hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
4f6b698ca334a91460facad84a9a57dbf05ea89c
codeql/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/BinaryFormatterUntrustedInputBad.cs

26 lines
733 B
C#
Raw Blame History

using System;
using System.IO;
using System.Runtime.Serialization.Formatters.Binary;
using System.Text;
using System.Web.UI.WebControls;
class BadBinaryFormatter1
{
public static object Deserialize(TextBox textBox)
{
var ds = new BinaryFormatter();
// BAD
return ds.Deserialize(new MemoryStream(Encoding.UTF8.GetBytes(textBox.Text))); // $ Alert[cs/unsafe-deserialization-untrusted-input]
}
}
class BadBinaryFormatter2
{
public static object Deserialize(TextBox type, TextBox data)
{
var ds = new BinaryFormatter();
// BAD
return ds.Deserialize(new MemoryStream(Convert.FromBase64String(data.Text))); // $ Alert[cs/unsafe-deserialization-untrusted-input]
}
}
Reference in New Issue View Git Blame Copy Permalink