hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
fd8bf990f6c80677467374cd3dcb1a6aec7e0abe
codeql/csharp/ql/test/experimental/Security Features/CWE-1004/CookieWithoutHttpOnlySystemWeb/ConfigFalse/Program.cs
Michael Nebel 0b39f1155e C#: Base the remaning CWE-1004 tests purely on stubs.
2023-12-13 10:07:57 +01:00

37 lines
983 B
C#
Raw Blame History

class Program
{
void CookieDefault()
{
var cookie = new System.Web.HttpCookie("sessionID"); // BAD: httpOnlyCookies is set to false in config
}
void CookieDefaultForgery()
{
var cookie = new System.Web.HttpCookie("anticsrftoken"); // GOOD: not an auth cookie
}
void CookieDirectTrue()
{
var cookie = new System.Web.HttpCookie("sessionID");
cookie.HttpOnly = true; // GOOD
}
void CookieDirectTrueInitializer()
{
var cookie = new System.Web.HttpCookie("sessionID") { HttpOnly = true }; // GOOD
}
void CookieIntermediateTrue()
{
var cookie = new System.Web.HttpCookie("sessionID");
bool v = true;
cookie.HttpOnly = v; // GOOD: should track local data flow
}
void CookieIntermediateTrueInitializer()
{
bool v = true;
var cookie = new System.Web.HttpCookie("sessionID") { HttpOnly = v }; // GOOD: should track local data flow
}
}
Reference in New Issue View Git Blame Copy Permalink