From b2fc68ff818696ca6ac4c2331845fc35bf28f343 Mon Sep 17 00:00:00 2001
From: ewillonermsft <129988051+ewillonermsft@users.noreply.github.com>
Date: Wed, 24 Sep 2025 18:24:36 -0700
Subject: [PATCH 1/4] Add additional SystemWeb HttpRequset properties to C#
 test stubs

---
 csharp/ql/test/resources/stubs/System.Web.cs | 31 ++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/csharp/ql/test/resources/stubs/System.Web.cs b/csharp/ql/test/resources/stubs/System.Web.cs
index f0572742f883..f1d15e1212c2 100644
--- a/csharp/ql/test/resources/stubs/System.Web.cs
+++ b/csharp/ql/test/resources/stubs/System.Web.cs
@@ -178,6 +178,37 @@ public class HttpRequest
         public string RawUrl { get; set; }
         public HttpCookieCollection Cookies => null;
         public bool IsAuthenticated { get; set; }
+        public NameValueCollection Form => null;
+        public NameValueCollection Headers => null;
+        public NameValueCollection Params => null;
+        public string UserAgent(string s) => null;
+        public string UrlReferrer(string s) => null;
+        public NameValueCollection ServerVariables => null;
+        // Default property that goes through the collections
+        //      QueryString, Form, Cookies, ClientCertificate and ServerVariables
+        public String this[String key]
+        {
+            get
+            {
+                String s;
+
+                s = QueryString[key];
+                if (s != null)
+                    return s;
+
+                s = Form[key];
+                if (s != null)
+                    return s;
+
+                HttpCookie c = Cookies[key];
+                if (c != null)
+                    return c.Value;
+
+                s = ServerVariables[key];
+                if (s != null)
+                    return s;
+            }
+        }
     }
 
     public class HttpRequestWrapper : System.Web.HttpRequestBase

From b49b84e0727dff636306f2d9121341dd6b6e094b Mon Sep 17 00:00:00 2001
From: ewillonermsft <129988051+ewillonermsft@users.noreply.github.com>
Date: Thu, 25 Sep 2025 10:10:48 -0700
Subject: [PATCH 2/4] Remove this[] logic from the commit.

Stub should not include code logic.
---
 csharp/ql/test/resources/stubs/System.Web.cs | 26 +-------------------
 1 file changed, 1 insertion(+), 25 deletions(-)

diff --git a/csharp/ql/test/resources/stubs/System.Web.cs b/csharp/ql/test/resources/stubs/System.Web.cs
index f1d15e1212c2..ed9ed5dda55f 100644
--- a/csharp/ql/test/resources/stubs/System.Web.cs
+++ b/csharp/ql/test/resources/stubs/System.Web.cs
@@ -184,31 +184,7 @@ public class HttpRequest
         public string UserAgent(string s) => null;
         public string UrlReferrer(string s) => null;
         public NameValueCollection ServerVariables => null;
-        // Default property that goes through the collections
-        //      QueryString, Form, Cookies, ClientCertificate and ServerVariables
-        public String this[String key]
-        {
-            get
-            {
-                String s;
-
-                s = QueryString[key];
-                if (s != null)
-                    return s;
-
-                s = Form[key];
-                if (s != null)
-                    return s;
-
-                HttpCookie c = Cookies[key];
-                if (c != null)
-                    return c.Value;
-
-                s = ServerVariables[key];
-                if (s != null)
-                    return s;
-            }
-        }
+        public String this[String key] => null;
     }
 
     public class HttpRequestWrapper : System.Web.HttpRequestBase

From b267bd11e07c5cb4a8a560a5e15087f1616cc480 Mon Sep 17 00:00:00 2001
From: ewillonermsft <129988051+ewillonermsft@users.noreply.github.com>
Date: Thu, 25 Sep 2025 10:37:56 -0700
Subject: [PATCH 3/4] Update properties to getters which is inline with the
 actual implementation.

---
 csharp/ql/test/resources/stubs/System.Web.cs | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/csharp/ql/test/resources/stubs/System.Web.cs b/csharp/ql/test/resources/stubs/System.Web.cs
index ed9ed5dda55f..c15b871095ff 100644
--- a/csharp/ql/test/resources/stubs/System.Web.cs
+++ b/csharp/ql/test/resources/stubs/System.Web.cs
@@ -178,12 +178,12 @@ public class HttpRequest
         public string RawUrl { get; set; }
         public HttpCookieCollection Cookies => null;
         public bool IsAuthenticated { get; set; }
-        public NameValueCollection Form => null;
-        public NameValueCollection Headers => null;
-        public NameValueCollection Params => null;
-        public string UserAgent(string s) => null;
-        public string UrlReferrer(string s) => null;
-        public NameValueCollection ServerVariables => null;
+        public NameValueCollection Form { get; }
+        public NameValueCollection Headers { get; }
+        public NameValueCollection Params { get; }
+        public string UserAgent { get; }
+        public Uri UrlReferrer { get; }
+        public NameValueCollection ServerVariables { get; }
         public String this[String key] => null;
     }
 

From 2b97e17bdacbdea2bd49f0c95b56e816304763cf Mon Sep 17 00:00:00 2001
From: Michael Nebel <michaelnebel@github.com>
Date: Mon, 29 Sep 2025 09:32:34 +0200
Subject: [PATCH 4/4] C#: Add a stub for the System.Uri class for the CWE-611
 test.

---
 .../query-tests/Security Features/CWE-611/stubs.cs     | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/csharp/ql/test/query-tests/Security Features/CWE-611/stubs.cs b/csharp/ql/test/query-tests/Security Features/CWE-611/stubs.cs
index 04c39623cacd..6375ac035c12 100644
--- a/csharp/ql/test/query-tests/Security Features/CWE-611/stubs.cs	
+++ b/csharp/ql/test/query-tests/Security Features/CWE-611/stubs.cs	
@@ -1,3 +1,9 @@
-namespace System.Web;
+namespace System
+{
+    public class Uri { }
 
-public interface IHtmlString { }
+    namespace Web
+    {
+        public interface IHtmlString { }
+    }
+}