diff --git a/csharp/ql/test/query-tests/Security Features/CWE-295/AcceptAnyCertificate/AcceptAnyCertificate.expected b/csharp/ql/test/query-tests/Security Features/CWE-295/AcceptAnyCertificate/AcceptAnyCertificate.expected index 001adcdcaa9..14d0bf836c2 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-295/AcceptAnyCertificate/AcceptAnyCertificate.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-295/AcceptAnyCertificate/AcceptAnyCertificate.expected @@ -1,3 +1,16 @@ +#select +| Test.cs:14:13:14:57 | (...) => ... | Test.cs:14:13:14:57 | (...) => ... | Test.cs:14:13:14:57 | (...) => ... | This TLS certificate validation $@, which trusts any certificate. | Test.cs:14:13:14:57 | (...) => ... | uses a callback | +| Test.cs:22:13:25:13 | (...) => ... | Test.cs:22:13:25:13 | (...) => ... | Test.cs:22:13:25:13 | (...) => ... | This TLS certificate validation $@, which trusts any certificate. | Test.cs:22:13:25:13 | (...) => ... | uses a callback | +| Test.cs:33:13:33:74 | access to property DangerousAcceptAnyServerCertificateValidator | Test.cs:33:13:33:74 | access to property DangerousAcceptAnyServerCertificateValidator | Test.cs:33:13:33:74 | access to property DangerousAcceptAnyServerCertificateValidator | This TLS certificate validation $@, which trusts any certificate. | Test.cs:33:13:33:74 | access to property DangerousAcceptAnyServerCertificateValidator | uses a callback | +| Test.cs:40:13:40:56 | (...) => ... | Test.cs:40:13:40:56 | (...) => ... | Test.cs:40:13:40:56 | (...) => ... | This TLS certificate validation $@, which trusts any certificate. | Test.cs:40:13:40:56 | (...) => ... | uses a callback | +| Test.cs:47:13:47:61 | (...) => ... | Test.cs:47:13:47:61 | (...) => ... | Test.cs:47:13:47:61 | (...) => ... | This TLS certificate validation $@, which trusts any certificate. | Test.cs:47:13:47:61 | (...) => ... | uses a callback | +| Test.cs:49:68:49:87 | (...) => ... | Test.cs:49:68:49:87 | (...) => ... | Test.cs:49:68:49:87 | (...) => ... | This TLS certificate validation $@, which trusts any certificate. | Test.cs:49:68:49:87 | (...) => ... | uses a callback | +| Test.cs:51:68:51:92 | delegate(...) { ... } | Test.cs:51:68:51:92 | delegate(...) { ... } | Test.cs:51:68:51:92 | delegate(...) { ... } | This TLS certificate validation $@, which trusts any certificate. | Test.cs:51:68:51:92 | delegate(...) { ... } | uses a callback | +| Test.cs:69:67:69:75 | delegate creation of type RemoteCertificateValidationCallback | Test.cs:69:67:69:75 | delegate creation of type RemoteCertificateValidationCallback | Test.cs:69:67:69:75 | delegate creation of type RemoteCertificateValidationCallback | This TLS certificate validation $@, which trusts any certificate. | Test.cs:69:67:69:75 | delegate creation of type RemoteCertificateValidationCallback | uses a callback | +| Test.cs:76:13:76:76 | delegate creation of type RemoteCertificateValidationCallback | Test.cs:76:13:76:76 | delegate creation of type RemoteCertificateValidationCallback | Test.cs:76:13:76:76 | delegate creation of type RemoteCertificateValidationCallback | This TLS certificate validation $@, which trusts any certificate. | Test.cs:76:13:76:76 | delegate creation of type RemoteCertificateValidationCallback | uses a callback | +| Test.cs:83:13:83:56 | (...) => ... | Test.cs:83:13:83:56 | (...) => ... | Test.cs:83:13:83:56 | (...) => ... | This TLS certificate validation $@, which trusts any certificate. | Test.cs:83:13:83:56 | (...) => ... | uses a callback | +| Test.cs:89:13:89:56 | (...) => ... | Test.cs:89:13:89:56 | (...) => ... | Test.cs:89:13:89:56 | (...) => ... | This TLS certificate validation $@, which trusts any certificate. | Test.cs:89:13:89:56 | (...) => ... | uses a callback | +| Test.cs:91:48:91:55 | access to local variable callback | Test.cs:89:13:89:56 | (...) => ... : (...) => ... | Test.cs:91:48:91:55 | access to local variable callback | This TLS certificate validation $@, which trusts any certificate. | Test.cs:89:13:89:56 | (...) => ... | uses a callback | edges | Test.cs:88:45:88:52 | access to local variable callback : (...) => ... | Test.cs:91:48:91:55 | access to local variable callback | provenance | | | Test.cs:89:13:89:56 | (...) => ... : (...) => ... | Test.cs:88:45:88:52 | access to local variable callback : (...) => ... | provenance | | @@ -17,16 +30,3 @@ nodes | Test.cs:89:13:89:56 | (...) => ... : (...) => ... | semmle.label | (...) => ... : (...) => ... | | Test.cs:91:48:91:55 | access to local variable callback | semmle.label | access to local variable callback | subpaths -#select -| Test.cs:14:13:14:57 | (...) => ... | Test.cs:14:13:14:57 | (...) => ... | Test.cs:14:13:14:57 | (...) => ... | This TLS certificate validation $@, which trusts any certificate. | Test.cs:14:13:14:57 | (...) => ... | uses a callback | -| Test.cs:22:13:25:13 | (...) => ... | Test.cs:22:13:25:13 | (...) => ... | Test.cs:22:13:25:13 | (...) => ... | This TLS certificate validation $@, which trusts any certificate. | Test.cs:22:13:25:13 | (...) => ... | uses a callback | -| Test.cs:33:13:33:74 | access to property DangerousAcceptAnyServerCertificateValidator | Test.cs:33:13:33:74 | access to property DangerousAcceptAnyServerCertificateValidator | Test.cs:33:13:33:74 | access to property DangerousAcceptAnyServerCertificateValidator | This TLS certificate validation $@, which trusts any certificate. | Test.cs:33:13:33:74 | access to property DangerousAcceptAnyServerCertificateValidator | uses a callback | -| Test.cs:40:13:40:56 | (...) => ... | Test.cs:40:13:40:56 | (...) => ... | Test.cs:40:13:40:56 | (...) => ... | This TLS certificate validation $@, which trusts any certificate. | Test.cs:40:13:40:56 | (...) => ... | uses a callback | -| Test.cs:47:13:47:61 | (...) => ... | Test.cs:47:13:47:61 | (...) => ... | Test.cs:47:13:47:61 | (...) => ... | This TLS certificate validation $@, which trusts any certificate. | Test.cs:47:13:47:61 | (...) => ... | uses a callback | -| Test.cs:49:68:49:87 | (...) => ... | Test.cs:49:68:49:87 | (...) => ... | Test.cs:49:68:49:87 | (...) => ... | This TLS certificate validation $@, which trusts any certificate. | Test.cs:49:68:49:87 | (...) => ... | uses a callback | -| Test.cs:51:68:51:92 | delegate(...) { ... } | Test.cs:51:68:51:92 | delegate(...) { ... } | Test.cs:51:68:51:92 | delegate(...) { ... } | This TLS certificate validation $@, which trusts any certificate. | Test.cs:51:68:51:92 | delegate(...) { ... } | uses a callback | -| Test.cs:69:67:69:75 | delegate creation of type RemoteCertificateValidationCallback | Test.cs:69:67:69:75 | delegate creation of type RemoteCertificateValidationCallback | Test.cs:69:67:69:75 | delegate creation of type RemoteCertificateValidationCallback | This TLS certificate validation $@, which trusts any certificate. | Test.cs:69:67:69:75 | delegate creation of type RemoteCertificateValidationCallback | uses a callback | -| Test.cs:76:13:76:76 | delegate creation of type RemoteCertificateValidationCallback | Test.cs:76:13:76:76 | delegate creation of type RemoteCertificateValidationCallback | Test.cs:76:13:76:76 | delegate creation of type RemoteCertificateValidationCallback | This TLS certificate validation $@, which trusts any certificate. | Test.cs:76:13:76:76 | delegate creation of type RemoteCertificateValidationCallback | uses a callback | -| Test.cs:83:13:83:56 | (...) => ... | Test.cs:83:13:83:56 | (...) => ... | Test.cs:83:13:83:56 | (...) => ... | This TLS certificate validation $@, which trusts any certificate. | Test.cs:83:13:83:56 | (...) => ... | uses a callback | -| Test.cs:89:13:89:56 | (...) => ... | Test.cs:89:13:89:56 | (...) => ... | Test.cs:89:13:89:56 | (...) => ... | This TLS certificate validation $@, which trusts any certificate. | Test.cs:89:13:89:56 | (...) => ... | uses a callback | -| Test.cs:91:48:91:55 | access to local variable callback | Test.cs:89:13:89:56 | (...) => ... : (...) => ... | Test.cs:91:48:91:55 | access to local variable callback | This TLS certificate validation $@, which trusts any certificate. | Test.cs:89:13:89:56 | (...) => ... | uses a callback | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-295/AcceptAnyCertificate/AcceptAnyCertificate.qlref b/csharp/ql/test/query-tests/Security Features/CWE-295/AcceptAnyCertificate/AcceptAnyCertificate.qlref index 3091f848abe..e400be7f8a3 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-295/AcceptAnyCertificate/AcceptAnyCertificate.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-295/AcceptAnyCertificate/AcceptAnyCertificate.qlref @@ -1 +1,2 @@ -Security Features/CWE-295/AcceptAnyCertificate.ql \ No newline at end of file +query: Security Features/CWE-295/AcceptAnyCertificate.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-295/AcceptAnyCertificate/Test.cs b/csharp/ql/test/query-tests/Security Features/CWE-295/AcceptAnyCertificate/Test.cs index c02478caa2f..cf267bc0288 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-295/AcceptAnyCertificate/Test.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-295/AcceptAnyCertificate/Test.cs @@ -11,7 +11,7 @@ public class CertificateValidationTests var handler = new HttpClientHandler(); // BAD: always trusts any certificate. handler.ServerCertificateCustomValidationCallback = - (request, certificate, chain, errors) => true; + (request, certificate, chain, errors) => true; // $ Alert } public void HttpClientHandlerBlockBodyBad() @@ -22,7 +22,7 @@ public class CertificateValidationTests (request, certificate, chain, errors) => { return true; - }; + }; // $ Alert } public void HttpClientHandlerDangerousBad() @@ -30,25 +30,25 @@ public class CertificateValidationTests var handler = new HttpClientHandler(); // BAD: built-in callback that accepts any certificate. handler.ServerCertificateCustomValidationCallback = - HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; + HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; // $ Alert } public void ServicePointManagerBad() { // BAD: always trusts any certificate. ServicePointManager.ServerCertificateValidationCallback = - (sender, certificate, chain, errors) => true; + (sender, certificate, chain, errors) => true; // $ Alert } public void ServicePointManagerCompoundBad() { // BAD: always trusts any certificate (compound assignment). ServicePointManager.ServerCertificateValidationCallback += - (sender, cert, chain, errors) => { return true; }; + (sender, cert, chain, errors) => { return true; }; // $ Alert // BAD - ServicePointManager.ServerCertificateValidationCallback += (a, b, c, d) => true; + ServicePointManager.ServerCertificateValidationCallback += (a, b, c, d) => true; // $ Alert // BAD: parameterless anonymous method. - ServicePointManager.ServerCertificateValidationCallback += delegate { return true; }; + ServicePointManager.ServerCertificateValidationCallback += delegate { return true; }; // $ Alert } private static bool AcceptAll(object sender, X509Certificate certificate, X509Chain chain, @@ -66,29 +66,29 @@ public class CertificateValidationTests public void MethodGroupBad() { // BAD: the referenced static method always returns true. - ServicePointManager.ServerCertificateValidationCallback = AcceptAll; + ServicePointManager.ServerCertificateValidationCallback = AcceptAll; // $ Alert } public void MethodGroupNonStaticBad() { // BAD: the referenced instance method always returns true. ServicePointManager.ServerCertificateValidationCallback = - new RemoteCertificateValidationCallback(this.AcceptAllNonStatic); + new RemoteCertificateValidationCallback(this.AcceptAllNonStatic); // $ Alert } public void SslStreamBad(Stream stream) { // BAD: the validation callback always returns true. var ssl = new SslStream(stream, false, - (sender, certificate, chain, errors) => true); + (sender, certificate, chain, errors) => true); // $ Alert } public void IndirectBad(Stream stream) { RemoteCertificateValidationCallback callback = - (sender, certificate, chain, errors) => true; + (sender, certificate, chain, errors) => true; // $ Source Alert // BAD: the callback flowing here always returns true. - var ssl = new SslStream(stream, false, callback); + var ssl = new SslStream(stream, false, callback); // $ Alert } public void HttpClientHandlerGood()