mirror of
https://github.com/github/codeql.git
synced 2026-01-07 03:30:24 +01:00
24 lines
548 B
Plaintext
24 lines
548 B
Plaintext
/**
|
|
* @name Use of file upload
|
|
* @description Finds uses of file upload
|
|
* @kind problem
|
|
* @problem.severity recommendation
|
|
* @security-severity 9.8
|
|
* @precision high
|
|
* @id cs/web/file-upload
|
|
* @tags security
|
|
* maintainability
|
|
* frameworks/asp.net
|
|
* external/cwe/cwe-434
|
|
*/
|
|
|
|
import csharp
|
|
|
|
from PropertyAccess pa
|
|
where
|
|
pa.getTarget().hasName("PostedFile") and
|
|
pa.getTarget()
|
|
.getDeclaringType()
|
|
.hasFullyQualifiedName("System.Web.UI.HtmlControls", "HtmlInputFile")
|
|
select pa, "Avoid using file upload."
|