hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
c20ee76826e10318f8f39c6fae901b743c2e8254
codeql/csharp/ql/test/query-tests/Security Features/CWE-359/ExposureOfPrivateInformation.cs
Tamas Vajk 03d1a3e0ad Trim test files + remove duplicate newlines
2021-07-01 16:09:11 +02:00

48 lines
1009 B
C#
Raw Blame History

using System.Web;
public class Person
{
public string getTelephone()
{
return "";
}
}
public class ExposureOfPrivateInformationHandler : IHttpHandler
{
public void ProcessRequest(HttpContext ctx)
{
// BAD: Setting a cookie value or values with private data.
ctx.Response.Cookies["MyCookie"].Value = ctx.Request.QueryString["postcode"];
Person p = new Person();
ctx.Response.Cookies["MyCookie"].Value = p.getTelephone();
// BAD: Logging private data
ILogger logger = new ILogger();
logger.Warn(p.getTelephone());
// GOOD: Don't write these values to sensitive locations in the first place
}
public bool IsReusable
{
get
{
return true;
}
}
System.Windows.Forms.TextBox postcode;
void OnButtonClicked()
{
ILogger logger = new ILogger();
logger.Warn(postcode.Text);
}
}
class ILogger
{
public void Warn(string message) { }
}
Reference in New Issue View Git Blame Copy Permalink