hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add test case using string literal in property name

Browse Source
This commit is contained in:
Edward Minnix III
2025-03-08 17:18:15 -05:00
committed by Tamas Vajk
parent 52b889f008
commit 3d0a85b3cd
3 changed files with 56 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList2.cs Normal file
View File

@@ -0,0 +1,50 @@
namespace VulnerableBlazorApp.Components
{
using System.Collections.Generic;
using Microsoft.AspNetCore.Components;
[RouteAttribute("/names2/{name?}")]
public partial class NameList2 : Microsoft.AspNetCore.Components.ComponentBase
{
protected override void BuildRenderTree(Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder builder)
{
if (Names is not null)
{
builder.OpenElement(0, "div");
builder.OpenElement(1, "ul");
foreach (var name in Names)
{
builder.OpenElement(2, "li");
builder.OpenComponent<VulnerableBlazorApp.Components.Name>(3);
builder.AddComponentParameter(4, "TheName", name);
builder.CloseComponent();
builder.CloseElement();
}
builder.CloseElement();
builder.CloseElement();
}
builder.OpenElement(5, "div");
builder.OpenElement(6, "p");
builder.AddContent(7, "Name: ");
builder.OpenComponent<VulnerableBlazorApp.Components.Name>(8);
builder.AddComponentParameter(9, "TheName", Name);
builder.CloseComponent();
builder.CloseElement();
}
[Parameter]
public string Name { get; set; }
protected override void OnParametersSet()
{
if (Name is not null)
{
Names.Add(Name);
}
}
public List<string> Names { get; set; } = new List<string>();
}
}

3
csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Xss.expected
View File

@@ -1,12 +1,15 @@
edges
| NameList2.cs:31:57:31:60 | access to property Name : String | Name.cs:13:53:13:59 | access to property TheName | provenance | Sink:MaD:149 |
| NameList.cs:31:99:31:102 | access to property Name : String | Name.cs:13:53:13:59 | access to property TheName | provenance | Sink:MaD:149 |
nodes
| Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | semmle.label | access to property UrlParam |
| Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | semmle.label | access to property QueryParam |
| Name.cs:13:53:13:59 | access to property TheName | semmle.label | access to property TheName |
| NameList2.cs:31:57:31:60 | access to property Name : String | semmle.label | access to property Name : String |
| NameList.cs:31:99:31:102 | access to property Name : String | semmle.label | access to property Name : String |
subpaths
#select
| Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | $@ flows to here and is written to HTML or JavaScript. | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | User-provided value |
| Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | $@ flows to here and is written to HTML or JavaScript. | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | User-provided value |
| Name.cs:13:53:13:59 | access to property TheName | NameList2.cs:31:57:31:60 | access to property Name : String | Name.cs:13:53:13:59 | access to property TheName | $@ flows to here and is written to HTML or JavaScript. | NameList2.cs:31:57:31:60 | access to property Name : String | User-provided value |
| Name.cs:13:53:13:59 | access to property TheName | NameList.cs:31:99:31:102 | access to property Name : String | Name.cs:13:53:13:59 | access to property TheName | $@ flows to here and is written to HTML or JavaScript. | NameList.cs:31:99:31:102 | access to property Name : String | User-provided value |

3
csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/remoteFlowSource.expected
View File

@@ -2,6 +2,9 @@
| Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | ASP.NET Core component route parameter |
| Components_Pages_TestPage_razor.g.cs:176:1:176:10 | access to property QueryParam | external |
| Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | external |
| NameList2.cs:31:57:31:60 | access to property Name | ASP.NET Core component route parameter |
| NameList2.cs:41:17:41:20 | access to property Name | ASP.NET Core component route parameter |
| NameList2.cs:43:27:43:30 | access to property Name | ASP.NET Core component route parameter |
| NameList.cs:31:99:31:102 | access to property Name | ASP.NET Core component route parameter |
| NameList.cs:41:17:41:20 | access to property Name | ASP.NET Core component route parameter |
| NameList.cs:43:27:43:30 | access to property Name | ASP.NET Core component route parameter |