hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 04:39:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

apply suggestions from code review

Browse Source
This commit is contained in:
erik-krogh
2024-02-14 13:50:27 +01:00
parent d31bfc06c2
commit a2bd45d0cb
2 changed files with 30 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect2.cs
View File

@@ -6,14 +6,13 @@ using System.Collections.Generic;
public class UrlRedirectHandler2 : IHttpHandler
{
private const String VALID_REDIRECT = "http://cwe.mitre.org/data/definitions/601.html";
private List<string> VALID_REDIRECTS = new List<string>{ "http://cwe.mitre.org/data/definitions/601.html", "http://cwe.mitre.org/data/definitions/79.html" };
public void ProcessRequest(HttpContext ctx)
{
// BAD: a request parameter is incorporated without validation into a URL redirect
ctx.Response.Redirect(ctx.Request.QueryString["page"]);
List<string> VALID_REDIRECTS = new List<string>{ "http://cwe.mitre.org/data/definitions/601.html", "http://cwe.mitre.org/data/definitions/79.html" };
var redirectUrl = ctx.Request.QueryString["page"];
if (VALID_REDIRECTS.Contains(redirectUrl))
{