hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 00:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

C#: Add XPathNavigator test for cs/xml/xpath-injection

Browse Source
This commit is contained in:
Tom Hvitved
2020-03-19 13:26:22 +01:00
parent 2821b01017
commit 7f0181ccff
1 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.cs
View File

@@ -1,4 +1,4 @@
// semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll ${testdir}/../../../resources/stubs/System.Data.cs /r:System.Private.Xml.dll /r:System.Xml.XPath.dll /r:System.Data.Common.dll
// semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll ${testdir}/../../../resources/stubs/System.Data.cs /r:System.Private.Xml.dll /r:System.Xml.XPath.dll /r:System.Data.Common.dll /r:System.Runtime.Extensions.dll
using System;
using System.Web;
@@ -19,7 +19,22 @@ public class XPathInjectionHandler : IHttpHandler
xmlNode.SelectNodes("//users/user[login/text()='" + userName + "' and password/text() = '" + password + "']/home_dir/text()");
// GOOD: Uses parameters to avoid including user input directly in XPath expression
XPathExpression.Compile("//users/user[login/text()=$username]/home_dir/text()");
var expr = XPathExpression.Compile("//users/user[login/text()=$username]/home_dir/text()");
var doc = new XPathDocument("");
var nav = doc.CreateNavigator();
// BAD
nav.Select("//users/user[login/text()='" + userName + "' and password/text() = '" + password + "']/home_dir/text()");
// BAD
nav.SelectSingleNode("//users/user[login/text()='" + userName + "' and password/text() = '" + password + "']/home_dir/text()");
// GOOD
nav.Select(expr);
// GOOD
nav.SelectSingleNode(expr);
}
public bool IsReusable