github
diff --git a/‎csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.ql‎
Lines changed: 14 additions & 18 deletions b/‎csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.ql‎
Lines changed: 14 additions & 18 deletions
diff --git a/‎…rity Features/CWE-759/HashWithoutSalt.cs‎ ‎…rity Features/CWE-759/HashWithoutSalt.cs‎csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.cs renamed to csharp/ql/test/experimental/Security Features/CWE-759/HashWithoutSalt.cs b/‎…rity Features/CWE-759/HashWithoutSalt.cs‎ ‎…rity Features/CWE-759/HashWithoutSalt.cs‎csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.cs renamed to csharp/ql/test/experimental/Security Features/CWE-759/HashWithoutSalt.cs
diff --git a/‎…eatures/CWE-759/HashWithoutSalt.expected‎ ‎…eatures/CWE-759/HashWithoutSalt.expected‎csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.expected renamed to csharp/ql/test/experimental/Security Features/CWE-759/HashWithoutSalt.expected b/‎…eatures/CWE-759/HashWithoutSalt.expected‎ ‎…eatures/CWE-759/HashWithoutSalt.expected‎csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.expected renamed to csharp/ql/test/experimental/Security Features/CWE-759/HashWithoutSalt.expected
diff --git a/‎csharp/ql/test/experimental/Security Features/CWE-759/HashWithoutSalt.qlref‎
Lines changed: 1 addition & 0 deletions b/‎csharp/ql/test/experimental/Security Features/CWE-759/HashWithoutSalt.qlref‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎…ental/Security Features/CWE-759/Stubs.cs‎ ‎…ental/Security Features/CWE-759/Stubs.cs‎csharp/ql/src/experimental/Security Features/CWE-759/Stubs.cs renamed to csharp/ql/test/experimental/Security Features/CWE-759/Stubs.cs b/‎…ental/Security Features/CWE-759/Stubs.cs‎ ‎…ental/Security Features/CWE-759/Stubs.cs‎csharp/ql/src/experimental/Security Features/CWE-759/Stubs.cs renamed to csharp/ql/test/experimental/Security Features/CWE-759/Stubs.cs
@@ -22,19 +22,17 @@ class HashAlgorithmProvider extends RefType {
   }
 }
 
-/** The method call `ComputeHash()` declared in `System.Security.Cryptography.SHA...`. */
-class ComputeHashMethodCall extends MethodCall {
-  ComputeHashMethodCall() {
-    this.getQualifier().getType() instanceof SHA and
-    this.getTarget().hasName("ComputeHash")
-  }
-}
-
-/** The method call `ComputeHash()` declared in `System.Security.Cryptography.SHA...`. */
-class HashDataMethodCall extends MethodCall {
-  HashDataMethodCall() {
-    this.getQualifier().getType() instanceof HashAlgorithmProvider and
-    this.getTarget().hasName("HashData")
+/**
+ * The method `ComputeHash()` declared in `System.Security.Cryptography.SHA...` and
+ * the method `HashData()` declared in `Windows.Security.Cryptography.Core.HashAlgorithmProvider`.
+ */
+class HashMethod extends Method {
+  HashMethod() {
+    this.getDeclaringType() instanceof SHA and
+    this.hasName("ComputeHash")
+    or
+    this.getDeclaringType() instanceof HashAlgorithmProvider and
+    this.hasName("HashData")
   }
 }
 
@@ -55,11 +53,9 @@ class HashWithoutSaltConfiguration extends TaintTracking::Configuration {
   override predicate isSource(DataFlow::Node source) { source.asExpr() instanceof PasswordVarExpr }
 
   override predicate isSink(DataFlow::Node sink) {
-    exists(ComputeHashMethodCall mc |
-      sink.asExpr() = mc.getArgument(0) // sha256Hash.ComputeHash(rawDatabytes)
-    ) or
-    exists(HashDataMethodCall mc |
-      sink.asExpr() = mc.getArgument(0) // algProv.HashData(rawDatabytes)
+    exists(MethodCall mc |
+      sink.asExpr() = mc.getArgument(0) and
+      mc.getTarget() instanceof HashMethod
     )
   }
 
 
@@ -0,0 +1 @@
+experimental/Security Features/CWE-759/HashWithoutSalt.ql
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+experimental/Security Features/CWE-759/HashWithoutSalt.ql`