hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 00:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add areas

Browse Source
This commit is contained in:
Joe Farebrother
2023-10-23 16:11:11 +01:00
parent 7691cbce87
commit 7194113a64
3 changed files with 99 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSFlowSteps.qll
View File

@@ -58,6 +58,15 @@ private class ViewCall extends MethodCall {
/** Gets the name of the MVC controller that this call is made from, if any. */
string getControllerName() { result + "Controller" = this.getController().getName() }
/** Gets the name of the Area that the controller of this call belongs to, if any. */
string getAreaName() {
exists(Attribute attr |
attr = this.getController().getAnAttribute() and
attr.getType().hasQualifiedName("Microsoft.AspNetCore.Mvc", "AreaAttribute") and
result = attr.getArgument(0).(StringLiteral).getValue()
)
}
}
/** A compiler-generated Razor page. */
@@ -110,17 +119,21 @@ private predicate viewCallRefersToPageRelative(ViewCall vc, RazorPage rp) {
/** Gets the `i`th template for view discovery. */
private string getViewSearchTemplate(int i) {
i = 0 and result = "/Views/{1}/{0}.cshtml"
i = 0 and result = "/Areas/{2}/Views/{1}/{0}.cshtml"
or
i = 1 and result = "/Views/Shared/{0}.cshtml"
i = 1 and result = "/Areas/{2}/Views/Shared/{0}.cshtml"
or
i = 2 and result = getAViewSearchTemplateInCode()
i = 2 and result = "/Views/{1}/{0}.cshtml"
or
i = 3 and result = "/Views/Shared/{0}.cshtml"
or
i = 4 and result = getAViewSearchTemplateInCode()
}
/** Gets an additional template used for view discovery defined in code. */
private string getAViewSearchTemplateInCode() {
exists(StringLiteral str, MethodCall addCall |
addCall.getTarget().hasQualifiedName("System.Collections.Generic", "IList", "Add") and
addCall.getTarget().hasName("Add") and
DataFlow::localExprFlow(str, addCall.getArgument(0)) and
addCall.getQualifier() = getAViewLocationList() and
result = str.getValue()
@@ -134,8 +147,8 @@ private Expr getAViewLocationList() {
.getProperty()
.hasQualifiedName("Microsoft.AspNetCore.Mvc.Razor", "RazorViewEngineOptions",
[
"ViewLocationFormats", "PageViewLocationFormats", "AreaViewLocationFormats",
"AreaPageViewLocationFormats"
"ViewLocationFormats", "AreaViewLocationFormats",
//"PageViewLocationFormats","AreaPageViewLocationFormats"
])
}
@@ -145,13 +158,21 @@ private class RelativeViewCallFilepath extends NormalizableFilepath {
int idx_;
RelativeViewCallFilepath() {
exists(string template | template = getViewSearchTemplate(idx_) |
this =
template.replaceAll("{0}", vc_.getActionName()).replaceAll("{1}", vc_.getControllerName())
or
not exists(vc_.getControllerName()) and
not template.matches("%{1}%") and
this = template.replaceAll("{0}", vc_.getActionName())
exists(string template, string sub2, string sub1, string sub0 |
template = getViewSearchTemplate(idx_)
|
(
if template.matches("%{2}%")
then sub2 = template.replaceAll("{2}", vc_.getAreaName())
else sub2 = template
) and
(
if template.matches("%{1}%")
then sub1 = sub2.replaceAll("{1}", vc_.getControllerName())
else sub1 = sub2
) and
sub0 = sub1.replaceAll("{0}", vc_.getActionName()) and
this = sub0
)
}

11
csharp/ql/test/query-tests/Security Features/CWE-079/XSSRazorPages/Controllers/TestController.cs
View File

@@ -3,6 +3,7 @@ namespace test;
using System.Net;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.RazorPages;
using Microsoft.AspNetCore.Mvc.Razor;
public class UserData
{
@@ -79,12 +80,12 @@ public class Test2Controller : Controller {
}
private IActionResult test13(UserData tainted13) {
// Expected to find file /Views/Other/Test13.cshtml
// MISSING: Expected to find file /Views/Other/Test13.cshtml.
return Helper.helper3(this, tainted13);
}
private IActionResult test14(UserData tainted14) {
// Expected to find file /Views/Shared/Test14.cshtml and NOT /Views/Test2/Test14.cshtml
// MISSING: Expected to find file /Views/Shared/Test14.cshtml and NOT /Views/Test2/Test14.cshtml
return Helper.helper4(this, tainted14);
}
@@ -101,8 +102,8 @@ public class Test3Controller : Controller {
o.ViewLocationFormats.Add("/Views/Custom/{1}/{0}.cshtml");
}
private IActionResult Test15(UserData tainted14) {
// Expected to find file /Views/Custom/Test3/Test15.cshtml
return View(x);
private IActionResult Test15(UserData tainted15) {
// MISSING: Expected to find file /Views/Custom/Test3/Test15.cshtml
return View(tainted15);
}
}

118
csharp/ql/test/query-tests/Security Features/CWE-079/XSSRazorPages/XSS.expected
View File

@@ -1,28 +1,28 @@
edges
| Controllers/TestController.cs:13:41:13:48 | tainted1 : UserData | Controllers/TestController.cs:15:30:15:37 | access to parameter tainted1 : UserData |
| Controllers/TestController.cs:15:30:15:37 | access to parameter tainted1 : UserData | Views/Test/Test1.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:18:41:18:48 | tainted2 : UserData | Controllers/TestController.cs:20:30:20:37 | access to parameter tainted2 : UserData |
| Controllers/TestController.cs:20:30:20:37 | access to parameter tainted2 : UserData | Views/Shared/Test2.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:23:41:23:48 | tainted3 : UserData | Controllers/TestController.cs:25:30:25:37 | access to parameter tainted3 : UserData |
| Controllers/TestController.cs:25:30:25:37 | access to parameter tainted3 : UserData | Views/Test/Test3.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:28:41:28:48 | tainted4 : UserData | Controllers/TestController.cs:30:32:30:39 | access to parameter tainted4 : UserData |
| Controllers/TestController.cs:30:32:30:39 | access to parameter tainted4 : UserData | Views/Test/Test4.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:33:41:33:48 | tainted5 : UserData | Controllers/TestController.cs:35:39:35:46 | access to parameter tainted5 : UserData |
| Controllers/TestController.cs:35:39:35:46 | access to parameter tainted5 : UserData | Views/Other/Test5.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:38:41:38:48 | tainted6 : UserData | Controllers/TestController.cs:40:64:40:71 | access to parameter tainted6 : UserData |
| Controllers/TestController.cs:40:64:40:71 | access to parameter tainted6 : UserData | Views/Other/Test6.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:43:41:43:48 | tainted7 : UserData | Controllers/TestController.cs:45:21:45:28 | access to parameter tainted7 : UserData |
| Controllers/TestController.cs:45:21:45:28 | access to parameter tainted7 : UserData | Views/Test/Test7.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:48:41:48:48 | tainted8 : UserData | Controllers/TestController.cs:50:50:50:57 | access to parameter tainted8 : UserData |
| Controllers/TestController.cs:50:50:50:57 | access to parameter tainted8 : UserData | Views/Other/Test8.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:53:41:53:48 | tainted9 : UserData | Controllers/TestController.cs:55:51:55:58 | access to parameter tainted9 : UserData |
| Controllers/TestController.cs:55:51:55:58 | access to parameter tainted9 : UserData | Views/Other/Test9.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:60:42:60:50 | tainted10 : UserData | Controllers/TestController.cs:62:31:62:39 | access to parameter tainted10 : UserData |
| Controllers/TestController.cs:62:31:62:39 | access to parameter tainted10 : UserData | Views/Test2/Test10.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:65:42:65:50 | tainted11 : UserData | Controllers/TestController.cs:67:23:67:31 | access to parameter tainted11 : UserData |
| Controllers/TestController.cs:67:23:67:31 | access to parameter tainted11 : UserData | Controllers/TestController.cs:70:43:70:43 | x : UserData |
| Controllers/TestController.cs:70:43:70:43 | x : UserData | Controllers/TestController.cs:71:31:71:31 | access to parameter x : UserData |
| Controllers/TestController.cs:71:31:71:31 | access to parameter x : UserData | Views/Test2/Test11.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:14:41:14:48 | tainted1 : UserData | Controllers/TestController.cs:16:30:16:37 | access to parameter tainted1 : UserData |
| Controllers/TestController.cs:16:30:16:37 | access to parameter tainted1 : UserData | Views/Test/Test1.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:19:41:19:48 | tainted2 : UserData | Controllers/TestController.cs:21:30:21:37 | access to parameter tainted2 : UserData |
| Controllers/TestController.cs:21:30:21:37 | access to parameter tainted2 : UserData | Views/Shared/Test2.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:24:41:24:48 | tainted3 : UserData | Controllers/TestController.cs:26:30:26:37 | access to parameter tainted3 : UserData |
| Controllers/TestController.cs:26:30:26:37 | access to parameter tainted3 : UserData | Views/Test/Test3.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:29:41:29:48 | tainted4 : UserData | Controllers/TestController.cs:31:32:31:39 | access to parameter tainted4 : UserData |
| Controllers/TestController.cs:31:32:31:39 | access to parameter tainted4 : UserData | Views/Test/Test4.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:34:41:34:48 | tainted5 : UserData | Controllers/TestController.cs:36:39:36:46 | access to parameter tainted5 : UserData |
| Controllers/TestController.cs:36:39:36:46 | access to parameter tainted5 : UserData | Views/Other/Test5.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:39:41:39:48 | tainted6 : UserData | Controllers/TestController.cs:41:64:41:71 | access to parameter tainted6 : UserData |
| Controllers/TestController.cs:41:64:41:71 | access to parameter tainted6 : UserData | Views/Other/Test6.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:44:41:44:48 | tainted7 : UserData | Controllers/TestController.cs:46:21:46:28 | access to parameter tainted7 : UserData |
| Controllers/TestController.cs:46:21:46:28 | access to parameter tainted7 : UserData | Views/Test/Test7.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:49:41:49:48 | tainted8 : UserData | Controllers/TestController.cs:51:50:51:57 | access to parameter tainted8 : UserData |
| Controllers/TestController.cs:51:50:51:57 | access to parameter tainted8 : UserData | Views/Other/Test8.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:54:41:54:48 | tainted9 : UserData | Controllers/TestController.cs:56:51:56:58 | access to parameter tainted9 : UserData |
| Controllers/TestController.cs:56:51:56:58 | access to parameter tainted9 : UserData | Views/Other/Test9.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:61:42:61:50 | tainted10 : UserData | Controllers/TestController.cs:63:31:63:39 | access to parameter tainted10 : UserData |
| Controllers/TestController.cs:63:31:63:39 | access to parameter tainted10 : UserData | Views/Test2/Test10.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:66:42:66:50 | tainted11 : UserData | Controllers/TestController.cs:68:23:68:31 | access to parameter tainted11 : UserData |
| Controllers/TestController.cs:68:23:68:31 | access to parameter tainted11 : UserData | Controllers/TestController.cs:71:43:71:43 | x : UserData |
| Controllers/TestController.cs:71:43:71:43 | x : UserData | Controllers/TestController.cs:71:70:71:70 | access to parameter x : UserData |
| Controllers/TestController.cs:71:70:71:70 | access to parameter x : UserData | Views/Test2/Test11.cshtml:8:16:8:20 | access to property Model : UserData |
| Views/Other/Test5.cshtml:8:16:8:20 | access to property Model : UserData | Views/Other/Test5.cshtml:8:16:8:25 | access to property Name |
| Views/Other/Test6.cshtml:8:16:8:20 | access to property Model : UserData | Views/Other/Test6.cshtml:8:16:8:25 | access to property Name |
| Views/Other/Test8.cshtml:8:16:8:20 | access to property Model : UserData | Views/Other/Test8.cshtml:8:16:8:25 | access to property Name |
@@ -35,30 +35,30 @@ edges
| Views/Test/Test4.cshtml:8:16:8:20 | access to property Model : UserData | Views/Test/Test4.cshtml:8:16:8:25 | access to property Name |
| Views/Test/Test7.cshtml:8:16:8:20 | access to property Model : UserData | Views/Test/Test7.cshtml:8:16:8:25 | access to property Name |
nodes
| Controllers/TestController.cs:13:41:13:48 | tainted1 : UserData | semmle.label | tainted1 : UserData |
| Controllers/TestController.cs:15:30:15:37 | access to parameter tainted1 : UserData | semmle.label | access to parameter tainted1 : UserData |
| Controllers/TestController.cs:18:41:18:48 | tainted2 : UserData | semmle.label | tainted2 : UserData |
| Controllers/TestController.cs:20:30:20:37 | access to parameter tainted2 : UserData | semmle.label | access to parameter tainted2 : UserData |
| Controllers/TestController.cs:23:41:23:48 | tainted3 : UserData | semmle.label | tainted3 : UserData |
| Controllers/TestController.cs:25:30:25:37 | access to parameter tainted3 : UserData | semmle.label | access to parameter tainted3 : UserData |
| Controllers/TestController.cs:28:41:28:48 | tainted4 : UserData | semmle.label | tainted4 : UserData |
| Controllers/TestController.cs:30:32:30:39 | access to parameter tainted4 : UserData | semmle.label | access to parameter tainted4 : UserData |
| Controllers/TestController.cs:33:41:33:48 | tainted5 : UserData | semmle.label | tainted5 : UserData |
| Controllers/TestController.cs:35:39:35:46 | access to parameter tainted5 : UserData | semmle.label | access to parameter tainted5 : UserData |
| Controllers/TestController.cs:38:41:38:48 | tainted6 : UserData | semmle.label | tainted6 : UserData |
| Controllers/TestController.cs:40:64:40:71 | access to parameter tainted6 : UserData | semmle.label | access to parameter tainted6 : UserData |
| Controllers/TestController.cs:43:41:43:48 | tainted7 : UserData | semmle.label | tainted7 : UserData |
| Controllers/TestController.cs:45:21:45:28 | access to parameter tainted7 : UserData | semmle.label | access to parameter tainted7 : UserData |
| Controllers/TestController.cs:48:41:48:48 | tainted8 : UserData | semmle.label | tainted8 : UserData |
| Controllers/TestController.cs:50:50:50:57 | access to parameter tainted8 : UserData | semmle.label | access to parameter tainted8 : UserData |
| Controllers/TestController.cs:53:41:53:48 | tainted9 : UserData | semmle.label | tainted9 : UserData |
| Controllers/TestController.cs:55:51:55:58 | access to parameter tainted9 : UserData | semmle.label | access to parameter tainted9 : UserData |
| Controllers/TestController.cs:60:42:60:50 | tainted10 : UserData | semmle.label | tainted10 : UserData |
| Controllers/TestController.cs:62:31:62:39 | access to parameter tainted10 : UserData | semmle.label | access to parameter tainted10 : UserData |
| Controllers/TestController.cs:65:42:65:50 | tainted11 : UserData | semmle.label | tainted11 : UserData |
| Controllers/TestController.cs:67:23:67:31 | access to parameter tainted11 : UserData | semmle.label | access to parameter tainted11 : UserData |
| Controllers/TestController.cs:70:43:70:43 | x : UserData | semmle.label | x : UserData |
| Controllers/TestController.cs:71:31:71:31 | access to parameter x : UserData | semmle.label | access to parameter x : UserData |
| Controllers/TestController.cs:14:41:14:48 | tainted1 : UserData | semmle.label | tainted1 : UserData |
| Controllers/TestController.cs:16:30:16:37 | access to parameter tainted1 : UserData | semmle.label | access to parameter tainted1 : UserData |
| Controllers/TestController.cs:19:41:19:48 | tainted2 : UserData | semmle.label | tainted2 : UserData |
| Controllers/TestController.cs:21:30:21:37 | access to parameter tainted2 : UserData | semmle.label | access to parameter tainted2 : UserData |
| Controllers/TestController.cs:24:41:24:48 | tainted3 : UserData | semmle.label | tainted3 : UserData |
| Controllers/TestController.cs:26:30:26:37 | access to parameter tainted3 : UserData | semmle.label | access to parameter tainted3 : UserData |
| Controllers/TestController.cs:29:41:29:48 | tainted4 : UserData | semmle.label | tainted4 : UserData |
| Controllers/TestController.cs:31:32:31:39 | access to parameter tainted4 : UserData | semmle.label | access to parameter tainted4 : UserData |
| Controllers/TestController.cs:34:41:34:48 | tainted5 : UserData | semmle.label | tainted5 : UserData |
| Controllers/TestController.cs:36:39:36:46 | access to parameter tainted5 : UserData | semmle.label | access to parameter tainted5 : UserData |
| Controllers/TestController.cs:39:41:39:48 | tainted6 : UserData | semmle.label | tainted6 : UserData |
| Controllers/TestController.cs:41:64:41:71 | access to parameter tainted6 : UserData | semmle.label | access to parameter tainted6 : UserData |
| Controllers/TestController.cs:44:41:44:48 | tainted7 : UserData | semmle.label | tainted7 : UserData |
| Controllers/TestController.cs:46:21:46:28 | access to parameter tainted7 : UserData | semmle.label | access to parameter tainted7 : UserData |
| Controllers/TestController.cs:49:41:49:48 | tainted8 : UserData | semmle.label | tainted8 : UserData |
| Controllers/TestController.cs:51:50:51:57 | access to parameter tainted8 : UserData | semmle.label | access to parameter tainted8 : UserData |
| Controllers/TestController.cs:54:41:54:48 | tainted9 : UserData | semmle.label | tainted9 : UserData |
| Controllers/TestController.cs:56:51:56:58 | access to parameter tainted9 : UserData | semmle.label | access to parameter tainted9 : UserData |
| Controllers/TestController.cs:61:42:61:50 | tainted10 : UserData | semmle.label | tainted10 : UserData |
| Controllers/TestController.cs:63:31:63:39 | access to parameter tainted10 : UserData | semmle.label | access to parameter tainted10 : UserData |
| Controllers/TestController.cs:66:42:66:50 | tainted11 : UserData | semmle.label | tainted11 : UserData |
| Controllers/TestController.cs:68:23:68:31 | access to parameter tainted11 : UserData | semmle.label | access to parameter tainted11 : UserData |
| Controllers/TestController.cs:71:43:71:43 | x : UserData | semmle.label | x : UserData |
| Controllers/TestController.cs:71:70:71:70 | access to parameter x : UserData | semmle.label | access to parameter x : UserData |
| Views/Other/Test5.cshtml:8:16:8:20 | access to property Model : UserData | semmle.label | access to property Model : UserData |
| Views/Other/Test5.cshtml:8:16:8:25 | access to property Name | semmle.label | access to property Name |
| Views/Other/Test6.cshtml:8:16:8:20 | access to property Model : UserData | semmle.label | access to property Model : UserData |
@@ -83,14 +83,14 @@ nodes
| Views/Test/Test7.cshtml:8:16:8:25 | access to property Name | semmle.label | access to property Name |
subpaths
#select
| Views/Other/Test5.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:33:41:33:48 | tainted5 : UserData | Views/Other/Test5.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:33:41:33:48 | tainted5 : UserData | User-provided value |
| Views/Other/Test6.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:38:41:38:48 | tainted6 : UserData | Views/Other/Test6.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:38:41:38:48 | tainted6 : UserData | User-provided value |
| Views/Other/Test8.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:48:41:48:48 | tainted8 : UserData | Views/Other/Test8.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:48:41:48:48 | tainted8 : UserData | User-provided value |
| Views/Other/Test9.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:53:41:53:48 | tainted9 : UserData | Views/Other/Test9.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:53:41:53:48 | tainted9 : UserData | User-provided value |
| Views/Shared/Test2.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:18:41:18:48 | tainted2 : UserData | Views/Shared/Test2.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:18:41:18:48 | tainted2 : UserData | User-provided value |
| Views/Test2/Test10.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:60:42:60:50 | tainted10 : UserData | Views/Test2/Test10.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:60:42:60:50 | tainted10 : UserData | User-provided value |
| Views/Test2/Test11.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:65:42:65:50 | tainted11 : UserData | Views/Test2/Test11.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:65:42:65:50 | tainted11 : UserData | User-provided value |
| Views/Test/Test1.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:13:41:13:48 | tainted1 : UserData | Views/Test/Test1.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:13:41:13:48 | tainted1 : UserData | User-provided value |
| Views/Test/Test3.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:23:41:23:48 | tainted3 : UserData | Views/Test/Test3.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:23:41:23:48 | tainted3 : UserData | User-provided value |
| Views/Test/Test4.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:28:41:28:48 | tainted4 : UserData | Views/Test/Test4.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:28:41:28:48 | tainted4 : UserData | User-provided value |
| Views/Test/Test7.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:43:41:43:48 | tainted7 : UserData | Views/Test/Test7.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:43:41:43:48 | tainted7 : UserData | User-provided value |
| Views/Other/Test5.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:34:41:34:48 | tainted5 : UserData | Views/Other/Test5.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:34:41:34:48 | tainted5 : UserData | User-provided value |
| Views/Other/Test6.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:39:41:39:48 | tainted6 : UserData | Views/Other/Test6.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:39:41:39:48 | tainted6 : UserData | User-provided value |
| Views/Other/Test8.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:49:41:49:48 | tainted8 : UserData | Views/Other/Test8.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:49:41:49:48 | tainted8 : UserData | User-provided value |
| Views/Other/Test9.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:54:41:54:48 | tainted9 : UserData | Views/Other/Test9.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:54:41:54:48 | tainted9 : UserData | User-provided value |
| Views/Shared/Test2.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:19:41:19:48 | tainted2 : UserData | Views/Shared/Test2.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:19:41:19:48 | tainted2 : UserData | User-provided value |
| Views/Test2/Test10.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:61:42:61:50 | tainted10 : UserData | Views/Test2/Test10.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:61:42:61:50 | tainted10 : UserData | User-provided value |
| Views/Test2/Test11.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:66:42:66:50 | tainted11 : UserData | Views/Test2/Test11.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:66:42:66:50 | tainted11 : UserData | User-provided value |
| Views/Test/Test1.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:14:41:14:48 | tainted1 : UserData | Views/Test/Test1.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:14:41:14:48 | tainted1 : UserData | User-provided value |
| Views/Test/Test3.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:24:41:24:48 | tainted3 : UserData | Views/Test/Test3.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:24:41:24:48 | tainted3 : UserData | User-provided value |
| Views/Test/Test4.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:29:41:29:48 | tainted4 : UserData | Views/Test/Test4.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:29:41:29:48 | tainted4 : UserData | User-provided value |
| Views/Test/Test7.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:44:41:44:48 | tainted7 : UserData | Views/Test/Test7.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:44:41:44:48 | tainted7 : UserData | User-provided value |