mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
C#: Update security related tests and expected output to pretty print MaD.
This commit is contained in:
Michael Nebel
@@ -1,13 +1,19 @@
|
||||
#select
|
||||
| HashWithoutSalt.cs:20:49:20:56 | access to local variable passBuff | HashWithoutSalt.cs:18:70:18:77 | access to parameter password : String | HashWithoutSalt.cs:20:49:20:56 | access to local variable passBuff | $@ is hashed without a salt. | HashWithoutSalt.cs:18:70:18:77 | access to parameter password | The password |
|
||||
| HashWithoutSalt.cs:39:51:39:59 | access to local variable passBytes | HashWithoutSalt.cs:38:64:38:71 | access to parameter password : String | HashWithoutSalt.cs:39:51:39:59 | access to local variable passBytes | $@ is hashed without a salt. | HashWithoutSalt.cs:38:64:38:71 | access to parameter password | The password |
|
||||
| HashWithoutSalt.cs:71:48:71:56 | access to local variable passBytes | HashWithoutSalt.cs:70:64:70:71 | access to parameter password : String | HashWithoutSalt.cs:71:48:71:56 | access to local variable passBytes | $@ is hashed without a salt. | HashWithoutSalt.cs:70:64:70:71 | access to parameter password | The password |
|
||||
edges
|
||||
| HashWithoutSalt.cs:18:17:18:24 | access to local variable passBuff : IBuffer | HashWithoutSalt.cs:20:49:20:56 | access to local variable passBuff | provenance | |
|
||||
| HashWithoutSalt.cs:18:28:18:105 | call to method ConvertStringToBinary : IBuffer | HashWithoutSalt.cs:18:17:18:24 | access to local variable passBuff : IBuffer | provenance | |
|
||||
| HashWithoutSalt.cs:18:70:18:77 | access to parameter password : String | HashWithoutSalt.cs:18:28:18:105 | call to method ConvertStringToBinary : IBuffer | provenance | Config |
|
||||
| HashWithoutSalt.cs:38:16:38:24 | access to local variable passBytes : Byte[] | HashWithoutSalt.cs:39:51:39:59 | access to local variable passBytes | provenance | |
|
||||
| HashWithoutSalt.cs:38:28:38:72 | call to method GetBytes : Byte[] | HashWithoutSalt.cs:38:16:38:24 | access to local variable passBytes : Byte[] | provenance | |
|
||||
| HashWithoutSalt.cs:38:64:38:71 | access to parameter password : String | HashWithoutSalt.cs:38:28:38:72 | call to method GetBytes : Byte[] | provenance | MaD:1878 |
|
||||
| HashWithoutSalt.cs:38:64:38:71 | access to parameter password : String | HashWithoutSalt.cs:38:28:38:72 | call to method GetBytes : Byte[] | provenance | MaD:1 |
|
||||
| HashWithoutSalt.cs:70:16:70:24 | access to local variable passBytes : Byte[] | HashWithoutSalt.cs:71:48:71:56 | access to local variable passBytes | provenance | |
|
||||
| HashWithoutSalt.cs:70:28:70:72 | call to method GetBytes : Byte[] | HashWithoutSalt.cs:70:16:70:24 | access to local variable passBytes : Byte[] | provenance | |
|
||||
| HashWithoutSalt.cs:70:64:70:71 | access to parameter password : String | HashWithoutSalt.cs:70:28:70:72 | call to method GetBytes : Byte[] | provenance | MaD:1878 |
|
||||
| HashWithoutSalt.cs:70:64:70:71 | access to parameter password : String | HashWithoutSalt.cs:70:28:70:72 | call to method GetBytes : Byte[] | provenance | MaD:1 |
|
||||
models
|
||||
| 1 | Summary: System.Text; Encoding; true; GetBytes; (System.String); ; Argument[0]; ReturnValue; taint; manual |
|
||||
nodes
|
||||
| HashWithoutSalt.cs:18:17:18:24 | access to local variable passBuff : IBuffer | semmle.label | access to local variable passBuff : IBuffer |
|
||||
| HashWithoutSalt.cs:18:28:18:105 | call to method ConvertStringToBinary : IBuffer | semmle.label | call to method ConvertStringToBinary : IBuffer |
|
||||
@@ -22,7 +28,3 @@ nodes
|
||||
| HashWithoutSalt.cs:70:64:70:71 | access to parameter password : String | semmle.label | access to parameter password : String |
|
||||
| HashWithoutSalt.cs:71:48:71:56 | access to local variable passBytes | semmle.label | access to local variable passBytes |
|
||||
subpaths
|
||||
#select
|
||||
| HashWithoutSalt.cs:20:49:20:56 | access to local variable passBuff | HashWithoutSalt.cs:18:70:18:77 | access to parameter password : String | HashWithoutSalt.cs:20:49:20:56 | access to local variable passBuff | $@ is hashed without a salt. | HashWithoutSalt.cs:18:70:18:77 | access to parameter password | The password |
|
||||
| HashWithoutSalt.cs:39:51:39:59 | access to local variable passBytes | HashWithoutSalt.cs:38:64:38:71 | access to parameter password : String | HashWithoutSalt.cs:39:51:39:59 | access to local variable passBytes | $@ is hashed without a salt. | HashWithoutSalt.cs:38:64:38:71 | access to parameter password | The password |
|
||||
| HashWithoutSalt.cs:71:48:71:56 | access to local variable passBytes | HashWithoutSalt.cs:70:64:70:71 | access to parameter password : String | HashWithoutSalt.cs:71:48:71:56 | access to local variable passBytes | $@ is hashed without a salt. | HashWithoutSalt.cs:70:64:70:71 | access to parameter password | The password |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
experimental/Security Features/CWE-759/HashWithoutSalt.ql
|
||||
query: experimental/Security Features/CWE-759/HashWithoutSalt.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,8 +1,14 @@
|
||||
#select
|
||||
| UntrustedData.cs:9:20:9:30 | access to property Request | UntrustedData.cs:9:20:9:30 | access to property Request | UntrustedData.cs:9:20:9:30 | access to property Request | Call to System.Web.HttpRequest.get_QueryString with untrusted data from $@. | UntrustedData.cs:9:20:9:30 | access to property Request | access to property Request |
|
||||
| UntrustedData.cs:13:28:13:31 | access to local variable name | UntrustedData.cs:9:20:9:42 | access to property QueryString : NameValueCollection | UntrustedData.cs:13:28:13:31 | access to local variable name | Call to System.Web.HttpResponse.Write with untrusted data from $@. | UntrustedData.cs:9:20:9:42 | access to property QueryString : NameValueCollection | access to property QueryString : NameValueCollection |
|
||||
edges
|
||||
| UntrustedData.cs:9:13:9:16 | access to local variable name : String | UntrustedData.cs:13:28:13:31 | access to local variable name | provenance | Sink:MaD:2159 |
|
||||
| UntrustedData.cs:9:13:9:16 | access to local variable name : String | UntrustedData.cs:13:28:13:31 | access to local variable name | provenance | Sink:MaD:1 |
|
||||
| UntrustedData.cs:9:20:9:42 | access to property QueryString : NameValueCollection | UntrustedData.cs:9:13:9:16 | access to local variable name : String | provenance | |
|
||||
| UntrustedData.cs:9:20:9:42 | access to property QueryString : NameValueCollection | UntrustedData.cs:9:20:9:50 | access to indexer : String | provenance | MaD:11546 |
|
||||
| UntrustedData.cs:9:20:9:42 | access to property QueryString : NameValueCollection | UntrustedData.cs:9:20:9:50 | access to indexer : String | provenance | MaD:2 |
|
||||
| UntrustedData.cs:9:20:9:50 | access to indexer : String | UntrustedData.cs:9:13:9:16 | access to local variable name : String | provenance | |
|
||||
models
|
||||
| 1 | Sink: System.Web; HttpResponse; false; Write; ; ; Argument[0]; html-injection; manual |
|
||||
| 2 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
|
||||
nodes
|
||||
| UntrustedData.cs:9:13:9:16 | access to local variable name : String | semmle.label | access to local variable name : String |
|
||||
| UntrustedData.cs:9:20:9:30 | access to property Request | semmle.label | access to property Request |
|
||||
@@ -10,6 +16,3 @@ nodes
|
||||
| UntrustedData.cs:9:20:9:50 | access to indexer : String | semmle.label | access to indexer : String |
|
||||
| UntrustedData.cs:13:28:13:31 | access to local variable name | semmle.label | access to local variable name |
|
||||
subpaths
|
||||
#select
|
||||
| UntrustedData.cs:9:20:9:30 | access to property Request | UntrustedData.cs:9:20:9:30 | access to property Request | UntrustedData.cs:9:20:9:30 | access to property Request | Call to System.Web.HttpRequest.get_QueryString with untrusted data from $@. | UntrustedData.cs:9:20:9:30 | access to property Request | access to property Request |
|
||||
| UntrustedData.cs:13:28:13:31 | access to local variable name | UntrustedData.cs:9:20:9:42 | access to property QueryString : NameValueCollection | UntrustedData.cs:13:28:13:31 | access to local variable name | Call to System.Web.HttpResponse.Write with untrusted data from $@. | UntrustedData.cs:9:20:9:42 | access to property QueryString : NameValueCollection | access to property QueryString : NameValueCollection |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-020/UntrustedDataToExternalAPI.ql
|
||||
query: Security Features/CWE-020/UntrustedDataToExternalAPI.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,3 +1,11 @@
|
||||
#select
|
||||
| TaintedPath.cs:12:50:12:53 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:12:50:12:53 | access to local variable path | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
|
||||
| TaintedPath.cs:17:51:17:54 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:17:51:17:54 | access to local variable path | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
|
||||
| TaintedPath.cs:25:30:25:33 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:25:30:25:33 | access to local variable path | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
|
||||
| TaintedPath.cs:31:30:31:33 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:31:30:31:33 | access to local variable path | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
|
||||
| TaintedPath.cs:36:25:36:31 | access to local variable badPath | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:36:25:36:31 | access to local variable badPath | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
|
||||
| TaintedPath.cs:38:49:38:55 | access to local variable badPath | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:38:49:38:55 | access to local variable badPath | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
|
||||
| TaintedPath.cs:51:26:51:29 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:51:26:51:29 | access to local variable path | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
|
||||
edges
|
||||
| TaintedPath.cs:10:16:10:19 | access to local variable path : String | TaintedPath.cs:12:50:12:53 | access to local variable path | provenance | |
|
||||
| TaintedPath.cs:10:16:10:19 | access to local variable path : String | TaintedPath.cs:17:51:17:54 | access to local variable path | provenance | |
|
||||
@@ -6,10 +14,12 @@ edges
|
||||
| TaintedPath.cs:10:16:10:19 | access to local variable path : String | TaintedPath.cs:35:16:35:22 | access to local variable badPath : String | provenance | |
|
||||
| TaintedPath.cs:10:16:10:19 | access to local variable path : String | TaintedPath.cs:51:26:51:29 | access to local variable path | provenance | |
|
||||
| TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:10:16:10:19 | access to local variable path : String | provenance | |
|
||||
| TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:10:23:10:53 | access to indexer : String | provenance | MaD:11546 |
|
||||
| TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:10:23:10:53 | access to indexer : String | provenance | MaD:1 |
|
||||
| TaintedPath.cs:10:23:10:53 | access to indexer : String | TaintedPath.cs:10:16:10:19 | access to local variable path : String | provenance | |
|
||||
| TaintedPath.cs:35:16:35:22 | access to local variable badPath : String | TaintedPath.cs:36:25:36:31 | access to local variable badPath | provenance | |
|
||||
| TaintedPath.cs:35:16:35:22 | access to local variable badPath : String | TaintedPath.cs:38:49:38:55 | access to local variable badPath | provenance | |
|
||||
models
|
||||
| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
|
||||
nodes
|
||||
| TaintedPath.cs:10:16:10:19 | access to local variable path : String | semmle.label | access to local variable path : String |
|
||||
| TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
|
||||
@@ -23,11 +33,3 @@ nodes
|
||||
| TaintedPath.cs:38:49:38:55 | access to local variable badPath | semmle.label | access to local variable badPath |
|
||||
| TaintedPath.cs:51:26:51:29 | access to local variable path | semmle.label | access to local variable path |
|
||||
subpaths
|
||||
#select
|
||||
| TaintedPath.cs:12:50:12:53 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:12:50:12:53 | access to local variable path | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
|
||||
| TaintedPath.cs:17:51:17:54 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:17:51:17:54 | access to local variable path | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
|
||||
| TaintedPath.cs:25:30:25:33 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:25:30:25:33 | access to local variable path | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
|
||||
| TaintedPath.cs:31:30:31:33 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:31:30:31:33 | access to local variable path | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
|
||||
| TaintedPath.cs:36:25:36:31 | access to local variable badPath | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:36:25:36:31 | access to local variable badPath | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
|
||||
| TaintedPath.cs:38:49:38:55 | access to local variable badPath | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:38:49:38:55 | access to local variable badPath | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
|
||||
| TaintedPath.cs:51:26:51:29 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:51:26:51:29 | access to local variable path | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
|
||||
|
||||
@@ -1 +1,3 @@
|
||||
Security Features/CWE-022/TaintedPath.ql
|
||||
query: Security Features/CWE-022/TaintedPath.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
|
||||
@@ -1,30 +1,43 @@
|
||||
#select
|
||||
| ZipSlip.cs:15:52:15:65 | access to property FullName | ZipSlip.cs:15:52:15:65 | access to property FullName : String | ZipSlip.cs:31:41:31:52 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:31:41:31:52 | access to local variable destFilePath | file system operation |
|
||||
| ZipSlip.cs:15:52:15:65 | access to property FullName | ZipSlip.cs:15:52:15:65 | access to property FullName : String | ZipSlip.cs:35:45:35:56 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:35:45:35:56 | access to local variable destFilePath | file system operation |
|
||||
| ZipSlip.cs:15:52:15:65 | access to property FullName | ZipSlip.cs:15:52:15:65 | access to property FullName : String | ZipSlip.cs:39:41:39:52 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:39:41:39:52 | access to local variable destFilePath | file system operation |
|
||||
| ZipSlip.cs:18:31:18:44 | access to property FullName | ZipSlip.cs:18:31:18:44 | access to property FullName : String | ZipSlip.cs:23:41:23:52 | access to local variable destFileName | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:23:41:23:52 | access to local variable destFileName | file system operation |
|
||||
| ZipSlip.cs:61:72:61:85 | access to property FullName | ZipSlip.cs:61:72:61:85 | access to property FullName : String | ZipSlip.cs:68:74:68:85 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:68:74:68:85 | access to local variable destFilePath | file system operation |
|
||||
| ZipSlip.cs:61:72:61:85 | access to property FullName | ZipSlip.cs:61:72:61:85 | access to property FullName : String | ZipSlip.cs:75:71:75:82 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:75:71:75:82 | access to local variable destFilePath | file system operation |
|
||||
| ZipSlip.cs:61:72:61:85 | access to property FullName | ZipSlip.cs:61:72:61:85 | access to property FullName : String | ZipSlip.cs:82:57:82:68 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:82:57:82:68 | access to local variable destFilePath | file system operation |
|
||||
| ZipSlip.cs:61:72:61:85 | access to property FullName | ZipSlip.cs:61:72:61:85 | access to property FullName : String | ZipSlip.cs:90:58:90:69 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:90:58:90:69 | access to local variable destFilePath | file system operation |
|
||||
| ZipSlipBad.cs:9:59:9:72 | access to property FullName | ZipSlipBad.cs:9:59:9:72 | access to property FullName : String | ZipSlipBad.cs:10:29:10:40 | access to local variable destFileName | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlipBad.cs:10:29:10:40 | access to local variable destFileName | file system operation |
|
||||
edges
|
||||
| ZipSlip.cs:15:24:15:31 | access to local variable fullPath : String | ZipSlip.cs:30:71:30:78 | access to local variable fullPath : String | provenance | |
|
||||
| ZipSlip.cs:15:24:15:31 | access to local variable fullPath : String | ZipSlip.cs:38:81:38:88 | access to local variable fullPath : String | provenance | |
|
||||
| ZipSlip.cs:15:35:15:66 | call to method GetFullPath : String | ZipSlip.cs:15:24:15:31 | access to local variable fullPath : String | provenance | |
|
||||
| ZipSlip.cs:15:52:15:65 | access to property FullName : String | ZipSlip.cs:15:35:15:66 | call to method GetFullPath : String | provenance | MaD:1124 |
|
||||
| ZipSlip.cs:15:52:15:65 | access to property FullName : String | ZipSlip.cs:15:35:15:66 | call to method GetFullPath : String | provenance | MaD:2 |
|
||||
| ZipSlip.cs:18:24:18:27 | access to local variable file : String | ZipSlip.cs:22:71:22:74 | access to local variable file : String | provenance | |
|
||||
| ZipSlip.cs:18:31:18:44 | access to property FullName : String | ZipSlip.cs:18:24:18:27 | access to local variable file : String | provenance | |
|
||||
| ZipSlip.cs:22:28:22:39 | access to local variable destFileName : String | ZipSlip.cs:23:41:23:52 | access to local variable destFileName | provenance | |
|
||||
| ZipSlip.cs:22:43:22:75 | call to method Combine : String | ZipSlip.cs:22:28:22:39 | access to local variable destFileName : String | provenance | |
|
||||
| ZipSlip.cs:22:71:22:74 | access to local variable file : String | ZipSlip.cs:22:43:22:75 | call to method Combine : String | provenance | MaD:1107 |
|
||||
| ZipSlip.cs:22:71:22:74 | access to local variable file : String | ZipSlip.cs:22:43:22:75 | call to method Combine : String | provenance | MaD:1 |
|
||||
| ZipSlip.cs:30:28:30:39 | access to local variable destFilePath : String | ZipSlip.cs:31:41:31:52 | access to local variable destFilePath | provenance | |
|
||||
| ZipSlip.cs:30:28:30:39 | access to local variable destFilePath : String | ZipSlip.cs:35:45:35:56 | access to local variable destFilePath | provenance | |
|
||||
| ZipSlip.cs:30:43:30:79 | call to method Combine : String | ZipSlip.cs:30:28:30:39 | access to local variable destFilePath : String | provenance | |
|
||||
| ZipSlip.cs:30:71:30:78 | access to local variable fullPath : String | ZipSlip.cs:30:43:30:79 | call to method Combine : String | provenance | MaD:1107 |
|
||||
| ZipSlip.cs:30:71:30:78 | access to local variable fullPath : String | ZipSlip.cs:30:43:30:79 | call to method Combine : String | provenance | MaD:1 |
|
||||
| ZipSlip.cs:38:21:38:32 | access to local variable destFilePath : String | ZipSlip.cs:39:41:39:52 | access to local variable destFilePath | provenance | |
|
||||
| ZipSlip.cs:38:36:38:90 | call to method GetFullPath : String | ZipSlip.cs:38:21:38:32 | access to local variable destFilePath : String | provenance | |
|
||||
| ZipSlip.cs:38:53:38:89 | call to method Combine : String | ZipSlip.cs:38:36:38:90 | call to method GetFullPath : String | provenance | MaD:1124 |
|
||||
| ZipSlip.cs:38:81:38:88 | access to local variable fullPath : String | ZipSlip.cs:38:53:38:89 | call to method Combine : String | provenance | MaD:1107 |
|
||||
| ZipSlip.cs:38:53:38:89 | call to method Combine : String | ZipSlip.cs:38:36:38:90 | call to method GetFullPath : String | provenance | MaD:2 |
|
||||
| ZipSlip.cs:38:81:38:88 | access to local variable fullPath : String | ZipSlip.cs:38:53:38:89 | call to method Combine : String | provenance | MaD:1 |
|
||||
| ZipSlip.cs:61:32:61:43 | access to local variable destFilePath : String | ZipSlip.cs:68:74:68:85 | access to local variable destFilePath | provenance | |
|
||||
| ZipSlip.cs:61:32:61:43 | access to local variable destFilePath : String | ZipSlip.cs:75:71:75:82 | access to local variable destFilePath | provenance | |
|
||||
| ZipSlip.cs:61:32:61:43 | access to local variable destFilePath : String | ZipSlip.cs:82:57:82:68 | access to local variable destFilePath | provenance | |
|
||||
| ZipSlip.cs:61:32:61:43 | access to local variable destFilePath : String | ZipSlip.cs:90:58:90:69 | access to local variable destFilePath | provenance | |
|
||||
| ZipSlip.cs:61:47:61:86 | call to method Combine : String | ZipSlip.cs:61:32:61:43 | access to local variable destFilePath : String | provenance | |
|
||||
| ZipSlip.cs:61:72:61:85 | access to property FullName : String | ZipSlip.cs:61:47:61:86 | call to method Combine : String | provenance | MaD:1107 |
|
||||
| ZipSlip.cs:61:72:61:85 | access to property FullName : String | ZipSlip.cs:61:47:61:86 | call to method Combine : String | provenance | MaD:1 |
|
||||
| ZipSlipBad.cs:9:16:9:27 | access to local variable destFileName : String | ZipSlipBad.cs:10:29:10:40 | access to local variable destFileName | provenance | |
|
||||
| ZipSlipBad.cs:9:31:9:73 | call to method Combine : String | ZipSlipBad.cs:9:16:9:27 | access to local variable destFileName : String | provenance | |
|
||||
| ZipSlipBad.cs:9:59:9:72 | access to property FullName : String | ZipSlipBad.cs:9:31:9:73 | call to method Combine : String | provenance | MaD:1107 |
|
||||
| ZipSlipBad.cs:9:59:9:72 | access to property FullName : String | ZipSlipBad.cs:9:31:9:73 | call to method Combine : String | provenance | MaD:1 |
|
||||
models
|
||||
| 1 | Summary: System.IO; Path; false; Combine; (System.String,System.String); ; Argument[1]; ReturnValue; taint; manual |
|
||||
| 2 | Summary: System.IO; Path; false; GetFullPath; (System.String); ; Argument[0]; ReturnValue; taint; manual |
|
||||
nodes
|
||||
| ZipSlip.cs:15:24:15:31 | access to local variable fullPath : String | semmle.label | access to local variable fullPath : String |
|
||||
| ZipSlip.cs:15:35:15:66 | call to method GetFullPath : String | semmle.label | call to method GetFullPath : String |
|
||||
@@ -57,13 +70,3 @@ nodes
|
||||
| ZipSlipBad.cs:9:59:9:72 | access to property FullName : String | semmle.label | access to property FullName : String |
|
||||
| ZipSlipBad.cs:10:29:10:40 | access to local variable destFileName | semmle.label | access to local variable destFileName |
|
||||
subpaths
|
||||
#select
|
||||
| ZipSlip.cs:15:52:15:65 | access to property FullName | ZipSlip.cs:15:52:15:65 | access to property FullName : String | ZipSlip.cs:31:41:31:52 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:31:41:31:52 | access to local variable destFilePath | file system operation |
|
||||
| ZipSlip.cs:15:52:15:65 | access to property FullName | ZipSlip.cs:15:52:15:65 | access to property FullName : String | ZipSlip.cs:35:45:35:56 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:35:45:35:56 | access to local variable destFilePath | file system operation |
|
||||
| ZipSlip.cs:15:52:15:65 | access to property FullName | ZipSlip.cs:15:52:15:65 | access to property FullName : String | ZipSlip.cs:39:41:39:52 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:39:41:39:52 | access to local variable destFilePath | file system operation |
|
||||
| ZipSlip.cs:18:31:18:44 | access to property FullName | ZipSlip.cs:18:31:18:44 | access to property FullName : String | ZipSlip.cs:23:41:23:52 | access to local variable destFileName | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:23:41:23:52 | access to local variable destFileName | file system operation |
|
||||
| ZipSlip.cs:61:72:61:85 | access to property FullName | ZipSlip.cs:61:72:61:85 | access to property FullName : String | ZipSlip.cs:68:74:68:85 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:68:74:68:85 | access to local variable destFilePath | file system operation |
|
||||
| ZipSlip.cs:61:72:61:85 | access to property FullName | ZipSlip.cs:61:72:61:85 | access to property FullName : String | ZipSlip.cs:75:71:75:82 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:75:71:75:82 | access to local variable destFilePath | file system operation |
|
||||
| ZipSlip.cs:61:72:61:85 | access to property FullName | ZipSlip.cs:61:72:61:85 | access to property FullName : String | ZipSlip.cs:82:57:82:68 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:82:57:82:68 | access to local variable destFilePath | file system operation |
|
||||
| ZipSlip.cs:61:72:61:85 | access to property FullName | ZipSlip.cs:61:72:61:85 | access to property FullName : String | ZipSlip.cs:90:58:90:69 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:90:58:90:69 | access to local variable destFilePath | file system operation |
|
||||
| ZipSlipBad.cs:9:59:9:72 | access to property FullName | ZipSlipBad.cs:9:59:9:72 | access to property FullName : String | ZipSlipBad.cs:10:29:10:40 | access to local variable destFileName | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlipBad.cs:10:29:10:40 | access to local variable destFileName | file system operation |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-022/ZipSlip.ql
|
||||
query: Security Features/CWE-022/ZipSlip.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,3 +1,12 @@
|
||||
#select
|
||||
| CommandInjection.cs:28:27:28:47 | ... + ... | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:28:27:28:47 | ... + ... | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
|
||||
| CommandInjection.cs:28:50:28:66 | ... + ... | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:28:50:28:66 | ... + ... | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
|
||||
| CommandInjection.cs:30:63:30:71 | access to local variable userInput | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:30:63:30:71 | access to local variable userInput | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
|
||||
| CommandInjection.cs:30:74:30:82 | access to local variable userInput | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:30:74:30:82 | access to local variable userInput | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
|
||||
| CommandInjection.cs:34:39:34:47 | access to local variable userInput | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:34:39:34:47 | access to local variable userInput | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
|
||||
| CommandInjection.cs:35:40:35:48 | access to local variable userInput | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:35:40:35:48 | access to local variable userInput | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
|
||||
| CommandInjection.cs:36:47:36:55 | access to local variable userInput | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:36:47:36:55 | access to local variable userInput | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
|
||||
| CommandInjection.cs:51:46:51:80 | ... + ... | CommandInjection.cs:46:48:46:78 | call to method ExecuteReader : SqlDataReader | CommandInjection.cs:51:46:51:80 | ... + ... | This command line depends on a $@. | CommandInjection.cs:46:48:46:78 | call to method ExecuteReader | user-provided value |
|
||||
edges
|
||||
| CommandInjection.cs:27:20:27:28 | access to local variable userInput : String | CommandInjection.cs:28:27:28:47 | ... + ... | provenance | |
|
||||
| CommandInjection.cs:27:20:27:28 | access to local variable userInput : String | CommandInjection.cs:28:50:28:66 | ... + ... | provenance | |
|
||||
@@ -6,12 +15,15 @@ edges
|
||||
| CommandInjection.cs:27:20:27:28 | access to local variable userInput : String | CommandInjection.cs:34:39:34:47 | access to local variable userInput | provenance | |
|
||||
| CommandInjection.cs:27:20:27:28 | access to local variable userInput : String | CommandInjection.cs:35:40:35:48 | access to local variable userInput | provenance | |
|
||||
| CommandInjection.cs:27:20:27:28 | access to local variable userInput : String | CommandInjection.cs:36:47:36:55 | access to local variable userInput | provenance | |
|
||||
| CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:27:32:27:51 | access to property Text : String | provenance | MaD:2156 |
|
||||
| CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:27:32:27:51 | access to property Text : String | provenance | MaD:2 |
|
||||
| CommandInjection.cs:27:32:27:51 | access to property Text : String | CommandInjection.cs:27:20:27:28 | access to local variable userInput : String | provenance | |
|
||||
| CommandInjection.cs:46:31:46:44 | access to local variable customerReader : SqlDataReader | CommandInjection.cs:51:54:51:67 | access to local variable customerReader : SqlDataReader | provenance | |
|
||||
| CommandInjection.cs:46:48:46:78 | call to method ExecuteReader : SqlDataReader | CommandInjection.cs:46:31:46:44 | access to local variable customerReader : SqlDataReader | provenance | |
|
||||
| CommandInjection.cs:51:54:51:67 | access to local variable customerReader : SqlDataReader | CommandInjection.cs:51:54:51:80 | call to method GetString : String | provenance | MaD:1007 |
|
||||
| CommandInjection.cs:51:54:51:67 | access to local variable customerReader : SqlDataReader | CommandInjection.cs:51:54:51:80 | call to method GetString : String | provenance | MaD:1 |
|
||||
| CommandInjection.cs:51:54:51:80 | call to method GetString : String | CommandInjection.cs:51:46:51:80 | ... + ... | provenance | |
|
||||
models
|
||||
| 1 | Summary: System.Data; IDataRecord; true; GetString; (System.Int32); ; Argument[this]; ReturnValue; taint; manual |
|
||||
| 2 | Summary: System.Web.UI.WebControls; TextBox; false; get_Text; (); ; Argument[this]; ReturnValue; taint; manual |
|
||||
nodes
|
||||
| CommandInjection.cs:27:20:27:28 | access to local variable userInput : String | semmle.label | access to local variable userInput : String |
|
||||
| CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | semmle.label | access to field categoryTextBox : TextBox |
|
||||
@@ -29,12 +41,3 @@ nodes
|
||||
| CommandInjection.cs:51:54:51:67 | access to local variable customerReader : SqlDataReader | semmle.label | access to local variable customerReader : SqlDataReader |
|
||||
| CommandInjection.cs:51:54:51:80 | call to method GetString : String | semmle.label | call to method GetString : String |
|
||||
subpaths
|
||||
#select
|
||||
| CommandInjection.cs:28:27:28:47 | ... + ... | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:28:27:28:47 | ... + ... | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
|
||||
| CommandInjection.cs:28:50:28:66 | ... + ... | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:28:50:28:66 | ... + ... | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
|
||||
| CommandInjection.cs:30:63:30:71 | access to local variable userInput | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:30:63:30:71 | access to local variable userInput | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
|
||||
| CommandInjection.cs:30:74:30:82 | access to local variable userInput | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:30:74:30:82 | access to local variable userInput | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
|
||||
| CommandInjection.cs:34:39:34:47 | access to local variable userInput | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:34:39:34:47 | access to local variable userInput | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
|
||||
| CommandInjection.cs:35:40:35:48 | access to local variable userInput | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:35:40:35:48 | access to local variable userInput | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
|
||||
| CommandInjection.cs:36:47:36:55 | access to local variable userInput | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:36:47:36:55 | access to local variable userInput | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
|
||||
| CommandInjection.cs:51:46:51:80 | ... + ... | CommandInjection.cs:46:48:46:78 | call to method ExecuteReader : SqlDataReader | CommandInjection.cs:51:46:51:80 | ... + ... | This command line depends on a $@. | CommandInjection.cs:46:48:46:78 | call to method ExecuteReader | user-provided value |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-078/CommandInjection.ql
|
||||
query: Security Features/CWE-078/CommandInjection.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,8 +1,13 @@
|
||||
#select
|
||||
| StoredXSS.cs:22:44:22:86 | ... + ... | StoredXSS.cs:17:48:17:78 | call to method ExecuteReader : SqlDataReader | StoredXSS.cs:22:44:22:86 | ... + ... | $@ flows to here and is written to HTML or JavaScript. | StoredXSS.cs:17:48:17:78 | call to method ExecuteReader : SqlDataReader | User-provided value |
|
||||
edges
|
||||
| StoredXSS.cs:17:31:17:44 | access to local variable customerReader : SqlDataReader | StoredXSS.cs:22:60:22:73 | access to local variable customerReader : SqlDataReader | provenance | |
|
||||
| StoredXSS.cs:17:48:17:78 | call to method ExecuteReader : SqlDataReader | StoredXSS.cs:17:31:17:44 | access to local variable customerReader : SqlDataReader | provenance | |
|
||||
| StoredXSS.cs:22:60:22:73 | access to local variable customerReader : SqlDataReader | StoredXSS.cs:22:60:22:86 | call to method GetString : String | provenance | MaD:1007 |
|
||||
| StoredXSS.cs:22:60:22:86 | call to method GetString : String | StoredXSS.cs:22:44:22:86 | ... + ... | provenance | Sink:MaD:2159 |
|
||||
| StoredXSS.cs:22:60:22:73 | access to local variable customerReader : SqlDataReader | StoredXSS.cs:22:60:22:86 | call to method GetString : String | provenance | MaD:1 |
|
||||
| StoredXSS.cs:22:60:22:86 | call to method GetString : String | StoredXSS.cs:22:44:22:86 | ... + ... | provenance | Sink:MaD:2 |
|
||||
models
|
||||
| 1 | Summary: System.Data; IDataRecord; true; GetString; (System.Int32); ; Argument[this]; ReturnValue; taint; manual |
|
||||
| 2 | Sink: System.Web; HttpResponse; false; Write; ; ; Argument[0]; html-injection; manual |
|
||||
nodes
|
||||
| StoredXSS.cs:17:31:17:44 | access to local variable customerReader : SqlDataReader | semmle.label | access to local variable customerReader : SqlDataReader |
|
||||
| StoredXSS.cs:17:48:17:78 | call to method ExecuteReader : SqlDataReader | semmle.label | call to method ExecuteReader : SqlDataReader |
|
||||
@@ -10,5 +15,3 @@ nodes
|
||||
| StoredXSS.cs:22:60:22:73 | access to local variable customerReader : SqlDataReader | semmle.label | access to local variable customerReader : SqlDataReader |
|
||||
| StoredXSS.cs:22:60:22:86 | call to method GetString : String | semmle.label | call to method GetString : String |
|
||||
subpaths
|
||||
#select
|
||||
| StoredXSS.cs:22:44:22:86 | ... + ... | StoredXSS.cs:17:48:17:78 | call to method ExecuteReader : SqlDataReader | StoredXSS.cs:22:44:22:86 | ... + ... | $@ flows to here and is written to HTML or JavaScript. | StoredXSS.cs:17:48:17:78 | call to method ExecuteReader : SqlDataReader | User-provided value |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-079/XSS.ql
|
||||
query: Security Features/CWE-079/XSS.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,22 +1,38 @@
|
||||
#select
|
||||
| Index.cshtml:14:16:14:22 | call to operator implicit conversion | Index.cshtml:5:19:5:31 | access to property Query : IQueryCollection | Index.cshtml:14:16:14:22 | call to operator implicit conversion | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Index.cshtml:5:19:5:31 | access to property Query : IQueryCollection | User-provided value |
|
||||
| XSSAspNet.cs:26:30:26:34 | access to local variable sayHi | XSSAspNet.cs:19:25:19:43 | access to property QueryString : NameValueCollection | XSSAspNet.cs:26:30:26:34 | access to local variable sayHi | $@ flows to here and is written to HTML or JavaScript: System.Web.WebPages.WebPage.WriteLiteral() method. | XSSAspNet.cs:19:25:19:43 | access to property QueryString : NameValueCollection | User-provided value |
|
||||
| XSSAspNet.cs:36:40:36:44 | access to local variable sayHi | XSSAspNet.cs:19:25:19:43 | access to property QueryString : NameValueCollection | XSSAspNet.cs:36:40:36:44 | access to local variable sayHi | $@ flows to here and is written to HTML or JavaScript: System.Web.WebPages.WebPage.WriteLiteralTo() method. | XSSAspNet.cs:19:25:19:43 | access to property QueryString : NameValueCollection | User-provided value |
|
||||
| XSSAspNet.cs:43:28:43:55 | access to indexer | XSSAspNet.cs:43:28:43:46 | access to property QueryString : NameValueCollection | XSSAspNet.cs:43:28:43:55 | access to indexer | $@ flows to here and is written to HTML or JavaScript. | XSSAspNet.cs:43:28:43:46 | access to property QueryString : NameValueCollection | User-provided value |
|
||||
| XSSAspNetCore.cs:21:52:21:76 | call to operator implicit conversion | XSSAspNetCore.cs:21:52:21:64 | access to property Query : IQueryCollection | XSSAspNetCore.cs:21:52:21:76 | call to operator implicit conversion | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:21:52:21:64 | access to property Query : IQueryCollection | User-provided value |
|
||||
| XSSAspNetCore.cs:44:51:44:53 | access to parameter foo | XSSAspNetCore.cs:40:56:40:58 | foo : String | XSSAspNetCore.cs:44:51:44:53 | access to parameter foo | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:40:56:40:58 | foo : String | User-provided value |
|
||||
| XSSAspNetCore.cs:51:43:51:67 | access to property Value | XSSAspNetCore.cs:51:43:51:67 | access to property Value | XSSAspNetCore.cs:51:43:51:67 | access to property Value | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:51:43:51:67 | access to property Value | User-provided value |
|
||||
| XSSAspNetCore.cs:58:43:58:73 | call to method ToString | XSSAspNetCore.cs:58:43:58:55 | access to property Query : IQueryCollection | XSSAspNetCore.cs:58:43:58:73 | call to method ToString | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:58:43:58:55 | access to property Query : IQueryCollection | User-provided value |
|
||||
| XSSAspNetCore.cs:61:44:61:66 | access to indexer | XSSAspNetCore.cs:61:44:61:56 | access to property Query : IQueryCollection | XSSAspNetCore.cs:61:44:61:66 | access to indexer | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:61:44:61:56 | access to property Query : IQueryCollection | User-provided value |
|
||||
| XSSAspNetCore.cs:69:43:69:61 | access to property ContentType | XSSAspNetCore.cs:69:43:69:61 | access to property ContentType | XSSAspNetCore.cs:69:43:69:61 | access to property ContentType | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:69:43:69:61 | access to property ContentType | User-provided value |
|
||||
| XSSAspNetCore.cs:72:51:72:72 | call to operator implicit conversion | XSSAspNetCore.cs:72:51:72:65 | access to property Headers : IHeaderDictionary | XSSAspNetCore.cs:72:51:72:72 | call to operator implicit conversion | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:72:51:72:65 | access to property Headers : IHeaderDictionary | User-provided value |
|
||||
edges
|
||||
| Index.cshtml:5:9:5:15 | access to local variable message : StringValues | Index.cshtml:14:16:14:22 | call to operator implicit conversion | provenance | |
|
||||
| Index.cshtml:5:19:5:31 | access to property Query : IQueryCollection | Index.cshtml:5:9:5:15 | access to local variable message : StringValues | provenance | |
|
||||
| XSSAspNet.cs:19:17:19:21 | access to local variable sayHi : String | XSSAspNet.cs:26:30:26:34 | access to local variable sayHi | provenance | |
|
||||
| XSSAspNet.cs:19:17:19:21 | access to local variable sayHi : String | XSSAspNet.cs:36:40:36:44 | access to local variable sayHi | provenance | |
|
||||
| XSSAspNet.cs:19:25:19:43 | access to property QueryString : NameValueCollection | XSSAspNet.cs:19:17:19:21 | access to local variable sayHi : String | provenance | |
|
||||
| XSSAspNet.cs:19:25:19:43 | access to property QueryString : NameValueCollection | XSSAspNet.cs:19:25:19:52 | access to indexer : String | provenance | MaD:11546 |
|
||||
| XSSAspNet.cs:19:25:19:43 | access to property QueryString : NameValueCollection | XSSAspNet.cs:19:25:19:52 | access to indexer : String | provenance | MaD:3 |
|
||||
| XSSAspNet.cs:19:25:19:52 | access to indexer : String | XSSAspNet.cs:19:17:19:21 | access to local variable sayHi : String | provenance | |
|
||||
| XSSAspNet.cs:43:28:43:46 | access to property QueryString : NameValueCollection | XSSAspNet.cs:43:28:43:55 | access to indexer | provenance | |
|
||||
| XSSAspNet.cs:43:28:43:46 | access to property QueryString : NameValueCollection | XSSAspNet.cs:43:28:43:55 | access to indexer | provenance | MaD:11546 |
|
||||
| XSSAspNet.cs:43:28:43:46 | access to property QueryString : NameValueCollection | XSSAspNet.cs:43:28:43:55 | access to indexer | provenance | MaD:3 |
|
||||
| XSSAspNetCore.cs:21:52:21:64 | access to property Query : IQueryCollection | XSSAspNetCore.cs:21:52:21:76 | call to operator implicit conversion | provenance | |
|
||||
| XSSAspNetCore.cs:40:56:40:58 | foo : String | XSSAspNetCore.cs:44:51:44:53 | access to parameter foo | provenance | |
|
||||
| XSSAspNetCore.cs:58:43:58:55 | access to property Query : IQueryCollection | XSSAspNetCore.cs:58:43:58:62 | access to indexer : StringValues | provenance | |
|
||||
| XSSAspNetCore.cs:58:43:58:62 | access to indexer : StringValues | XSSAspNetCore.cs:58:43:58:73 | call to method ToString | provenance | MaD:214 |
|
||||
| XSSAspNetCore.cs:58:43:58:62 | access to indexer : StringValues | XSSAspNetCore.cs:58:43:58:73 | call to method ToString | provenance | MaD:1 |
|
||||
| XSSAspNetCore.cs:61:44:61:56 | access to property Query : IQueryCollection | XSSAspNetCore.cs:61:44:61:63 | access to indexer : StringValues | provenance | |
|
||||
| XSSAspNetCore.cs:61:44:61:56 | access to property Query : IQueryCollection | XSSAspNetCore.cs:61:44:61:66 | access to indexer | provenance | |
|
||||
| XSSAspNetCore.cs:61:44:61:63 | access to indexer : StringValues | XSSAspNetCore.cs:61:44:61:66 | access to indexer | provenance | |
|
||||
| XSSAspNetCore.cs:61:44:61:63 | access to indexer : StringValues | XSSAspNetCore.cs:61:44:61:66 | access to indexer | provenance | MaD:218 |
|
||||
| XSSAspNetCore.cs:61:44:61:63 | access to indexer : StringValues | XSSAspNetCore.cs:61:44:61:66 | access to indexer | provenance | MaD:2 |
|
||||
| XSSAspNetCore.cs:72:51:72:65 | access to property Headers : IHeaderDictionary | XSSAspNetCore.cs:72:51:72:72 | call to operator implicit conversion | provenance | |
|
||||
models
|
||||
| 1 | Summary: Microsoft.Extensions.Primitives; StringValues; false; ToString; (); ; Argument[this]; ReturnValue; taint; manual |
|
||||
| 2 | Summary: Microsoft.Extensions.Primitives; StringValues; false; get_Item; (System.Int32); ; Argument[this]; ReturnValue; taint; manual |
|
||||
| 3 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
|
||||
nodes
|
||||
| Index.cshtml:5:9:5:15 | access to local variable message : StringValues | semmle.label | access to local variable message : StringValues |
|
||||
| Index.cshtml:5:19:5:31 | access to property Query : IQueryCollection | semmle.label | access to property Query : IQueryCollection |
|
||||
@@ -43,15 +59,3 @@ nodes
|
||||
| XSSAspNetCore.cs:72:51:72:65 | access to property Headers : IHeaderDictionary | semmle.label | access to property Headers : IHeaderDictionary |
|
||||
| XSSAspNetCore.cs:72:51:72:72 | call to operator implicit conversion | semmle.label | call to operator implicit conversion |
|
||||
subpaths
|
||||
#select
|
||||
| Index.cshtml:14:16:14:22 | call to operator implicit conversion | Index.cshtml:5:19:5:31 | access to property Query : IQueryCollection | Index.cshtml:14:16:14:22 | call to operator implicit conversion | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Index.cshtml:5:19:5:31 | access to property Query : IQueryCollection | User-provided value |
|
||||
| XSSAspNet.cs:26:30:26:34 | access to local variable sayHi | XSSAspNet.cs:19:25:19:43 | access to property QueryString : NameValueCollection | XSSAspNet.cs:26:30:26:34 | access to local variable sayHi | $@ flows to here and is written to HTML or JavaScript: System.Web.WebPages.WebPage.WriteLiteral() method. | XSSAspNet.cs:19:25:19:43 | access to property QueryString : NameValueCollection | User-provided value |
|
||||
| XSSAspNet.cs:36:40:36:44 | access to local variable sayHi | XSSAspNet.cs:19:25:19:43 | access to property QueryString : NameValueCollection | XSSAspNet.cs:36:40:36:44 | access to local variable sayHi | $@ flows to here and is written to HTML or JavaScript: System.Web.WebPages.WebPage.WriteLiteralTo() method. | XSSAspNet.cs:19:25:19:43 | access to property QueryString : NameValueCollection | User-provided value |
|
||||
| XSSAspNet.cs:43:28:43:55 | access to indexer | XSSAspNet.cs:43:28:43:46 | access to property QueryString : NameValueCollection | XSSAspNet.cs:43:28:43:55 | access to indexer | $@ flows to here and is written to HTML or JavaScript. | XSSAspNet.cs:43:28:43:46 | access to property QueryString : NameValueCollection | User-provided value |
|
||||
| XSSAspNetCore.cs:21:52:21:76 | call to operator implicit conversion | XSSAspNetCore.cs:21:52:21:64 | access to property Query : IQueryCollection | XSSAspNetCore.cs:21:52:21:76 | call to operator implicit conversion | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:21:52:21:64 | access to property Query : IQueryCollection | User-provided value |
|
||||
| XSSAspNetCore.cs:44:51:44:53 | access to parameter foo | XSSAspNetCore.cs:40:56:40:58 | foo : String | XSSAspNetCore.cs:44:51:44:53 | access to parameter foo | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:40:56:40:58 | foo : String | User-provided value |
|
||||
| XSSAspNetCore.cs:51:43:51:67 | access to property Value | XSSAspNetCore.cs:51:43:51:67 | access to property Value | XSSAspNetCore.cs:51:43:51:67 | access to property Value | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:51:43:51:67 | access to property Value | User-provided value |
|
||||
| XSSAspNetCore.cs:58:43:58:73 | call to method ToString | XSSAspNetCore.cs:58:43:58:55 | access to property Query : IQueryCollection | XSSAspNetCore.cs:58:43:58:73 | call to method ToString | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:58:43:58:55 | access to property Query : IQueryCollection | User-provided value |
|
||||
| XSSAspNetCore.cs:61:44:61:66 | access to indexer | XSSAspNetCore.cs:61:44:61:56 | access to property Query : IQueryCollection | XSSAspNetCore.cs:61:44:61:66 | access to indexer | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:61:44:61:56 | access to property Query : IQueryCollection | User-provided value |
|
||||
| XSSAspNetCore.cs:69:43:69:61 | access to property ContentType | XSSAspNetCore.cs:69:43:69:61 | access to property ContentType | XSSAspNetCore.cs:69:43:69:61 | access to property ContentType | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:69:43:69:61 | access to property ContentType | User-provided value |
|
||||
| XSSAspNetCore.cs:72:51:72:72 | call to operator implicit conversion | XSSAspNetCore.cs:72:51:72:65 | access to property Headers : IHeaderDictionary | XSSAspNetCore.cs:72:51:72:72 | call to operator implicit conversion | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:72:51:72:65 | access to property Headers : IHeaderDictionary | User-provided value |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-079/XSS.ql
|
||||
query: Security Features/CWE-079/XSS.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,39 +1,62 @@
|
||||
#select
|
||||
| XSS.cs:26:32:26:51 | call to method ToString | XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | XSS.cs:26:32:26:51 | call to method ToString | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | User-provided value |
|
||||
| XSS.cs:27:29:27:48 | call to method ToString | XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | XSS.cs:27:29:27:48 | call to method ToString | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | User-provided value |
|
||||
| XSS.cs:28:26:28:45 | call to method ToString | XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | XSS.cs:28:26:28:45 | call to method ToString | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | User-provided value |
|
||||
| XSS.cs:38:36:38:39 | access to local variable name | XSS.cs:37:27:37:53 | access to property QueryString : NameValueCollection | XSS.cs:38:36:38:39 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:37:27:37:53 | access to property QueryString : NameValueCollection | User-provided value |
|
||||
| XSS.cs:59:22:59:25 | access to local variable name | XSS.cs:57:27:57:65 | access to property QueryString : NameValueCollection | XSS.cs:59:22:59:25 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:57:27:57:65 | access to property QueryString : NameValueCollection | User-provided value |
|
||||
| XSS.cs:76:36:76:39 | access to local variable name | XSS.cs:75:27:75:53 | access to property QueryString : NameValueCollection | XSS.cs:76:36:76:39 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:75:27:75:53 | access to property QueryString : NameValueCollection | User-provided value |
|
||||
| XSS.cs:79:36:79:40 | access to local variable name2 | XSS.cs:78:28:78:42 | access to property Request : HttpRequestBase | XSS.cs:79:36:79:40 | access to local variable name2 | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:78:28:78:42 | access to property Request : HttpRequestBase | User-provided value |
|
||||
| XSS.cs:86:28:86:31 | access to local variable name | XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | XSS.cs:86:28:86:31 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | User-provided value |
|
||||
| XSS.cs:87:31:87:34 | access to local variable name | XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | XSS.cs:87:31:87:34 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | User-provided value |
|
||||
| XSS.cs:95:31:95:34 | access to local variable name | XSS.cs:94:27:94:53 | access to property QueryString : NameValueCollection | XSS.cs:95:31:95:34 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:94:27:94:53 | access to property QueryString : NameValueCollection | User-provided value |
|
||||
| XSS.cs:135:20:135:33 | access to property RawUrl | XSS.cs:135:20:135:33 | access to property RawUrl | XSS.cs:135:20:135:33 | access to property RawUrl | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:135:20:135:33 | access to property RawUrl | User-provided value |
|
||||
| script.aspx:12:1:12:14 | <%= ... %> | script.aspx:12:1:12:14 | <%= ... %> | script.aspx:12:1:12:14 | <%= ... %> | $@ flows to here and is a remote source accessed inline in an ASPX page. | script.aspx:12:1:12:14 | <%= ... %> | User-provided value |
|
||||
| script.aspx:16:1:16:34 | <%= ... %> | script.aspx:16:1:16:34 | <%= ... %> | script.aspx:16:1:16:34 | <%= ... %> | $@ flows to here and is a remote source accessed inline in an ASPX page. | script.aspx:16:1:16:34 | <%= ... %> | User-provided value |
|
||||
| script.aspx:20:1:20:41 | <%= ... %> | script.aspx:20:1:20:41 | <%= ... %> | script.aspx:20:1:20:41 | <%= ... %> | $@ flows to here and is a remote source accessed inline in an ASPX page. | script.aspx:20:1:20:41 | <%= ... %> | User-provided value |
|
||||
edges
|
||||
| XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder | XSS.cs:26:32:26:40 | access to local variable userInput : StringBuilder | provenance | |
|
||||
| XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder | XSS.cs:27:29:27:37 | access to local variable userInput : StringBuilder | provenance | |
|
||||
| XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder | XSS.cs:28:26:28:34 | access to local variable userInput : StringBuilder | provenance | |
|
||||
| XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | XSS.cs:25:48:25:67 | access to property Text : String | provenance | MaD:2156 |
|
||||
| XSS.cs:25:48:25:67 | access to property Text : String | XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder | provenance | MaD:1941 |
|
||||
| XSS.cs:26:32:26:40 | access to local variable userInput : StringBuilder | XSS.cs:26:32:26:51 | call to method ToString | provenance | MaD:1980 |
|
||||
| XSS.cs:27:29:27:37 | access to local variable userInput : StringBuilder | XSS.cs:27:29:27:48 | call to method ToString | provenance | MaD:1980 |
|
||||
| XSS.cs:28:26:28:34 | access to local variable userInput : StringBuilder | XSS.cs:28:26:28:45 | call to method ToString | provenance | MaD:1980 |
|
||||
| XSS.cs:37:20:37:23 | access to local variable name : String | XSS.cs:38:36:38:39 | access to local variable name | provenance | Sink:MaD:2159 |
|
||||
| XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | XSS.cs:25:48:25:67 | access to property Text : String | provenance | MaD:4 |
|
||||
| XSS.cs:25:48:25:67 | access to property Text : String | XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder | provenance | MaD:2 |
|
||||
| XSS.cs:26:32:26:40 | access to local variable userInput : StringBuilder | XSS.cs:26:32:26:51 | call to method ToString | provenance | MaD:3 |
|
||||
| XSS.cs:27:29:27:37 | access to local variable userInput : StringBuilder | XSS.cs:27:29:27:48 | call to method ToString | provenance | MaD:3 |
|
||||
| XSS.cs:28:26:28:34 | access to local variable userInput : StringBuilder | XSS.cs:28:26:28:45 | call to method ToString | provenance | MaD:3 |
|
||||
| XSS.cs:37:20:37:23 | access to local variable name : String | XSS.cs:38:36:38:39 | access to local variable name | provenance | Sink:MaD:5 |
|
||||
| XSS.cs:37:27:37:53 | access to property QueryString : NameValueCollection | XSS.cs:37:20:37:23 | access to local variable name : String | provenance | |
|
||||
| XSS.cs:37:27:37:53 | access to property QueryString : NameValueCollection | XSS.cs:37:27:37:61 | access to indexer : String | provenance | MaD:11546 |
|
||||
| XSS.cs:37:27:37:53 | access to property QueryString : NameValueCollection | XSS.cs:37:27:37:61 | access to indexer : String | provenance | MaD:6 |
|
||||
| XSS.cs:37:27:37:61 | access to indexer : String | XSS.cs:37:20:37:23 | access to local variable name : String | provenance | |
|
||||
| XSS.cs:57:20:57:23 | access to local variable name : String | XSS.cs:59:22:59:25 | access to local variable name | provenance | |
|
||||
| XSS.cs:57:27:57:65 | access to property QueryString : NameValueCollection | XSS.cs:57:20:57:23 | access to local variable name : String | provenance | |
|
||||
| XSS.cs:57:27:57:65 | access to property QueryString : NameValueCollection | XSS.cs:57:27:57:73 | access to indexer : String | provenance | MaD:11546 |
|
||||
| XSS.cs:57:27:57:65 | access to property QueryString : NameValueCollection | XSS.cs:57:27:57:73 | access to indexer : String | provenance | MaD:6 |
|
||||
| XSS.cs:57:27:57:73 | access to indexer : String | XSS.cs:57:20:57:23 | access to local variable name : String | provenance | |
|
||||
| XSS.cs:75:20:75:23 | access to local variable name : String | XSS.cs:76:36:76:39 | access to local variable name | provenance | |
|
||||
| XSS.cs:75:27:75:53 | access to property QueryString : NameValueCollection | XSS.cs:75:20:75:23 | access to local variable name : String | provenance | |
|
||||
| XSS.cs:75:27:75:53 | access to property QueryString : NameValueCollection | XSS.cs:75:27:75:61 | access to indexer : String | provenance | MaD:11546 |
|
||||
| XSS.cs:75:27:75:53 | access to property QueryString : NameValueCollection | XSS.cs:75:27:75:61 | access to indexer : String | provenance | MaD:6 |
|
||||
| XSS.cs:75:27:75:61 | access to indexer : String | XSS.cs:75:20:75:23 | access to local variable name : String | provenance | |
|
||||
| XSS.cs:78:20:78:24 | access to local variable name2 : String | XSS.cs:79:36:79:40 | access to local variable name2 | provenance | |
|
||||
| XSS.cs:78:28:78:42 | access to property Request : HttpRequestBase | XSS.cs:78:20:78:24 | access to local variable name2 : String | provenance | |
|
||||
| XSS.cs:85:20:85:23 | access to local variable name : String | XSS.cs:86:28:86:31 | access to local variable name | provenance | |
|
||||
| XSS.cs:85:20:85:23 | access to local variable name : String | XSS.cs:87:31:87:34 | access to local variable name | provenance | |
|
||||
| XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | XSS.cs:85:20:85:23 | access to local variable name : String | provenance | |
|
||||
| XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | XSS.cs:85:27:85:61 | access to indexer : String | provenance | MaD:11546 |
|
||||
| XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | XSS.cs:85:27:85:61 | access to indexer : String | provenance | MaD:6 |
|
||||
| XSS.cs:85:27:85:61 | access to indexer : String | XSS.cs:85:20:85:23 | access to local variable name : String | provenance | |
|
||||
| XSS.cs:94:20:94:23 | access to local variable name : String | XSS.cs:95:31:95:34 | access to local variable name | provenance | Sink:MaD:1811 |
|
||||
| XSS.cs:94:20:94:23 | access to local variable name : String | XSS.cs:95:31:95:34 | access to local variable name | provenance | Sink:MaD:23593 |
|
||||
| XSS.cs:94:20:94:23 | access to local variable name : String | XSS.cs:95:31:95:34 | access to local variable name | provenance | Sink:MaD:1 |
|
||||
| XSS.cs:94:20:94:23 | access to local variable name : String | XSS.cs:95:31:95:34 | access to local variable name | provenance | Sink:MaD:7 |
|
||||
| XSS.cs:94:27:94:53 | access to property QueryString : NameValueCollection | XSS.cs:94:20:94:23 | access to local variable name : String | provenance | |
|
||||
| XSS.cs:94:27:94:53 | access to property QueryString : NameValueCollection | XSS.cs:94:27:94:61 | access to indexer : String | provenance | MaD:11546 |
|
||||
| XSS.cs:94:27:94:53 | access to property QueryString : NameValueCollection | XSS.cs:94:27:94:61 | access to indexer : String | provenance | MaD:6 |
|
||||
| XSS.cs:94:27:94:61 | access to indexer : String | XSS.cs:94:20:94:23 | access to local variable name : String | provenance | |
|
||||
| script.aspx:12:1:12:14 | <%= ... %> | script.aspx:12:1:12:14 | <%= ... %> | provenance | |
|
||||
| script.aspx:16:1:16:34 | <%= ... %> | script.aspx:16:1:16:34 | <%= ... %> | provenance | |
|
||||
| script.aspx:20:1:20:41 | <%= ... %> | script.aspx:20:1:20:41 | <%= ... %> | provenance | |
|
||||
models
|
||||
| 1 | Sink: System.Net.Http; StringContent; false; StringContent; ; ; Argument[0]; js-injection; manual |
|
||||
| 2 | Summary: System.Text; StringBuilder; false; AppendFormat; (System.String,System.Object); ; Argument[1]; Argument[this]; taint; manual |
|
||||
| 3 | Summary: System.Text; StringBuilder; false; ToString; (); ; Argument[this]; ReturnValue; taint; manual |
|
||||
| 4 | Summary: System.Web.UI.WebControls; TextBox; false; get_Text; (); ; Argument[this]; ReturnValue; taint; manual |
|
||||
| 5 | Sink: System.Web; HttpResponse; false; Write; ; ; Argument[0]; html-injection; manual |
|
||||
| 6 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
|
||||
| 7 | Sink: System.Net.Http; StringContent; false; StringContent; (System.String); ; Argument[0]; js-injection; df-generated |
|
||||
nodes
|
||||
| XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder | semmle.label | [post] access to local variable userInput : StringBuilder |
|
||||
| XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | semmle.label | access to field categoryTextBox : TextBox |
|
||||
@@ -73,18 +96,3 @@ nodes
|
||||
| script.aspx:16:1:16:34 | <%= ... %> | semmle.label | <%= ... %> |
|
||||
| script.aspx:20:1:20:41 | <%= ... %> | semmle.label | <%= ... %> |
|
||||
subpaths
|
||||
#select
|
||||
| XSS.cs:26:32:26:51 | call to method ToString | XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | XSS.cs:26:32:26:51 | call to method ToString | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | User-provided value |
|
||||
| XSS.cs:27:29:27:48 | call to method ToString | XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | XSS.cs:27:29:27:48 | call to method ToString | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | User-provided value |
|
||||
| XSS.cs:28:26:28:45 | call to method ToString | XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | XSS.cs:28:26:28:45 | call to method ToString | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | User-provided value |
|
||||
| XSS.cs:38:36:38:39 | access to local variable name | XSS.cs:37:27:37:53 | access to property QueryString : NameValueCollection | XSS.cs:38:36:38:39 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:37:27:37:53 | access to property QueryString : NameValueCollection | User-provided value |
|
||||
| XSS.cs:59:22:59:25 | access to local variable name | XSS.cs:57:27:57:65 | access to property QueryString : NameValueCollection | XSS.cs:59:22:59:25 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:57:27:57:65 | access to property QueryString : NameValueCollection | User-provided value |
|
||||
| XSS.cs:76:36:76:39 | access to local variable name | XSS.cs:75:27:75:53 | access to property QueryString : NameValueCollection | XSS.cs:76:36:76:39 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:75:27:75:53 | access to property QueryString : NameValueCollection | User-provided value |
|
||||
| XSS.cs:79:36:79:40 | access to local variable name2 | XSS.cs:78:28:78:42 | access to property Request : HttpRequestBase | XSS.cs:79:36:79:40 | access to local variable name2 | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:78:28:78:42 | access to property Request : HttpRequestBase | User-provided value |
|
||||
| XSS.cs:86:28:86:31 | access to local variable name | XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | XSS.cs:86:28:86:31 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | User-provided value |
|
||||
| XSS.cs:87:31:87:34 | access to local variable name | XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | XSS.cs:87:31:87:34 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | User-provided value |
|
||||
| XSS.cs:95:31:95:34 | access to local variable name | XSS.cs:94:27:94:53 | access to property QueryString : NameValueCollection | XSS.cs:95:31:95:34 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:94:27:94:53 | access to property QueryString : NameValueCollection | User-provided value |
|
||||
| XSS.cs:135:20:135:33 | access to property RawUrl | XSS.cs:135:20:135:33 | access to property RawUrl | XSS.cs:135:20:135:33 | access to property RawUrl | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:135:20:135:33 | access to property RawUrl | User-provided value |
|
||||
| script.aspx:12:1:12:14 | <%= ... %> | script.aspx:12:1:12:14 | <%= ... %> | script.aspx:12:1:12:14 | <%= ... %> | $@ flows to here and is a remote source accessed inline in an ASPX page. | script.aspx:12:1:12:14 | <%= ... %> | User-provided value |
|
||||
| script.aspx:16:1:16:34 | <%= ... %> | script.aspx:16:1:16:34 | <%= ... %> | script.aspx:16:1:16:34 | <%= ... %> | $@ flows to here and is a remote source accessed inline in an ASPX page. | script.aspx:16:1:16:34 | <%= ... %> | User-provided value |
|
||||
| script.aspx:20:1:20:41 | <%= ... %> | script.aspx:20:1:20:41 | <%= ... %> | script.aspx:20:1:20:41 | <%= ... %> | $@ flows to here and is a remote source accessed inline in an ASPX page. | script.aspx:20:1:20:41 | <%= ... %> | User-provided value |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-079/XSS.ql
|
||||
query: Security Features/CWE-079/XSS.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,77 +1,131 @@
|
||||
#select
|
||||
| SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | SecondOrderSqlInjection.cs:20:48:20:78 | call to method ExecuteReader : SqlDataReader | SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | This query depends on $@. | SecondOrderSqlInjection.cs:20:48:20:78 | call to method ExecuteReader : SqlDataReader | this database input |
|
||||
| SecondOrderSqlInjection.cs:45:57:45:59 | access to local variable sql | SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | SecondOrderSqlInjection.cs:45:57:45:59 | access to local variable sql | This query depends on $@. | SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | this file stream |
|
||||
| SqlInjection.cs:34:50:34:55 | access to local variable query1 | SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | SqlInjection.cs:34:50:34:55 | access to local variable query1 | This query depends on $@. | SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | this ASP.NET user input |
|
||||
| SqlInjection.cs:69:56:69:61 | access to local variable query1 | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | SqlInjection.cs:69:56:69:61 | access to local variable query1 | This query depends on $@. | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | this ASP.NET user input |
|
||||
| SqlInjection.cs:70:55:70:60 | access to local variable query1 | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | SqlInjection.cs:70:55:70:60 | access to local variable query1 | This query depends on $@. | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | this ASP.NET user input |
|
||||
| SqlInjection.cs:83:50:83:55 | access to local variable query1 | SqlInjection.cs:82:21:82:29 | access to property Text : String | SqlInjection.cs:83:50:83:55 | access to local variable query1 | This query depends on $@. | SqlInjection.cs:82:21:82:29 | access to property Text : String | this TextBox text |
|
||||
| SqlInjection.cs:93:42:93:52 | access to local variable queryString | SqlInjection.cs:92:21:92:29 | access to property Text : String | SqlInjection.cs:93:42:93:52 | access to local variable queryString | This query depends on $@. | SqlInjection.cs:92:21:92:29 | access to property Text : String | this TextBox text |
|
||||
| SqlInjection.cs:94:50:94:52 | access to local variable cmd | SqlInjection.cs:92:21:92:29 | access to property Text : String | SqlInjection.cs:94:50:94:52 | access to local variable cmd | This query depends on $@. | SqlInjection.cs:92:21:92:29 | access to property Text : String | this TextBox text |
|
||||
| SqlInjection.cs:104:42:104:52 | access to local variable queryString | SqlInjection.cs:103:21:103:38 | call to method ReadLine : String | SqlInjection.cs:104:42:104:52 | access to local variable queryString | This query depends on $@. | SqlInjection.cs:103:21:103:38 | call to method ReadLine : String | this external |
|
||||
| SqlInjection.cs:105:50:105:52 | access to local variable cmd | SqlInjection.cs:103:21:103:38 | call to method ReadLine : String | SqlInjection.cs:105:50:105:52 | access to local variable cmd | This query depends on $@. | SqlInjection.cs:103:21:103:38 | call to method ReadLine : String | this external |
|
||||
| SqlInjectionDapper.cs:21:55:21:59 | access to local variable query | SqlInjectionDapper.cs:20:86:20:94 | access to property Text : String | SqlInjectionDapper.cs:21:55:21:59 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:20:86:20:94 | access to property Text : String | this TextBox text |
|
||||
| SqlInjectionDapper.cs:30:66:30:70 | access to local variable query | SqlInjectionDapper.cs:29:86:29:94 | access to property Text : String | SqlInjectionDapper.cs:30:66:30:70 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:29:86:29:94 | access to property Text : String | this TextBox text |
|
||||
| SqlInjectionDapper.cs:39:63:39:67 | access to local variable query | SqlInjectionDapper.cs:38:86:38:94 | access to property Text : String | SqlInjectionDapper.cs:39:63:39:67 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:38:86:38:94 | access to property Text : String | this TextBox text |
|
||||
| SqlInjectionDapper.cs:49:47:49:51 | access to local variable query | SqlInjectionDapper.cs:47:86:47:94 | access to property Text : String | SqlInjectionDapper.cs:49:47:49:51 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:47:86:47:94 | access to property Text : String | this TextBox text |
|
||||
| SqlInjectionDapper.cs:58:42:58:46 | access to local variable query | SqlInjectionDapper.cs:57:86:57:94 | access to property Text : String | SqlInjectionDapper.cs:58:42:58:46 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:57:86:57:94 | access to property Text : String | this TextBox text |
|
||||
| SqlInjectionDapper.cs:67:42:67:46 | access to local variable query | SqlInjectionDapper.cs:66:86:66:94 | access to property Text : String | SqlInjectionDapper.cs:67:42:67:46 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:66:86:66:94 | access to property Text : String | this TextBox text |
|
||||
| SqlInjectionDapper.cs:77:52:77:56 | access to local variable query | SqlInjectionDapper.cs:75:86:75:94 | access to property Text : String | SqlInjectionDapper.cs:77:52:77:56 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:75:86:75:94 | access to property Text : String | this TextBox text |
|
||||
| SqlInjectionSqlite.cs:19:51:19:68 | access to property Text | SqlInjectionSqlite.cs:19:51:19:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:19:51:19:68 | access to property Text | This query depends on $@. | SqlInjectionSqlite.cs:19:51:19:63 | access to field untrustedData : TextBox | this ASP.NET user input |
|
||||
| SqlInjectionSqlite.cs:24:41:24:58 | access to property Text | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:24:41:24:58 | access to property Text | This query depends on $@. | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | this ASP.NET user input |
|
||||
| SqlInjectionSqlite.cs:33:49:33:66 | access to property Text | SqlInjectionSqlite.cs:33:49:33:61 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:33:49:33:66 | access to property Text | This query depends on $@. | SqlInjectionSqlite.cs:33:49:33:61 | access to field untrustedData : TextBox | this ASP.NET user input |
|
||||
| SqlInjectionSqlite.cs:39:45:39:62 | access to property Text | SqlInjectionSqlite.cs:39:45:39:57 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:39:45:39:62 | access to property Text | This query depends on $@. | SqlInjectionSqlite.cs:39:45:39:57 | access to field untrustedData : TextBox | this ASP.NET user input |
|
||||
| SqlInjectionSqlite.cs:44:45:44:47 | access to local variable cmd | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:44:45:44:47 | access to local variable cmd | This query depends on $@. | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | this ASP.NET user input |
|
||||
| SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | This query depends on $@. | SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | this file stream |
|
||||
| SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | SqlInjectionSqlite.cs:49:51:49:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | This query depends on $@. | SqlInjectionSqlite.cs:49:51:49:63 | access to field untrustedData : TextBox | this ASP.NET user input |
|
||||
edges
|
||||
| SecondOrderSqlInjection.cs:20:31:20:44 | access to local variable customerReader : SqlDataReader | SecondOrderSqlInjection.cs:25:119:25:132 | access to local variable customerReader : SqlDataReader | provenance | |
|
||||
| SecondOrderSqlInjection.cs:20:48:20:78 | call to method ExecuteReader : SqlDataReader | SecondOrderSqlInjection.cs:20:31:20:44 | access to local variable customerReader : SqlDataReader | provenance | |
|
||||
| SecondOrderSqlInjection.cs:25:119:25:132 | access to local variable customerReader : SqlDataReader | SecondOrderSqlInjection.cs:25:119:25:145 | call to method GetString : String | provenance | MaD:1007 |
|
||||
| SecondOrderSqlInjection.cs:25:119:25:145 | call to method GetString : String | SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | provenance | Sink:MaD:948 |
|
||||
| SecondOrderSqlInjection.cs:25:119:25:132 | access to local variable customerReader : SqlDataReader | SecondOrderSqlInjection.cs:25:119:25:145 | call to method GetString : String | provenance | MaD:20 |
|
||||
| SecondOrderSqlInjection.cs:25:119:25:145 | call to method GetString : String | SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | provenance | Sink:MaD:16 |
|
||||
| SecondOrderSqlInjection.cs:33:31:33:32 | access to local variable fs : FileStream | SecondOrderSqlInjection.cs:35:59:35:60 | access to local variable fs : FileStream | provenance | |
|
||||
| SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | SecondOrderSqlInjection.cs:33:31:33:32 | access to local variable fs : FileStream | provenance | Src:MaD:1084 |
|
||||
| SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | SecondOrderSqlInjection.cs:33:31:33:32 | access to local variable fs : FileStream | provenance | Src:MaD:1085 |
|
||||
| SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | SecondOrderSqlInjection.cs:33:31:33:32 | access to local variable fs : FileStream | provenance | Src:MaD:21 |
|
||||
| SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | SecondOrderSqlInjection.cs:33:31:33:32 | access to local variable fs : FileStream | provenance | Src:MaD:22 |
|
||||
| SecondOrderSqlInjection.cs:35:37:35:38 | access to local variable sr : StreamReader | SecondOrderSqlInjection.cs:38:35:38:36 | access to local variable sr : StreamReader | provenance | |
|
||||
| SecondOrderSqlInjection.cs:35:42:35:76 | object creation of type StreamReader : StreamReader | SecondOrderSqlInjection.cs:35:37:35:38 | access to local variable sr : StreamReader | provenance | |
|
||||
| SecondOrderSqlInjection.cs:35:59:35:60 | access to local variable fs : FileStream | SecondOrderSqlInjection.cs:35:42:35:76 | object creation of type StreamReader : StreamReader | provenance | MaD:1151 |
|
||||
| SecondOrderSqlInjection.cs:35:59:35:60 | access to local variable fs : FileStream | SecondOrderSqlInjection.cs:35:42:35:76 | object creation of type StreamReader : StreamReader | provenance | MaD:24 |
|
||||
| SecondOrderSqlInjection.cs:38:29:38:31 | access to local variable sql : String | SecondOrderSqlInjection.cs:40:31:40:33 | access to local variable sql : String | provenance | |
|
||||
| SecondOrderSqlInjection.cs:38:35:38:36 | access to local variable sr : StreamReader | SecondOrderSqlInjection.cs:38:35:38:47 | call to method ReadLine : String | provenance | MaD:1172 |
|
||||
| SecondOrderSqlInjection.cs:38:35:38:36 | access to local variable sr : StreamReader | SecondOrderSqlInjection.cs:38:35:38:47 | call to method ReadLine : String | provenance | MaD:25 |
|
||||
| SecondOrderSqlInjection.cs:38:35:38:47 | call to method ReadLine : String | SecondOrderSqlInjection.cs:38:29:38:31 | access to local variable sql : String | provenance | |
|
||||
| SecondOrderSqlInjection.cs:40:25:40:27 | access to local variable sql : String | SecondOrderSqlInjection.cs:45:57:45:59 | access to local variable sql | provenance | Sink:MaD:938 |
|
||||
| SecondOrderSqlInjection.cs:40:31:40:33 | access to local variable sql : String | SecondOrderSqlInjection.cs:40:31:40:40 | call to method Trim : String | provenance | MaD:2766 |
|
||||
| SecondOrderSqlInjection.cs:40:25:40:27 | access to local variable sql : String | SecondOrderSqlInjection.cs:45:57:45:59 | access to local variable sql | provenance | Sink:MaD:10 |
|
||||
| SecondOrderSqlInjection.cs:40:31:40:33 | access to local variable sql : String | SecondOrderSqlInjection.cs:40:31:40:40 | call to method Trim : String | provenance | MaD:28 |
|
||||
| SecondOrderSqlInjection.cs:40:31:40:40 | call to method Trim : String | SecondOrderSqlInjection.cs:40:25:40:27 | access to local variable sql : String | provenance | |
|
||||
| SqlInjection.cs:32:21:32:26 | access to local variable query1 : String | SqlInjection.cs:34:50:34:55 | access to local variable query1 | provenance | Sink:MaD:951 |
|
||||
| SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | SqlInjection.cs:33:21:33:40 | access to property Text : String | provenance | MaD:2156 |
|
||||
| SqlInjection.cs:32:21:32:26 | access to local variable query1 : String | SqlInjection.cs:34:50:34:55 | access to local variable query1 | provenance | Sink:MaD:18 |
|
||||
| SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | SqlInjection.cs:33:21:33:40 | access to property Text : String | provenance | MaD:26 |
|
||||
| SqlInjection.cs:33:21:33:40 | access to property Text : String | SqlInjection.cs:32:21:32:26 | access to local variable query1 : String | provenance | |
|
||||
| SqlInjection.cs:67:25:67:30 | access to local variable query1 : String | SqlInjection.cs:69:56:69:61 | access to local variable query1 | provenance | Sink:MaD:917 |
|
||||
| SqlInjection.cs:67:25:67:30 | access to local variable query1 : String | SqlInjection.cs:70:55:70:60 | access to local variable query1 | provenance | Sink:MaD:923 |
|
||||
| SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | SqlInjection.cs:68:33:68:52 | access to property Text : String | provenance | MaD:2156 |
|
||||
| SqlInjection.cs:67:25:67:30 | access to local variable query1 : String | SqlInjection.cs:69:56:69:61 | access to local variable query1 | provenance | Sink:MaD:7 |
|
||||
| SqlInjection.cs:67:25:67:30 | access to local variable query1 : String | SqlInjection.cs:70:55:70:60 | access to local variable query1 | provenance | Sink:MaD:8 |
|
||||
| SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | SqlInjection.cs:68:33:68:52 | access to property Text : String | provenance | MaD:26 |
|
||||
| SqlInjection.cs:68:33:68:52 | access to property Text : String | SqlInjection.cs:67:25:67:30 | access to local variable query1 : String | provenance | |
|
||||
| SqlInjection.cs:81:21:81:26 | access to local variable query1 : String | SqlInjection.cs:83:50:83:55 | access to local variable query1 | provenance | Sink:MaD:951 |
|
||||
| SqlInjection.cs:81:21:81:26 | access to local variable query1 : String | SqlInjection.cs:83:50:83:55 | access to local variable query1 | provenance | Sink:MaD:18 |
|
||||
| SqlInjection.cs:82:21:82:29 | access to property Text : String | SqlInjection.cs:81:21:81:26 | access to local variable query1 : String | provenance | |
|
||||
| SqlInjection.cs:91:21:91:31 | access to local variable queryString : String | SqlInjection.cs:93:42:93:52 | access to local variable queryString | provenance | Sink:MaD:947 |
|
||||
| SqlInjection.cs:91:21:91:31 | access to local variable queryString : String | SqlInjection.cs:93:42:93:52 | access to local variable queryString | provenance | Sink:MaD:15 |
|
||||
| SqlInjection.cs:91:21:91:31 | access to local variable queryString : String | SqlInjection.cs:93:42:93:52 | access to local variable queryString : String | provenance | |
|
||||
| SqlInjection.cs:92:21:92:29 | access to property Text : String | SqlInjection.cs:91:21:91:31 | access to local variable queryString : String | provenance | |
|
||||
| SqlInjection.cs:93:21:93:23 | access to local variable cmd : SqlCommand | SqlInjection.cs:94:50:94:52 | access to local variable cmd | provenance | Sink:MaD:950 |
|
||||
| SqlInjection.cs:93:21:93:23 | access to local variable cmd : SqlCommand | SqlInjection.cs:94:50:94:52 | access to local variable cmd | provenance | Sink:MaD:17 |
|
||||
| SqlInjection.cs:93:27:93:53 | object creation of type SqlCommand : SqlCommand | SqlInjection.cs:93:21:93:23 | access to local variable cmd : SqlCommand | provenance | |
|
||||
| SqlInjection.cs:93:42:93:52 | access to local variable queryString : String | SqlInjection.cs:93:27:93:53 | object creation of type SqlCommand : SqlCommand | provenance | MaD:953 |
|
||||
| SqlInjection.cs:102:21:102:31 | access to local variable queryString : String | SqlInjection.cs:104:42:104:52 | access to local variable queryString | provenance | Sink:MaD:947 |
|
||||
| SqlInjection.cs:93:42:93:52 | access to local variable queryString : String | SqlInjection.cs:93:27:93:53 | object creation of type SqlCommand : SqlCommand | provenance | MaD:19 |
|
||||
| SqlInjection.cs:102:21:102:31 | access to local variable queryString : String | SqlInjection.cs:104:42:104:52 | access to local variable queryString | provenance | Sink:MaD:15 |
|
||||
| SqlInjection.cs:102:21:102:31 | access to local variable queryString : String | SqlInjection.cs:104:42:104:52 | access to local variable queryString : String | provenance | |
|
||||
| SqlInjection.cs:103:21:103:38 | call to method ReadLine : String | SqlInjection.cs:102:21:102:31 | access to local variable queryString : String | provenance | Src:MaD:2257 |
|
||||
| SqlInjection.cs:104:21:104:23 | access to local variable cmd : SqlCommand | SqlInjection.cs:105:50:105:52 | access to local variable cmd | provenance | Sink:MaD:950 |
|
||||
| SqlInjection.cs:103:21:103:38 | call to method ReadLine : String | SqlInjection.cs:102:21:102:31 | access to local variable queryString : String | provenance | Src:MaD:27 |
|
||||
| SqlInjection.cs:104:21:104:23 | access to local variable cmd : SqlCommand | SqlInjection.cs:105:50:105:52 | access to local variable cmd | provenance | Sink:MaD:17 |
|
||||
| SqlInjection.cs:104:27:104:53 | object creation of type SqlCommand : SqlCommand | SqlInjection.cs:104:21:104:23 | access to local variable cmd : SqlCommand | provenance | |
|
||||
| SqlInjection.cs:104:42:104:52 | access to local variable queryString : String | SqlInjection.cs:104:27:104:53 | object creation of type SqlCommand : SqlCommand | provenance | MaD:953 |
|
||||
| SqlInjectionDapper.cs:20:21:20:25 | access to local variable query : String | SqlInjectionDapper.cs:21:55:21:59 | access to local variable query | provenance | Sink:MaD:27 |
|
||||
| SqlInjection.cs:104:42:104:52 | access to local variable queryString : String | SqlInjection.cs:104:27:104:53 | object creation of type SqlCommand : SqlCommand | provenance | MaD:19 |
|
||||
| SqlInjectionDapper.cs:20:21:20:25 | access to local variable query : String | SqlInjectionDapper.cs:21:55:21:59 | access to local variable query | provenance | Sink:MaD:4 |
|
||||
| SqlInjectionDapper.cs:20:86:20:94 | access to property Text : String | SqlInjectionDapper.cs:20:21:20:25 | access to local variable query : String | provenance | |
|
||||
| SqlInjectionDapper.cs:29:21:29:25 | access to local variable query : String | SqlInjectionDapper.cs:30:66:30:70 | access to local variable query | provenance | Sink:MaD:37 |
|
||||
| SqlInjectionDapper.cs:29:21:29:25 | access to local variable query : String | SqlInjectionDapper.cs:30:66:30:70 | access to local variable query | provenance | Sink:MaD:5 |
|
||||
| SqlInjectionDapper.cs:29:86:29:94 | access to property Text : String | SqlInjectionDapper.cs:29:21:29:25 | access to local variable query : String | provenance | |
|
||||
| SqlInjectionDapper.cs:38:21:38:25 | access to local variable query : String | SqlInjectionDapper.cs:39:63:39:67 | access to local variable query | provenance | Sink:MaD:48 |
|
||||
| SqlInjectionDapper.cs:38:21:38:25 | access to local variable query : String | SqlInjectionDapper.cs:39:63:39:67 | access to local variable query | provenance | Sink:MaD:6 |
|
||||
| SqlInjectionDapper.cs:38:86:38:94 | access to property Text : String | SqlInjectionDapper.cs:38:21:38:25 | access to local variable query : String | provenance | |
|
||||
| SqlInjectionDapper.cs:47:21:47:25 | access to local variable query : String | SqlInjectionDapper.cs:49:47:49:51 | access to local variable query | provenance | Sink:MaD:17 |
|
||||
| SqlInjectionDapper.cs:47:21:47:25 | access to local variable query : String | SqlInjectionDapper.cs:49:47:49:51 | access to local variable query | provenance | Sink:MaD:1 |
|
||||
| SqlInjectionDapper.cs:47:86:47:94 | access to property Text : String | SqlInjectionDapper.cs:47:21:47:25 | access to local variable query : String | provenance | |
|
||||
| SqlInjectionDapper.cs:57:21:57:25 | access to local variable query : String | SqlInjectionDapper.cs:58:42:58:46 | access to local variable query | provenance | Sink:MaD:21 |
|
||||
| SqlInjectionDapper.cs:57:21:57:25 | access to local variable query : String | SqlInjectionDapper.cs:58:42:58:46 | access to local variable query | provenance | Sink:MaD:3 |
|
||||
| SqlInjectionDapper.cs:57:86:57:94 | access to property Text : String | SqlInjectionDapper.cs:57:21:57:25 | access to local variable query : String | provenance | |
|
||||
| SqlInjectionDapper.cs:66:21:66:25 | access to local variable query : String | SqlInjectionDapper.cs:67:42:67:46 | access to local variable query | provenance | Sink:MaD:18 |
|
||||
| SqlInjectionDapper.cs:66:21:66:25 | access to local variable query : String | SqlInjectionDapper.cs:67:42:67:46 | access to local variable query | provenance | Sink:MaD:2 |
|
||||
| SqlInjectionDapper.cs:66:86:66:94 | access to property Text : String | SqlInjectionDapper.cs:66:21:66:25 | access to local variable query : String | provenance | |
|
||||
| SqlInjectionDapper.cs:75:21:75:25 | access to local variable query : String | SqlInjectionDapper.cs:77:52:77:56 | access to local variable query | provenance | |
|
||||
| SqlInjectionDapper.cs:75:86:75:94 | access to property Text : String | SqlInjectionDapper.cs:75:21:75:25 | access to local variable query : String | provenance | |
|
||||
| SqlInjectionSqlite.cs:19:51:19:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:19:51:19:68 | access to property Text | provenance | MaD:2156 Sink:MaD:937 |
|
||||
| SqlInjectionSqlite.cs:24:17:24:19 | access to local variable cmd : SQLiteCommand | SqlInjectionSqlite.cs:44:45:44:47 | access to local variable cmd | provenance | Sink:MaD:940 |
|
||||
| SqlInjectionSqlite.cs:19:51:19:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:19:51:19:68 | access to property Text | provenance | MaD:26 Sink:MaD:9 |
|
||||
| SqlInjectionSqlite.cs:24:17:24:19 | access to local variable cmd : SQLiteCommand | SqlInjectionSqlite.cs:44:45:44:47 | access to local variable cmd | provenance | Sink:MaD:11 |
|
||||
| SqlInjectionSqlite.cs:24:23:24:71 | object creation of type SQLiteCommand : SQLiteCommand | SqlInjectionSqlite.cs:24:17:24:19 | access to local variable cmd : SQLiteCommand | provenance | |
|
||||
| SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:24:41:24:58 | access to property Text | provenance | MaD:2156 Sink:MaD:938 |
|
||||
| SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:24:41:24:58 | access to property Text : String | provenance | MaD:2156 |
|
||||
| SqlInjectionSqlite.cs:24:41:24:58 | access to property Text : String | SqlInjectionSqlite.cs:24:23:24:71 | object creation of type SQLiteCommand : SQLiteCommand | provenance | MaD:945 |
|
||||
| SqlInjectionSqlite.cs:33:49:33:61 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:33:49:33:66 | access to property Text | provenance | MaD:2156 Sink:MaD:941 |
|
||||
| SqlInjectionSqlite.cs:39:45:39:57 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:39:45:39:62 | access to property Text | provenance | MaD:2156 Sink:MaD:942 |
|
||||
| SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:24:41:24:58 | access to property Text | provenance | MaD:26 Sink:MaD:10 |
|
||||
| SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:24:41:24:58 | access to property Text : String | provenance | MaD:26 |
|
||||
| SqlInjectionSqlite.cs:24:41:24:58 | access to property Text : String | SqlInjectionSqlite.cs:24:23:24:71 | object creation of type SQLiteCommand : SQLiteCommand | provenance | MaD:14 |
|
||||
| SqlInjectionSqlite.cs:33:49:33:61 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:33:49:33:66 | access to property Text | provenance | MaD:26 Sink:MaD:12 |
|
||||
| SqlInjectionSqlite.cs:39:45:39:57 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:39:45:39:62 | access to property Text | provenance | MaD:26 Sink:MaD:13 |
|
||||
| SqlInjectionSqlite.cs:49:31:49:32 | access to local variable fs : FileStream | SqlInjectionSqlite.cs:51:59:51:60 | access to local variable fs : FileStream | provenance | |
|
||||
| SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | SqlInjectionSqlite.cs:49:31:49:32 | access to local variable fs : FileStream | provenance | Src:MaD:1084 |
|
||||
| SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | SqlInjectionSqlite.cs:49:31:49:32 | access to local variable fs : FileStream | provenance | Src:MaD:1085 |
|
||||
| SqlInjectionSqlite.cs:49:51:49:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:49:51:49:68 | access to property Text : String | provenance | MaD:2156 |
|
||||
| SqlInjectionSqlite.cs:49:51:49:68 | access to property Text : String | SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | provenance | MaD:1094 |
|
||||
| SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | SqlInjectionSqlite.cs:49:31:49:32 | access to local variable fs : FileStream | provenance | Src:MaD:21 |
|
||||
| SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | SqlInjectionSqlite.cs:49:31:49:32 | access to local variable fs : FileStream | provenance | Src:MaD:22 |
|
||||
| SqlInjectionSqlite.cs:49:51:49:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:49:51:49:68 | access to property Text : String | provenance | MaD:26 |
|
||||
| SqlInjectionSqlite.cs:49:51:49:68 | access to property Text : String | SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | provenance | MaD:23 |
|
||||
| SqlInjectionSqlite.cs:51:37:51:38 | access to local variable sr : StreamReader | SqlInjectionSqlite.cs:54:35:54:36 | access to local variable sr : StreamReader | provenance | |
|
||||
| SqlInjectionSqlite.cs:51:42:51:76 | object creation of type StreamReader : StreamReader | SqlInjectionSqlite.cs:51:37:51:38 | access to local variable sr : StreamReader | provenance | |
|
||||
| SqlInjectionSqlite.cs:51:59:51:60 | access to local variable fs : FileStream | SqlInjectionSqlite.cs:51:42:51:76 | object creation of type StreamReader : StreamReader | provenance | MaD:1151 |
|
||||
| SqlInjectionSqlite.cs:51:59:51:60 | access to local variable fs : FileStream | SqlInjectionSqlite.cs:51:42:51:76 | object creation of type StreamReader : StreamReader | provenance | MaD:24 |
|
||||
| SqlInjectionSqlite.cs:54:29:54:31 | access to local variable sql : String | SqlInjectionSqlite.cs:56:31:56:33 | access to local variable sql : String | provenance | |
|
||||
| SqlInjectionSqlite.cs:54:35:54:36 | access to local variable sr : StreamReader | SqlInjectionSqlite.cs:54:35:54:47 | call to method ReadLine : String | provenance | MaD:1172 |
|
||||
| SqlInjectionSqlite.cs:54:35:54:36 | access to local variable sr : StreamReader | SqlInjectionSqlite.cs:54:35:54:47 | call to method ReadLine : String | provenance | MaD:25 |
|
||||
| SqlInjectionSqlite.cs:54:35:54:47 | call to method ReadLine : String | SqlInjectionSqlite.cs:54:29:54:31 | access to local variable sql : String | provenance | |
|
||||
| SqlInjectionSqlite.cs:56:25:56:27 | access to local variable sql : String | SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | provenance | Sink:MaD:938 |
|
||||
| SqlInjectionSqlite.cs:56:31:56:33 | access to local variable sql : String | SqlInjectionSqlite.cs:56:31:56:40 | call to method Trim : String | provenance | MaD:2766 |
|
||||
| SqlInjectionSqlite.cs:56:25:56:27 | access to local variable sql : String | SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | provenance | Sink:MaD:10 |
|
||||
| SqlInjectionSqlite.cs:56:31:56:33 | access to local variable sql : String | SqlInjectionSqlite.cs:56:31:56:40 | call to method Trim : String | provenance | MaD:28 |
|
||||
| SqlInjectionSqlite.cs:56:31:56:40 | call to method Trim : String | SqlInjectionSqlite.cs:56:25:56:27 | access to local variable sql : String | provenance | |
|
||||
models
|
||||
| 1 | Sink: Dapper; SqlMapper; false; ExecuteAsync; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>); ; Argument[1]; sql-injection; manual |
|
||||
| 2 | Sink: Dapper; SqlMapper; false; ExecuteReader; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>); ; Argument[1]; sql-injection; manual |
|
||||
| 3 | Sink: Dapper; SqlMapper; false; ExecuteScalar; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>); ; Argument[1]; sql-injection; manual |
|
||||
| 4 | Sink: Dapper; SqlMapper; false; Query<T>; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>); ; Argument[1]; sql-injection; manual |
|
||||
| 5 | Sink: Dapper; SqlMapper; false; QueryAsync<T>; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>); ; Argument[1]; sql-injection; manual |
|
||||
| 6 | Sink: Dapper; SqlMapper; false; QueryFirstAsync; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>); ; Argument[1]; sql-injection; manual |
|
||||
| 7 | Sink: System.Data.Entity; Database; false; ExecuteSqlCommand; (System.String,System.Object[]); ; Argument[0]; sql-injection; manual |
|
||||
| 8 | Sink: System.Data.Entity; Database; false; SqlQuery<TElement>; (System.String,System.Object[]); ; Argument[0]; sql-injection; manual |
|
||||
| 9 | Sink: System.Data.SQLite; SQLiteCommand; false; SQLiteCommand; (System.String); ; Argument[0]; sql-injection; manual |
|
||||
| 10 | Sink: System.Data.SQLite; SQLiteCommand; false; SQLiteCommand; (System.String,System.Data.SQLite.SQLiteConnection); ; Argument[0]; sql-injection; manual |
|
||||
| 11 | Sink: System.Data.SQLite; SQLiteDataAdapter; false; SQLiteDataAdapter; (System.Data.SQLite.SQLiteCommand); ; Argument[0]; sql-injection; manual |
|
||||
| 12 | Sink: System.Data.SQLite; SQLiteDataAdapter; false; SQLiteDataAdapter; (System.String,System.Data.SQLite.SQLiteConnection); ; Argument[0]; sql-injection; manual |
|
||||
| 13 | Sink: System.Data.SQLite; SQLiteDataAdapter; false; SQLiteDataAdapter; (System.String,System.String); ; Argument[0]; sql-injection; manual |
|
||||
| 14 | Summary: System.Data.SQLite; SQLiteCommand; false; SQLiteCommand; (System.String,System.Data.SQLite.SQLiteConnection); ; Argument[0]; Argument[this]; taint; manual |
|
||||
| 15 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String); ; Argument[0]; sql-injection; manual |
|
||||
| 16 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual |
|
||||
| 17 | Sink: System.Data.SqlClient; SqlDataAdapter; false; SqlDataAdapter; (System.Data.SqlClient.SqlCommand); ; Argument[0]; sql-injection; manual |
|
||||
| 18 | Sink: System.Data.SqlClient; SqlDataAdapter; false; SqlDataAdapter; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual |
|
||||
| 19 | Summary: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String); ; Argument[0]; Argument[this]; taint; manual |
|
||||
| 20 | Summary: System.Data; IDataRecord; true; GetString; (System.Int32); ; Argument[this]; ReturnValue; taint; manual |
|
||||
| 21 | Source: System.IO; FileStream; false; FileStream; ; ; Argument[this]; file; manual |
|
||||
| 22 | Source: System.IO; FileStream; false; FileStream; ; ; Argument[this]; file-write; manual |
|
||||
| 23 | Summary: System.IO; FileStream; false; FileStream; (System.String,System.IO.FileMode); ; Argument[0]; Argument[this]; taint; manual |
|
||||
| 24 | Summary: System.IO; StreamReader; false; StreamReader; (System.IO.Stream,System.Text.Encoding); ; Argument[0]; Argument[this]; taint; manual |
|
||||
| 25 | Summary: System.IO; TextReader; true; ReadLine; (); ; Argument[this]; ReturnValue; taint; manual |
|
||||
| 26 | Summary: System.Web.UI.WebControls; TextBox; false; get_Text; (); ; Argument[this]; ReturnValue; taint; manual |
|
||||
| 27 | Source: System; Console; false; ReadLine; ; ; ReturnValue; local; manual |
|
||||
| 28 | Summary: System; String; false; Trim; (); ; Argument[this]; ReturnValue; taint; manual |
|
||||
nodes
|
||||
| SecondOrderSqlInjection.cs:20:31:20:44 | access to local variable customerReader : SqlDataReader | semmle.label | access to local variable customerReader : SqlDataReader |
|
||||
| SecondOrderSqlInjection.cs:20:48:20:78 | call to method ExecuteReader : SqlDataReader | semmle.label | call to method ExecuteReader : SqlDataReader |
|
||||
@@ -164,28 +218,3 @@ nodes
|
||||
| SqlInjectionSqlite.cs:56:31:56:40 | call to method Trim : String | semmle.label | call to method Trim : String |
|
||||
| SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | semmle.label | access to local variable sql |
|
||||
subpaths
|
||||
#select
|
||||
| SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | SecondOrderSqlInjection.cs:20:48:20:78 | call to method ExecuteReader : SqlDataReader | SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | This query depends on $@. | SecondOrderSqlInjection.cs:20:48:20:78 | call to method ExecuteReader : SqlDataReader | this database input |
|
||||
| SecondOrderSqlInjection.cs:45:57:45:59 | access to local variable sql | SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | SecondOrderSqlInjection.cs:45:57:45:59 | access to local variable sql | This query depends on $@. | SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | this file stream |
|
||||
| SqlInjection.cs:34:50:34:55 | access to local variable query1 | SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | SqlInjection.cs:34:50:34:55 | access to local variable query1 | This query depends on $@. | SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | this ASP.NET user input |
|
||||
| SqlInjection.cs:69:56:69:61 | access to local variable query1 | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | SqlInjection.cs:69:56:69:61 | access to local variable query1 | This query depends on $@. | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | this ASP.NET user input |
|
||||
| SqlInjection.cs:70:55:70:60 | access to local variable query1 | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | SqlInjection.cs:70:55:70:60 | access to local variable query1 | This query depends on $@. | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | this ASP.NET user input |
|
||||
| SqlInjection.cs:83:50:83:55 | access to local variable query1 | SqlInjection.cs:82:21:82:29 | access to property Text : String | SqlInjection.cs:83:50:83:55 | access to local variable query1 | This query depends on $@. | SqlInjection.cs:82:21:82:29 | access to property Text : String | this TextBox text |
|
||||
| SqlInjection.cs:93:42:93:52 | access to local variable queryString | SqlInjection.cs:92:21:92:29 | access to property Text : String | SqlInjection.cs:93:42:93:52 | access to local variable queryString | This query depends on $@. | SqlInjection.cs:92:21:92:29 | access to property Text : String | this TextBox text |
|
||||
| SqlInjection.cs:94:50:94:52 | access to local variable cmd | SqlInjection.cs:92:21:92:29 | access to property Text : String | SqlInjection.cs:94:50:94:52 | access to local variable cmd | This query depends on $@. | SqlInjection.cs:92:21:92:29 | access to property Text : String | this TextBox text |
|
||||
| SqlInjection.cs:104:42:104:52 | access to local variable queryString | SqlInjection.cs:103:21:103:38 | call to method ReadLine : String | SqlInjection.cs:104:42:104:52 | access to local variable queryString | This query depends on $@. | SqlInjection.cs:103:21:103:38 | call to method ReadLine : String | this external |
|
||||
| SqlInjection.cs:105:50:105:52 | access to local variable cmd | SqlInjection.cs:103:21:103:38 | call to method ReadLine : String | SqlInjection.cs:105:50:105:52 | access to local variable cmd | This query depends on $@. | SqlInjection.cs:103:21:103:38 | call to method ReadLine : String | this external |
|
||||
| SqlInjectionDapper.cs:21:55:21:59 | access to local variable query | SqlInjectionDapper.cs:20:86:20:94 | access to property Text : String | SqlInjectionDapper.cs:21:55:21:59 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:20:86:20:94 | access to property Text : String | this TextBox text |
|
||||
| SqlInjectionDapper.cs:30:66:30:70 | access to local variable query | SqlInjectionDapper.cs:29:86:29:94 | access to property Text : String | SqlInjectionDapper.cs:30:66:30:70 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:29:86:29:94 | access to property Text : String | this TextBox text |
|
||||
| SqlInjectionDapper.cs:39:63:39:67 | access to local variable query | SqlInjectionDapper.cs:38:86:38:94 | access to property Text : String | SqlInjectionDapper.cs:39:63:39:67 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:38:86:38:94 | access to property Text : String | this TextBox text |
|
||||
| SqlInjectionDapper.cs:49:47:49:51 | access to local variable query | SqlInjectionDapper.cs:47:86:47:94 | access to property Text : String | SqlInjectionDapper.cs:49:47:49:51 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:47:86:47:94 | access to property Text : String | this TextBox text |
|
||||
| SqlInjectionDapper.cs:58:42:58:46 | access to local variable query | SqlInjectionDapper.cs:57:86:57:94 | access to property Text : String | SqlInjectionDapper.cs:58:42:58:46 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:57:86:57:94 | access to property Text : String | this TextBox text |
|
||||
| SqlInjectionDapper.cs:67:42:67:46 | access to local variable query | SqlInjectionDapper.cs:66:86:66:94 | access to property Text : String | SqlInjectionDapper.cs:67:42:67:46 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:66:86:66:94 | access to property Text : String | this TextBox text |
|
||||
| SqlInjectionDapper.cs:77:52:77:56 | access to local variable query | SqlInjectionDapper.cs:75:86:75:94 | access to property Text : String | SqlInjectionDapper.cs:77:52:77:56 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:75:86:75:94 | access to property Text : String | this TextBox text |
|
||||
| SqlInjectionSqlite.cs:19:51:19:68 | access to property Text | SqlInjectionSqlite.cs:19:51:19:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:19:51:19:68 | access to property Text | This query depends on $@. | SqlInjectionSqlite.cs:19:51:19:63 | access to field untrustedData : TextBox | this ASP.NET user input |
|
||||
| SqlInjectionSqlite.cs:24:41:24:58 | access to property Text | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:24:41:24:58 | access to property Text | This query depends on $@. | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | this ASP.NET user input |
|
||||
| SqlInjectionSqlite.cs:33:49:33:66 | access to property Text | SqlInjectionSqlite.cs:33:49:33:61 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:33:49:33:66 | access to property Text | This query depends on $@. | SqlInjectionSqlite.cs:33:49:33:61 | access to field untrustedData : TextBox | this ASP.NET user input |
|
||||
| SqlInjectionSqlite.cs:39:45:39:62 | access to property Text | SqlInjectionSqlite.cs:39:45:39:57 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:39:45:39:62 | access to property Text | This query depends on $@. | SqlInjectionSqlite.cs:39:45:39:57 | access to field untrustedData : TextBox | this ASP.NET user input |
|
||||
| SqlInjectionSqlite.cs:44:45:44:47 | access to local variable cmd | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:44:45:44:47 | access to local variable cmd | This query depends on $@. | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | this ASP.NET user input |
|
||||
| SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | This query depends on $@. | SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | this file stream |
|
||||
| SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | SqlInjectionSqlite.cs:49:51:49:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | This query depends on $@. | SqlInjectionSqlite.cs:49:51:49:63 | access to field untrustedData : TextBox | this ASP.NET user input |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-089/SqlInjection.ql
|
||||
query: Security Features/CWE-089/SqlInjection.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,3 +1,11 @@
|
||||
#select
|
||||
| LDAPInjection.cs:15:54:15:78 | ... + ... | LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:15:54:15:78 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
|
||||
| LDAPInjection.cs:17:21:17:45 | ... + ... | LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:17:21:17:45 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
|
||||
| LDAPInjection.cs:24:21:24:45 | ... + ... | LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:24:21:24:45 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
|
||||
| LDAPInjection.cs:25:53:25:77 | ... + ... | LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:25:53:25:77 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
|
||||
| LDAPInjection.cs:28:48:28:70 | ... + ... | LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:28:48:28:70 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
|
||||
| LDAPInjection.cs:30:20:30:42 | ... + ... | LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:30:20:30:42 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
|
||||
| LDAPInjection.cs:41:63:41:106 | ... + ... | LDAPInjection.cs:36:44:36:74 | call to method ExecuteReader : SqlDataReader | LDAPInjection.cs:41:63:41:106 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:36:44:36:74 | call to method ExecuteReader | user-provided value |
|
||||
edges
|
||||
| LDAPInjection.cs:12:16:12:23 | access to local variable userName : String | LDAPInjection.cs:15:54:15:78 | ... + ... | provenance | |
|
||||
| LDAPInjection.cs:12:16:12:23 | access to local variable userName : String | LDAPInjection.cs:17:21:17:45 | ... + ... | provenance | |
|
||||
@@ -6,12 +14,15 @@ edges
|
||||
| LDAPInjection.cs:12:16:12:23 | access to local variable userName : String | LDAPInjection.cs:28:48:28:70 | ... + ... | provenance | |
|
||||
| LDAPInjection.cs:12:16:12:23 | access to local variable userName : String | LDAPInjection.cs:30:20:30:42 | ... + ... | provenance | |
|
||||
| LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:12:16:12:23 | access to local variable userName : String | provenance | |
|
||||
| LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:12:27:12:61 | access to indexer : String | provenance | MaD:11546 |
|
||||
| LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:12:27:12:61 | access to indexer : String | provenance | MaD:2 |
|
||||
| LDAPInjection.cs:12:27:12:61 | access to indexer : String | LDAPInjection.cs:12:16:12:23 | access to local variable userName : String | provenance | |
|
||||
| LDAPInjection.cs:36:27:36:40 | access to local variable customerReader : SqlDataReader | LDAPInjection.cs:41:80:41:93 | access to local variable customerReader : SqlDataReader | provenance | |
|
||||
| LDAPInjection.cs:36:44:36:74 | call to method ExecuteReader : SqlDataReader | LDAPInjection.cs:36:27:36:40 | access to local variable customerReader : SqlDataReader | provenance | |
|
||||
| LDAPInjection.cs:41:80:41:93 | access to local variable customerReader : SqlDataReader | LDAPInjection.cs:41:80:41:106 | call to method GetString : String | provenance | MaD:1007 |
|
||||
| LDAPInjection.cs:41:80:41:93 | access to local variable customerReader : SqlDataReader | LDAPInjection.cs:41:80:41:106 | call to method GetString : String | provenance | MaD:1 |
|
||||
| LDAPInjection.cs:41:80:41:106 | call to method GetString : String | LDAPInjection.cs:41:63:41:106 | ... + ... | provenance | |
|
||||
models
|
||||
| 1 | Summary: System.Data; IDataRecord; true; GetString; (System.Int32); ; Argument[this]; ReturnValue; taint; manual |
|
||||
| 2 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
|
||||
nodes
|
||||
| LDAPInjection.cs:12:16:12:23 | access to local variable userName : String | semmle.label | access to local variable userName : String |
|
||||
| LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
|
||||
@@ -28,11 +39,3 @@ nodes
|
||||
| LDAPInjection.cs:41:80:41:93 | access to local variable customerReader : SqlDataReader | semmle.label | access to local variable customerReader : SqlDataReader |
|
||||
| LDAPInjection.cs:41:80:41:106 | call to method GetString : String | semmle.label | call to method GetString : String |
|
||||
subpaths
|
||||
#select
|
||||
| LDAPInjection.cs:15:54:15:78 | ... + ... | LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:15:54:15:78 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
|
||||
| LDAPInjection.cs:17:21:17:45 | ... + ... | LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:17:21:17:45 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
|
||||
| LDAPInjection.cs:24:21:24:45 | ... + ... | LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:24:21:24:45 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
|
||||
| LDAPInjection.cs:25:53:25:77 | ... + ... | LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:25:53:25:77 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
|
||||
| LDAPInjection.cs:28:48:28:70 | ... + ... | LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:28:48:28:70 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
|
||||
| LDAPInjection.cs:30:20:30:42 | ... + ... | LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:30:20:30:42 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
|
||||
| LDAPInjection.cs:41:63:41:106 | ... + ... | LDAPInjection.cs:36:44:36:74 | call to method ExecuteReader : SqlDataReader | LDAPInjection.cs:41:63:41:106 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:36:44:36:74 | call to method ExecuteReader | user-provided value |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-090/LDAPInjection.ql
|
||||
query: Security Features/CWE-090/LDAPInjection.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,13 +1,15 @@
|
||||
#select
|
||||
| Test.cs:15:25:15:80 | ... + ... | Test.cs:8:27:8:49 | access to property QueryString : NameValueCollection | Test.cs:15:25:15:80 | ... + ... | This XML element depends on a $@. | Test.cs:8:27:8:49 | access to property QueryString | user-provided value |
|
||||
edges
|
||||
| Test.cs:8:12:8:23 | access to local variable employeeName : String | Test.cs:15:25:15:80 | ... + ... | provenance | |
|
||||
| Test.cs:8:27:8:49 | access to property QueryString : NameValueCollection | Test.cs:8:12:8:23 | access to local variable employeeName : String | provenance | |
|
||||
| Test.cs:8:27:8:49 | access to property QueryString : NameValueCollection | Test.cs:8:27:8:65 | access to indexer : String | provenance | MaD:11546 |
|
||||
| Test.cs:8:27:8:49 | access to property QueryString : NameValueCollection | Test.cs:8:27:8:65 | access to indexer : String | provenance | MaD:1 |
|
||||
| Test.cs:8:27:8:65 | access to indexer : String | Test.cs:8:12:8:23 | access to local variable employeeName : String | provenance | |
|
||||
models
|
||||
| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
|
||||
nodes
|
||||
| Test.cs:8:12:8:23 | access to local variable employeeName : String | semmle.label | access to local variable employeeName : String |
|
||||
| Test.cs:8:27:8:49 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
|
||||
| Test.cs:8:27:8:65 | access to indexer : String | semmle.label | access to indexer : String |
|
||||
| Test.cs:15:25:15:80 | ... + ... | semmle.label | ... + ... |
|
||||
subpaths
|
||||
#select
|
||||
| Test.cs:15:25:15:80 | ... + ... | Test.cs:8:27:8:49 | access to property QueryString : NameValueCollection | Test.cs:15:25:15:80 | ... + ... | This XML element depends on a $@. | Test.cs:8:27:8:49 | access to property QueryString | user-provided value |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-091/XMLInjection.ql
|
||||
query: Security Features/CWE-091/XMLInjection.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,9 +1,15 @@
|
||||
#select
|
||||
| CodeInjection.cs:29:64:29:67 | access to local variable code | CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | CodeInjection.cs:29:64:29:67 | access to local variable code | This code compilation depends on a $@. | CodeInjection.cs:23:23:23:45 | access to property QueryString | user-provided value |
|
||||
| CodeInjection.cs:40:36:40:39 | access to local variable code | CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | CodeInjection.cs:40:36:40:39 | access to local variable code | This code compilation depends on a $@. | CodeInjection.cs:23:23:23:45 | access to property QueryString | user-provided value |
|
||||
| CodeInjection.cs:56:36:56:44 | access to property Text | CodeInjection.cs:56:36:56:44 | access to property Text | CodeInjection.cs:56:36:56:44 | access to property Text | This code compilation depends on a $@. | CodeInjection.cs:56:36:56:44 | access to property Text | user-provided value |
|
||||
edges
|
||||
| CodeInjection.cs:23:16:23:19 | access to local variable code : String | CodeInjection.cs:29:64:29:67 | access to local variable code | provenance | |
|
||||
| CodeInjection.cs:23:16:23:19 | access to local variable code : String | CodeInjection.cs:40:36:40:39 | access to local variable code | provenance | |
|
||||
| CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | CodeInjection.cs:23:16:23:19 | access to local variable code : String | provenance | |
|
||||
| CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | CodeInjection.cs:23:23:23:53 | access to indexer : String | provenance | MaD:11546 |
|
||||
| CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | CodeInjection.cs:23:23:23:53 | access to indexer : String | provenance | MaD:1 |
|
||||
| CodeInjection.cs:23:23:23:53 | access to indexer : String | CodeInjection.cs:23:16:23:19 | access to local variable code : String | provenance | |
|
||||
models
|
||||
| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
|
||||
nodes
|
||||
| CodeInjection.cs:23:16:23:19 | access to local variable code : String | semmle.label | access to local variable code : String |
|
||||
| CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
|
||||
@@ -12,7 +18,3 @@ nodes
|
||||
| CodeInjection.cs:40:36:40:39 | access to local variable code | semmle.label | access to local variable code |
|
||||
| CodeInjection.cs:56:36:56:44 | access to property Text | semmle.label | access to property Text |
|
||||
subpaths
|
||||
#select
|
||||
| CodeInjection.cs:29:64:29:67 | access to local variable code | CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | CodeInjection.cs:29:64:29:67 | access to local variable code | This code compilation depends on a $@. | CodeInjection.cs:23:23:23:45 | access to property QueryString | user-provided value |
|
||||
| CodeInjection.cs:40:36:40:39 | access to local variable code | CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | CodeInjection.cs:40:36:40:39 | access to local variable code | This code compilation depends on a $@. | CodeInjection.cs:23:23:23:45 | access to property QueryString | user-provided value |
|
||||
| CodeInjection.cs:56:36:56:44 | access to property Text | CodeInjection.cs:56:36:56:44 | access to property Text | CodeInjection.cs:56:36:56:44 | access to property Text | This code compilation depends on a $@. | CodeInjection.cs:56:36:56:44 | access to property Text | user-provided value |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-094/CodeInjection.ql
|
||||
query: Security Features/CWE-094/CodeInjection.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,10 +1,15 @@
|
||||
#select
|
||||
| ResourceInjection.cs:11:57:11:72 | access to local variable connectionString | ResourceInjection.cs:8:27:8:49 | access to property QueryString : NameValueCollection | ResourceInjection.cs:11:57:11:72 | access to local variable connectionString | This resource descriptor depends on a $@. | ResourceInjection.cs:8:27:8:49 | access to property QueryString | user-provided value |
|
||||
| ResourceInjection.cs:13:42:13:57 | access to local variable connectionString | ResourceInjection.cs:8:27:8:49 | access to property QueryString : NameValueCollection | ResourceInjection.cs:13:42:13:57 | access to local variable connectionString | This resource descriptor depends on a $@. | ResourceInjection.cs:8:27:8:49 | access to property QueryString | user-provided value |
|
||||
edges
|
||||
| ResourceInjection.cs:8:16:8:23 | access to local variable userName : String | ResourceInjection.cs:9:16:9:31 | access to local variable connectionString : String | provenance | |
|
||||
| ResourceInjection.cs:8:27:8:49 | access to property QueryString : NameValueCollection | ResourceInjection.cs:8:16:8:23 | access to local variable userName : String | provenance | |
|
||||
| ResourceInjection.cs:8:27:8:49 | access to property QueryString : NameValueCollection | ResourceInjection.cs:8:27:8:61 | access to indexer : String | provenance | MaD:11546 |
|
||||
| ResourceInjection.cs:8:27:8:49 | access to property QueryString : NameValueCollection | ResourceInjection.cs:8:27:8:61 | access to indexer : String | provenance | MaD:1 |
|
||||
| ResourceInjection.cs:8:27:8:61 | access to indexer : String | ResourceInjection.cs:8:16:8:23 | access to local variable userName : String | provenance | |
|
||||
| ResourceInjection.cs:9:16:9:31 | access to local variable connectionString : String | ResourceInjection.cs:11:57:11:72 | access to local variable connectionString | provenance | |
|
||||
| ResourceInjection.cs:9:16:9:31 | access to local variable connectionString : String | ResourceInjection.cs:13:42:13:57 | access to local variable connectionString | provenance | |
|
||||
models
|
||||
| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
|
||||
nodes
|
||||
| ResourceInjection.cs:8:16:8:23 | access to local variable userName : String | semmle.label | access to local variable userName : String |
|
||||
| ResourceInjection.cs:8:27:8:49 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
|
||||
@@ -13,6 +18,3 @@ nodes
|
||||
| ResourceInjection.cs:11:57:11:72 | access to local variable connectionString | semmle.label | access to local variable connectionString |
|
||||
| ResourceInjection.cs:13:42:13:57 | access to local variable connectionString | semmle.label | access to local variable connectionString |
|
||||
subpaths
|
||||
#select
|
||||
| ResourceInjection.cs:11:57:11:72 | access to local variable connectionString | ResourceInjection.cs:8:27:8:49 | access to property QueryString : NameValueCollection | ResourceInjection.cs:11:57:11:72 | access to local variable connectionString | This resource descriptor depends on a $@. | ResourceInjection.cs:8:27:8:49 | access to property QueryString | user-provided value |
|
||||
| ResourceInjection.cs:13:42:13:57 | access to local variable connectionString | ResourceInjection.cs:8:27:8:49 | access to property QueryString : NameValueCollection | ResourceInjection.cs:13:42:13:57 | access to local variable connectionString | This resource descriptor depends on a $@. | ResourceInjection.cs:8:27:8:49 | access to property QueryString | user-provided value |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-099/ResourceInjection.ql
|
||||
query: Security Features/CWE-099/ResourceInjection.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,15 +1,24 @@
|
||||
#select
|
||||
| MissingXMLValidation.cs:16:26:16:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:16:26:16:58 | object creation of type StringReader | This XML processing depends on a $@ without validation because there is no 'XmlReaderSettings' instance specifying schema validation. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | user-provided value |
|
||||
| MissingXMLValidation.cs:21:26:21:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:21:26:21:58 | object creation of type StringReader | This XML processing depends on a $@ without validation because the 'XmlReaderSettings' instance does not specify the 'ValidationType' as 'Schema'. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | user-provided value |
|
||||
| MissingXMLValidation.cs:27:26:27:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:27:26:27:58 | object creation of type StringReader | This XML processing depends on a $@ without validation because the 'XmlReaderSettings' instance does not specify the 'ValidationType' as 'Schema'. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | user-provided value |
|
||||
| MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | This XML processing depends on a $@ without validation because the 'XmlReaderSettings' instance specifies 'ProcessInlineSchema'. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | user-provided value |
|
||||
| MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | This XML processing depends on a $@ without validation because the 'XmlReaderSettings' instance specifies 'ProcessSchemaLocation'. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | user-provided value |
|
||||
edges
|
||||
| MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:16:43:16:57 | access to local variable userProvidedXml : String | provenance | |
|
||||
| MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:21:43:21:57 | access to local variable userProvidedXml : String | provenance | |
|
||||
| MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:27:43:27:57 | access to local variable userProvidedXml : String | provenance | |
|
||||
| MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:45:43:45:57 | access to local variable userProvidedXml : String | provenance | |
|
||||
| MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | provenance | |
|
||||
| MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:12:34:12:75 | access to indexer : String | provenance | MaD:11546 |
|
||||
| MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:12:34:12:75 | access to indexer : String | provenance | MaD:2 |
|
||||
| MissingXMLValidation.cs:12:34:12:75 | access to indexer : String | MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | provenance | |
|
||||
| MissingXMLValidation.cs:16:43:16:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:16:26:16:58 | object creation of type StringReader | provenance | MaD:1162 |
|
||||
| MissingXMLValidation.cs:21:43:21:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:21:26:21:58 | object creation of type StringReader | provenance | MaD:1162 |
|
||||
| MissingXMLValidation.cs:27:43:27:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:27:26:27:58 | object creation of type StringReader | provenance | MaD:1162 |
|
||||
| MissingXMLValidation.cs:45:43:45:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | provenance | MaD:1162 |
|
||||
| MissingXMLValidation.cs:16:43:16:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:16:26:16:58 | object creation of type StringReader | provenance | MaD:1 |
|
||||
| MissingXMLValidation.cs:21:43:21:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:21:26:21:58 | object creation of type StringReader | provenance | MaD:1 |
|
||||
| MissingXMLValidation.cs:27:43:27:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:27:26:27:58 | object creation of type StringReader | provenance | MaD:1 |
|
||||
| MissingXMLValidation.cs:45:43:45:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | provenance | MaD:1 |
|
||||
models
|
||||
| 1 | Summary: System.IO; StringReader; false; StringReader; (System.String); ; Argument[0]; Argument[this]; taint; manual |
|
||||
| 2 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
|
||||
nodes
|
||||
| MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | semmle.label | access to local variable userProvidedXml : String |
|
||||
| MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
|
||||
@@ -23,9 +32,3 @@ nodes
|
||||
| MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | semmle.label | object creation of type StringReader |
|
||||
| MissingXMLValidation.cs:45:43:45:57 | access to local variable userProvidedXml : String | semmle.label | access to local variable userProvidedXml : String |
|
||||
subpaths
|
||||
#select
|
||||
| MissingXMLValidation.cs:16:26:16:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:16:26:16:58 | object creation of type StringReader | This XML processing depends on a $@ without validation because there is no 'XmlReaderSettings' instance specifying schema validation. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | user-provided value |
|
||||
| MissingXMLValidation.cs:21:26:21:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:21:26:21:58 | object creation of type StringReader | This XML processing depends on a $@ without validation because the 'XmlReaderSettings' instance does not specify the 'ValidationType' as 'Schema'. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | user-provided value |
|
||||
| MissingXMLValidation.cs:27:26:27:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:27:26:27:58 | object creation of type StringReader | This XML processing depends on a $@ without validation because the 'XmlReaderSettings' instance does not specify the 'ValidationType' as 'Schema'. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | user-provided value |
|
||||
| MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | This XML processing depends on a $@ without validation because the 'XmlReaderSettings' instance specifies 'ProcessInlineSchema'. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | user-provided value |
|
||||
| MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | This XML processing depends on a $@ without validation because the 'XmlReaderSettings' instance specifies 'ProcessSchemaLocation'. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | user-provided value |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-112/MissingXMLValidation.ql
|
||||
query: Security Features/CWE-112/MissingXMLValidation.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,13 +1,15 @@
|
||||
#select
|
||||
| Test.cs:10:36:10:46 | access to local variable libraryName | Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | Test.cs:10:36:10:46 | access to local variable libraryName | This assembly path depends on a $@. | Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | user-provided value |
|
||||
edges
|
||||
| Test.cs:7:12:7:22 | access to local variable libraryName : String | Test.cs:10:36:10:46 | access to local variable libraryName | provenance | |
|
||||
| Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | Test.cs:7:12:7:22 | access to local variable libraryName : String | provenance | |
|
||||
| Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | Test.cs:7:26:7:63 | access to indexer : String | provenance | MaD:11546 |
|
||||
| Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | Test.cs:7:26:7:63 | access to indexer : String | provenance | MaD:1 |
|
||||
| Test.cs:7:26:7:63 | access to indexer : String | Test.cs:7:12:7:22 | access to local variable libraryName : String | provenance | |
|
||||
models
|
||||
| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
|
||||
nodes
|
||||
| Test.cs:7:12:7:22 | access to local variable libraryName : String | semmle.label | access to local variable libraryName : String |
|
||||
| Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
|
||||
| Test.cs:7:26:7:63 | access to indexer : String | semmle.label | access to indexer : String |
|
||||
| Test.cs:10:36:10:46 | access to local variable libraryName | semmle.label | access to local variable libraryName |
|
||||
subpaths
|
||||
#select
|
||||
| Test.cs:10:36:10:46 | access to local variable libraryName | Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | Test.cs:10:36:10:46 | access to local variable libraryName | This assembly path depends on a $@. | Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | user-provided value |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-114/AssemblyPathInjection.ql
|
||||
query: Security Features/CWE-114/AssemblyPathInjection.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,11 +1,18 @@
|
||||
#select
|
||||
| LogForging.cs:21:21:21:43 | ... + ... | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:21:21:21:43 | ... + ... | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value |
|
||||
| LogForging.cs:29:50:29:72 | ... + ... | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:29:50:29:72 | ... + ... | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value |
|
||||
| LogForging.cs:33:26:33:33 | access to local variable username | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:33:26:33:33 | access to local variable username | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value |
|
||||
| LogForgingAsp.cs:12:21:12:43 | ... + ... | LogForgingAsp.cs:8:32:8:39 | username : String | LogForgingAsp.cs:12:21:12:43 | ... + ... | This log entry depends on a $@. | LogForgingAsp.cs:8:32:8:39 | username | user-provided value |
|
||||
edges
|
||||
| LogForging.cs:18:16:18:23 | access to local variable username : String | LogForging.cs:21:21:21:43 | ... + ... | provenance | |
|
||||
| LogForging.cs:18:16:18:23 | access to local variable username : String | LogForging.cs:29:50:29:72 | ... + ... | provenance | |
|
||||
| LogForging.cs:18:16:18:23 | access to local variable username : String | LogForging.cs:33:26:33:33 | access to local variable username | provenance | |
|
||||
| LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:18:16:18:23 | access to local variable username : String | provenance | |
|
||||
| LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:18:27:18:61 | access to indexer : String | provenance | MaD:11546 |
|
||||
| LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:18:27:18:61 | access to indexer : String | provenance | MaD:1 |
|
||||
| LogForging.cs:18:27:18:61 | access to indexer : String | LogForging.cs:18:16:18:23 | access to local variable username : String | provenance | |
|
||||
| LogForgingAsp.cs:8:32:8:39 | username : String | LogForgingAsp.cs:12:21:12:43 | ... + ... | provenance | |
|
||||
models
|
||||
| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
|
||||
nodes
|
||||
| LogForging.cs:18:16:18:23 | access to local variable username : String | semmle.label | access to local variable username : String |
|
||||
| LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
|
||||
@@ -16,8 +23,3 @@ nodes
|
||||
| LogForgingAsp.cs:8:32:8:39 | username : String | semmle.label | username : String |
|
||||
| LogForgingAsp.cs:12:21:12:43 | ... + ... | semmle.label | ... + ... |
|
||||
subpaths
|
||||
#select
|
||||
| LogForging.cs:21:21:21:43 | ... + ... | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:21:21:21:43 | ... + ... | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value |
|
||||
| LogForging.cs:29:50:29:72 | ... + ... | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:29:50:29:72 | ... + ... | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value |
|
||||
| LogForging.cs:33:26:33:33 | access to local variable username | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:33:26:33:33 | access to local variable username | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value |
|
||||
| LogForgingAsp.cs:12:21:12:43 | ... + ... | LogForgingAsp.cs:8:32:8:39 | username : String | LogForgingAsp.cs:12:21:12:43 | ... + ... | This log entry depends on a $@. | LogForgingAsp.cs:8:32:8:39 | username | user-provided value |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-117/LogForging.ql
|
||||
query: Security Features/CWE-117/LogForging.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,15 +1,24 @@
|
||||
#select
|
||||
| ConsoleUncontrolledFormatString.cs:11:31:11:36 | access to local variable format | ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine : String | ConsoleUncontrolledFormatString.cs:11:31:11:36 | access to local variable format | This format string depends on $@. | ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine | thisexternal |
|
||||
| UncontrolledFormatString.cs:12:23:12:26 | access to local variable path | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:12:23:12:26 | access to local variable path | This format string depends on $@. | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString | thisASP.NET query string |
|
||||
| UncontrolledFormatString.cs:15:46:15:49 | access to local variable path | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:15:46:15:49 | access to local variable path | This format string depends on $@. | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString | thisASP.NET query string |
|
||||
| UncontrolledFormatString.cs:32:23:32:31 | access to property Text | UncontrolledFormatString.cs:32:23:32:31 | access to property Text | UncontrolledFormatString.cs:32:23:32:31 | access to property Text | This format string depends on $@. | UncontrolledFormatString.cs:32:23:32:31 | access to property Text | thisTextBox text |
|
||||
| UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format | UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString : NameValueCollection | UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format | This format string depends on $@. | UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString | thisASP.NET query string |
|
||||
edges
|
||||
| ConsoleUncontrolledFormatString.cs:8:13:8:18 | access to local variable format : String | ConsoleUncontrolledFormatString.cs:11:31:11:36 | access to local variable format | provenance | |
|
||||
| ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine : String | ConsoleUncontrolledFormatString.cs:8:13:8:18 | access to local variable format : String | provenance | Src:MaD:2257 |
|
||||
| ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine : String | ConsoleUncontrolledFormatString.cs:8:13:8:18 | access to local variable format : String | provenance | Src:MaD:1 |
|
||||
| UncontrolledFormatString.cs:9:16:9:19 | access to local variable path : String | UncontrolledFormatString.cs:12:23:12:26 | access to local variable path | provenance | |
|
||||
| UncontrolledFormatString.cs:9:16:9:19 | access to local variable path : String | UncontrolledFormatString.cs:15:46:15:49 | access to local variable path | provenance | |
|
||||
| UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:9:16:9:19 | access to local variable path : String | provenance | |
|
||||
| UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:9:23:9:53 | access to indexer : String | provenance | MaD:11546 |
|
||||
| UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:9:23:9:53 | access to indexer : String | provenance | MaD:2 |
|
||||
| UncontrolledFormatString.cs:9:23:9:53 | access to indexer : String | UncontrolledFormatString.cs:9:16:9:19 | access to local variable path : String | provenance | |
|
||||
| UncontrolledFormatStringBad.cs:9:16:9:21 | access to local variable format : String | UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format | provenance | |
|
||||
| UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString : NameValueCollection | UncontrolledFormatStringBad.cs:9:16:9:21 | access to local variable format : String | provenance | |
|
||||
| UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString : NameValueCollection | UncontrolledFormatStringBad.cs:9:25:9:61 | access to indexer : String | provenance | MaD:11546 |
|
||||
| UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString : NameValueCollection | UncontrolledFormatStringBad.cs:9:25:9:61 | access to indexer : String | provenance | MaD:2 |
|
||||
| UncontrolledFormatStringBad.cs:9:25:9:61 | access to indexer : String | UncontrolledFormatStringBad.cs:9:16:9:21 | access to local variable format : String | provenance | |
|
||||
models
|
||||
| 1 | Source: System; Console; false; ReadLine; ; ; ReturnValue; local; manual |
|
||||
| 2 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
|
||||
nodes
|
||||
| ConsoleUncontrolledFormatString.cs:8:13:8:18 | access to local variable format : String | semmle.label | access to local variable format : String |
|
||||
| ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine : String | semmle.label | call to method ReadLine : String |
|
||||
@@ -25,9 +34,3 @@ nodes
|
||||
| UncontrolledFormatStringBad.cs:9:25:9:61 | access to indexer : String | semmle.label | access to indexer : String |
|
||||
| UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format | semmle.label | access to local variable format |
|
||||
subpaths
|
||||
#select
|
||||
| ConsoleUncontrolledFormatString.cs:11:31:11:36 | access to local variable format | ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine : String | ConsoleUncontrolledFormatString.cs:11:31:11:36 | access to local variable format | This format string depends on $@. | ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine | thisexternal |
|
||||
| UncontrolledFormatString.cs:12:23:12:26 | access to local variable path | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:12:23:12:26 | access to local variable path | This format string depends on $@. | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString | thisASP.NET query string |
|
||||
| UncontrolledFormatString.cs:15:46:15:49 | access to local variable path | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:15:46:15:49 | access to local variable path | This format string depends on $@. | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString | thisASP.NET query string |
|
||||
| UncontrolledFormatString.cs:32:23:32:31 | access to property Text | UncontrolledFormatString.cs:32:23:32:31 | access to property Text | UncontrolledFormatString.cs:32:23:32:31 | access to property Text | This format string depends on $@. | UncontrolledFormatString.cs:32:23:32:31 | access to property Text | thisTextBox text |
|
||||
| UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format | UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString : NameValueCollection | UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format | This format string depends on $@. | UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString | thisASP.NET query string |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-134/UncontrolledFormatString.ql
|
||||
query: Security Features/CWE-134/UncontrolledFormatString.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,11 +1,24 @@
|
||||
#select
|
||||
| ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | sensitive information |
|
||||
| ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | sensitive information |
|
||||
| ExposureInTransmittedData.cs:22:32:22:41 | access to property Message | ExposureInTransmittedData.cs:22:32:22:41 | access to property Message | ExposureInTransmittedData.cs:22:32:22:41 | access to property Message | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:22:32:22:41 | access to property Message | sensitive information |
|
||||
| ExposureInTransmittedData.cs:23:32:23:44 | call to method ToString | ExposureInTransmittedData.cs:23:32:23:44 | call to method ToString | ExposureInTransmittedData.cs:23:32:23:44 | call to method ToString | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:23:32:23:44 | call to method ToString | sensitive information |
|
||||
| ExposureInTransmittedData.cs:24:32:24:50 | access to indexer | ExposureInTransmittedData.cs:24:32:24:38 | access to property Data : IDictionary | ExposureInTransmittedData.cs:24:32:24:50 | access to indexer | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:24:32:24:38 | access to property Data | sensitive information |
|
||||
| ExposureInTransmittedData.cs:31:53:31:53 | access to local variable p | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:31:53:31:53 | access to local variable p | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField | sensitive information |
|
||||
| ExposureInTransmittedData.cs:31:56:31:56 | access to local variable p | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:31:56:31:56 | access to local variable p | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField | sensitive information |
|
||||
| ExposureInTransmittedData.cs:32:24:32:52 | ... + ... | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:32:24:32:52 | ... + ... | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField | sensitive information |
|
||||
| ExposureInTransmittedData.cs:33:27:33:27 | access to local variable p | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:33:27:33:27 | access to local variable p | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField | sensitive information |
|
||||
edges
|
||||
| ExposureInTransmittedData.cs:24:32:24:38 | access to property Data : IDictionary | ExposureInTransmittedData.cs:24:32:24:50 | access to indexer | provenance | Sink:MaD:2159 |
|
||||
| ExposureInTransmittedData.cs:24:32:24:38 | access to property Data : IDictionary | ExposureInTransmittedData.cs:24:32:24:50 | access to indexer | provenance | MaD:868 Sink:MaD:2159 |
|
||||
| ExposureInTransmittedData.cs:24:32:24:38 | access to property Data : IDictionary | ExposureInTransmittedData.cs:24:32:24:50 | access to indexer | provenance | Sink:MaD:2 |
|
||||
| ExposureInTransmittedData.cs:24:32:24:38 | access to property Data : IDictionary | ExposureInTransmittedData.cs:24:32:24:50 | access to indexer | provenance | MaD:1 Sink:MaD:2 |
|
||||
| ExposureInTransmittedData.cs:30:13:30:13 | access to local variable p : String | ExposureInTransmittedData.cs:31:53:31:53 | access to local variable p | provenance | |
|
||||
| ExposureInTransmittedData.cs:30:13:30:13 | access to local variable p : String | ExposureInTransmittedData.cs:31:56:31:56 | access to local variable p | provenance | |
|
||||
| ExposureInTransmittedData.cs:30:13:30:13 | access to local variable p : String | ExposureInTransmittedData.cs:32:24:32:52 | ... + ... | provenance | |
|
||||
| ExposureInTransmittedData.cs:30:13:30:13 | access to local variable p : String | ExposureInTransmittedData.cs:33:27:33:27 | access to local variable p | provenance | |
|
||||
| ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:30:13:30:13 | access to local variable p : String | provenance | |
|
||||
models
|
||||
| 1 | Summary: System.ComponentModel; PropertyDescriptorCollection; false; get_Item; (System.Object); ; Argument[this].Element; ReturnValue; value; manual |
|
||||
| 2 | Sink: System.Web; HttpResponse; false; Write; ; ; Argument[0]; html-injection; manual |
|
||||
nodes
|
||||
| ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | semmle.label | access to local variable password |
|
||||
| ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | semmle.label | call to method ToString |
|
||||
@@ -20,13 +33,3 @@ nodes
|
||||
| ExposureInTransmittedData.cs:32:24:32:52 | ... + ... | semmle.label | ... + ... |
|
||||
| ExposureInTransmittedData.cs:33:27:33:27 | access to local variable p | semmle.label | access to local variable p |
|
||||
subpaths
|
||||
#select
|
||||
| ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | sensitive information |
|
||||
| ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | sensitive information |
|
||||
| ExposureInTransmittedData.cs:22:32:22:41 | access to property Message | ExposureInTransmittedData.cs:22:32:22:41 | access to property Message | ExposureInTransmittedData.cs:22:32:22:41 | access to property Message | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:22:32:22:41 | access to property Message | sensitive information |
|
||||
| ExposureInTransmittedData.cs:23:32:23:44 | call to method ToString | ExposureInTransmittedData.cs:23:32:23:44 | call to method ToString | ExposureInTransmittedData.cs:23:32:23:44 | call to method ToString | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:23:32:23:44 | call to method ToString | sensitive information |
|
||||
| ExposureInTransmittedData.cs:24:32:24:50 | access to indexer | ExposureInTransmittedData.cs:24:32:24:38 | access to property Data : IDictionary | ExposureInTransmittedData.cs:24:32:24:50 | access to indexer | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:24:32:24:38 | access to property Data | sensitive information |
|
||||
| ExposureInTransmittedData.cs:31:53:31:53 | access to local variable p | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:31:53:31:53 | access to local variable p | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField | sensitive information |
|
||||
| ExposureInTransmittedData.cs:31:56:31:56 | access to local variable p | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:31:56:31:56 | access to local variable p | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField | sensitive information |
|
||||
| ExposureInTransmittedData.cs:32:24:32:52 | ... + ... | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:32:24:32:52 | ... + ... | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField | sensitive information |
|
||||
| ExposureInTransmittedData.cs:33:27:33:27 | access to local variable p | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:33:27:33:27 | access to local variable p | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField | sensitive information |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-201/ExposureInTransmittedData.ql
|
||||
query: Security Features/CWE-201/ExposureInTransmittedData.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,13 +1,25 @@
|
||||
#select
|
||||
| ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex | exception information |
|
||||
| ExceptionInformationExposure.cs:21:32:21:33 | access to local variable ex | ExceptionInformationExposure.cs:21:32:21:33 | access to local variable ex | ExceptionInformationExposure.cs:21:32:21:33 | access to local variable ex | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:21:32:21:33 | access to local variable ex | exception information |
|
||||
| ExceptionInformationExposure.cs:23:32:23:44 | access to property StackTrace | ExceptionInformationExposure.cs:23:32:23:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:23:32:23:44 | access to property StackTrace | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:23:32:23:33 | access to local variable ex | exception information |
|
||||
| ExceptionInformationExposure.cs:39:28:39:55 | access to property StackTrace | ExceptionInformationExposure.cs:39:28:39:44 | access to property InnerException : Exception | ExceptionInformationExposure.cs:39:28:39:55 | access to property StackTrace | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:39:28:39:44 | access to property InnerException | exception information |
|
||||
| ExceptionInformationExposure.cs:40:28:40:40 | access to property StackTrace | ExceptionInformationExposure.cs:40:28:40:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:40:28:40:40 | access to property StackTrace | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:40:28:40:29 | access to local variable ex | exception information |
|
||||
| ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex | exception information |
|
||||
| ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException : MyException | ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException | exception information |
|
||||
edges
|
||||
| ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | provenance | Config Sink:MaD:2159 |
|
||||
| ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | provenance | MaD:47762 Sink:MaD:2159 |
|
||||
| ExceptionInformationExposure.cs:23:32:23:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:23:32:23:44 | access to property StackTrace | provenance | MaD:47767 Sink:MaD:2159 |
|
||||
| ExceptionInformationExposure.cs:39:28:39:44 | access to property InnerException : Exception | ExceptionInformationExposure.cs:39:28:39:55 | access to property StackTrace | provenance | MaD:47767 |
|
||||
| ExceptionInformationExposure.cs:40:28:40:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:40:28:40:40 | access to property StackTrace | provenance | MaD:47767 |
|
||||
| ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | provenance | Config Sink:MaD:1 |
|
||||
| ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | provenance | MaD:2 Sink:MaD:1 |
|
||||
| ExceptionInformationExposure.cs:23:32:23:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:23:32:23:44 | access to property StackTrace | provenance | MaD:3 Sink:MaD:1 |
|
||||
| ExceptionInformationExposure.cs:39:28:39:44 | access to property InnerException : Exception | ExceptionInformationExposure.cs:39:28:39:55 | access to property StackTrace | provenance | MaD:3 |
|
||||
| ExceptionInformationExposure.cs:40:28:40:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:40:28:40:40 | access to property StackTrace | provenance | MaD:3 |
|
||||
| ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | provenance | Config |
|
||||
| ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | provenance | MaD:47762 |
|
||||
| ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException : MyException | ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | provenance | Config Sink:MaD:2159 |
|
||||
| ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException : MyException | ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | provenance | MaD:47762 Sink:MaD:2159 |
|
||||
| ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | provenance | MaD:2 |
|
||||
| ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException : MyException | ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | provenance | Config Sink:MaD:1 |
|
||||
| ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException : MyException | ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | provenance | MaD:2 Sink:MaD:1 |
|
||||
models
|
||||
| 1 | Sink: System.Web; HttpResponse; false; Write; ; ; Argument[0]; html-injection; manual |
|
||||
| 2 | Summary: System; Exception; false; ToString; (); ; Argument[this]; ReturnValue; taint; df-generated |
|
||||
| 3 | Summary: System; Exception; true; get_StackTrace; (); ; Argument[this]; ReturnValue; taint; df-generated |
|
||||
nodes
|
||||
| ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | semmle.label | access to local variable ex : Exception |
|
||||
| ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | semmle.label | call to method ToString |
|
||||
@@ -23,11 +35,3 @@ nodes
|
||||
| ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException : MyException | semmle.label | object creation of type MyException : MyException |
|
||||
| ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | semmle.label | call to method ToString |
|
||||
subpaths
|
||||
#select
|
||||
| ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex | exception information |
|
||||
| ExceptionInformationExposure.cs:21:32:21:33 | access to local variable ex | ExceptionInformationExposure.cs:21:32:21:33 | access to local variable ex | ExceptionInformationExposure.cs:21:32:21:33 | access to local variable ex | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:21:32:21:33 | access to local variable ex | exception information |
|
||||
| ExceptionInformationExposure.cs:23:32:23:44 | access to property StackTrace | ExceptionInformationExposure.cs:23:32:23:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:23:32:23:44 | access to property StackTrace | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:23:32:23:33 | access to local variable ex | exception information |
|
||||
| ExceptionInformationExposure.cs:39:28:39:55 | access to property StackTrace | ExceptionInformationExposure.cs:39:28:39:44 | access to property InnerException : Exception | ExceptionInformationExposure.cs:39:28:39:55 | access to property StackTrace | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:39:28:39:44 | access to property InnerException | exception information |
|
||||
| ExceptionInformationExposure.cs:40:28:40:40 | access to property StackTrace | ExceptionInformationExposure.cs:40:28:40:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:40:28:40:40 | access to property StackTrace | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:40:28:40:29 | access to local variable ex | exception information |
|
||||
| ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex | exception information |
|
||||
| ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException : MyException | ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException | exception information |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-209/ExceptionInformationExposure.ql
|
||||
query: Security Features/CWE-209/ExceptionInformationExposure.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,22 +1,37 @@
|
||||
#select
|
||||
| HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | symmetric key |
|
||||
| HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | symmetric key |
|
||||
| HardcodedSymmetricEncryptionKey.cs:31:21:31:21 | access to local variable d | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:31:21:31:21 | access to local variable d | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key |
|
||||
| HardcodedSymmetricEncryptionKey.cs:68:87:68:94 | access to parameter password | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:68:87:68:94 | access to parameter password | This hard-coded $@ is used in symmetric algorithm in Decryptor(rgbKey, IV) | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key |
|
||||
| HardcodedSymmetricEncryptionKey.cs:108:23:108:25 | access to parameter key | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:108:23:108:25 | access to parameter key | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key |
|
||||
| HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | This hard-coded $@ is used in symmetric algorithm in Encryptor(rgbKey, IV) | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key |
|
||||
| HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | HardcodedSymmetricEncryptionKey.cs:28:62:28:115 | "Hello, world: here is a very bad way to create a key" : String | HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | This hard-coded $@ is used in symmetric algorithm in Encryptor(rgbKey, IV) | HardcodedSymmetricEncryptionKey.cs:28:62:28:115 | "Hello, world: here is a very bad way to create a key" | symmetric key |
|
||||
edges
|
||||
| HardcodedSymmetricEncryptionKey.cs:25:17:25:17 | access to local variable c : Byte[] | HardcodedSymmetricEncryptionKey.cs:26:17:26:17 | access to local variable d : Byte[] | provenance | |
|
||||
| HardcodedSymmetricEncryptionKey.cs:25:17:25:17 | access to local variable c : Byte[] | HardcodedSymmetricEncryptionKey.cs:41:50:41:50 | access to local variable c : Byte[] | provenance | |
|
||||
| HardcodedSymmetricEncryptionKey.cs:25:17:25:17 | access to local variable c : Byte[] | HardcodedSymmetricEncryptionKey.cs:50:35:50:35 | access to local variable c : Byte[] | provenance | |
|
||||
| HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:25:17:25:17 | access to local variable c : Byte[] | provenance | |
|
||||
| HardcodedSymmetricEncryptionKey.cs:26:17:26:17 | access to local variable d : Byte[] | HardcodedSymmetricEncryptionKey.cs:31:21:31:21 | access to local variable d | provenance | Sink:MaD:1859 |
|
||||
| HardcodedSymmetricEncryptionKey.cs:26:17:26:17 | access to local variable d : Byte[] | HardcodedSymmetricEncryptionKey.cs:31:21:31:21 | access to local variable d | provenance | Sink:MaD:3 |
|
||||
| HardcodedSymmetricEncryptionKey.cs:26:17:26:17 | access to local variable d : Byte[] | HardcodedSymmetricEncryptionKey.cs:36:37:36:37 | access to local variable d : Byte[] | provenance | |
|
||||
| HardcodedSymmetricEncryptionKey.cs:28:17:28:35 | access to local variable byteArrayFromString : Byte[] | HardcodedSymmetricEncryptionKey.cs:44:51:44:69 | access to local variable byteArrayFromString : Byte[] | provenance | |
|
||||
| HardcodedSymmetricEncryptionKey.cs:28:39:28:116 | call to method GetBytes : Byte[] | HardcodedSymmetricEncryptionKey.cs:28:17:28:35 | access to local variable byteArrayFromString : Byte[] | provenance | |
|
||||
| HardcodedSymmetricEncryptionKey.cs:28:62:28:115 | "Hello, world: here is a very bad way to create a key" : String | HardcodedSymmetricEncryptionKey.cs:28:39:28:116 | call to method GetBytes : Byte[] | provenance | MaD:1878 |
|
||||
| HardcodedSymmetricEncryptionKey.cs:28:62:28:115 | "Hello, world: here is a very bad way to create a key" : String | HardcodedSymmetricEncryptionKey.cs:28:39:28:116 | call to method GetBytes : Byte[] | provenance | MaD:4 |
|
||||
| HardcodedSymmetricEncryptionKey.cs:36:37:36:37 | access to local variable d : Byte[] | HardcodedSymmetricEncryptionKey.cs:103:57:103:59 | key : Byte[] | provenance | |
|
||||
| HardcodedSymmetricEncryptionKey.cs:41:50:41:50 | access to local variable c : Byte[] | HardcodedSymmetricEncryptionKey.cs:112:63:112:65 | key : Byte[] | provenance | |
|
||||
| HardcodedSymmetricEncryptionKey.cs:44:51:44:69 | access to local variable byteArrayFromString : Byte[] | HardcodedSymmetricEncryptionKey.cs:112:63:112:65 | key : Byte[] | provenance | |
|
||||
| HardcodedSymmetricEncryptionKey.cs:50:35:50:35 | access to local variable c : Byte[] | HardcodedSymmetricEncryptionKey.cs:59:64:59:71 | password : Byte[] | provenance | |
|
||||
| HardcodedSymmetricEncryptionKey.cs:59:64:59:71 | password : Byte[] | HardcodedSymmetricEncryptionKey.cs:68:87:68:94 | access to parameter password | provenance | Sink:MaD:1857 |
|
||||
| HardcodedSymmetricEncryptionKey.cs:59:64:59:71 | password : Byte[] | HardcodedSymmetricEncryptionKey.cs:68:87:68:94 | access to parameter password | provenance | Sink:MaD:39497 |
|
||||
| HardcodedSymmetricEncryptionKey.cs:103:57:103:59 | key : Byte[] | HardcodedSymmetricEncryptionKey.cs:108:23:108:25 | access to parameter key | provenance | Sink:MaD:1859 |
|
||||
| HardcodedSymmetricEncryptionKey.cs:112:63:112:65 | key : Byte[] | HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | provenance | Sink:MaD:1858 |
|
||||
| HardcodedSymmetricEncryptionKey.cs:112:63:112:65 | key : Byte[] | HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | provenance | Sink:MaD:39499 |
|
||||
| HardcodedSymmetricEncryptionKey.cs:59:64:59:71 | password : Byte[] | HardcodedSymmetricEncryptionKey.cs:68:87:68:94 | access to parameter password | provenance | Sink:MaD:1 |
|
||||
| HardcodedSymmetricEncryptionKey.cs:59:64:59:71 | password : Byte[] | HardcodedSymmetricEncryptionKey.cs:68:87:68:94 | access to parameter password | provenance | Sink:MaD:5 |
|
||||
| HardcodedSymmetricEncryptionKey.cs:103:57:103:59 | key : Byte[] | HardcodedSymmetricEncryptionKey.cs:108:23:108:25 | access to parameter key | provenance | Sink:MaD:3 |
|
||||
| HardcodedSymmetricEncryptionKey.cs:112:63:112:65 | key : Byte[] | HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | provenance | Sink:MaD:2 |
|
||||
| HardcodedSymmetricEncryptionKey.cs:112:63:112:65 | key : Byte[] | HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | provenance | Sink:MaD:6 |
|
||||
models
|
||||
| 1 | Sink: System.Security.Cryptography; SymmetricAlgorithm; true; CreateDecryptor; (System.Byte[],System.Byte[]); ; Argument[0]; encryption-decryptor; manual |
|
||||
| 2 | Sink: System.Security.Cryptography; SymmetricAlgorithm; true; CreateEncryptor; (System.Byte[],System.Byte[]); ; Argument[0]; encryption-encryptor; manual |
|
||||
| 3 | Sink: System.Security.Cryptography; SymmetricAlgorithm; true; set_Key; (System.Byte[]); ; Argument[0]; encryption-keyprop; manual |
|
||||
| 4 | Summary: System.Text; Encoding; true; GetBytes; (System.String); ; Argument[0]; ReturnValue; taint; manual |
|
||||
| 5 | Sink: System.Security.Cryptography; SymmetricAlgorithm; true; CreateDecryptor; (System.Byte[],System.Byte[]); ; Argument[0]; encryption-decryptor; df-generated |
|
||||
| 6 | Sink: System.Security.Cryptography; SymmetricAlgorithm; true; CreateEncryptor; (System.Byte[],System.Byte[]); ; Argument[0]; encryption-encryptor; df-generated |
|
||||
nodes
|
||||
| HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | semmle.label | array creation of type Byte[] |
|
||||
| HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | semmle.label | array creation of type Byte[] |
|
||||
@@ -38,11 +53,3 @@ nodes
|
||||
| HardcodedSymmetricEncryptionKey.cs:112:63:112:65 | key : Byte[] | semmle.label | key : Byte[] |
|
||||
| HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | semmle.label | access to parameter key |
|
||||
subpaths
|
||||
#select
|
||||
| HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | symmetric key |
|
||||
| HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | symmetric key |
|
||||
| HardcodedSymmetricEncryptionKey.cs:31:21:31:21 | access to local variable d | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:31:21:31:21 | access to local variable d | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key |
|
||||
| HardcodedSymmetricEncryptionKey.cs:68:87:68:94 | access to parameter password | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:68:87:68:94 | access to parameter password | This hard-coded $@ is used in symmetric algorithm in Decryptor(rgbKey, IV) | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key |
|
||||
| HardcodedSymmetricEncryptionKey.cs:108:23:108:25 | access to parameter key | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:108:23:108:25 | access to parameter key | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key |
|
||||
| HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | This hard-coded $@ is used in symmetric algorithm in Encryptor(rgbKey, IV) | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key |
|
||||
| HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | HardcodedSymmetricEncryptionKey.cs:28:62:28:115 | "Hello, world: here is a very bad way to create a key" : String | HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | This hard-coded $@ is used in symmetric algorithm in Encryptor(rgbKey, IV) | HardcodedSymmetricEncryptionKey.cs:28:62:28:115 | "Hello, world: here is a very bad way to create a key" | symmetric key |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-321/HardcodedEncryptionKey.ql
|
||||
query: Security Features/CWE-321/HardcodedEncryptionKey.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,23 +1,33 @@
|
||||
#select
|
||||
| InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString | InsecureRandomness.cs:28:29:28:43 | call to method Next : Int32 | InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString | This uses a cryptographically insecure random number generated at $@ in a security context. | InsecureRandomness.cs:28:29:28:43 | call to method Next | call to method Next |
|
||||
| InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection | InsecureRandomness.cs:60:31:60:39 | call to method Next : Int32 | InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection | This uses a cryptographically insecure random number generated at $@ in a security context. | InsecureRandomness.cs:60:31:60:39 | call to method Next | call to method Next |
|
||||
| InsecureRandomness.cs:14:20:14:54 | call to method InsecureRandomStringFromIndexer | InsecureRandomness.cs:72:31:72:39 | call to method Next : Int32 | InsecureRandomness.cs:14:20:14:54 | call to method InsecureRandomStringFromIndexer | This uses a cryptographically insecure random number generated at $@ in a security context. | InsecureRandomness.cs:72:31:72:39 | call to method Next | call to method Next |
|
||||
| InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | This uses a cryptographically insecure random number generated at $@ in a security context. | InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | call to method GeneratePassword |
|
||||
edges
|
||||
| InsecureRandomness.cs:28:13:28:16 | [post] access to local variable data : Byte[] [element] : Byte | InsecureRandomness.cs:29:57:29:60 | access to local variable data : Byte[] [element] : Byte | provenance | |
|
||||
| InsecureRandomness.cs:28:23:28:43 | (...) ... : Byte | InsecureRandomness.cs:28:13:28:16 | [post] access to local variable data : Byte[] [element] : Byte | provenance | |
|
||||
| InsecureRandomness.cs:28:29:28:43 | call to method Next : Int32 | InsecureRandomness.cs:28:23:28:43 | (...) ... : Byte | provenance | |
|
||||
| InsecureRandomness.cs:29:13:29:18 | [post] access to local variable result : StringBuilder | InsecureRandomness.cs:31:16:31:21 | access to local variable result : StringBuilder | provenance | |
|
||||
| InsecureRandomness.cs:29:27:29:61 | call to method GetString : String | InsecureRandomness.cs:29:13:29:18 | [post] access to local variable result : StringBuilder | provenance | MaD:1910 |
|
||||
| InsecureRandomness.cs:29:57:29:60 | access to local variable data : Byte[] [element] : Byte | InsecureRandomness.cs:29:27:29:61 | call to method GetString : String | provenance | MaD:1887 |
|
||||
| InsecureRandomness.cs:31:16:31:21 | access to local variable result : StringBuilder | InsecureRandomness.cs:31:16:31:32 | call to method ToString : String | provenance | MaD:1980 |
|
||||
| InsecureRandomness.cs:29:27:29:61 | call to method GetString : String | InsecureRandomness.cs:29:13:29:18 | [post] access to local variable result : StringBuilder | provenance | MaD:2 |
|
||||
| InsecureRandomness.cs:29:57:29:60 | access to local variable data : Byte[] [element] : Byte | InsecureRandomness.cs:29:27:29:61 | call to method GetString : String | provenance | MaD:1 |
|
||||
| InsecureRandomness.cs:31:16:31:21 | access to local variable result : StringBuilder | InsecureRandomness.cs:31:16:31:32 | call to method ToString : String | provenance | MaD:3 |
|
||||
| InsecureRandomness.cs:31:16:31:32 | call to method ToString : String | InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString | provenance | |
|
||||
| InsecureRandomness.cs:60:13:60:18 | access to local variable result : String | InsecureRandomness.cs:60:13:60:18 | access to local variable result : String | provenance | |
|
||||
| InsecureRandomness.cs:60:13:60:18 | access to local variable result : String | InsecureRandomness.cs:62:16:62:21 | access to local variable result : String | provenance | |
|
||||
| InsecureRandomness.cs:60:23:60:40 | access to array element : String | InsecureRandomness.cs:60:13:60:18 | access to local variable result : String | provenance | |
|
||||
| InsecureRandomness.cs:60:31:60:39 | call to method Next : Int32 | InsecureRandomness.cs:60:23:60:40 | access to array element : String | provenance | Config |
|
||||
| InsecureRandomness.cs:62:16:62:21 | access to local variable result : String | InsecureRandomness.cs:62:16:62:32 | call to method ToString : String | provenance | MaD:2761 |
|
||||
| InsecureRandomness.cs:62:16:62:21 | access to local variable result : String | InsecureRandomness.cs:62:16:62:32 | call to method ToString : String | provenance | MaD:4 |
|
||||
| InsecureRandomness.cs:62:16:62:32 | call to method ToString : String | InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection | provenance | |
|
||||
| InsecureRandomness.cs:72:13:72:18 | access to local variable result : String | InsecureRandomness.cs:72:13:72:18 | access to local variable result : String | provenance | |
|
||||
| InsecureRandomness.cs:72:13:72:18 | access to local variable result : String | InsecureRandomness.cs:74:16:74:21 | access to local variable result : String | provenance | |
|
||||
| InsecureRandomness.cs:72:23:72:40 | access to indexer : String | InsecureRandomness.cs:72:13:72:18 | access to local variable result : String | provenance | |
|
||||
| InsecureRandomness.cs:72:31:72:39 | call to method Next : Int32 | InsecureRandomness.cs:72:23:72:40 | access to indexer : String | provenance | Config |
|
||||
| InsecureRandomness.cs:74:16:74:21 | access to local variable result : String | InsecureRandomness.cs:14:20:14:54 | call to method InsecureRandomStringFromIndexer | provenance | |
|
||||
models
|
||||
| 1 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual |
|
||||
| 2 | Summary: System.Text; StringBuilder; false; Append; (System.String); ; Argument[0]; Argument[this]; taint; manual |
|
||||
| 3 | Summary: System.Text; StringBuilder; false; ToString; (); ; Argument[this]; ReturnValue; taint; manual |
|
||||
| 4 | Summary: System; String; false; ToString; (); ; Argument[this]; ReturnValue; value; manual |
|
||||
nodes
|
||||
| InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString | semmle.label | call to method InsecureRandomString |
|
||||
| InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection | semmle.label | call to method InsecureRandomStringFromSelection |
|
||||
@@ -41,8 +51,3 @@ nodes
|
||||
| InsecureRandomness.cs:74:16:74:21 | access to local variable result : String | semmle.label | access to local variable result : String |
|
||||
| InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | semmle.label | call to method GeneratePassword |
|
||||
subpaths
|
||||
#select
|
||||
| InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString | InsecureRandomness.cs:28:29:28:43 | call to method Next : Int32 | InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString | This uses a cryptographically insecure random number generated at $@ in a security context. | InsecureRandomness.cs:28:29:28:43 | call to method Next | call to method Next |
|
||||
| InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection | InsecureRandomness.cs:60:31:60:39 | call to method Next : Int32 | InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection | This uses a cryptographically insecure random number generated at $@ in a security context. | InsecureRandomness.cs:60:31:60:39 | call to method Next | call to method Next |
|
||||
| InsecureRandomness.cs:14:20:14:54 | call to method InsecureRandomStringFromIndexer | InsecureRandomness.cs:72:31:72:39 | call to method Next : Int32 | InsecureRandomness.cs:14:20:14:54 | call to method InsecureRandomStringFromIndexer | This uses a cryptographically insecure random number generated at $@ in a security context. | InsecureRandomness.cs:72:31:72:39 | call to method Next | call to method Next |
|
||||
| InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | This uses a cryptographically insecure random number generated at $@ in a security context. | InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | call to method GeneratePassword |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/InsecureRandomness.ql
|
||||
query: Security Features/InsecureRandomness.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,23 +1,35 @@
|
||||
#select
|
||||
| BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | BinaryFormatterUntrustedInputBad.cs:12:71:12:77 | access to parameter textBox : TextBox | BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | BinaryFormatterUntrustedInputBad.cs:12:71:12:77 | access to parameter textBox : TextBox | User-provided data |
|
||||
| DataContractJsonSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractJsonSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | User-provided data |
|
||||
| DataContractSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | DataContractSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | DataContractSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | User-provided data |
|
||||
| ResourceReaderUntrustedInputBad.cs:11:37:11:87 | object creation of type MemoryStream | ResourceReaderUntrustedInputBad.cs:11:77:11:80 | access to parameter data : TextBox | ResourceReaderUntrustedInputBad.cs:11:37:11:87 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | ResourceReaderUntrustedInputBad.cs:11:77:11:80 | access to parameter data : TextBox | User-provided data |
|
||||
| UnsafeDeserializationUntrustedInputBad.cs:10:37:10:48 | access to property Text | UnsafeDeserializationUntrustedInputBad.cs:10:37:10:43 | access to parameter textBox : TextBox | UnsafeDeserializationUntrustedInputBad.cs:10:37:10:48 | access to property Text | $@ flows to unsafe deserializer. | UnsafeDeserializationUntrustedInputBad.cs:10:37:10:43 | access to parameter textBox : TextBox | User-provided data |
|
||||
| XmlObjectSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | XmlObjectSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | XmlObjectSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | XmlObjectSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | User-provided data |
|
||||
| XmlSerializerUntrustedInputBad.cs:13:31:13:81 | object creation of type MemoryStream | XmlSerializerUntrustedInputBad.cs:13:71:13:74 | access to parameter data : TextBox | XmlSerializerUntrustedInputBad.cs:13:31:13:81 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | XmlSerializerUntrustedInputBad.cs:13:71:13:74 | access to parameter data : TextBox | User-provided data |
|
||||
edges
|
||||
| BinaryFormatterUntrustedInputBad.cs:12:48:12:83 | call to method GetBytes : Byte[] | BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | provenance | MaD:1100 |
|
||||
| BinaryFormatterUntrustedInputBad.cs:12:71:12:77 | access to parameter textBox : TextBox | BinaryFormatterUntrustedInputBad.cs:12:71:12:82 | access to property Text : String | provenance | MaD:2156 |
|
||||
| BinaryFormatterUntrustedInputBad.cs:12:71:12:82 | access to property Text : String | BinaryFormatterUntrustedInputBad.cs:12:48:12:83 | call to method GetBytes : Byte[] | provenance | MaD:1878 |
|
||||
| DataContractJsonSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | DataContractJsonSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | provenance | MaD:1100 |
|
||||
| DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | provenance | MaD:2156 |
|
||||
| DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | DataContractJsonSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | provenance | MaD:1878 |
|
||||
| DataContractSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | DataContractSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | provenance | MaD:1100 |
|
||||
| DataContractSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | provenance | MaD:2156 |
|
||||
| DataContractSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | DataContractSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | provenance | MaD:1878 |
|
||||
| ResourceReaderUntrustedInputBad.cs:11:54:11:86 | call to method GetBytes : Byte[] | ResourceReaderUntrustedInputBad.cs:11:37:11:87 | object creation of type MemoryStream | provenance | MaD:1100 |
|
||||
| ResourceReaderUntrustedInputBad.cs:11:77:11:80 | access to parameter data : TextBox | ResourceReaderUntrustedInputBad.cs:11:77:11:85 | access to property Text : String | provenance | MaD:2156 |
|
||||
| ResourceReaderUntrustedInputBad.cs:11:77:11:85 | access to property Text : String | ResourceReaderUntrustedInputBad.cs:11:54:11:86 | call to method GetBytes : Byte[] | provenance | MaD:1878 |
|
||||
| UnsafeDeserializationUntrustedInputBad.cs:10:37:10:43 | access to parameter textBox : TextBox | UnsafeDeserializationUntrustedInputBad.cs:10:37:10:48 | access to property Text | provenance | MaD:2156 |
|
||||
| XmlObjectSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | XmlObjectSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | provenance | MaD:1100 |
|
||||
| XmlObjectSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | XmlObjectSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | provenance | MaD:2156 |
|
||||
| XmlObjectSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | XmlObjectSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | provenance | MaD:1878 |
|
||||
| XmlSerializerUntrustedInputBad.cs:13:48:13:80 | call to method GetBytes : Byte[] | XmlSerializerUntrustedInputBad.cs:13:31:13:81 | object creation of type MemoryStream | provenance | MaD:1100 |
|
||||
| XmlSerializerUntrustedInputBad.cs:13:71:13:74 | access to parameter data : TextBox | XmlSerializerUntrustedInputBad.cs:13:71:13:79 | access to property Text : String | provenance | MaD:2156 |
|
||||
| XmlSerializerUntrustedInputBad.cs:13:71:13:79 | access to property Text : String | XmlSerializerUntrustedInputBad.cs:13:48:13:80 | call to method GetBytes : Byte[] | provenance | MaD:1878 |
|
||||
| BinaryFormatterUntrustedInputBad.cs:12:48:12:83 | call to method GetBytes : Byte[] | BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | provenance | MaD:1 |
|
||||
| BinaryFormatterUntrustedInputBad.cs:12:71:12:77 | access to parameter textBox : TextBox | BinaryFormatterUntrustedInputBad.cs:12:71:12:82 | access to property Text : String | provenance | MaD:3 |
|
||||
| BinaryFormatterUntrustedInputBad.cs:12:71:12:82 | access to property Text : String | BinaryFormatterUntrustedInputBad.cs:12:48:12:83 | call to method GetBytes : Byte[] | provenance | MaD:2 |
|
||||
| DataContractJsonSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | DataContractJsonSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | provenance | MaD:1 |
|
||||
| DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | provenance | MaD:3 |
|
||||
| DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | DataContractJsonSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | provenance | MaD:2 |
|
||||
| DataContractSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | DataContractSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | provenance | MaD:1 |
|
||||
| DataContractSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | provenance | MaD:3 |
|
||||
| DataContractSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | DataContractSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | provenance | MaD:2 |
|
||||
| ResourceReaderUntrustedInputBad.cs:11:54:11:86 | call to method GetBytes : Byte[] | ResourceReaderUntrustedInputBad.cs:11:37:11:87 | object creation of type MemoryStream | provenance | MaD:1 |
|
||||
| ResourceReaderUntrustedInputBad.cs:11:77:11:80 | access to parameter data : TextBox | ResourceReaderUntrustedInputBad.cs:11:77:11:85 | access to property Text : String | provenance | MaD:3 |
|
||||
| ResourceReaderUntrustedInputBad.cs:11:77:11:85 | access to property Text : String | ResourceReaderUntrustedInputBad.cs:11:54:11:86 | call to method GetBytes : Byte[] | provenance | MaD:2 |
|
||||
| UnsafeDeserializationUntrustedInputBad.cs:10:37:10:43 | access to parameter textBox : TextBox | UnsafeDeserializationUntrustedInputBad.cs:10:37:10:48 | access to property Text | provenance | MaD:3 |
|
||||
| XmlObjectSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | XmlObjectSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | provenance | MaD:1 |
|
||||
| XmlObjectSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | XmlObjectSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | provenance | MaD:3 |
|
||||
| XmlObjectSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | XmlObjectSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | provenance | MaD:2 |
|
||||
| XmlSerializerUntrustedInputBad.cs:13:48:13:80 | call to method GetBytes : Byte[] | XmlSerializerUntrustedInputBad.cs:13:31:13:81 | object creation of type MemoryStream | provenance | MaD:1 |
|
||||
| XmlSerializerUntrustedInputBad.cs:13:71:13:74 | access to parameter data : TextBox | XmlSerializerUntrustedInputBad.cs:13:71:13:79 | access to property Text : String | provenance | MaD:3 |
|
||||
| XmlSerializerUntrustedInputBad.cs:13:71:13:79 | access to property Text : String | XmlSerializerUntrustedInputBad.cs:13:48:13:80 | call to method GetBytes : Byte[] | provenance | MaD:2 |
|
||||
models
|
||||
| 1 | Summary: System.IO; MemoryStream; false; MemoryStream; (System.Byte[]); ; Argument[0]; Argument[this]; taint; manual |
|
||||
| 2 | Summary: System.Text; Encoding; true; GetBytes; (System.String); ; Argument[0]; ReturnValue; taint; manual |
|
||||
| 3 | Summary: System.Web.UI.WebControls; TextBox; false; get_Text; (); ; Argument[this]; ReturnValue; taint; manual |
|
||||
nodes
|
||||
| BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | semmle.label | object creation of type MemoryStream |
|
||||
| BinaryFormatterUntrustedInputBad.cs:12:48:12:83 | call to method GetBytes : Byte[] | semmle.label | call to method GetBytes : Byte[] |
|
||||
@@ -46,11 +58,3 @@ nodes
|
||||
| XmlSerializerUntrustedInputBad.cs:13:71:13:74 | access to parameter data : TextBox | semmle.label | access to parameter data : TextBox |
|
||||
| XmlSerializerUntrustedInputBad.cs:13:71:13:79 | access to property Text : String | semmle.label | access to property Text : String |
|
||||
subpaths
|
||||
#select
|
||||
| BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | BinaryFormatterUntrustedInputBad.cs:12:71:12:77 | access to parameter textBox : TextBox | BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | BinaryFormatterUntrustedInputBad.cs:12:71:12:77 | access to parameter textBox : TextBox | User-provided data |
|
||||
| DataContractJsonSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractJsonSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | User-provided data |
|
||||
| DataContractSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | DataContractSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | DataContractSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | User-provided data |
|
||||
| ResourceReaderUntrustedInputBad.cs:11:37:11:87 | object creation of type MemoryStream | ResourceReaderUntrustedInputBad.cs:11:77:11:80 | access to parameter data : TextBox | ResourceReaderUntrustedInputBad.cs:11:37:11:87 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | ResourceReaderUntrustedInputBad.cs:11:77:11:80 | access to parameter data : TextBox | User-provided data |
|
||||
| UnsafeDeserializationUntrustedInputBad.cs:10:37:10:48 | access to property Text | UnsafeDeserializationUntrustedInputBad.cs:10:37:10:43 | access to parameter textBox : TextBox | UnsafeDeserializationUntrustedInputBad.cs:10:37:10:48 | access to property Text | $@ flows to unsafe deserializer. | UnsafeDeserializationUntrustedInputBad.cs:10:37:10:43 | access to parameter textBox : TextBox | User-provided data |
|
||||
| XmlObjectSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | XmlObjectSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | XmlObjectSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | XmlObjectSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | User-provided data |
|
||||
| XmlSerializerUntrustedInputBad.cs:13:31:13:81 | object creation of type MemoryStream | XmlSerializerUntrustedInputBad.cs:13:71:13:74 | access to parameter data : TextBox | XmlSerializerUntrustedInputBad.cs:13:31:13:81 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | XmlSerializerUntrustedInputBad.cs:13:71:13:74 | access to parameter data : TextBox | User-provided data |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql
|
||||
query: Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,7 +1,11 @@
|
||||
#select
|
||||
| Test.cs:17:46:17:54 | access to property Text | Test.cs:17:46:17:49 | access to parameter data : TextBox | Test.cs:17:46:17:54 | access to property Text | $@ flows to unsafe deserializer. | Test.cs:17:46:17:49 | access to parameter data : TextBox | User-provided data |
|
||||
edges
|
||||
| Test.cs:9:46:9:49 | access to parameter data : TextBox | Test.cs:9:46:9:54 | access to property Text | provenance | MaD:2156 |
|
||||
| Test.cs:17:46:17:49 | access to parameter data : TextBox | Test.cs:17:46:17:54 | access to property Text | provenance | MaD:2156 |
|
||||
| Test.cs:25:46:25:49 | access to parameter data : TextBox | Test.cs:25:46:25:54 | access to property Text | provenance | MaD:2156 |
|
||||
| Test.cs:9:46:9:49 | access to parameter data : TextBox | Test.cs:9:46:9:54 | access to property Text | provenance | MaD:1 |
|
||||
| Test.cs:17:46:17:49 | access to parameter data : TextBox | Test.cs:17:46:17:54 | access to property Text | provenance | MaD:1 |
|
||||
| Test.cs:25:46:25:49 | access to parameter data : TextBox | Test.cs:25:46:25:54 | access to property Text | provenance | MaD:1 |
|
||||
models
|
||||
| 1 | Summary: System.Web.UI.WebControls; TextBox; false; get_Text; (); ; Argument[this]; ReturnValue; taint; manual |
|
||||
nodes
|
||||
| Test.cs:9:46:9:49 | access to parameter data : TextBox | semmle.label | access to parameter data : TextBox |
|
||||
| Test.cs:9:46:9:54 | access to property Text | semmle.label | access to property Text |
|
||||
@@ -10,5 +14,3 @@ nodes
|
||||
| Test.cs:25:46:25:49 | access to parameter data : TextBox | semmle.label | access to parameter data : TextBox |
|
||||
| Test.cs:25:46:25:54 | access to property Text | semmle.label | access to property Text |
|
||||
subpaths
|
||||
#select
|
||||
| Test.cs:17:46:17:54 | access to property Text | Test.cs:17:46:17:49 | access to parameter data : TextBox | Test.cs:17:46:17:54 | access to property Text | $@ flows to unsafe deserializer. | Test.cs:17:46:17:49 | access to parameter data : TextBox | User-provided data |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql
|
||||
query: Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,23 +1,42 @@
|
||||
#select
|
||||
| UrlRedirect2.cs:14:31:14:61 | access to indexer | UrlRedirect2.cs:14:31:14:53 | access to property QueryString : NameValueCollection | UrlRedirect2.cs:14:31:14:61 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect2.cs:14:31:14:53 | access to property QueryString | user-provided value |
|
||||
| UrlRedirect.cs:13:31:13:61 | access to indexer | UrlRedirect.cs:13:31:13:53 | access to property QueryString : NameValueCollection | UrlRedirect.cs:13:31:13:61 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect.cs:13:31:13:53 | access to property QueryString | user-provided value |
|
||||
| UrlRedirect.cs:38:44:38:74 | access to indexer | UrlRedirect.cs:38:44:38:66 | access to property QueryString : NameValueCollection | UrlRedirect.cs:38:44:38:74 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect.cs:38:44:38:66 | access to property QueryString | user-provided value |
|
||||
| UrlRedirect.cs:39:47:39:77 | access to indexer | UrlRedirect.cs:39:47:39:69 | access to property QueryString : NameValueCollection | UrlRedirect.cs:39:47:39:77 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect.cs:39:47:39:69 | access to property QueryString | user-provided value |
|
||||
| UrlRedirect.cs:48:29:48:31 | access to local variable url | UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:48:29:48:31 | access to local variable url | Untrusted URL redirection due to $@. | UrlRedirect.cs:23:22:23:44 | access to property QueryString | user-provided value |
|
||||
| UrlRedirect.cs:64:31:64:52 | $"..." | UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:64:31:64:52 | $"..." | Untrusted URL redirection due to $@. | UrlRedirect.cs:23:22:23:44 | access to property QueryString | user-provided value |
|
||||
| UrlRedirect.cs:70:31:70:69 | call to method Format | UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:70:31:70:69 | call to method Format | Untrusted URL redirection due to $@. | UrlRedirect.cs:23:22:23:44 | access to property QueryString | user-provided value |
|
||||
| UrlRedirect.cs:76:31:76:77 | call to method Format | UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:76:31:76:77 | call to method Format | Untrusted URL redirection due to $@. | UrlRedirect.cs:23:22:23:44 | access to property QueryString | user-provided value |
|
||||
| UrlRedirectCore.cs:16:22:16:26 | access to parameter value | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:16:22:16:26 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
|
||||
| UrlRedirectCore.cs:19:44:19:48 | call to operator implicit conversion | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:19:44:19:48 | call to operator implicit conversion | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
|
||||
| UrlRedirectCore.cs:25:46:25:50 | call to operator implicit conversion | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:25:46:25:50 | call to operator implicit conversion | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
|
||||
| UrlRedirectCore.cs:31:66:31:70 | access to parameter value | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:31:66:31:70 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
|
||||
| UrlRedirectCore.cs:34:49:34:53 | call to operator implicit conversion | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:34:49:34:53 | call to operator implicit conversion | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
|
||||
| UrlRedirectCore.cs:37:69:37:73 | access to parameter value | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:37:69:37:73 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
|
||||
| UrlRedirectCore.cs:40:39:40:53 | ... + ... | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:40:39:40:53 | ... + ... | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
|
||||
| UrlRedirectCore.cs:48:28:48:32 | access to parameter value | UrlRedirectCore.cs:45:51:45:55 | value : String | UrlRedirectCore.cs:48:28:48:32 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:45:51:45:55 | value | user-provided value |
|
||||
| UrlRedirectCore.cs:53:32:53:45 | object creation of type Uri | UrlRedirectCore.cs:45:51:45:55 | value : String | UrlRedirectCore.cs:53:32:53:45 | object creation of type Uri | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:45:51:45:55 | value | user-provided value |
|
||||
| UrlRedirectCore.cs:56:31:56:35 | access to parameter value | UrlRedirectCore.cs:45:51:45:55 | value : String | UrlRedirectCore.cs:56:31:56:35 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:45:51:45:55 | value | user-provided value |
|
||||
edges
|
||||
| UrlRedirect2.cs:14:31:14:53 | access to property QueryString : NameValueCollection | UrlRedirect2.cs:14:31:14:61 | access to indexer | provenance | |
|
||||
| UrlRedirect2.cs:14:31:14:53 | access to property QueryString : NameValueCollection | UrlRedirect2.cs:14:31:14:61 | access to indexer | provenance | MaD:11546 |
|
||||
| UrlRedirect2.cs:14:31:14:53 | access to property QueryString : NameValueCollection | UrlRedirect2.cs:14:31:14:61 | access to indexer | provenance | MaD:5 |
|
||||
| UrlRedirect.cs:13:31:13:53 | access to property QueryString : NameValueCollection | UrlRedirect.cs:13:31:13:61 | access to indexer | provenance | |
|
||||
| UrlRedirect.cs:13:31:13:53 | access to property QueryString : NameValueCollection | UrlRedirect.cs:13:31:13:61 | access to indexer | provenance | MaD:11546 |
|
||||
| UrlRedirect.cs:13:31:13:53 | access to property QueryString : NameValueCollection | UrlRedirect.cs:13:31:13:61 | access to indexer | provenance | MaD:5 |
|
||||
| UrlRedirect.cs:23:16:23:18 | access to local variable url : String | UrlRedirect.cs:48:29:48:31 | access to local variable url | provenance | |
|
||||
| UrlRedirect.cs:23:16:23:18 | access to local variable url : String | UrlRedirect.cs:64:31:64:52 | $"..." | provenance | |
|
||||
| UrlRedirect.cs:23:16:23:18 | access to local variable url : String | UrlRedirect.cs:70:66:70:68 | access to local variable url : String | provenance | |
|
||||
| UrlRedirect.cs:23:16:23:18 | access to local variable url : String | UrlRedirect.cs:76:69:76:71 | access to local variable url : String | provenance | |
|
||||
| UrlRedirect.cs:23:16:23:18 | access to local variable url : String | UrlRedirect.cs:76:74:76:76 | access to local variable url : String | provenance | |
|
||||
| UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:23:16:23:18 | access to local variable url : String | provenance | |
|
||||
| UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:23:22:23:52 | access to indexer : String | provenance | MaD:11546 |
|
||||
| UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:23:22:23:52 | access to indexer : String | provenance | MaD:5 |
|
||||
| UrlRedirect.cs:23:22:23:52 | access to indexer : String | UrlRedirect.cs:23:16:23:18 | access to local variable url : String | provenance | |
|
||||
| UrlRedirect.cs:38:44:38:66 | access to property QueryString : NameValueCollection | UrlRedirect.cs:38:44:38:74 | access to indexer | provenance | |
|
||||
| UrlRedirect.cs:38:44:38:66 | access to property QueryString : NameValueCollection | UrlRedirect.cs:38:44:38:74 | access to indexer | provenance | MaD:11546 |
|
||||
| UrlRedirect.cs:38:44:38:66 | access to property QueryString : NameValueCollection | UrlRedirect.cs:38:44:38:74 | access to indexer | provenance | MaD:5 |
|
||||
| UrlRedirect.cs:39:47:39:69 | access to property QueryString : NameValueCollection | UrlRedirect.cs:39:47:39:77 | access to indexer | provenance | |
|
||||
| UrlRedirect.cs:39:47:39:69 | access to property QueryString : NameValueCollection | UrlRedirect.cs:39:47:39:77 | access to indexer | provenance | MaD:11546 |
|
||||
| UrlRedirect.cs:70:66:70:68 | access to local variable url : String | UrlRedirect.cs:70:31:70:69 | call to method Format | provenance | MaD:2700 |
|
||||
| UrlRedirect.cs:76:69:76:71 | access to local variable url : String | UrlRedirect.cs:76:31:76:77 | call to method Format | provenance | MaD:2702 |
|
||||
| UrlRedirect.cs:76:74:76:76 | access to local variable url : String | UrlRedirect.cs:76:31:76:77 | call to method Format | provenance | MaD:2703 |
|
||||
| UrlRedirect.cs:39:47:39:69 | access to property QueryString : NameValueCollection | UrlRedirect.cs:39:47:39:77 | access to indexer | provenance | MaD:5 |
|
||||
| UrlRedirect.cs:70:66:70:68 | access to local variable url : String | UrlRedirect.cs:70:31:70:69 | call to method Format | provenance | MaD:1 |
|
||||
| UrlRedirect.cs:76:69:76:71 | access to local variable url : String | UrlRedirect.cs:76:31:76:77 | call to method Format | provenance | MaD:2 |
|
||||
| UrlRedirect.cs:76:74:76:76 | access to local variable url : String | UrlRedirect.cs:76:31:76:77 | call to method Format | provenance | MaD:3 |
|
||||
| UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:16:22:16:26 | access to parameter value | provenance | |
|
||||
| UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:19:44:19:48 | call to operator implicit conversion | provenance | |
|
||||
| UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:25:46:25:50 | call to operator implicit conversion | provenance | |
|
||||
@@ -28,7 +47,13 @@ edges
|
||||
| UrlRedirectCore.cs:45:51:45:55 | value : String | UrlRedirectCore.cs:48:28:48:32 | access to parameter value | provenance | |
|
||||
| UrlRedirectCore.cs:45:51:45:55 | value : String | UrlRedirectCore.cs:53:40:53:44 | access to parameter value : String | provenance | |
|
||||
| UrlRedirectCore.cs:45:51:45:55 | value : String | UrlRedirectCore.cs:56:31:56:35 | access to parameter value | provenance | |
|
||||
| UrlRedirectCore.cs:53:40:53:44 | access to parameter value : String | UrlRedirectCore.cs:53:32:53:45 | object creation of type Uri | provenance | MaD:3007 |
|
||||
| UrlRedirectCore.cs:53:40:53:44 | access to parameter value : String | UrlRedirectCore.cs:53:32:53:45 | object creation of type Uri | provenance | MaD:4 |
|
||||
models
|
||||
| 1 | Summary: System; String; false; Format; (System.String,System.Object); ; Argument[1]; ReturnValue; taint; manual |
|
||||
| 2 | Summary: System; String; false; Format; (System.String,System.Object,System.Object); ; Argument[1]; ReturnValue; taint; manual |
|
||||
| 3 | Summary: System; String; false; Format; (System.String,System.Object,System.Object); ; Argument[2]; ReturnValue; taint; manual |
|
||||
| 4 | Summary: System; Uri; false; Uri; (System.String); ; Argument[0]; Argument[this]; taint; manual |
|
||||
| 5 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
|
||||
nodes
|
||||
| UrlRedirect2.cs:14:31:14:53 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
|
||||
| UrlRedirect2.cs:14:31:14:61 | access to indexer | semmle.label | access to indexer |
|
||||
@@ -62,22 +87,3 @@ nodes
|
||||
| UrlRedirectCore.cs:53:40:53:44 | access to parameter value : String | semmle.label | access to parameter value : String |
|
||||
| UrlRedirectCore.cs:56:31:56:35 | access to parameter value | semmle.label | access to parameter value |
|
||||
subpaths
|
||||
#select
|
||||
| UrlRedirect2.cs:14:31:14:61 | access to indexer | UrlRedirect2.cs:14:31:14:53 | access to property QueryString : NameValueCollection | UrlRedirect2.cs:14:31:14:61 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect2.cs:14:31:14:53 | access to property QueryString | user-provided value |
|
||||
| UrlRedirect.cs:13:31:13:61 | access to indexer | UrlRedirect.cs:13:31:13:53 | access to property QueryString : NameValueCollection | UrlRedirect.cs:13:31:13:61 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect.cs:13:31:13:53 | access to property QueryString | user-provided value |
|
||||
| UrlRedirect.cs:38:44:38:74 | access to indexer | UrlRedirect.cs:38:44:38:66 | access to property QueryString : NameValueCollection | UrlRedirect.cs:38:44:38:74 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect.cs:38:44:38:66 | access to property QueryString | user-provided value |
|
||||
| UrlRedirect.cs:39:47:39:77 | access to indexer | UrlRedirect.cs:39:47:39:69 | access to property QueryString : NameValueCollection | UrlRedirect.cs:39:47:39:77 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect.cs:39:47:39:69 | access to property QueryString | user-provided value |
|
||||
| UrlRedirect.cs:48:29:48:31 | access to local variable url | UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:48:29:48:31 | access to local variable url | Untrusted URL redirection due to $@. | UrlRedirect.cs:23:22:23:44 | access to property QueryString | user-provided value |
|
||||
| UrlRedirect.cs:64:31:64:52 | $"..." | UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:64:31:64:52 | $"..." | Untrusted URL redirection due to $@. | UrlRedirect.cs:23:22:23:44 | access to property QueryString | user-provided value |
|
||||
| UrlRedirect.cs:70:31:70:69 | call to method Format | UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:70:31:70:69 | call to method Format | Untrusted URL redirection due to $@. | UrlRedirect.cs:23:22:23:44 | access to property QueryString | user-provided value |
|
||||
| UrlRedirect.cs:76:31:76:77 | call to method Format | UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:76:31:76:77 | call to method Format | Untrusted URL redirection due to $@. | UrlRedirect.cs:23:22:23:44 | access to property QueryString | user-provided value |
|
||||
| UrlRedirectCore.cs:16:22:16:26 | access to parameter value | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:16:22:16:26 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
|
||||
| UrlRedirectCore.cs:19:44:19:48 | call to operator implicit conversion | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:19:44:19:48 | call to operator implicit conversion | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
|
||||
| UrlRedirectCore.cs:25:46:25:50 | call to operator implicit conversion | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:25:46:25:50 | call to operator implicit conversion | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
|
||||
| UrlRedirectCore.cs:31:66:31:70 | access to parameter value | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:31:66:31:70 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
|
||||
| UrlRedirectCore.cs:34:49:34:53 | call to operator implicit conversion | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:34:49:34:53 | call to operator implicit conversion | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
|
||||
| UrlRedirectCore.cs:37:69:37:73 | access to parameter value | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:37:69:37:73 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
|
||||
| UrlRedirectCore.cs:40:39:40:53 | ... + ... | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:40:39:40:53 | ... + ... | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
|
||||
| UrlRedirectCore.cs:48:28:48:32 | access to parameter value | UrlRedirectCore.cs:45:51:45:55 | value : String | UrlRedirectCore.cs:48:28:48:32 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:45:51:45:55 | value | user-provided value |
|
||||
| UrlRedirectCore.cs:53:32:53:45 | object creation of type Uri | UrlRedirectCore.cs:45:51:45:55 | value : String | UrlRedirectCore.cs:53:32:53:45 | object creation of type Uri | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:45:51:45:55 | value | user-provided value |
|
||||
| UrlRedirectCore.cs:56:31:56:35 | access to parameter value | UrlRedirectCore.cs:45:51:45:55 | value : String | UrlRedirectCore.cs:56:31:56:35 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:45:51:45:55 | value | user-provided value |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-601/UrlRedirect.ql
|
||||
query: Security Features/CWE-601/UrlRedirect.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-611/UseXmlSecureResolver.ql
|
||||
query: Security Features/CWE-611/UseXmlSecureResolver.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,11 +1,28 @@
|
||||
#select
|
||||
| XPathInjection.cs:17:33:17:33 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:17:33:17:33 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:17:33:17:33 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:17:33:17:33 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:20:29:20:29 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:20:29:20:29 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:20:29:20:29 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:20:29:20:29 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:29:20:29:20 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:29:20:29:20 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:29:20:29:20 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:29:20:29:20 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:35:30:35:30 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:35:30:35:30 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:35:30:35:30 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:35:30:35:30 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:41:21:41:21 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:41:21:41:21 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:41:21:41:21 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:41:21:41:21 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:47:22:47:22 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:47:22:47:22 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:47:22:47:22 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:47:22:47:22 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:53:21:53:21 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:53:21:53:21 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:53:21:53:21 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:53:21:53:21 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:81:41:81:144 | ... + ... | XPathInjection.cs:74:44:74:74 | call to method ExecuteReader : SqlDataReader | XPathInjection.cs:81:41:81:144 | ... + ... | This XPath expression depends on a $@. | XPathInjection.cs:74:44:74:74 | call to method ExecuteReader | user-provided value |
|
||||
| XPathInjection.cs:84:37:84:140 | ... + ... | XPathInjection.cs:74:44:74:74 | call to method ExecuteReader : SqlDataReader | XPathInjection.cs:84:37:84:140 | ... + ... | This XPath expression depends on a $@. | XPathInjection.cs:74:44:74:74 | call to method ExecuteReader | user-provided value |
|
||||
edges
|
||||
| XPathInjection.cs:11:16:11:23 | access to local variable userName : String | XPathInjection.cs:14:13:14:13 | access to local variable s : String | provenance | |
|
||||
| XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:11:16:11:23 | access to local variable userName : String | provenance | |
|
||||
| XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:11:27:11:61 | access to indexer : String | provenance | MaD:11546 |
|
||||
| XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:11:27:11:61 | access to indexer : String | provenance | MaD:2 |
|
||||
| XPathInjection.cs:11:27:11:61 | access to indexer : String | XPathInjection.cs:11:16:11:23 | access to local variable userName : String | provenance | |
|
||||
| XPathInjection.cs:12:16:12:23 | access to local variable password : String | XPathInjection.cs:14:13:14:13 | access to local variable s : String | provenance | |
|
||||
| XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:12:16:12:23 | access to local variable password : String | provenance | |
|
||||
| XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:12:27:12:61 | access to indexer : String | provenance | MaD:11546 |
|
||||
| XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:12:27:12:61 | access to indexer : String | provenance | MaD:2 |
|
||||
| XPathInjection.cs:12:27:12:61 | access to indexer : String | XPathInjection.cs:12:16:12:23 | access to local variable password : String | provenance | |
|
||||
| XPathInjection.cs:14:13:14:13 | access to local variable s : String | XPathInjection.cs:17:33:17:33 | access to local variable s | provenance | |
|
||||
| XPathInjection.cs:14:13:14:13 | access to local variable s : String | XPathInjection.cs:20:29:20:29 | access to local variable s | provenance | |
|
||||
@@ -19,12 +36,15 @@ edges
|
||||
| XPathInjection.cs:74:44:74:74 | call to method ExecuteReader : SqlDataReader | XPathInjection.cs:74:27:74:40 | access to local variable customerReader : SqlDataReader | provenance | |
|
||||
| XPathInjection.cs:78:24:78:31 | access to local variable userName : String | XPathInjection.cs:81:41:81:144 | ... + ... | provenance | |
|
||||
| XPathInjection.cs:78:24:78:31 | access to local variable userName : String | XPathInjection.cs:84:37:84:140 | ... + ... | provenance | |
|
||||
| XPathInjection.cs:78:35:78:48 | access to local variable customerReader : SqlDataReader | XPathInjection.cs:78:35:78:61 | call to method GetString : String | provenance | MaD:1007 |
|
||||
| XPathInjection.cs:78:35:78:48 | access to local variable customerReader : SqlDataReader | XPathInjection.cs:78:35:78:61 | call to method GetString : String | provenance | MaD:1 |
|
||||
| XPathInjection.cs:78:35:78:61 | call to method GetString : String | XPathInjection.cs:78:24:78:31 | access to local variable userName : String | provenance | |
|
||||
| XPathInjection.cs:79:24:79:31 | access to local variable password : String | XPathInjection.cs:81:41:81:144 | ... + ... | provenance | |
|
||||
| XPathInjection.cs:79:24:79:31 | access to local variable password : String | XPathInjection.cs:84:37:84:140 | ... + ... | provenance | |
|
||||
| XPathInjection.cs:79:35:79:48 | access to local variable customerReader : SqlDataReader | XPathInjection.cs:79:35:79:61 | call to method GetString : String | provenance | MaD:1007 |
|
||||
| XPathInjection.cs:79:35:79:48 | access to local variable customerReader : SqlDataReader | XPathInjection.cs:79:35:79:61 | call to method GetString : String | provenance | MaD:1 |
|
||||
| XPathInjection.cs:79:35:79:61 | call to method GetString : String | XPathInjection.cs:79:24:79:31 | access to local variable password : String | provenance | |
|
||||
models
|
||||
| 1 | Summary: System.Data; IDataRecord; true; GetString; (System.Int32); ; Argument[this]; ReturnValue; taint; manual |
|
||||
| 2 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
|
||||
nodes
|
||||
| XPathInjection.cs:11:16:11:23 | access to local variable userName : String | semmle.label | access to local variable userName : String |
|
||||
| XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
|
||||
@@ -51,20 +71,3 @@ nodes
|
||||
| XPathInjection.cs:81:41:81:144 | ... + ... | semmle.label | ... + ... |
|
||||
| XPathInjection.cs:84:37:84:140 | ... + ... | semmle.label | ... + ... |
|
||||
subpaths
|
||||
#select
|
||||
| XPathInjection.cs:17:33:17:33 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:17:33:17:33 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:17:33:17:33 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:17:33:17:33 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:20:29:20:29 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:20:29:20:29 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:20:29:20:29 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:20:29:20:29 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:29:20:29:20 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:29:20:29:20 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:29:20:29:20 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:29:20:29:20 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:35:30:35:30 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:35:30:35:30 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:35:30:35:30 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:35:30:35:30 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:41:21:41:21 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:41:21:41:21 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:41:21:41:21 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:41:21:41:21 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:47:22:47:22 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:47:22:47:22 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:47:22:47:22 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:47:22:47:22 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:53:21:53:21 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:53:21:53:21 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:53:21:53:21 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:53:21:53:21 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
|
||||
| XPathInjection.cs:81:41:81:144 | ... + ... | XPathInjection.cs:74:44:74:74 | call to method ExecuteReader : SqlDataReader | XPathInjection.cs:81:41:81:144 | ... + ... | This XPath expression depends on a $@. | XPathInjection.cs:74:44:74:74 | call to method ExecuteReader | user-provided value |
|
||||
| XPathInjection.cs:84:37:84:140 | ... + ... | XPathInjection.cs:74:44:74:74 | call to method ExecuteReader : SqlDataReader | XPathInjection.cs:84:37:84:140 | ... + ... | This XPath expression depends on a $@. | XPathInjection.cs:74:44:74:74 | call to method ExecuteReader | user-provided value |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-643/XPathInjection.ql
|
||||
query: Security Features/CWE-643/XPathInjection.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
#select
|
||||
| ExponentialRegex.cs:15:40:15:48 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:15:40:15:48 | access to local variable userInput | This regex operation with dangerous complexity depends on a $@. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | user-provided value |
|
||||
| ExponentialRegex.cs:16:42:16:50 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:16:42:16:50 | access to local variable userInput | This regex operation with dangerous complexity depends on a $@. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | user-provided value |
|
||||
| ExponentialRegex.cs:19:139:19:147 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:19:139:19:147 | access to local variable userInput | This regex operation with dangerous complexity depends on a $@. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | user-provided value |
|
||||
| ExponentialRegex.cs:22:43:22:51 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:22:43:22:51 | access to local variable userInput | This regex operation with dangerous complexity depends on a $@. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | user-provided value |
|
||||
| ExponentialRegex.cs:24:21:24:29 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:24:21:24:29 | access to local variable userInput | This regex operation with dangerous complexity depends on a $@. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | user-provided value |
|
||||
edges
|
||||
| ExponentialRegex.cs:11:16:11:24 | access to local variable userInput : String | ExponentialRegex.cs:15:40:15:48 | access to local variable userInput | provenance | |
|
||||
| ExponentialRegex.cs:11:16:11:24 | access to local variable userInput : String | ExponentialRegex.cs:16:42:16:50 | access to local variable userInput | provenance | |
|
||||
@@ -5,8 +11,10 @@ edges
|
||||
| ExponentialRegex.cs:11:16:11:24 | access to local variable userInput : String | ExponentialRegex.cs:22:43:22:51 | access to local variable userInput | provenance | |
|
||||
| ExponentialRegex.cs:11:16:11:24 | access to local variable userInput : String | ExponentialRegex.cs:24:21:24:29 | access to local variable userInput | provenance | |
|
||||
| ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:11:16:11:24 | access to local variable userInput : String | provenance | |
|
||||
| ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:11:28:11:63 | access to indexer : String | provenance | MaD:11546 |
|
||||
| ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:11:28:11:63 | access to indexer : String | provenance | MaD:1 |
|
||||
| ExponentialRegex.cs:11:28:11:63 | access to indexer : String | ExponentialRegex.cs:11:16:11:24 | access to local variable userInput : String | provenance | |
|
||||
models
|
||||
| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
|
||||
nodes
|
||||
| ExponentialRegex.cs:11:16:11:24 | access to local variable userInput : String | semmle.label | access to local variable userInput : String |
|
||||
| ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
|
||||
@@ -17,9 +25,3 @@ nodes
|
||||
| ExponentialRegex.cs:22:43:22:51 | access to local variable userInput | semmle.label | access to local variable userInput |
|
||||
| ExponentialRegex.cs:24:21:24:29 | access to local variable userInput | semmle.label | access to local variable userInput |
|
||||
subpaths
|
||||
#select
|
||||
| ExponentialRegex.cs:15:40:15:48 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:15:40:15:48 | access to local variable userInput | This regex operation with dangerous complexity depends on a $@. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | user-provided value |
|
||||
| ExponentialRegex.cs:16:42:16:50 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:16:42:16:50 | access to local variable userInput | This regex operation with dangerous complexity depends on a $@. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | user-provided value |
|
||||
| ExponentialRegex.cs:19:139:19:147 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:19:139:19:147 | access to local variable userInput | This regex operation with dangerous complexity depends on a $@. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | user-provided value |
|
||||
| ExponentialRegex.cs:22:43:22:51 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:22:43:22:51 | access to local variable userInput | This regex operation with dangerous complexity depends on a $@. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | user-provided value |
|
||||
| ExponentialRegex.cs:24:21:24:29 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:24:21:24:29 | access to local variable userInput | This regex operation with dangerous complexity depends on a $@. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | user-provided value |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-730/ReDoS.ql
|
||||
query: Security Features/CWE-730/ReDoS.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,12 +1,14 @@
|
||||
#select
|
||||
edges
|
||||
| ExponentialRegex.cs:13:16:13:24 | access to local variable userInput : String | ExponentialRegex.cs:16:40:16:48 | access to local variable userInput | provenance | |
|
||||
| ExponentialRegex.cs:13:28:13:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:13:16:13:24 | access to local variable userInput : String | provenance | |
|
||||
| ExponentialRegex.cs:13:28:13:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:13:28:13:63 | access to indexer : String | provenance | MaD:11546 |
|
||||
| ExponentialRegex.cs:13:28:13:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:13:28:13:63 | access to indexer : String | provenance | MaD:1 |
|
||||
| ExponentialRegex.cs:13:28:13:63 | access to indexer : String | ExponentialRegex.cs:13:16:13:24 | access to local variable userInput : String | provenance | |
|
||||
models
|
||||
| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
|
||||
nodes
|
||||
| ExponentialRegex.cs:13:16:13:24 | access to local variable userInput : String | semmle.label | access to local variable userInput : String |
|
||||
| ExponentialRegex.cs:13:28:13:50 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
|
||||
| ExponentialRegex.cs:13:28:13:63 | access to indexer : String | semmle.label | access to indexer : String |
|
||||
| ExponentialRegex.cs:16:40:16:48 | access to local variable userInput | semmle.label | access to local variable userInput |
|
||||
subpaths
|
||||
#select
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-730/ReDoS.ql
|
||||
query: Security Features/CWE-730/ReDoS.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,13 +1,15 @@
|
||||
#select
|
||||
| RegexInjection.cs:14:19:14:23 | access to local variable regex | RegexInjection.cs:10:24:10:46 | access to property QueryString : NameValueCollection | RegexInjection.cs:14:19:14:23 | access to local variable regex | This regular expression is constructed from a $@. | RegexInjection.cs:10:24:10:46 | access to property QueryString | user-provided value |
|
||||
edges
|
||||
| RegexInjection.cs:10:16:10:20 | access to local variable regex : String | RegexInjection.cs:14:19:14:23 | access to local variable regex | provenance | |
|
||||
| RegexInjection.cs:10:24:10:46 | access to property QueryString : NameValueCollection | RegexInjection.cs:10:16:10:20 | access to local variable regex : String | provenance | |
|
||||
| RegexInjection.cs:10:24:10:46 | access to property QueryString : NameValueCollection | RegexInjection.cs:10:24:10:55 | access to indexer : String | provenance | MaD:11546 |
|
||||
| RegexInjection.cs:10:24:10:46 | access to property QueryString : NameValueCollection | RegexInjection.cs:10:24:10:55 | access to indexer : String | provenance | MaD:1 |
|
||||
| RegexInjection.cs:10:24:10:55 | access to indexer : String | RegexInjection.cs:10:16:10:20 | access to local variable regex : String | provenance | |
|
||||
models
|
||||
| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
|
||||
nodes
|
||||
| RegexInjection.cs:10:16:10:20 | access to local variable regex : String | semmle.label | access to local variable regex : String |
|
||||
| RegexInjection.cs:10:24:10:46 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
|
||||
| RegexInjection.cs:10:24:10:55 | access to indexer : String | semmle.label | access to indexer : String |
|
||||
| RegexInjection.cs:14:19:14:23 | access to local variable regex | semmle.label | access to local variable regex |
|
||||
subpaths
|
||||
#select
|
||||
| RegexInjection.cs:14:19:14:23 | access to local variable regex | RegexInjection.cs:10:24:10:46 | access to property QueryString : NameValueCollection | RegexInjection.cs:14:19:14:23 | access to local variable regex | This regular expression is constructed from a $@. | RegexInjection.cs:10:24:10:46 | access to property QueryString | user-provided value |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-730/RegexInjection.ql
|
||||
query: Security Features/CWE-730/RegexInjection.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
@@ -1,19 +1,36 @@
|
||||
#select
|
||||
| HtmlEncode.cs:10:28:10:65 | ... + ... | HtmlEncode.cs:10:40:10:65 | call to method UrlEncode : String | HtmlEncode.cs:10:28:10:65 | ... + ... | This HTML expression may include data from a $@. | HtmlEncode.cs:10:40:10:65 | call to method UrlEncode | possibly inappropriately encoded value |
|
||||
| InappropriateEncoding.cs:18:46:18:51 | access to local variable query1 | InappropriateEncoding.cs:13:28:13:40 | call to method Encode : String | InappropriateEncoding.cs:18:46:18:51 | access to local variable query1 | This SQL expression may include data from a $@. | InappropriateEncoding.cs:13:28:13:40 | call to method Encode | possibly inappropriately encoded value |
|
||||
| InappropriateEncoding.cs:18:46:18:51 | access to local variable query1 | InappropriateEncoding.cs:66:16:66:42 | call to method Replace : String | InappropriateEncoding.cs:18:46:18:51 | access to local variable query1 | This SQL expression may include data from a $@. | InappropriateEncoding.cs:66:16:66:42 | call to method Replace | possibly inappropriately encoded value |
|
||||
| InappropriateEncoding.cs:31:22:31:34 | call to method Encode | InappropriateEncoding.cs:31:22:31:34 | call to method Encode | InappropriateEncoding.cs:31:22:31:34 | call to method Encode | This HTML expression may include data from a $@. | InappropriateEncoding.cs:31:22:31:34 | call to method Encode | possibly inappropriately encoded value |
|
||||
| InappropriateEncoding.cs:32:22:32:49 | call to method UrlEncode | InappropriateEncoding.cs:32:22:32:49 | call to method UrlEncode | InappropriateEncoding.cs:32:22:32:49 | call to method UrlEncode | This HTML expression may include data from a $@. | InappropriateEncoding.cs:32:22:32:49 | call to method UrlEncode | possibly inappropriately encoded value |
|
||||
| InappropriateEncoding.cs:33:22:33:73 | call to method UrlEncode | InappropriateEncoding.cs:33:22:33:73 | call to method UrlEncode | InappropriateEncoding.cs:33:22:33:73 | call to method UrlEncode | This HTML expression may include data from a $@. | InappropriateEncoding.cs:33:22:33:73 | call to method UrlEncode | possibly inappropriately encoded value |
|
||||
| InappropriateEncoding.cs:35:32:35:43 | access to local variable encodedValue | InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode : String | InappropriateEncoding.cs:35:32:35:43 | access to local variable encodedValue | This HTML expression may include data from a $@. | InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode | possibly inappropriately encoded value |
|
||||
| InappropriateEncoding.cs:36:22:36:59 | ... + ... | InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode : String | InappropriateEncoding.cs:36:22:36:59 | ... + ... | This HTML expression may include data from a $@. | InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode | possibly inappropriately encoded value |
|
||||
| InappropriateEncoding.cs:37:22:37:71 | call to method Format | InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode : String | InappropriateEncoding.cs:37:22:37:71 | call to method Format | This HTML expression may include data from a $@. | InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode | possibly inappropriately encoded value |
|
||||
| InappropriateEncoding.cs:56:31:56:42 | access to local variable encodedValue | InappropriateEncoding.cs:55:28:55:56 | call to method HtmlEncode : String | InappropriateEncoding.cs:56:31:56:42 | access to local variable encodedValue | This URL expression may include data from a $@. | InappropriateEncoding.cs:55:28:55:56 | call to method HtmlEncode | possibly inappropriately encoded value |
|
||||
| SqlEncode.cs:15:46:15:50 | access to local variable query | SqlEncode.cs:14:62:14:87 | call to method Replace : String | SqlEncode.cs:15:46:15:50 | access to local variable query | This SQL expression may include data from a $@. | SqlEncode.cs:14:62:14:87 | call to method Replace | possibly inappropriately encoded value |
|
||||
| UrlEncode.cs:10:31:10:69 | ... + ... | UrlEncode.cs:10:43:10:69 | call to method HtmlEncode : String | UrlEncode.cs:10:31:10:69 | ... + ... | This URL expression may include data from a $@. | UrlEncode.cs:10:43:10:69 | call to method HtmlEncode | possibly inappropriately encoded value |
|
||||
edges
|
||||
| HtmlEncode.cs:10:40:10:65 | call to method UrlEncode : String | HtmlEncode.cs:10:28:10:65 | ... + ... | provenance | Sink:MaD:2159 |
|
||||
| HtmlEncode.cs:10:40:10:65 | call to method UrlEncode : String | HtmlEncode.cs:10:28:10:65 | ... + ... | provenance | Sink:MaD:2 |
|
||||
| InappropriateEncoding.cs:13:13:13:24 | access to local variable encodedValue : String | InappropriateEncoding.cs:16:17:16:22 | access to local variable query1 : String | provenance | |
|
||||
| InappropriateEncoding.cs:13:28:13:40 | call to method Encode : String | InappropriateEncoding.cs:13:13:13:24 | access to local variable encodedValue : String | provenance | |
|
||||
| InappropriateEncoding.cs:16:17:16:22 | access to local variable query1 : String | InappropriateEncoding.cs:18:46:18:51 | access to local variable query1 | provenance | Sink:MaD:951 |
|
||||
| InappropriateEncoding.cs:16:17:16:22 | access to local variable query1 : String | InappropriateEncoding.cs:18:46:18:51 | access to local variable query1 | provenance | Sink:MaD:1 |
|
||||
| InappropriateEncoding.cs:34:13:34:24 | access to local variable encodedValue : String | InappropriateEncoding.cs:35:32:35:43 | access to local variable encodedValue | provenance | |
|
||||
| InappropriateEncoding.cs:34:13:34:24 | access to local variable encodedValue : String | InappropriateEncoding.cs:36:22:36:59 | ... + ... | provenance | |
|
||||
| InappropriateEncoding.cs:34:13:34:24 | access to local variable encodedValue : String | InappropriateEncoding.cs:37:59:37:70 | access to local variable encodedValue : String | provenance | |
|
||||
| InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode : String | InappropriateEncoding.cs:34:13:34:24 | access to local variable encodedValue : String | provenance | |
|
||||
| InappropriateEncoding.cs:37:59:37:70 | access to local variable encodedValue : String | InappropriateEncoding.cs:37:22:37:71 | call to method Format | provenance | MaD:2700 |
|
||||
| InappropriateEncoding.cs:37:59:37:70 | access to local variable encodedValue : String | InappropriateEncoding.cs:37:22:37:71 | call to method Format | provenance | MaD:3 |
|
||||
| InappropriateEncoding.cs:55:13:55:24 | access to local variable encodedValue : String | InappropriateEncoding.cs:56:31:56:42 | access to local variable encodedValue | provenance | |
|
||||
| InappropriateEncoding.cs:55:28:55:56 | call to method HtmlEncode : String | InappropriateEncoding.cs:55:13:55:24 | access to local variable encodedValue : String | provenance | |
|
||||
| InappropriateEncoding.cs:66:16:66:42 | call to method Replace : String | InappropriateEncoding.cs:13:28:13:40 | call to method Encode : String | provenance | |
|
||||
| SqlEncode.cs:14:17:14:21 | access to local variable query : String | SqlEncode.cs:15:46:15:50 | access to local variable query | provenance | Sink:MaD:951 |
|
||||
| SqlEncode.cs:14:17:14:21 | access to local variable query : String | SqlEncode.cs:15:46:15:50 | access to local variable query | provenance | Sink:MaD:1 |
|
||||
| SqlEncode.cs:14:62:14:87 | call to method Replace : String | SqlEncode.cs:14:17:14:21 | access to local variable query : String | provenance | |
|
||||
| UrlEncode.cs:10:43:10:69 | call to method HtmlEncode : String | UrlEncode.cs:10:31:10:69 | ... + ... | provenance | |
|
||||
models
|
||||
| 1 | Sink: System.Data.SqlClient; SqlDataAdapter; false; SqlDataAdapter; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual |
|
||||
| 2 | Sink: System.Web; HttpResponse; false; Write; ; ; Argument[0]; html-injection; manual |
|
||||
| 3 | Summary: System; String; false; Format; (System.String,System.Object); ; Argument[1]; ReturnValue; taint; manual |
|
||||
nodes
|
||||
| HtmlEncode.cs:10:28:10:65 | ... + ... | semmle.label | ... + ... |
|
||||
| HtmlEncode.cs:10:40:10:65 | call to method UrlEncode : String | semmle.label | call to method UrlEncode : String |
|
||||
@@ -40,16 +57,3 @@ nodes
|
||||
| UrlEncode.cs:10:31:10:69 | ... + ... | semmle.label | ... + ... |
|
||||
| UrlEncode.cs:10:43:10:69 | call to method HtmlEncode : String | semmle.label | call to method HtmlEncode : String |
|
||||
subpaths
|
||||
#select
|
||||
| HtmlEncode.cs:10:28:10:65 | ... + ... | HtmlEncode.cs:10:40:10:65 | call to method UrlEncode : String | HtmlEncode.cs:10:28:10:65 | ... + ... | This HTML expression may include data from a $@. | HtmlEncode.cs:10:40:10:65 | call to method UrlEncode | possibly inappropriately encoded value |
|
||||
| InappropriateEncoding.cs:18:46:18:51 | access to local variable query1 | InappropriateEncoding.cs:13:28:13:40 | call to method Encode : String | InappropriateEncoding.cs:18:46:18:51 | access to local variable query1 | This SQL expression may include data from a $@. | InappropriateEncoding.cs:13:28:13:40 | call to method Encode | possibly inappropriately encoded value |
|
||||
| InappropriateEncoding.cs:18:46:18:51 | access to local variable query1 | InappropriateEncoding.cs:66:16:66:42 | call to method Replace : String | InappropriateEncoding.cs:18:46:18:51 | access to local variable query1 | This SQL expression may include data from a $@. | InappropriateEncoding.cs:66:16:66:42 | call to method Replace | possibly inappropriately encoded value |
|
||||
| InappropriateEncoding.cs:31:22:31:34 | call to method Encode | InappropriateEncoding.cs:31:22:31:34 | call to method Encode | InappropriateEncoding.cs:31:22:31:34 | call to method Encode | This HTML expression may include data from a $@. | InappropriateEncoding.cs:31:22:31:34 | call to method Encode | possibly inappropriately encoded value |
|
||||
| InappropriateEncoding.cs:32:22:32:49 | call to method UrlEncode | InappropriateEncoding.cs:32:22:32:49 | call to method UrlEncode | InappropriateEncoding.cs:32:22:32:49 | call to method UrlEncode | This HTML expression may include data from a $@. | InappropriateEncoding.cs:32:22:32:49 | call to method UrlEncode | possibly inappropriately encoded value |
|
||||
| InappropriateEncoding.cs:33:22:33:73 | call to method UrlEncode | InappropriateEncoding.cs:33:22:33:73 | call to method UrlEncode | InappropriateEncoding.cs:33:22:33:73 | call to method UrlEncode | This HTML expression may include data from a $@. | InappropriateEncoding.cs:33:22:33:73 | call to method UrlEncode | possibly inappropriately encoded value |
|
||||
| InappropriateEncoding.cs:35:32:35:43 | access to local variable encodedValue | InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode : String | InappropriateEncoding.cs:35:32:35:43 | access to local variable encodedValue | This HTML expression may include data from a $@. | InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode | possibly inappropriately encoded value |
|
||||
| InappropriateEncoding.cs:36:22:36:59 | ... + ... | InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode : String | InappropriateEncoding.cs:36:22:36:59 | ... + ... | This HTML expression may include data from a $@. | InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode | possibly inappropriately encoded value |
|
||||
| InappropriateEncoding.cs:37:22:37:71 | call to method Format | InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode : String | InappropriateEncoding.cs:37:22:37:71 | call to method Format | This HTML expression may include data from a $@. | InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode | possibly inappropriately encoded value |
|
||||
| InappropriateEncoding.cs:56:31:56:42 | access to local variable encodedValue | InappropriateEncoding.cs:55:28:55:56 | call to method HtmlEncode : String | InappropriateEncoding.cs:56:31:56:42 | access to local variable encodedValue | This URL expression may include data from a $@. | InappropriateEncoding.cs:55:28:55:56 | call to method HtmlEncode | possibly inappropriately encoded value |
|
||||
| SqlEncode.cs:15:46:15:50 | access to local variable query | SqlEncode.cs:14:62:14:87 | call to method Replace : String | SqlEncode.cs:15:46:15:50 | access to local variable query | This SQL expression may include data from a $@. | SqlEncode.cs:14:62:14:87 | call to method Replace | possibly inappropriately encoded value |
|
||||
| UrlEncode.cs:10:31:10:69 | ... + ... | UrlEncode.cs:10:43:10:69 | call to method HtmlEncode : String | UrlEncode.cs:10:31:10:69 | ... + ... | This URL expression may include data from a $@. | UrlEncode.cs:10:43:10:69 | call to method HtmlEncode | possibly inappropriately encoded value |
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
Security Features/CWE-838/InappropriateEncoding.ql
|
||||
query: Security Features/CWE-838/InappropriateEncoding.ql
|
||||
postprocess: TestUtilities/PrettyPrintModels.ql
|
||||
|
||||
Reference in New Issue
Block a user