Commit Graph

45 Commits

Author SHA1 Message Date
Chad Bentz
4f1d6f472d Fix test comments: replace GOOD/BAD markers with flow source descriptions
Per review feedback, GOOD/BAD markers don't apply to flow source
enumeration tests. Use descriptive comments instead.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-15 11:34:43 -04:00
Chad Bentz
ce9e61dbfd C#: Add Razor Page handler method parameters as remote flow sources
ASP.NET Core Razor Page handler method parameters (OnGet, OnPost, etc.)
were not modeled as remote flow sources, causing security queries like
SQL injection to miss vulnerabilities in PageModel subclasses.

This adds AspNetCorePageHandlerMethodParameter, analogous to the existing
AspNetCoreActionMethodParameter for MVC controllers, using the existing
PageModelClass.getAHandlerMethod() from Razor.qll.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-12 19:50:12 -04:00
Michael Nebel
8b93ce2747 C#: Add ASP.NET test case for a collection type. 2026-04-21 14:27:06 +02:00
Michael Nebel
8060d2ff24 C#: Streamline the implementation for ASP.NET Core tainted members. 2026-04-21 13:40:02 +02:00
Michael Nebel
921d93e427 C#: Add an ASP.NET flow source example when using the WebMethod attribute. 2026-04-21 13:39:59 +02:00
Michael Nebel
0062eb1209 C#: Update remote flow sources test to also report tainted members. 2026-04-21 13:39:51 +02:00
Mathias Vorreiter Pedersen
088913d925 C#: Accept test changes. 2026-03-04 12:26:07 +00:00
Mathias Vorreiter Pedersen
b7992ed8cd C#: Add test. 2026-03-04 12:25:08 +00:00
Michael Nebel
a671810edf C#: Update test options files to point to the new stubs versions. 2026-01-05 15:23:34 +01:00
Michael Nebel
ffd6b2677c C#: Cleanup test options files. 2025-05-12 17:33:21 -04:00
Sid Gawri
4e3ac93f70 fix unit tests part 2 2025-05-09 16:24:42 -04:00
Michael Nebel
8781d6762c C#: Update test options files to point to the new stubs. 2025-01-31 10:36:57 +01:00
Michael Nebel
82f8a796e1 C#: Update all test util paths to point to the new location. 2024-12-12 13:21:31 +01:00
Rasmus Wriedt Larsen
8c10155eb7 mass rename to ActiveThreatModelSource 2024-09-12 10:16:55 +02:00
Michael Nebel
45d4d5138a C#: Update expected test output. 2024-08-21 13:14:12 +02:00
Michael Nebel
75772c5832 C#: Add abstract controller remote flow source example. 2024-08-21 13:00:10 +02:00
Edward Minnix III
7377cbb46e Merge pull request #15930 from egregius313/egregius313/csharp/mad/database/dapper-sources
C#: Sources for the `Dapper` database library
2024-03-25 11:21:51 -04:00
Ed Minnix
9ed8ca27a1 Fix test and model 2024-03-22 13:46:19 +01:00
Ed Minnix
1f04229def Fix typo 2024-03-22 13:46:19 +01:00
Ed Minnix
23aeb1d878 Add tests 2024-03-22 13:46:18 +01:00
Ed Minnix
3e3eceea5f Typo 2024-03-21 13:06:34 -04:00
Ed Minnix
3e29a8d2a1 System.IO files test 2024-03-21 13:06:23 -04:00
Ed Minnix
bc745dfd5e Windows registry sources 2024-03-11 13:55:34 -04:00
Ed Minnix
7f950d8e0d Fix ExpandEnvironmentVariables test case 2024-03-07 21:48:05 -05:00
Ed Minnix
f8c805de6b Microsoft.Extensions.Configuration models 2024-03-07 12:32:04 -05:00
Ed Minnix
a3f6bfe1df commandargs sources 2024-03-07 12:30:06 -05:00
Ed Minnix
51afe12ae1 Environment variable sources 2024-03-07 12:20:48 -05:00
Michael Nebel
35a615cac3 C#: Base the remoteflowsource test on stubs and update line numbers in expected output. 2023-12-13 10:07:57 +01:00
Michael Nebel
2fc7e51a5b C#: Only include source code (and not stubs) in the remote flow source test. 2023-12-04 13:10:10 +01:00
Michael Nebel
c3e0388a75 C#: Add testcase for complex models. 2022-08-19 08:51:39 +02:00
Michael Nebel
bbb6ba088b C#: Add more Map like remote flow source testcases. 2022-08-19 08:10:23 +02:00
Michael Nebel
d2c5266139 C#: Add more test examples. 2022-08-19 08:10:23 +02:00
Michael Nebel
6e5a412150 C#: Make one more ASP.NET routing example. 2022-08-19 08:10:23 +02:00
Michael Nebel
bd6d3c7347 C#: Consider parameters passed to lambdas in MapGet remote flow sources. 2022-08-19 08:10:23 +02:00
Michael Nebel
c8afb1bb94 C#: Update expected test case with new line numbers. 2022-08-19 08:10:23 +02:00
Michael Nebel
328e47834e C#: Add ASP.NET Core MapGet routing end point example. 2022-08-19 08:10:23 +02:00
Michael Nebel
6d96da1838 C#: Use ASP.NET Core stub instead of Microsoft.Extensions.Primitives and manual written ASP.NET Core stubs. 2022-08-09 13:08:34 +02:00
Michael Nebel
1f2f2fff7f C#: Update testcases with examples. 2022-06-16 08:43:06 +02:00
Michael Nebel
ef0a3d0a79 C#: Add testcase for controller parameter types tainted members. 2022-06-16 08:38:31 +02:00
Tamas Vajk
5e2770339f Add adjusted expected files 2021-07-01 16:09:11 +02:00
Tamas Vajk
03d1a3e0ad Trim test files + remove duplicate newlines 2021-07-01 16:09:11 +02:00
Tamas Vajk
c29d11087b C#: Start using 'options' files in tests 2021-07-01 16:08:47 +02:00
Tom Hvitved
c8c706a0ba C#: Un-deprecate PublicCallableParameterFlowSource 2020-04-06 09:01:44 +02:00
Tom Hvitved
fddbce0b7b C#: Move all predefined sources and sinks into security/dataflow/flow{sinks,sources} 2020-03-25 20:05:39 +01:00
Pavel Avgustinov
b55526aa58 QL code and tests for C#/C++/JavaScript. 2018-08-02 17:53:23 +01:00