Merge pull request #4781 from hvitved/csharp/persisten-cookie-tests

C#: Add tests for `PersistentCookie.ql`

csharp/ql/test/query-tests/Security Features/CWE-539/PersistentCookie/PersistentCookie.cs

@@ -0,0 +1,12 @@
+// semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll
+using System;
+
+class PersistentCookie
+{
+    void M(System.Web.HttpCookie cookie)
+    {
+        cookie.Expires = DateTime.Now.AddMonths(12); // BAD
+        cookie.Expires = DateTime.Now.AddMinutes(3); // GOOD
+        cookie.Expires = DateTime.Now.AddSeconds(301); // BAD
+    }
+}

csharp/ql/test/query-tests/Security Features/CWE-539/PersistentCookie/PersistentCookie.expected

@@ -0,0 +1,2 @@
+| PersistentCookie.cs:8:9:8:51 | ... = ... | Avoid persistent cookies. |
+| PersistentCookie.cs:10:9:10:53 | ... = ... | Avoid persistent cookies. |

csharp/ql/test/query-tests/Security Features/CWE-539/PersistentCookie/PersistentCookie.qlref

@@ -0,0 +1 @@
+Security Features/PersistentCookie.ql

csharp/ql/test/resources/stubs/System.Web.cs

@@ -183,6 +183,7 @@ namespace System.Web
         public NameValueCollection Values => null;
         public string this[string s] { get => null; set { } }
         public bool Secure { get; set; }
+        public System.DateTime Expires { get; set; }
     }
 
     public abstract class HttpCookieCollection : System.Collections.Specialized.NameObjectCollectionBase