hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
sauyon/java-spring-stringutils
codeql/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.cs
Pavel Avgustinov b55526aa58 QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00

39 lines
1.0 KiB
C#
Raw Permalink Blame History

//semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll /r:System.Runtime.Extensions.dll /r:System.Diagnostics.TraceSource.dll
using System;
using System.Diagnostics;
using System.IO;
using System.Net;
using System.Web;
class ILogger
{
public void Warn(string message) { }
}
public class LogForgingHandler : IHttpHandler
{
public void ProcessRequest(HttpContext ctx)
{
String username = ctx.Request.QueryString["username"];
ILogger logger = new ILogger();
// BAD: Logged as-is
logger.Warn(username + " logged in");
// GOOD: New-lines removed
logger.Warn(username.Replace(Environment.NewLine, "") + " logged in");
// GOOD: Html encoded
logger.Warn(WebUtility.HtmlEncode(username) + " logged in");
// BAD: Logged as-is to TraceSource
new TraceSource("Test").TraceInformation(username + " logged in");
}
public bool IsReusable
{
get
{
return true;
}
}
}
Reference in New Issue View Git Blame Copy Permalink