Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit d55fbc8

Browse files
tamasvajktamasvajk
committed
Add test cases for safe API calls
1 parent 2467016 commit d55fbc8

2 files changed

Lines changed: 6 additions & 3 deletions

File tree

csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedData.cs

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,9 @@ public class UntrustedData : IHttpHandler
99
public void ProcessRequest(HttpContext ctx)
1010
{
1111
var name = ctx.Request.QueryString["name"];
12+
var len = name.Length;
13+
14+
var myEncodedString = HttpUtility.HtmlEncode(name);
1215
ctx.Response.Write(name);
1316
}
1417

csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedDataToExternalAPI.expected

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,11 @@
11
edges
2-
| UntrustedData.cs:11:20:11:42 | access to property QueryString : NameValueCollection | UntrustedData.cs:12:28:12:31 | access to local variable name |
2+
| UntrustedData.cs:11:20:11:42 | access to property QueryString : NameValueCollection | UntrustedData.cs:15:28:15:31 | access to local variable name |
33
nodes
44
| UntrustedData.cs:11:20:11:30 | access to property Request | semmle.label | access to property Request |
55
| UntrustedData.cs:11:20:11:42 | access to property QueryString | semmle.label | access to property QueryString |
66
| UntrustedData.cs:11:20:11:42 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
7-
| UntrustedData.cs:12:28:12:31 | access to local variable name | semmle.label | access to local variable name |
7+
| UntrustedData.cs:15:28:15:31 | access to local variable name | semmle.label | access to local variable name |
88
#select
99
| UntrustedData.cs:11:20:11:30 | access to property Request | UntrustedData.cs:11:20:11:30 | access to property Request | UntrustedData.cs:11:20:11:30 | access to property Request | Call to System.Web.HttpRequest.get_QueryString with untrusted data from $@. | UntrustedData.cs:11:20:11:30 | access to property Request | access to property Request |
1010
| UntrustedData.cs:11:20:11:42 | access to property QueryString | UntrustedData.cs:11:20:11:42 | access to property QueryString | UntrustedData.cs:11:20:11:42 | access to property QueryString | Call to System.Collections.Specialized.NameValueCollection.get_Item with untrusted data from $@. | UntrustedData.cs:11:20:11:42 | access to property QueryString | access to property QueryString |
11-
| UntrustedData.cs:12:28:12:31 | access to local variable name | UntrustedData.cs:11:20:11:42 | access to property QueryString : NameValueCollection | UntrustedData.cs:12:28:12:31 | access to local variable name | Call to System.Web.HttpResponse.Write with untrusted data from $@. | UntrustedData.cs:11:20:11:42 | access to property QueryString : NameValueCollection | access to property QueryString : NameValueCollection |
11+
| UntrustedData.cs:15:28:15:31 | access to local variable name | UntrustedData.cs:11:20:11:42 | access to property QueryString : NameValueCollection | UntrustedData.cs:15:28:15:31 | access to local variable name | Call to System.Web.HttpResponse.Write with untrusted data from $@. | UntrustedData.cs:11:20:11:42 | access to property QueryString : NameValueCollection | access to property QueryString : NameValueCollection |

0 commit comments

Comments
 (0)