diff --git a/csharp/ql/integration-tests/all-platforms/cshtml_standalone_flowsteps/Controllers/TestController.cs b/csharp/ql/integration-tests/all-platforms/cshtml_standalone_flowsteps/Controllers/TestController.cs new file mode 100644 index 00000000000..48d4b340fbf --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/cshtml_standalone_flowsteps/Controllers/TestController.cs @@ -0,0 +1,16 @@ +namespace test; + +using System.Net; +using Microsoft.AspNetCore.Mvc; +using Microsoft.AspNetCore.Mvc.Razor; + +public class UserData +{ + public string Name { get; set; } +} + +public class TestController : Controller { + public IActionResult Test(UserData tainted1) { + return View("Test", tainted1); + } +} \ No newline at end of file diff --git a/csharp/ql/integration-tests/all-platforms/cshtml_standalone_flowsteps/Views/Test/Test.cshtml b/csharp/ql/integration-tests/all-platforms/cshtml_standalone_flowsteps/Views/Test/Test.cshtml new file mode 100644 index 00000000000..74a8eab1c71 --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/cshtml_standalone_flowsteps/Views/Test/Test.cshtml @@ -0,0 +1,9 @@ +@namespace test +@model UserData +@{ +} + +@if (Model != null) +{ +

Hello "@Html.Raw(Model.Name)"

+} \ No newline at end of file diff --git a/csharp/ql/integration-tests/all-platforms/cshtml_standalone_flowsteps/XSS.expected b/csharp/ql/integration-tests/all-platforms/cshtml_standalone_flowsteps/XSS.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/csharp/ql/integration-tests/all-platforms/cshtml_standalone_flowsteps/XSS.qlref b/csharp/ql/integration-tests/all-platforms/cshtml_standalone_flowsteps/XSS.qlref new file mode 100644 index 00000000000..faad1d6403c --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/cshtml_standalone_flowsteps/XSS.qlref @@ -0,0 +1 @@ +Security Features/CWE-079/XSS.ql \ No newline at end of file diff --git a/csharp/ql/integration-tests/all-platforms/cshtml_standalone_flowsteps/cshtml.csproj b/csharp/ql/integration-tests/all-platforms/cshtml_standalone_flowsteps/cshtml.csproj new file mode 100644 index 00000000000..e69de29bb2d diff --git a/csharp/ql/integration-tests/all-platforms/cshtml_standalone_flowsteps/test.py b/csharp/ql/integration-tests/all-platforms/cshtml_standalone_flowsteps/test.py new file mode 100644 index 00000000000..5fa07537d4a --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/cshtml_standalone_flowsteps/test.py @@ -0,0 +1,6 @@ +import os +from create_database_utils import * + + +os.environ['CODEQL_EXTRACTOR_CSHARP_STANDALONE_EXTRACT_WEB_VIEWS'] = 'true' +run_codeql_database_create(lang="csharp", extra_args=["--extractor-option=buildless=true", "--extractor-option=cil=false"])