mirror of
https://github.com/github/codeql.git
synced 2025-12-18 01:33:15 +01:00
61 lines
1.4 KiB
C#
61 lines
1.4 KiB
C#
// semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll
|
|
|
|
using System.Web;
|
|
using System.Web.Security;
|
|
|
|
public class Handler1 : IHttpHandler
|
|
{
|
|
public void ProcessRequest(HttpContext ctx)
|
|
{
|
|
|
|
if (FormsAuthentication.Authenticate("username", "password"))
|
|
{
|
|
ctx.Session["foo"] = "bar"; // BAD: Session has not been abandoned
|
|
ctx.Session.Abandon();
|
|
ctx.Session["foo"] = "bar"; // GOOD: Session is abandoned
|
|
}
|
|
else
|
|
{
|
|
ctx.Session["foo"] = "bar"; // GOOD: Logon didn't succeed
|
|
}
|
|
}
|
|
|
|
public bool IsReusable => true;
|
|
}
|
|
|
|
public class Handler2 : IHttpHandler
|
|
{
|
|
public void ProcessRequest(HttpContext ctx)
|
|
{
|
|
|
|
if (Membership.ValidateUser("username", "password"))
|
|
{
|
|
AbandonSession(ctx);
|
|
ctx.Session["foo"] = "bar"; // GOOD: Session is abandoned (indirectly)
|
|
}
|
|
}
|
|
|
|
void AbandonSession(HttpContext ctx)
|
|
{
|
|
ctx.Session.Clear();
|
|
}
|
|
|
|
public bool IsReusable => true;
|
|
}
|
|
|
|
public class Handler3 : IHttpHandler
|
|
{
|
|
public void ProcessRequest(HttpContext ctx)
|
|
{
|
|
|
|
if (Membership.ValidateUser("username", "password"))
|
|
{
|
|
ctx.Session["foo"] = "bar"; // BAD: Session not abandoned
|
|
}
|
|
ctx.Session["foo"] = "bar"; // BAD: here as well
|
|
}
|
|
|
|
public bool IsReusable => true;
|
|
}
|
|
|