hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-30 20:28:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

C#: Inline expectation should have space after $

Browse Source 
This was a regex-find-replace from `// \$(?! )` (using a negative lookahead) to `// $ `.
This commit is contained in:
Owen Mansel-Chan
2026-03-04 11:41:18 +00:00
parent badfa1a5c5
commit 45eb14975a
4 changed files with 22 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
csharp/ql/test/query-tests/Security Features/CWE-1004/HttpOnlyCookie/AspNetCore/NoPolicy/Program.cs
View File

@@ -2,12 +2,12 @@ public class MyController : Microsoft.AspNetCore.Mvc.Controller
{
public void CookieDefault()
{
Response.Cookies.Append("auth", "value"); // $Alert // BAD: HttpOnly is set to false by default
Response.Cookies.Append("auth", "value"); // $ Alert // BAD: HttpOnly is set to false by default
}
public void CookieDefault2()
{
var cookieOptions = new Microsoft.AspNetCore.Http.CookieOptions(); // $Alert
var cookieOptions = new Microsoft.AspNetCore.Http.CookieOptions(); // $ Alert
Response.Cookies.Append("auth", "value", cookieOptions); // BAD: HttpOnly is set to false by default
}
@@ -39,14 +39,14 @@ public class MyController : Microsoft.AspNetCore.Mvc.Controller
void CookieDirectFalse()
{
var cookieOptions = new Microsoft.AspNetCore.Http.CookieOptions(); // $Alert
var cookieOptions = new Microsoft.AspNetCore.Http.CookieOptions(); // $ Alert
cookieOptions.HttpOnly = false;
Response.Cookies.Append("auth", "secret", cookieOptions); // BAD
}
void CookieDirectFalseInitializer()
{
var cookieOptions = new Microsoft.AspNetCore.Http.CookieOptions() { HttpOnly = false }; // $Alert
var cookieOptions = new Microsoft.AspNetCore.Http.CookieOptions() { HttpOnly = false }; // $ Alert
Response.Cookies.Append("auth", "secret", cookieOptions); // BAD
}
@@ -67,7 +67,7 @@ public class MyController : Microsoft.AspNetCore.Mvc.Controller
void CookieIntermediateFalse()
{
var cookieOptions = new Microsoft.AspNetCore.Http.CookieOptions(); // $MISSING:Alert
var cookieOptions = new Microsoft.AspNetCore.Http.CookieOptions(); // $ MISSING:Alert
bool v = false;
cookieOptions.HttpOnly = v;
Response.Cookies.Append("auth", "secret", cookieOptions); // BAD, but not detected
@@ -76,7 +76,7 @@ public class MyController : Microsoft.AspNetCore.Mvc.Controller
void CookieIntermediateFalseInitializer()
{
bool v = false;
var cookieOptions = new Microsoft.AspNetCore.Http.CookieOptions() { HttpOnly = v }; // $MISSING:Alert
var cookieOptions = new Microsoft.AspNetCore.Http.CookieOptions() { HttpOnly = v }; // $ MISSING:Alert
Response.Cookies.Append("auth", "secret", cookieOptions); // BAD, but not detected
}
}

10
csharp/ql/test/query-tests/Security Features/CWE-1004/HttpOnlyCookie/SystemWeb/HttpOnlyCookiesFalse/Program.cs
View File

@@ -13,7 +13,7 @@ class Program
void CookieDefault()
{
var cookie = new System.Web.HttpCookie("sessionID"); // $Alert // BAD: httpOnlyCookies is set to false by default
var cookie = new System.Web.HttpCookie("sessionID"); // $ Alert // BAD: httpOnlyCookies is set to false by default
}
void CookieDefaultForgery()
@@ -29,13 +29,13 @@ class Program
void CookieDirectFalse()
{
var cookie = new System.Web.HttpCookie("sessionID"); // $Alert
var cookie = new System.Web.HttpCookie("sessionID"); // $ Alert
cookie.HttpOnly = false; // BAD
}
void CookieDirectFalseInitializer()
{
var cookie = new System.Web.HttpCookie("sessionID") { HttpOnly = false }; // $Alert // BAD
var cookie = new System.Web.HttpCookie("sessionID") { HttpOnly = false }; // $ Alert // BAD
}
void CookieIntermediateTrue()
@@ -53,7 +53,7 @@ class Program
void CookieIntermediateFalse()
{
var cookie = new System.Web.HttpCookie("sessionID"); // MISSING:Alert
var cookie = new System.Web.HttpCookie("sessionID"); // MISSING:Alert
bool v = false;
cookie.HttpOnly = v; // BAD
}
@@ -61,6 +61,6 @@ class Program
void CookieIntermediateFalseInitializer()
{
bool v = false;
var cookie = new System.Web.HttpCookie("sessionID") { HttpOnly = v }; // $MISSING:Alert // BAD
var cookie = new System.Web.HttpCookie("sessionID") { HttpOnly = v }; // $ MISSING:Alert // BAD
}
}

12
csharp/ql/test/query-tests/Security Features/CWE-614/InsecureCookie/AspNetCore/NoPolicy/Program.cs
View File

@@ -2,12 +2,12 @@ public class MyController : Microsoft.AspNetCore.Mvc.Controller
{
public void CookieDefault()
{
Response.Cookies.Append("name", "value"); // $Alert // BAD: Secure is set to false by default
Response.Cookies.Append("name", "value"); // $ Alert // BAD: Secure is set to false by default
}
public void CookieDefault2()
{
var cookieOptions = new Microsoft.AspNetCore.Http.CookieOptions(); // $Alert
var cookieOptions = new Microsoft.AspNetCore.Http.CookieOptions(); // $ Alert
Response.Cookies.Append("name", "value", cookieOptions); // BAD: Secure is set to false by default
}
@@ -32,14 +32,14 @@ public class MyController : Microsoft.AspNetCore.Mvc.Controller
void CookieDirectFalse()
{
var cookieOptions = new Microsoft.AspNetCore.Http.CookieOptions(); // $Alert
var cookieOptions = new Microsoft.AspNetCore.Http.CookieOptions(); // $ Alert
cookieOptions.Secure = false;
Response.Cookies.Append("auth", "secret", cookieOptions); // BAD
}
void CookieDirectFalseInitializer()
{
var cookieOptions = new Microsoft.AspNetCore.Http.CookieOptions() { Secure = false }; // $Alert
var cookieOptions = new Microsoft.AspNetCore.Http.CookieOptions() { Secure = false }; // $ Alert
Response.Cookies.Append("auth", "secret", cookieOptions); // BAD
}
@@ -60,7 +60,7 @@ public class MyController : Microsoft.AspNetCore.Mvc.Controller
void CookieIntermediateFalse()
{
var cookieOptions = new Microsoft.AspNetCore.Http.CookieOptions(); // $MISSING:Alert
var cookieOptions = new Microsoft.AspNetCore.Http.CookieOptions(); // $ MISSING:Alert
bool v = false;
cookieOptions.Secure = v;
Response.Cookies.Append("auth", "secret", cookieOptions); // BAD, but not detected
@@ -69,7 +69,7 @@ public class MyController : Microsoft.AspNetCore.Mvc.Controller
void CookieIntermediateFalseInitializer()
{
bool v = false;
var cookieOptions = new Microsoft.AspNetCore.Http.CookieOptions() { Secure = v }; // $MISSING:Alert
var cookieOptions = new Microsoft.AspNetCore.Http.CookieOptions() { Secure = v }; // $ MISSING:Alert
Response.Cookies.Append("auth", "secret", cookieOptions); // BAD, but not detected
}
}

10
csharp/ql/test/query-tests/Security Features/CWE-614/InsecureCookie/SystemWeb/RequireSSLFalse/Program.cs
View File

@@ -2,7 +2,7 @@ class Program
{
void CookieDefault()
{
var cookie = new System.Web.HttpCookie("cookieName"); // $Alert // BAD: requireSSL is set to false by default
var cookie = new System.Web.HttpCookie("cookieName"); // $ Alert // BAD: requireSSL is set to false by default
}
void CookieDirectTrue()
@@ -31,18 +31,18 @@ class Program
void CookieDirectFalse()
{
var cookie = new System.Web.HttpCookie("cookieName"); // $Alert
var cookie = new System.Web.HttpCookie("cookieName"); // $ Alert
cookie.Secure = false; // BAD
}
void CookieDirectFalseInitializer()
{
var cookie = new System.Web.HttpCookie("cookieName") { Secure = false }; // $Alert // BAD
var cookie = new System.Web.HttpCookie("cookieName") { Secure = false }; // $ Alert // BAD
}
void CookieIntermediateFalse()
{
var cookie = new System.Web.HttpCookie("cookieName"); // $MISSING:Alert
var cookie = new System.Web.HttpCookie("cookieName"); // $ MISSING:Alert
bool v = false;
cookie.Secure = v; // BAD, but not detected
}
@@ -50,6 +50,6 @@ class Program
void CookieIntermediateFalseInitializer()
{
bool v = false;
var cookie = new System.Web.HttpCookie("cookieName") { Secure = v }; // $MISSING:Alert // BAD, but not detected
var cookie = new System.Web.HttpCookie("cookieName") { Secure = v }; // $ MISSING:Alert // BAD, but not detected
}
}