hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
4f6b698ca334a91460facad84a9a57dbf05ea89c
codeql/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/ResourceReaderUntrustedInputBad.cs

20 lines
583 B
C#
Raw Blame History

using System.Web.UI.WebControls;
using System.Resources;
using System.IO;
using System.Text;
using System;
class BadResourceReader
{
public static void Deserialize(TextBox data)
{
var ds = new ResourceReader(new MemoryStream(Encoding.UTF8.GetBytes(data.Text))); // $ Alert[cs/unsafe-deserialization-untrusted-input]
// BAD
var dict = ds.GetEnumerator();
while (dict.MoveNext())
Console.WriteLine(" {0}: '{1}' (Type {2})",
dict.Key, dict.Value, dict.Value.GetType().Name);
ds.Close();
}
}
Reference in New Issue View Git Blame Copy Permalink