From b9acaa0cbd508d5fe1b2b623cf36a743b3634bf5 Mon Sep 17 00:00:00 2001
From: James Frank <james.frank@nih.gov>
Date: Tue, 15 Jul 2025 15:18:15 -0400
Subject: [PATCH 1/2] Make web.config match case insensitive

---
 csharp/ql/lib/semmle/code/asp/WebConfig.qll | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/csharp/ql/lib/semmle/code/asp/WebConfig.qll b/csharp/ql/lib/semmle/code/asp/WebConfig.qll
index f9106bcd1afd..384c3a013c3b 100644
--- a/csharp/ql/lib/semmle/code/asp/WebConfig.qll
+++ b/csharp/ql/lib/semmle/code/asp/WebConfig.qll
@@ -8,14 +8,14 @@ import csharp
  * A `Web.config` file.
  */
 class WebConfigXml extends XmlFile {
-  WebConfigXml() { this.getName().matches("%Web.config") }
+  WebConfigXml() { this.getName().toLowerCase().matches("%web.config") }
 }
 
 /**
  * A `Web.config` transformation file.
  */
 class WebConfigReleaseTransformXml extends XmlFile {
-  WebConfigReleaseTransformXml() { this.getName().matches("%Web.Release.config") }
+  WebConfigReleaseTransformXml() { this.getName().toLowerCase().matches("%web.release.config") }
 }
 
 /** A `<configuration>` tag in an ASP.NET configuration file. */

From a537c0091e5273a8a64123fbd10c43e0b245a581 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 16 Jul 2025 09:06:38 +0100
Subject: [PATCH 2/2] change note

---
 csharp/ql/src/change-notes/2025-07-16-web-config.md | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 csharp/ql/src/change-notes/2025-07-16-web-config.md

diff --git a/csharp/ql/src/change-notes/2025-07-16-web-config.md b/csharp/ql/src/change-notes/2025-07-16-web-config.md
new file mode 100644
index 000000000000..238f64386633
--- /dev/null
+++ b/csharp/ql/src/change-notes/2025-07-16-web-config.md
@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* `web.config` and `web.release.config` files are now recognised regardless of case. This means queries `cs/web/debug-binary` and `cs/web/missing-x-frame-options` may produce more results than before.