hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixing Test cases

Browse Source
This commit is contained in:
Raul Garcia
2024-10-09 14:44:48 -07:00
parent b95b275136
commit a179fa021f
4 changed files with 8 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnection/InsecureSQLConnection.cs
View File

@@ -1,4 +1,3 @@
using System;
using System.Data.SqlClient; using System.Data.SqlClient;
namespace InsecureSQLConnection namespace InsecureSQLConnection
@@ -35,13 +34,13 @@ namespace InsecureSQLConnection
public void StringInInitializer() public void StringInInitializer()
{ {
string connectString = "Server=1.2.3.4;Database=Anything;UID=ab;Pwd=cd;Encrypt=false"; string connectString = "Server=1.2.3.4;Database=Anything;UID=ab;Pwd=cd;Encrypt=false";
SqlConnectionStringBuilder conBuilder = new SqlConnectionStringBuilder(connectString) { Encrypt = true}; // False Positive SqlConnectionStringBuilder conBuilder = new SqlConnectionStringBuilder(connectString) { Encrypt = true };
} }
public void TriggerThis() public void TriggerThis()
{ {
// BAD, Encrypt not specified (version dependent) // BAD, Encrypt not specified
SqlConnection conn = new SqlConnection("Server=myServerName\\myInstanceName;Database=myDataBase;User Id=myUsername;"); SqlConnection conn = new SqlConnection("Server=myServerName\\myInstanceName;Database=myDataBase;User Id=myUsername;");
} }
@@ -49,7 +48,7 @@ namespace InsecureSQLConnection
{ {
string connectString = string connectString =
"Server=1.2.3.4;Database=Anything;UID=ab;Pwd=cd"; "Server=1.2.3.4;Database=Anything;UID=ab;Pwd=cd";
// BAD, Encrypt not specified (version dependent) // BAD, Encrypt not specified
SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder(connectString); SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder(connectString);
var conn = new SqlConnection(builder.ConnectionString); var conn = new SqlConnection(builder.ConnectionString);
} }
@@ -62,20 +61,5 @@ namespace InsecureSQLConnection
SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder(connectString); SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder(connectString);
var conn = new SqlConnection(builder.ConnectionString); var conn = new SqlConnection(builder.ConnectionString);
} }
void Test6()
{
var conn = new SqlConnectionStringBuilder(SetToTrueConnStr) { Encrypt = false }; // Bug - cs/insecure-sql-connection-initializer
}
void Test72ndPhase(bool encrypt)
{
var conn = new SqlConnectionStringBuilder(SetToTrueConnStr) { Encrypt = encrypt }; // Bug - cs/insecure-sql-connection-initializer (sink)
}
void Test7()
{
Test72ndPhase(false); // Bug - cs/insecure-sql-connection-initializer (source)
}
} }
} }

0
csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnectionInitializer/InsecureSQLConnection.cs Normal file
View File

4
csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnectionInitializer/InsecureSQLConnectionInitializer.expected Normal file
View File

@@ -0,0 +1,4 @@
edges
nodes
subpaths
#select

0
csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnection/InsecureSQLConnectionInitializer.qlref → csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnectionInitializer/InsecureSQLConnectionInitializer.qlref
View File