hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add test cases for safe API calls

Browse Source
This commit is contained in:
Tamas Vajk
2020-12-04 10:38:45 +01:00
parent 24670160c2
commit d55fbc8a05
2 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedData.cs
View File

@@ -9,6 +9,9 @@ public class UntrustedData : IHttpHandler
public void ProcessRequest(HttpContext ctx)
{
var name = ctx.Request.QueryString["name"];
var len = name.Length;
var myEncodedString = HttpUtility.HtmlEncode(name);
ctx.Response.Write(name);
}

6
csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedDataToExternalAPI.expected
View File

@@ -1,11 +1,11 @@
edges
| UntrustedData.cs:11:20:11:42 | access to property QueryString : NameValueCollection | UntrustedData.cs:12:28:12:31 | access to local variable name |
| UntrustedData.cs:11:20:11:42 | access to property QueryString : NameValueCollection | UntrustedData.cs:15:28:15:31 | access to local variable name |
nodes
| UntrustedData.cs:11:20:11:30 | access to property Request | semmle.label | access to property Request |
| UntrustedData.cs:11:20:11:42 | access to property QueryString | semmle.label | access to property QueryString |
| UntrustedData.cs:11:20:11:42 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
| UntrustedData.cs:12:28:12:31 | access to local variable name | semmle.label | access to local variable name |
| UntrustedData.cs:15:28:15:31 | access to local variable name | semmle.label | access to local variable name |
#select
| UntrustedData.cs:11:20:11:30 | access to property Request | UntrustedData.cs:11:20:11:30 | access to property Request | UntrustedData.cs:11:20:11:30 | access to property Request | Call to System.Web.HttpRequest.get_QueryString with untrusted data from $@. | UntrustedData.cs:11:20:11:30 | access to property Request | access to property Request |
| UntrustedData.cs:11:20:11:42 | access to property QueryString | UntrustedData.cs:11:20:11:42 | access to property QueryString | UntrustedData.cs:11:20:11:42 | access to property QueryString | Call to System.Collections.Specialized.NameValueCollection.get_Item with untrusted data from $@. | UntrustedData.cs:11:20:11:42 | access to property QueryString | access to property QueryString |
| UntrustedData.cs:12:28:12:31 | access to local variable name | UntrustedData.cs:11:20:11:42 | access to property QueryString : NameValueCollection | UntrustedData.cs:12:28:12:31 | access to local variable name | Call to System.Web.HttpResponse.Write with untrusted data from $@. | UntrustedData.cs:11:20:11:42 | access to property QueryString : NameValueCollection | access to property QueryString : NameValueCollection |
| UntrustedData.cs:15:28:15:31 | access to local variable name | UntrustedData.cs:11:20:11:42 | access to property QueryString : NameValueCollection | UntrustedData.cs:15:28:15:31 | access to local variable name | Call to System.Web.HttpResponse.Write with untrusted data from $@. | UntrustedData.cs:11:20:11:42 | access to property QueryString : NameValueCollection | access to property QueryString : NameValueCollection |