324 Commits

Author	SHA1	Message	Date
Michael Nebel	0ed48616a7	C#: Use stubs for CWE-321/HardcodedSymmetricEncryptionKey.	2023-01-31 13:21:00 +01:00
Michael Nebel	f3555b1076	C#: Update options files as some classes has been moved to other dll's.	2023-01-31 13:21:00 +01:00
Michael Nebel	14888d4382	C#: Use stubs for CWE-327 test cases.	2023-01-31 13:21:00 +01:00
erik-krogh	887062d339	update cs/assembly-path-injection and cs/hardcoded-key to path-problems	2022-11-11 10:55:36 +01:00
erik-krogh	318718c428	update expected output	2022-09-30 14:51:41 +02:00
erik-krogh	7098e7b102	change more queries to start with "This "	2022-09-30 13:29:18 +02:00
erik-krogh	77eeabe8e5	changed to address review	2022-09-29 13:39:59 +02:00
erik-krogh	326666ac85	update the alert-messages of csharp queries	2022-09-26 14:01:39 +02:00
Michael Nebel	9ace52114c	C#: Update expected test output.	2022-09-23 13:06:48 +02:00
Michael Nebel	7c74cc6420	C#: Update expected test output - including false positive.	2022-09-23 13:04:04 +02:00
Michael Nebel	e45e06b675	C#: Add LogForging testcase based on ASP.NET.	2022-09-23 13:02:42 +02:00
Michael Nebel	39402b842e	C#: Add ASP.NET Core stubs to LogForging tests.	2022-09-23 12:59:15 +02:00
Michael Nebel	96a46a007f	C#: Use stubs in the CWE-117 LogForging test.	2022-09-23 12:49:12 +02:00
erik-krogh	7e0bd5bde4	update expected output of tests	2022-08-22 21:41:47 +02:00
Tom Hvitved	f275885258	C#: Add a cshtml-based XSS test	2022-08-18 15:24:04 +02:00
Michael Nebel	15906338dc	Merge pull request #9923 from michaelnebel/csharp/webgoat ... C#: SQL Injection improvements for SQLite.	2022-08-15 13:22:25 +02:00
Tamas Vajk	7a406d8e41	C#: Fix unsafe deserialization with JsonConvert.DeserializeObject ... Remove false positives when `JsonConvert.DeserializeObject` is called with not necessarily unsafe settings.	2022-08-11 11:00:46 +02:00
Tamas Vajk	6e6bd208b1	C#: Add test case for JsonConvert.DeserializeObject in unsafe deserialization tests	2022-08-11 11:00:23 +02:00
Michael Nebel	c3adb990a3	C#: Update SQL Injection with testcase with found vulnerability.	2022-08-10 14:49:20 +02:00
Michael Nebel	504160fee4	C#: Update expected file for Sql injection and Second Order sql injection (note that this is already a second order sql injection).	2022-08-10 14:49:20 +02:00
Michael Nebel	5c47ae3f98	C#: Add testcase for unsanitized filename used in Filestream.	2022-08-10 14:49:20 +02:00
Michael Nebel	1355931b50	C#: Update SecondOrder SQL Injection test case expected output with vulnerability from test case.	2022-08-10 14:49:19 +02:00
Michael Nebel	2b51e03223	C#: Add SecondOrder SQL injection example, where reading from a file.	2022-08-10 11:08:27 +02:00
Michael Nebel	344770f06a	C#: Update Sqlinjection test query output with new results.	2022-08-10 11:08:27 +02:00
Michael Nebel	78cfb226a3	C#: Add some examples where adapter is used in conjunction with a tainted command.	2022-08-10 11:08:27 +02:00
Michael Nebel	86000f32e7	C#: Update SqlInjection query tests with new results.	2022-08-10 11:08:27 +02:00
Michael Nebel	1fb209990e	C#: Add SQLiteDataAdapter examples.	2022-08-10 11:08:27 +02:00
Michael Nebel	ce9baaa1f3	C#: Update SQLInjection query test output.	2022-08-10 11:08:27 +02:00
Michael Nebel	d42752714c	C#: Add SQLCommand examples.	2022-08-10 11:08:21 +02:00
Michael Nebel	7fc95fb49b	Merge pull request #9988 from michaelnebel/csharp/updatestubs ... C#: Update .NET Core and ASP.NET Core Stubs.	2022-08-10 11:02:35 +02:00
Michael Nebel	3ba893dfa8	C#: Remove System.Data.SqlClient 4.8.2 stub.	2022-08-09 13:15:44 +02:00
Michael Nebel	6d96da1838	C#: Use ASP.NET Core stub instead of Microsoft.Extensions.Primitives and manual written ASP.NET Core stubs.	2022-08-09 13:08:34 +02:00
Michael Nebel	66232a8054	C#: Fix typo.	2022-07-18 14:28:49 +02:00
Michael Nebel	e6e82ef56d	C#: Update test with Decrypt example.	2022-07-18 14:28:49 +02:00
Michael Nebel	52a9fb0de7	C#: Add test for decrypt.	2022-07-18 14:28:49 +02:00
Michael Nebel	93007f89c8	C#: Move ASP Net Core stubs into stubs folder.	2022-06-16 08:38:31 +02:00
Michael Nebel	ba7238d6e2	C#: Update XML Injectiont test output after rebase (query has been turned into a path-problem and the output is now affected by the added summaries for NameValueCollection).	2022-05-25 08:28:15 +02:00
Michael Nebel	c8ede58704	C#: Flow summaries has now been added for Exception stack trace, but not for ToString. The latter will be encoded as an extra taintstep in the analysis. To reduce noise for all uses of an exception itself an isSanitizerIn is introduced.	2022-05-25 08:28:15 +02:00
Michael Nebel	4d6d1c8376	C#: Since NameValueCollection now has a flow summary for the string indexer it is no longer consider an unsafe external api, which is why it has disappared from the result.	2022-05-25 08:28:14 +02:00
Michael Nebel	ee027f845c	C#: Since NameValueCollection now has a flow summary for the indexer it is considered a SafeExternalApiCallable and will thus not be included in the result of the test.	2022-05-25 08:28:14 +02:00
Michael Nebel	e2d6cd20c7	C#: Update tests due to new summaries for ProcessStartInfo.	2022-05-25 08:28:14 +02:00
Michael Nebel	9b8636aa23	C#: Update test because we now have a flow summary the string indexer for NameValueCollection.	2022-05-25 08:28:14 +02:00
Michael Nebel	3c347cab98	C#: Update test output to reflect that the query is now a path-problem query.	2022-05-05 13:13:25 +02:00
Michael Nebel	53000cf9f0	C#: Update the XSS expected file.	2022-01-05 16:44:03 +01:00
Michael Nebel	7e6d88d959	C#: Only use stubs for XSS test.	2022-01-05 16:44:03 +01:00
Michael Nebel	24543a2245	C#: Update the UrlRedirect expected file.	2022-01-05 16:44:03 +01:00
Michael Nebel	47ab2061d8	C#: Replace StringValues stub from stubs.cs with the stub in Microsoft.Extensions.Primitives.	2022-01-05 16:44:03 +01:00
Michael Nebel	59b71df2d6	C#: Use stubs for the CWE-601 testcase.	2021-11-30 15:32:19 +01:00
Michael Nebel	0b4d0d2772	C#: Use stubs for the CWE-838 testcase	2021-11-30 15:32:19 +01:00
Tom Hvitved	6d315a5d16	C#: Add subpaths predicate to XSS queries	2021-09-20 10:40:54 +02:00