.csharp.frameworks.system.security.cryptography.SymmetricAlgorithm
@@ -13,7 +14,7 @@ module HardcodedSymmetricEncryptionKey {
   abstract class Source extends DataFlow::Node { }
 
   /** A data flow sink for hard-coded symmetric encryption keys. */
-  abstract class Sink extends DataFlow::ExprNode {
+  abstract class Sink extends SinkExprNode {
     /** Gets a description of this sink. */
     abstract string getDescription();
   }

csharp/ql/lib/semmle/code/csharp/security/dataflow/CleartextStorageQuery.qll

@@ -7,6 +7,7 @@ private import semmle.code.csharp.security.dataflow.flowsources.Remote
 private import semmle.code.csharp.frameworks.system.Web
 private import semmle.code.csharp.security.SensitiveActions
 private import semmle.code.csharp.security.dataflow.flowsinks.ExternalLocationSink
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 
 /**
  * A data flow source for cleartext storage of sensitive information.
@@ -16,7 +17,7 @@ abstract class Source extends DataFlow::ExprNode { }
 /**
  * A data flow sink for cleartext storage of sensitive information.
  */
-abstract class Sink extends DataFlow::ExprNode { }
+abstract class Sink extends SinkExprNode { }
 
 /**
  * A sanitizer for cleartext storage of sensitive information.

csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll

@@ -5,6 +5,7 @@
 import csharp
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.system.codedom.Compiler
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.Sanitizers
 private import semmle.code.csharp.dataflow.internal.ExternalFlow
 
@@ -16,7 +17,7 @@ abstract class Source extends DataFlow::Node { }
 /**
  * A data flow sink for user input treated as code vulnerabilities.
  */
-abstract class Sink extends DataFlow::ExprNode { }
+abstract class Sink extends SinkExprNode { }
 
 /**
  * A sanitizer for user input treated as code vulnerabilities.

csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll

@@ -5,6 +5,7 @@
 import csharp
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.system.Diagnostics
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.Sanitizers
 private import semmle.code.csharp.dataflow.internal.ExternalFlow
 
@@ -16,7 +17,7 @@ abstract class Source extends DataFlow::Node { }
 /**
  * A sink for command injection vulnerabilities.
  */
-abstract class Sink extends DataFlow::ExprNode { }
+abstract class Sink extends SinkExprNode { }
 
 /**
  * A sanitizer for user input treated as code vulnerabilities.

csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll

@@ -6,6 +6,7 @@
 import csharp
 private import semmle.code.csharp.controlflow.Guards
 private import semmle.code.csharp.controlflow.BasicBlocks
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.System
 private import semmle.code.csharp.frameworks.system.Net
@@ -19,7 +20,7 @@ abstract class Source extends DataFlow::Node { }
 /**
  * A data flow sink for user-controlled bypass of sensitive method.
  */
-abstract class Sink extends DataFlow::ExprNode {
+abstract class Sink extends SinkExprNode {
   /** Gets the 'MethodCall' which is considered sensitive. */
   abstract MethodCall getSensitiveMethodCall();
 }

csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll

@@ -3,6 +3,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.security.dataflow.flowsinks.ExternalLocationSink
 private import semmle.code.csharp.security.PrivateData
@@ -15,7 +16,7 @@ abstract class Source extends DataFlow::ExprNode { }
 /**
  * A data flow sink for private information flowing unencrypted to an external location.
  */
-abstract class Sink extends DataFlow::ExprNode { }
+abstract class Sink extends SinkExprNode { }
 
 /**
  * A sanitizer for private information flowing unencrypted to an external location.

csharp/ql/lib/semmle/code/csharp/security/dataflow/HardcodedCredentialsQuery.qll

@@ -9,6 +9,7 @@ private import semmle.code.csharp.frameworks.Moq
 private import semmle.code.csharp.frameworks.system.web.Security
 private import semmle.code.csharp.frameworks.system.security.cryptography.X509Certificates
 private import semmle.code.csharp.frameworks.Test
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 
 /**
  * A data flow source for hard coded credentials.
@@ -18,7 +19,7 @@ abstract class Source extends DataFlow::ExprNode { }
 /**
  * A data flow sink for hard coded credentials.
  */
-abstract class Sink extends DataFlow::ExprNode {
+abstract class Sink extends SinkExprNode {
   /**
    * Gets a description of this sink, including a placeholder for the sink and a placeholder for
    * the supplementary element.

csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll

@@ -4,6 +4,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.system.DirectoryServices
 private import semmle.code.csharp.frameworks.system.directoryservices.Protocols
@@ -18,7 +19,7 @@ abstract class Source extends DataFlow::Node { }
 /**
  * A data flow sink for unvalidated user input that is used to construct LDAP queries.
  */
-abstract class Sink extends DataFlow::ExprNode { }
+abstract class Sink extends SinkExprNode { }
 
 /**
  * A sanitizer for unvalidated user input that is used to construct LDAP queries.

csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll

@@ -3,6 +3,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.System
 private import semmle.code.csharp.frameworks.system.text.RegularExpressions
@@ -18,7 +19,7 @@ abstract class Source extends DataFlow::Node { }
 /**
  * A data flow sink for untrusted user input used in log entries.
  */
-abstract class Sink extends DataFlow::ExprNode { }
+abstract class Sink extends SinkExprNode { }
 
 /**
  * A sanitizer for untrusted user input used in log entries.

csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll

@@ -4,6 +4,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.system.Xml
 private import semmle.code.csharp.security.Sanitizers
@@ -18,7 +19,7 @@ abstract class Source extends DataFlow::Node { }
  * A data flow sink for untrusted user input processed as XML without validation against a known
  * schema.
  */
-abstract class Sink extends DataFlow::ExprNode {
+abstract class Sink extends SinkExprNode {
   /** Gets a string describing the reason why this is a sink. */
   abstract string getReason();
 }

csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll

@@ -5,6 +5,7 @@
 
 import csharp
 private import semmle.code.csharp.dataflow.DataFlow2
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.system.text.RegularExpressions
 private import semmle.code.csharp.security.Sanitizers
@@ -17,7 +18,7 @@ abstract class Source extends DataFlow::Node { }
 /**
  * A data flow sink for untrusted user input used in dangerous regular expression operations.
  */
-abstract class Sink extends DataFlow::ExprNode { }
+abstract class Sink extends SinkExprNode { }
 
 /**
  * A sanitizer for untrusted user input used in dangerous regular expression operations.

csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll

@@ -4,6 +4,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.system.text.RegularExpressions
 private import semmle.code.csharp.security.Sanitizers
@@ -16,7 +17,7 @@ abstract class Source extends DataFlow::Node { }
 /**
  * A data flow sink for untrusted user input used to construct regular expressions.
  */
-abstract class Sink extends DataFlow::ExprNode { }
+abstract class Sink extends SinkExprNode { }
 
 /**
  * A sanitizer for untrusted user input used to construct regular expressions.

csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll

@@ -3,6 +3,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.system.Data
 private import semmle.code.csharp.security.Sanitizers
@@ -15,7 +16,7 @@ abstract class Source extends DataFlow::Node { }
 /**
  * A data flow sink for untrusted user input used in resource descriptors.
  */
-abstract class Sink extends DataFlow::ExprNode { }
+abstract class Sink extends SinkExprNode { }
 
 /**
  * A sanitizer for untrusted user input used in resource descriptors.

csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll

@@ -3,6 +3,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.Sql
 private import semmle.code.csharp.security.Sanitizers
@@ -16,7 +17,7 @@ abstract class Source extends DataFlow::Node { }
 /**
  * A sink for SQL injection vulnerabilities.
  */
-abstract class Sink extends DataFlow::ExprNode { }
+abstract class Sink extends SinkExprNode { }
 
 /**
  * A sanitizer for SQL injection vulnerabilities.

csharp/ql/lib/semmle/code/csharp/security/dataflow/TaintedPathQuery.qll

@@ -5,6 +5,7 @@
 
 import csharp
 private import semmle.code.csharp.controlflow.Guards
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.system.IO
 private import semmle.code.csharp.frameworks.system.Web
@@ -18,7 +19,7 @@ abstract class Source extends DataFlow::Node { }
 /**
  * A data flow sink for uncontrolled data in path expression vulnerabilities.
  */
-abstract class Sink extends DataFlow::ExprNode { }
+abstract class Sink extends SinkExprNode { }
 
 /**
  * A sanitizer for uncontrolled data in path expression vulnerabilities.

csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll

@@ -6,6 +6,7 @@
 import csharp
 private import semmle.code.csharp.serialization.Deserializers
 private import semmle.code.csharp.dataflow.TaintTracking2
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 
 /**
@@ -16,7 +17,7 @@ abstract class Source extends DataFlow::Node { }
 /**
  * A data flow sink for unsafe deserialization vulnerabilities.
  */
-abstract class Sink extends DataFlow::Node { }
+abstract class Sink extends SinkNode { }
 
 /**
  * A data flow sink for unsafe deserialization vulnerabilities to an instance method.

csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll

@@ -3,6 +3,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.controlflow.Guards
 private import semmle.code.csharp.frameworks.Format
@@ -20,7 +21,7 @@ abstract class Source extends DataFlow::Node { }
 /**
  * A data flow sink for unvalidated URL redirect vulnerabilities.
  */
-abstract class Sink extends DataFlow::ExprNode { }
+abstract class Sink extends SinkExprNode { }
 
 /**
  * A sanitizer for unvalidated URL redirect vulnerabilities.

csharp/ql/lib/semmle/code/csharp/security/dataflow/XMLEntityInjectionQuery.qll

@@ -3,6 +3,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.System
 private import semmle.code.csharp.frameworks.system.text.RegularExpressions
@@ -19,7 +20,7 @@ private class ThreatModelSource extends Source instanceof ThreatModelFlowSource
 /**
  * A data flow sink for untrusted user input used in XML processing.
  */
-abstract class Sink extends DataFlow::ExprNode {
+abstract class Sink extends SinkExprNode {
   /**
    * Gets the reason for the insecurity of this sink.
    */

csharp/ql/lib/semmle/code/csharp/security/dataflow/XPathInjectionQuery.qll

@@ -3,6 +3,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.system.xml.XPath
 private import semmle.code.csharp.frameworks.system.Xml
@@ -16,7 +17,7 @@ abstract class Source extends DataFlow::Node { }
 /**
  * A data flow sink for untrusted user input used in XPath expression.
  */
-abstract class Sink extends DataFlow::ExprNode { }
+abstract class Sink extends SinkExprNode { }
 
 /**
  * A sanitizer for untrusted user input used in XPath expression.

csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSSinks.qll

@@ -7,6 +7,7 @@ private import semmle.code.asp.AspNet
 private import semmle.code.csharp.frameworks.system.Net
 private import semmle.code.csharp.frameworks.system.Web
 private import semmle.code.csharp.frameworks.system.web.UI
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsinks.Html
 private import semmle.code.csharp.security.dataflow.flowsinks.Remote
 private import semmle.code.csharp.dataflow.internal.ExternalFlow
@@ -18,7 +19,7 @@ private import semmle.code.csharp.frameworks.ServiceStack::XSS
  * Any XSS sink is also a remote flow sink, so this class contributes
  * to the abstract class `RemoteFlowSink`.
  */
-abstract class Sink extends DataFlow::ExprNode, RemoteFlowSink {
+abstract class Sink extends SinkExprNode, RemoteFlowSink {
   /** Gets an explanation of this XSS sink. */
   string explanation() { none() }
 }

csharp/ql/lib/semmle/code/csharp/security/dataflow/ZipSlipQuery.qll

@@ -3,6 +3,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.controlflow.Guards
 
 /**
@@ -13,7 +14,7 @@ abstract class Source extends DataFlow::Node { }
 /**
  * A data flow sink for unsafe zip extraction.
  */
-abstract class Sink extends DataFlow::ExprNode { }
+abstract class Sink extends SinkExprNode { }
 
 /**
  * A sanitizer for unsafe zip extraction.

csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/Email.qll

@@ -1,13 +1,14 @@
 /** Provides data flow sinks for sending email. */
 
 import csharp
+private import FlowSinks
 private import Remote
 private import semmle.code.csharp.frameworks.system.net.Mail
 
 /** Provides sinks for emails. */
 module Email {
   /** A data flow sink for sending email. */
-  abstract class Sink extends DataFlow::ExprNode, RemoteFlowSink { }
+  abstract class Sink extends SinkExprNode, RemoteFlowSink { }
 
   /** A data flow sink for sending email via `System.Net.Mail.MailMessage`. */
   class MailMessageSink extends Sink {