mirror of
https://github.com/github/codeql.git
synced 2025-12-18 01:33:15 +01:00
35 lines
869 B
C#
35 lines
869 B
C#
using System;
|
|
using System.IO;
|
|
using System.Web;
|
|
|
|
public class TaintedPathHandler : IHttpHandler
|
|
{
|
|
public void ProcessRequest(HttpContext ctx)
|
|
{
|
|
String path = ctx.Request.QueryString["page"];
|
|
|
|
// BAD: Uncontrolled format string.
|
|
String.Format(path, "Do not do this");
|
|
|
|
// BAD: Using an IFormatProvider.
|
|
String.Format((IFormatProvider)null, path, "Do not do this");
|
|
|
|
// GOOD: Not the format string.
|
|
String.Format("Do not do this", path);
|
|
|
|
// GOOD: Not the format string.
|
|
String.Format((IFormatProvider)null, "Do not do this", path);
|
|
|
|
// GOOD: Not a formatting call
|
|
Console.WriteLine(path);
|
|
}
|
|
|
|
System.Windows.Forms.TextBox box1;
|
|
|
|
void OnButtonClicked()
|
|
{
|
|
// BAD: Uncontrolled format string.
|
|
String.Format(box1.Text, "Do not do this");
|
|
}
|
|
}
|