C#: Fix simple types testcases.

2025-12-16 16:53:25 +01:00 · 2025-04-02 10:16:52 +02:00
parent 024712c073
commit 60e3b4351a
2 changed files with 54 additions and 46 deletions
--- a/csharp/ql/test/query-tests/Security
+++ b/csharp/ql/test/query-tests/Security
@@ -3,6 +3,11 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Headers;
 using Microsoft.AspNetCore.Mvc;

+public enum TestEnum
+{
+    TestEnumValue
+}
+
 public class AspController : ControllerBase
 {
    public void Action1(string username)
@@ -38,4 +43,53 @@ public class AspController : ControllerBase
            logger.Warn($"Warning about the bool: {b}");
        }
    }
+
+    public void ActionInt(int i)
+    {
+        var logger = new ILogger();
+        // GOOD: int is a sanitizer.
+        logger.Warn($"Warning about the int: {i}");
+    }
+
+    public void ActionLong(long l)
+    {
+        var logger = new ILogger();
+        // GOOD: long is a sanitizer.
+        logger.Warn($"Warning about the long: {l}");
+    }
+
+    public void ActionFloat(float f)
+    {
+        var logger = new ILogger();
+        // GOOD: float is a sanitizer.
+        logger.Warn($"Warning about the float: {f}");
+    }
+
+    public void ActionDouble(double d)
+    {
+        var logger = new ILogger();
+        // GOOD: double is a sanitizer.
+        logger.Warn($"Warning about the double: {d}");
+    }
+
+    public void ActionDecimal(decimal d)
+    {
+        var logger = new ILogger();
+        // GOOD: decimal is a sanitizer.
+        logger.Warn($"Warning about the decimal: {d}");
+    }
+
+    public void ActionEnum(TestEnum e)
+    {
+        var logger = new ILogger();
+        // GOOD: Enum is a sanitizer. [FALSE POSITIVE]
+        logger.Warn($"Warning about the enum: {e}");
+    }
+
+    public void ActionDateTime(DateTimeOffset dt)
+    {
+        var logger = new ILogger();
+        // GOOD: DateTimeOffset is a sanitizer. [FALSEPOSITIVE]
+        logger.Warn($"Warning about the DateTimeOffset: {dt}");
+    }
 }
--- a/Features/CWE-117/LogForgingSimpleTypes.cs
+++ b/Features/CWE-117/LogForgingSimpleTypes.cs
@@ -1,46 +0,0 @@
-using System;
-using System.Diagnostics;
-using System.IO;
-using System.Net;
-using System.Web;
-using Microsoft.Extensions.Logging;
-
-class ILogger
-{
-    public void Warn(string message) { }
-}
-
-enum TestEnum
-{
-    TestEnumValue
-}
-
-public class LogForgingSimpleTypes
-{
-    public void Execute(HttpContext ctx)
-    {
-        // GOOD: int
-        logger.Warn("Logging simple type (int):" 1);
-
-        // GOOD: long
-        logger.Warn("Logging simple type (int):" 1L);
-
-        // GOOD: float
-        logger.Warn("Logging simple type (float):" 1.1);
-        
-        // GOOD: double
-        logger.Warn("Logging simple type (double):" 1.1d);
-        
-        // GOOD: decimal
-        logger.Warn("Logging simple type (double):" 1.1m);
-        
-        // GOOD: Enum
-        logger.Warn("Logging simple type (Enum):" TestEnum.TestEnumVAlue);
-        
-        // GOOD: DateTime
-        logger.Warn("Logging simple type (int):" new DateTime());
-
-        // GOOD: DateTimeOffset
-        logger.Warn("Logging simple type (int):" DateTimeOffset.UtcNow);
-    }
-}