From c0273ba5c022cd940fd4bd185ed25069753cb738 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Sat, 4 Jul 2026 22:46:21 +0100 Subject: [PATCH 1/4] Convert qlref tests to inline expectations --- .../ModifiedFnvFunctionDetection.qlref | 3 +- .../NumberOfKnownCommandsAboveThreshold.qlref | 3 +- .../NumberOfKnownHashesAboveThreshold.qlref | 3 +- .../NumberOfKnownLiteralsAboveThreshold.qlref | 3 +- ...mberOfKnownMethodNamesAboveThreshold.qlref | 3 +- .../SwallowEverythingExceptionHandler.qlref | 3 +- .../Solorigate/test/Solorigate/test.cs | 434 +++++++++--------- .../BlazorTest/Components/MyOutput.razor | 2 +- .../Components/Pages/TestPage.razor | 6 +- .../all-platforms/blazor/XSS.qlref | 4 +- .../BlazorTest/Components/MyOutput.razor | 2 +- .../Components/Pages/TestPage.razor | 6 +- .../blazor_build_mode_none/XSS.qlref | 4 +- .../BlazorTest/Components/MyOutput.razor | 2 +- .../Components/Pages/TestPage.razor | 6 +- .../all-platforms/blazor_net_8/XSS.qlref | 4 +- .../DatabaseQualityDiagnostics.qlref | 2 +- .../DatabaseQualityDiagnostics.qlref | 2 +- .../CWE-020/RuntimeChecksBypassBad.cs | 2 +- .../experimental/CWE-918/RequestForgery.qlref | 3 +- .../CWE-759/HashWithoutSalt.cs | 18 +- .../CWE-759/HashWithoutSalt.qlref | 4 +- ...urity-validations-always-return-true.qlref | 3 +- .../JsonWebTokenHandler/delegation-test.cs | 18 +- .../security-validation-disabled-test.cs | 12 +- .../security-validation-disabled.qlref | 3 +- .../DefiningDatasetRelatedType.qlref | 3 +- ...finingPotentiallyUnsafeXmlSerializer.qlref | 3 +- ...UnsafeTypeUsedDataContractSerializer.qlref | 3 +- .../XmlDeserializationWithDataSet.qlref | 3 +- .../Security Features/Serialization/test0.cs | 14 +- .../DangerousNativeFunctionCall.qlref | 3 +- .../backdoor/PotentialTimeBomb.qlref | 3 +- .../backdoor/ProcessNameToHashTaintFlow.qlref | 3 +- .../Security Features/backdoor/test.cs | 4 +- .../library-tests/arguments/PrintAst.qlref | 2 +- .../library-tests/assignments/PrintAst.qlref | 2 +- .../library-tests/attributes/PrintAst.qlref | 2 +- .../library-tests/comments/PrintAst.qlref | 2 +- .../compilations/CompilerError.qlref | 2 +- .../compilations/CompilerMessage.qlref | 2 +- .../compilations/ExtractorError.qlref | 2 +- .../compilations/ExtractorMessage.qlref | 2 +- .../library-tests/constructors/PrintAst.qlref | 2 +- .../conversion/operator/PrintAst.qlref | 2 +- .../library-tests/csharp11/PrintAst.qlref | 2 +- .../test/library-tests/csharp6/PrintAst.qlref | 2 +- .../library-tests/csharp7.1/PrintAst.qlref | 2 +- .../library-tests/csharp7.2/PrintAst.qlref | 2 +- .../library-tests/csharp7.3/PrintAst.qlref | 2 +- .../test/library-tests/csharp7/PrintAst.qlref | 2 +- .../test/library-tests/csharp8/PrintAst.qlref | 2 +- .../test/library-tests/csharp9/PrintAst.qlref | 2 +- .../dataflow/implicittostring/PrintAst.qlref | 2 +- .../dataflow/tuples/PrintAst.qlref | 2 +- .../library-tests/definitions/PrintAst.qlref | 2 +- .../definitions/definitions.qlref | 2 +- .../library-tests/delegates/PrintAst.qlref | 2 +- .../DiagnosticExtractorErrors.qlref | 2 +- .../diagnostics/ExtractedFiles.qlref | 2 +- .../test/library-tests/dynamic/PrintAst.qlref | 2 +- .../test/library-tests/enums/PrintAst.qlref | 2 +- .../test/library-tests/events/PrintAst.qlref | 2 +- .../library-tests/exceptions/PrintAst.qlref | 2 +- .../library-tests/expressions/PrintAst.qlref | 2 +- .../library-tests/extension/PrintAst.qlref | 2 +- .../test/library-tests/fields/PrintAst.qlref | 2 +- .../filters/ClassifyFiles/ClassifyFiles.qlref | 2 +- .../Components_Pages_TestPage_razor.g.cs | 4 +- .../microsoft/aspnetcore/blazor/Name.cs | 4 +- .../microsoft/aspnetcore/blazor/NameList.cs | 4 +- .../microsoft/aspnetcore/blazor/NameList2.cs | 4 +- .../microsoft/aspnetcore/blazor/Xss.qlref | 4 +- .../library-tests/generics/PrintAst.qlref | 2 +- .../ql/test/library-tests/goto/PrintAst.qlref | 2 +- .../library-tests/indexers/PrintAst.qlref | 2 +- .../library-tests/initializers/PrintAst.qlref | 2 +- .../ql/test/library-tests/linq/PrintAst.qlref | 2 +- .../test/library-tests/members/PrintAst.qlref | 2 +- .../test/library-tests/methods/PrintAst.qlref | 2 +- .../test/library-tests/nameof/PrintAst.qlref | 2 +- .../library-tests/namespaces/PrintAst.qlref | 2 +- .../library-tests/nestedtypes/PrintAst.qlref | 2 +- .../library-tests/operators/PrintAst.qlref | 2 +- .../test/library-tests/partial/PrintAst.qlref | 2 +- .../library-tests/properties/PrintAst.qlref | 2 +- .../library-tests/statements/PrintAst.qlref | 2 +- .../stringinterpolation/PrintAst.qlref | 2 +- .../test/library-tests/types/PrintAst.qlref | 2 +- .../test/library-tests/unsafe/PrintAst.qlref | 2 +- .../CallToGCCollect/CallToGCCollect.qlref | 3 +- .../CallToGCCollect/CallToGCCollectBad.cs | 2 +- .../CallToObsoleteMethod.cs | 2 +- .../CallToObsoleteMethod.qlref | 3 +- .../CallToObsoleteMethodBad.cs | 2 +- .../ClassDoesNotImplementEquals.cs | 6 +- .../ClassDoesNotImplementEquals.qlref | 3 +- .../ClassDoesNotImplementEqualsBad.cs | 2 +- .../ClassImplementsICloneable.qlref | 3 +- .../ClassImplementsICloneableBad.cs | 4 +- .../DisposeNotCalledOnException.cs | 6 +- .../DisposeNotCalledOnException.qlref | 3 +- .../DisposeNotCalledOnExceptionBad.cs | 4 +- .../InconsistentEqualsGetHashCode.cs | 4 +- .../InconsistentEqualsGetHashCode.qlref | 3 +- .../InconsistentEqualsGetHashCodeBad.cs | 2 +- .../IncorrectCompareToSignature.cs | 2 +- .../IncorrectCompareToSignature.qlref | 3 +- .../IncorrectCompareToSignatureBad.cs | 2 +- .../IncorrectEqualsSignature.cs | 2 +- .../IncorrectEqualsSignature.qlref | 3 +- .../IncorrectEqualsSignatureBad.cs | 2 +- .../MissingDisposeCall/MissingDisposeCall.cs | 8 +- .../MissingDisposeCall.qlref | 3 +- .../MissingDisposeCallBad.cs | 2 +- .../MissingDisposeMethod.cs | 12 +- .../MissingDisposeMethod.qlref | 3 +- .../MissingDisposeMethodBad.cs | 2 +- .../NonOverridingMethod.cs | 4 +- .../NonOverridingMethod.qlref | 3 +- .../NonOverridingMethodBad.cs | 2 +- .../NullArgumentToEquals.cs | 6 +- .../NullArgumentToEquals.qlref | 3 +- .../NullArgumentToEqualsBad.cs | 2 +- .../UncheckedReturnValue.cs | 12 +- .../UncheckedReturnValue.qlref | 3 +- .../UncheckedReturnValueBad.cs | 4 +- .../BlockCodeResponseWrite.qlref | 3 +- .../BlockCodeResponseWriteBad.aspx | 2 +- .../ASP/BlockCodeResponseWrite/test.aspx | 2 +- .../ComplexInlineCode/ComplexInlineCode.qlref | 3 +- .../ComplexInlineCodeBad.aspx | 2 +- .../ASP/ComplexInlineCode/test.aspx | 2 +- .../NonInternationalizedText.qlref | 3 +- .../NonInternationalizedTextBad.aspx | 2 +- .../ASP/NonInternationalizedText/test.aspx | 2 +- .../SplitControlStructure.qlref | 3 +- .../SplitControlStructureBad.aspx | 2 +- .../ASP/SplitControlStructure/test.aspx | 2 +- .../AlertSuppression/AlertSuppression.qlref | 2 +- .../MutualDependency/MutualDependency.qlref | 3 +- .../MutualDependency/MutualDependencyBad.cs | 2 +- .../FeatureEnvy/FeatureEnvy.qlref | 3 +- .../FeatureEnvy/FeatureEnvyBad.cs | 2 +- .../InappropriateIntimacy.cs | 4 +- .../InappropriateIntimacy.qlref | 3 +- .../CommentedOutCode/CommentedOutCode.cs | 2 +- .../CommentedOutCode/CommentedOutCode.qlref | 3 +- .../Comments/TodoComments/TodoComments.cs | 4 +- .../Comments/TodoComments/TodoComments.qlref | 3 +- .../Comments/TodoComments/TodoCommentsBad.cs | 2 +- .../EmptyInterface/EmptyInterface.qlref | 3 +- .../EmptyInterface/EmptyInterfaceBad.cs | 2 +- .../LocalScopeVariableShadowsMember.cs | 12 +- .../LocalScopeVariableShadowsMember.qlref | 3 +- .../LocalScopeVariableShadowsMemberBad.cs | 2 +- .../NoConstantsOnly/NoConstantsOnly.cs | 2 +- .../NoConstantsOnly/NoConstantsOnly.qlref | 3 +- .../NoConstantsOnly/NoConstantsOnlyBad.cs | 2 +- .../TooManyRefParameters.qlref | 3 +- .../TooManyRefParametersBad.cs | 2 +- .../EmptyCatchBlock/EmptyCatchBlock.cs | 2 +- .../EmptyCatchBlock/EmptyCatchBlock.qlref | 3 +- .../AbstractToConcreteCollection.cs | 2 +- .../AbstractToConcreteCollection.qlref | 3 +- .../AbstractToConcreteCollectionBad.cs | 2 +- .../ExposeRepresentation.cs | 2 +- .../ExposeRepresentation.qlref | 3 +- .../ExposeRepresentationBad.cs | 2 +- .../StaticArray/StaticArray.cs | 6 +- .../StaticArray/StaticArray.qlref | 3 +- .../StaticArray/StaticArrayBad.cs | 2 +- .../ConfusingMethodNames.qlref | 3 +- .../ConfusingMethodNames/Program.cs | 2 +- .../VariableNameTooShort.cs | 6 +- .../VariableNameTooShort.qlref | 3 +- .../Bad Practices/Path Combine/PathCombine.cs | 2 +- .../Path Combine/PathCombine.qlref | 3 +- .../VirtualCallInConstructorOrDestructor.cs | 10 +- ...VirtualCallInConstructorOrDestructor.qlref | 3 +- .../CompareIdenticalValues.cs | 48 +- .../CompareIdenticalValues.qlref | 3 +- .../FutileSyncOnField/FutileSyncOnField.cs | 6 +- .../FutileSyncOnField/FutileSyncOnField.qlref | 3 +- .../Concurrency/LockOrder/LockOrder.cs | 6 +- .../Concurrency/LockOrder/LockOrder.qlref | 3 +- .../Concurrency/LockOrder/LockOrderBad.cs | 2 +- .../Concurrency/LockThis/LockThis.cs | 2 +- .../Concurrency/LockThis/LockThis.qlref | 3 +- .../Concurrency/LockedWait/LockedWait.cs | 30 +- .../Concurrency/LockedWait/LockedWait.qlref | 3 +- .../SynchSetUnsynchGet/SynchSetUnsynchGet.cs | 4 +- .../SynchSetUnsynchGet.qlref | 3 +- .../UnsafeLazyInitialization.cs | 12 +- .../UnsafeLazyInitialization.qlref | 3 +- .../UnsynchronizedStaticAccess.cs | 4 +- .../UnsynchronizedStaticAccess.qlref | 3 +- .../EmptyPasswordInConfigurationFile.qlref | 3 +- .../PasswordInConfigurationFile.qlref | 3 +- .../PasswordInConfigurationFile/config.xml | 16 +- .../NonAssignedFields/NonAssignedFields.cs | 4 +- .../NonAssignedFields/NonAssignedFields.qlref | 3 +- .../Dead Code/Tests/DeadRefTypes.qlref | 3 +- .../Dead Code/Tests/UnusedField.qlref | 3 +- .../Dead Code/Tests/UnusedMethod.qlref | 3 +- .../query-tests/Dead Code/Tests/deadcode.cs | 4 +- .../query-tests/Dead Code/Tests/regression.cs | 20 +- .../Documentation/XmldocExtraParam.qlref | 3 +- .../Documentation/XmldocExtraTypeParam.qlref | 3 +- .../Documentation/XmldocMissing.qlref | 3 +- .../XmldocMissingException.qlref | 3 +- .../Documentation/XmldocMissingParam.qlref | 3 +- .../Documentation/XmldocMissingReturn.qlref | 3 +- .../Documentation/XmldocMissingSummary.qlref | 3 +- .../XmldocMissingTypeParam.qlref | 3 +- .../Documentation/documentation.cs | 16 +- .../test/query-tests/EmptyBlock/EmptyBlock.cs | 6 +- .../query-tests/EmptyBlock/EmptyBlock.qlref | 3 +- .../CatchOfGenericException.cs | 6 +- .../CatchOfGenericException.qlref | 3 +- .../Language Abuse/ChainedIs/ChainedIs.cs | 2 +- .../Language Abuse/ChainedIs/ChainedIs.qlref | 3 +- .../DubiousTypeTestOfThis.cs | 4 +- .../DubiousTypeTestOfThis.qlref | 3 +- .../DubiousTypeTestOfThis2.cs | 2 +- .../ForeachCapture/ForeachCapture.cs | 4 +- .../ForeachCapture/ForeachCapture.qlref | 3 +- .../MissedTernaryOpportunity.cs | 4 +- .../MissedTernaryOpportunity.qlref | 3 +- .../Language Abuse/NestedIf/NestedIf.qlref | 3 +- .../Language Abuse/NestedIf/nestedif.cs | 6 +- .../RethrowException/RethrowException.cs | 4 +- .../RethrowException/RethrowException.qlref | 3 +- .../SimplifyBoolExpr/SimplifyBoolExpr.cs | 60 +-- .../SimplifyBoolExpr/SimplifyBoolExpr.qlref | 3 +- .../SimplifyBoolExpr/SimplifyBoolExprBad.cs | 6 +- .../UselessCastToSelf/UselessCastToSelf.cs | 14 +- .../UselessCastToSelf/UselessCastToSelf.qlref | 3 +- .../UselessIsBeforeAs/UselessIsBeforeAs.cs | 2 +- .../UselessIsBeforeAs/UselessIsBeforeAs.qlref | 3 +- .../UselessNullCoalescingExpression.cs | 16 +- .../UselessNullCoalescingExpression.qlref | 3 +- .../UselessUpcast/UselessUpcast.cs | 16 +- .../UselessUpcast/UselessUpcast.qlref | 3 +- .../UselessUpcast/UselessUpcastBad.cs | 2 +- .../Likely Bugs/BadCheckOdd/BadCheckOdd.cs | 8 +- .../Likely Bugs/BadCheckOdd/BadCheckOdd.qlref | 3 +- .../ContainerLengthCmpOffByOne.cs | 8 +- .../ContainerLengthCmpOffByOne.qlref | 3 +- .../ContainerSizeCmpZero.cs | 60 +-- .../ContainerSizeCmpZero.qlref | 3 +- .../DangerousNonShortCircuitLogic.cs | 9 +- .../DangerousNonShortCircuitLogic.qlref | 3 +- .../Likely Bugs/Dynamic/BadDynamicCall.qlref | 3 +- .../Likely Bugs/Dynamic/dynamic.cs | 30 +- .../Likely Bugs/EqualsArray/EqualsArray.cs | 8 +- .../Likely Bugs/EqualsArray/EqualsArray.qlref | 3 +- .../Likely Bugs/EqualsUsesAs/EqualsUsesAs.cs | 2 +- .../EqualsUsesAs/EqualsUsesAs.qlref | 3 +- .../Likely Bugs/EqualsUsesIs/EqualsUsesIs.cs | 2 +- .../EqualsUsesIs/EqualsUsesIs.qlref | 3 +- .../IncomparableEquals/IncomparableEquals.cs | 2 +- .../IncomparableEquals.qlref | 3 +- .../InconsistentCompareTo.cs | 8 +- .../InconsistentCompareTo.qlref | 3 +- .../MishandlingJapaneseEra.qlref | 3 +- .../MishandlingJapaneseEra/Program.cs | 12 +- .../NestedLoopsSameVariable.cs | 2 +- .../NestedLoopsSameVariable.qlref | 3 +- .../NestedLoopsSameVariable/Test.cs | 8 +- .../ObjectComparison/ObjectComparison.cs | 8 +- .../ObjectComparison/ObjectComparison.qlref | 3 +- .../PossibleLossOfPrecision.cs | 28 +- .../PossibleLossOfPrecision.qlref | 3 +- .../RandomUsedOnce/RandomUsedOnce.cs | 10 +- .../RandomUsedOnce/RandomUsedOnce.qlref | 3 +- .../RecursiveEquals/RecursiveEquals.cs | 2 +- .../RecursiveEquals/RecursiveEquals.qlref | 3 +- .../SelfAssignment/SelfAssignment.qlref | 3 +- .../Likely Bugs/SelfAssignment/selfassigns.cs | 22 +- .../StaticFieldWrittenByInstance.cs | 6 +- .../StaticFieldWrittenByInstance.qlref | 3 +- .../StringBufferCharInit.qlref | 3 +- .../StringBuilderCharInit.cs | 10 +- .../ThreadUnsafeICryptoTransform.cs | 10 +- .../ThreadUnsafeICryptoTransform.qlref | 3 +- .../ThreadUnsafeICryptoTransformLambda.cs | 8 +- .../ThreadUnsafeICryptoTransformLambda.qlref | 3 +- .../UncheckedCastInEquals.cs | 2 +- .../UncheckedCastInEquals.qlref | 3 +- .../UnsafeYearConstruction/Program.cs | 10 +- .../UnsafeYearConstruction.qlref | 3 +- .../MissedCastOpportunity.cs | 8 +- .../MissedCastOpportunity.qlref | 3 +- .../MissedWhereOpportunity.cs | 8 +- .../MissedWhereOpportunity.qlref | 3 +- .../MagicConstants/AttributeInts.cs | 2 +- .../MagicConstants/AttributeStrings.cs | 2 +- .../MagicConstants/AttributeStrings.qlref | 3 +- .../query-tests/MagicConstants/HashCode.cs | 2 +- .../MagicConstantsNumbers.qlref | 3 +- .../MagicConstants/MagicNumbersUseConstant.cs | 4 +- .../MagicNumbersUseConstant.qlref | 3 +- .../MagicConstants/MagicStringsUseConstant.cs | 4 +- .../MagicStringsUseConstant.qlref | 3 +- .../flinesofcommentedcode.qlref | 2 +- .../RefTypes/TNumberOfFields/EnumSize.qlref | 2 +- .../Metrics/Summaries/LinesOfCode.qlref | 2 +- .../StringBuilderInLoop.cs | 4 +- .../StringBuilderInLoop.qlref | 3 +- .../StringConcatenationInLoop.cs | 4 +- .../StringConcatenationInLoop.qlref | 3 +- .../UseTryGetValue/UseTryGetValue.cs | 20 +- .../UseTryGetValue/UseTryGetValue.qlref | 3 +- .../ReadOnlyContainer/ReadOnlyContainer.cs | 24 +- .../ReadOnlyContainer/ReadOnlyContainer.qlref | 3 +- .../CWE-011/ASPNetDebug.qlref | 3 +- .../Security Features/CWE-011/bad1/Web.config | 2 +- .../Security Features/CWE-011/bad2/Web.config | 2 +- .../ASPNetMaxRequestLength.qlref | 3 +- .../ASPNetMaxRequestLength/bad/Web.config | 4 +- .../ASPNetPagesValidateRequest.qlref | 3 +- .../ASPNetPagesValidateRequestBad.config | 4 +- .../ASPNetRequestValidationMode.qlref | 3 +- .../ASPNetRequestValidationModeBad.config | 2 +- .../ExternalAPIsUsedWithUntrustedData.qlref | 2 +- .../CWE-020/RuntimeChecksBypass.cs | 6 +- .../CWE-020/RuntimeChecksBypassBad.cs | 2 +- .../CWE-020/RuntimeChecksbypass.qlref | 3 +- .../CWE-020/UntrustedData.cs | 4 +- .../CWE-020/UntrustedDataToExternalAPI.qlref | 4 +- .../CWE-022/TaintedPath/TaintedPath.cs | 16 +- .../CWE-022/TaintedPath/TaintedPath.qlref | 4 +- .../CWE-022/ZipSlip/ZipSlip.cs | 22 +- .../CWE-022/ZipSlip/ZipSlip.qlref | 4 +- .../CWE-022/ZipSlip/ZipSlipBad.cs | 4 +- .../CWE-078/CommandInjection.cs | 16 +- .../CWE-078/CommandInjection.qlref | 4 +- .../CWE-079/StoredXSS/StoredXSS.cs | 4 +- .../CWE-079/StoredXSS/StoredXSS.qlref | 4 +- .../Security Features/CWE-079/XSSAsp/XSS.cs | 36 +- .../CWE-079/XSSAsp/XSS.qlref | 4 +- .../CWE-079/XSSAsp/script.aspx | 6 +- .../CWE-079/XSSRazorPages/XSS.qlref | 3 +- .../CWE-090/LDAPInjection.cs | 18 +- .../CWE-090/LDAPInjection.qlref | 4 +- .../CWE-091/XMLInjection/Test.cs | 4 +- .../CWE-091/XMLInjection/XMLInjection.qlref | 4 +- .../CWE-094/CodeInjection.cs | 8 +- .../CWE-094/CodeInjection.qlref | 4 +- .../CWE-099/ResourceInjection.cs | 6 +- .../CWE-099/ResourceInjection.qlref | 4 +- .../CWE-112/MissingXMLValidation.cs | 10 +- .../CWE-112/MissingXMLValidation.qlref | 4 +- .../AssemblyPathInjection.qlref | 4 +- .../CWE-114/AssemblyPathInjection/Test.cs | 4 +- .../CWE-119/LocalUnvalidatedArithmetic.cs | 2 +- .../CWE-119/LocalUnvalidatedArithmetic.qlref | 3 +- .../ExposureInTransmittedData.cs | 18 +- .../ExposureInTransmittedData.qlref | 4 +- .../CWE-209/ExceptionInformationExposure.cs | 14 +- .../ExceptionInformationExposure.qlref | 4 +- .../MissingASPNETGlobalErrorHandler.qlref | 3 +- .../WebConfigOff/Web.config | 2 +- .../MissingASPNETGlobalErrorHandler.qlref | 3 +- .../WebFormsTests/MissingAccessControl.qlref | 3 +- .../WebFormsTests/Test1/EditProfile.aspx.cs | 2 +- .../WebFormsTests/Test1/ViewProfile.aspx.cs | 2 +- .../WebFormsTests/Test3/B/EditProfile.aspx.cs | 2 +- .../CWE-312/CleartextStorage.cs | 20 +- .../CWE-312/CleartextStorage.qlref | 3 +- .../HardcodedSymmetricEncryptionKey.cs | 16 +- .../HardcodedSymmetricEncryptionKey.qlref | 4 +- .../DontInstallRootCert.qlref | 3 +- .../CWE-327/DontInstallRootCert/Test.cs | 12 +- .../InsecureSQLConnection.cs | 10 +- .../InsecureSQLConnection.qlref | 3 +- .../InsufficientKeySize.cs | 6 +- .../InsufficientKeySize.qlref | 3 +- .../CWE-338/InsecureRandomness.cs | 14 +- .../CWE-338/InsecureRandomness.qlref | 4 +- .../MissingAntiForgeryTokenValidation.qlref | 3 +- .../MissingAntiForgeryTokenValidation.cs | 4 +- .../MissingAntiForgeryTokenValidation.qlref | 1 + .../MissingAntiForgeryTokenValidation.cs | 4 +- .../MissingAntiForgeryTokenValidation.qlref | 3 +- .../CWE-359/ExposureOfPrivateInformation.cs | 10 +- .../ExposureOfPrivateInformation.qlref | 3 +- .../CWE-384/AbandonSession.cs | 6 +- .../CWE-384/AbandonSession.qlref | 3 +- .../MissingXFrameOptions.qlref | 3 +- .../NoHeader/MissingXFrameOptions.qlref | 3 +- .../MissingXFrameOptions/NoHeader/Web.config | 2 +- .../MissingXFrameOptions.qlref | 3 +- .../MissingXFrameOptions.qlref | 3 +- .../PersistentCookie/PersistentCookie.cs | 4 +- .../PersistentCookie/PersistentCookie.qlref | 3 +- .../CWE-548/ASPNetDirectoryListing.qlref | 3 +- .../Security Features/CWE-548/web.config | 2 +- .../CWE-601/UrlRedirect/UrlRedirect.cs | 16 +- .../CWE-601/UrlRedirect/UrlRedirect.qlref | 4 +- .../CWE-601/UrlRedirect/UrlRedirect2.cs | 2 +- .../CWE-601/UrlRedirect/UrlRedirectCore.cs | 24 +- .../Security Features/CWE-611/Test.cs | 6 +- .../CWE-611/UntrustedDataInsecureXml.qlref | 4 +- .../CWE-611/UseXmlSecureResolver.qlref | 4 +- .../RequireSSL/AddedInCode/RequireSSL.qlref | 3 +- .../RequireSSL/AddedInForms/RequireSSL.qlref | 3 +- .../HttpCookiesCorrect/RequireSSL.qlref | 3 +- .../RequireSSL/HttpCookiesCorrect/Web.config | 2 +- .../RequireSSLMissing/RequireSSL.qlref | 3 +- .../RequireSSL/RequireSSLMissing/Web.config | 4 +- .../CWE-639/MVCTests/CommentController.cs | 4 +- .../InsecureDirectObjectReference.qlref | 3 +- .../CWE-639/MVCTests/MiscTestControllers.cs | 6 +- .../CWE-639/MVCTests/ProfileController.cs | 2 +- .../CWE-639/WebFormsTests/EditComment.aspx.cs | 2 +- .../InsecureDirectObjectReference.qlref | 3 +- .../CWE-643/XPathInjection.cs | 24 +- .../CWE-643/XPathInjection.qlref | 4 +- .../CWE-730/ReDoS/ExponentialRegex.cs | 12 +- .../CWE-730/ReDoS/ReDoS.qlref | 4 +- .../CWE-730/ReDoSGlobalTimeout/ReDoS.qlref | 4 +- .../CWE-730/RegexInjection/RegexInjection.cs | 4 +- .../RegexInjection/RegexInjection.qlref | 4 +- .../CWE-798/HardcodedConnectionString.qlref | 3 +- .../CWE-798/HardcodedCredentials.cs | 18 +- .../CWE-798/HardcodedCredentials.qlref | 3 +- .../CWE-798/TestHardcodedCredentials.cs | 2 +- .../CWE-807/ConditionalBypass.cs | 24 +- .../CWE-807/ConditionalBypass.qlref | 4 +- .../Security Features/CWE-838/HtmlEncode.cs | 2 +- .../CWE-838/InappropriateEncoding.cs | 24 +- .../CWE-838/InappropriateEncoding.qlref | 4 +- .../Security Features/CWE-838/SqlEncode.cs | 4 +- .../Security Features/CWE-838/UrlEncode.cs | 2 +- .../LibraryUsage/ExternalLibraryUsage.qlref | 2 +- .../LibraryUsage/SupportedExternalTaint.qlref | 2 +- .../UnsupportedExternalAPIs.qlref | 2 +- .../SupportedExternalApis.qlref | 2 +- .../SupportedExternalSinks.qlref | 2 +- .../SupportedExternalSources.qlref | 2 +- .../UnusedPropertyValue.cs | 6 +- .../UnusedPropertyValue.qlref | 3 +- .../test/query-tests/UseBraces/UseBraces.cs | 10 +- .../query-tests/UseBraces/UseBraces.qlref | 3 +- .../PointlessForwardingMethod.cs | 4 +- .../PointlessForwardingMethod.qlref | 3 +- .../WriteOnlyContainer/WriteOnlyContainer.cs | 68 +-- .../WriteOnlyContainer.qlref | 3 +- .../IncomparableEquals/IncomparableEquals.cs | 6 +- .../IncomparableEquals.qlref | 3 +- .../ObjectComparison/ObjectComparison.cs | 4 +- .../ObjectComparison/ObjectComparison.qlref | 3 +- .../ApplicationModeEndpoints.qlref | 2 +- .../modeleditor/FrameworkModeEndpoints.qlref | 2 +- 456 files changed, 1482 insertions(+), 1266 deletions(-) diff --git a/csharp/ql/campaigns/Solorigate/test/Solorigate/ModifiedFnvFunctionDetection.qlref b/csharp/ql/campaigns/Solorigate/test/Solorigate/ModifiedFnvFunctionDetection.qlref index 0bfdf5905b36..d861fc929b23 100644 --- a/csharp/ql/campaigns/Solorigate/test/Solorigate/ModifiedFnvFunctionDetection.qlref +++ b/csharp/ql/campaigns/Solorigate/test/Solorigate/ModifiedFnvFunctionDetection.qlref @@ -1 +1,2 @@ -ModifiedFnvFunctionDetection.ql +query: ModifiedFnvFunctionDetection.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/campaigns/Solorigate/test/Solorigate/NumberOfKnownCommandsAboveThreshold.qlref b/csharp/ql/campaigns/Solorigate/test/Solorigate/NumberOfKnownCommandsAboveThreshold.qlref index 61c6c1e04a80..6854e44501fe 100644 --- a/csharp/ql/campaigns/Solorigate/test/Solorigate/NumberOfKnownCommandsAboveThreshold.qlref +++ b/csharp/ql/campaigns/Solorigate/test/Solorigate/NumberOfKnownCommandsAboveThreshold.qlref @@ -1 +1,2 @@ -NumberOfKnownCommandsAboveThreshold.ql +query: NumberOfKnownCommandsAboveThreshold.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/campaigns/Solorigate/test/Solorigate/NumberOfKnownHashesAboveThreshold.qlref b/csharp/ql/campaigns/Solorigate/test/Solorigate/NumberOfKnownHashesAboveThreshold.qlref index 718d6c67048c..a66d6d55d198 100644 --- a/csharp/ql/campaigns/Solorigate/test/Solorigate/NumberOfKnownHashesAboveThreshold.qlref +++ b/csharp/ql/campaigns/Solorigate/test/Solorigate/NumberOfKnownHashesAboveThreshold.qlref @@ -1 +1,2 @@ -NumberOfKnownHashesAboveThreshold.ql +query: NumberOfKnownHashesAboveThreshold.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/campaigns/Solorigate/test/Solorigate/NumberOfKnownLiteralsAboveThreshold.qlref b/csharp/ql/campaigns/Solorigate/test/Solorigate/NumberOfKnownLiteralsAboveThreshold.qlref index e17b18d08ae5..38b9897d0685 100644 --- a/csharp/ql/campaigns/Solorigate/test/Solorigate/NumberOfKnownLiteralsAboveThreshold.qlref +++ b/csharp/ql/campaigns/Solorigate/test/Solorigate/NumberOfKnownLiteralsAboveThreshold.qlref @@ -1 +1,2 @@ -NumberOfKnownLiteralsAboveThreshold.ql +query: NumberOfKnownLiteralsAboveThreshold.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/campaigns/Solorigate/test/Solorigate/NumberOfKnownMethodNamesAboveThreshold.qlref b/csharp/ql/campaigns/Solorigate/test/Solorigate/NumberOfKnownMethodNamesAboveThreshold.qlref index 747fb006e437..7f5e000495e2 100644 --- a/csharp/ql/campaigns/Solorigate/test/Solorigate/NumberOfKnownMethodNamesAboveThreshold.qlref +++ b/csharp/ql/campaigns/Solorigate/test/Solorigate/NumberOfKnownMethodNamesAboveThreshold.qlref @@ -1 +1,2 @@ -NumberOfKnownMethodNamesAboveThreshold.ql +query: NumberOfKnownMethodNamesAboveThreshold.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/campaigns/Solorigate/test/Solorigate/SwallowEverythingExceptionHandler.qlref b/csharp/ql/campaigns/Solorigate/test/Solorigate/SwallowEverythingExceptionHandler.qlref index 538eee55bf20..e49d40d16e12 100644 --- a/csharp/ql/campaigns/Solorigate/test/Solorigate/SwallowEverythingExceptionHandler.qlref +++ b/csharp/ql/campaigns/Solorigate/test/Solorigate/SwallowEverythingExceptionHandler.qlref @@ -1 +1,2 @@ -SwallowEverythingExceptionHandler.ql +query: SwallowEverythingExceptionHandler.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/campaigns/Solorigate/test/Solorigate/test.cs b/csharp/ql/campaigns/Solorigate/test/Solorigate/test.cs index 8680d8346940..2530492ef74d 100644 --- a/csharp/ql/campaigns/Solorigate/test/Solorigate/test.cs +++ b/csharp/ql/campaigns/Solorigate/test/Solorigate/test.cs @@ -6,12 +6,12 @@ class FalsePositiveCases // regular FVN ulong GetRegularFvnHash(string s) { - ulong num = 14695981039346656037UL; /* FNV base offset */ + ulong num = 14695981039346656037UL; /* FNV base offset */ // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] foreach (byte b in Encoding.UTF8.GetBytes(s)) { num ^= (ulong)b; - num *= 1099511628211UL; /* FNV prime */ + num *= 1099511628211UL; /* FNV prime */ // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] } return num; @@ -22,24 +22,24 @@ class TestCases { ulong GetRegularFvnHash(string s) { - ulong num = 14695981039346656037UL; + ulong num = 14695981039346656037UL; // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] try { foreach (byte b in Encoding.UTF8.GetBytes(s)) { num ^= (ulong)b; - num *= 1099511628211UL; + num *= 1099511628211UL; // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] } } catch // BUG : SwallowEverythingExceptionHandler { - } + } // $ Alert[cs/solorigate/swallow-everything-exception] - return num ^ 6605813339339102567UL; // BUG (ModifiedFnvFunctionDetection.ql) + return num ^ 6605813339339102567UL; // $ Alert[cs/solorigate/modified-fnv-function-detection] Alert[cs/solorigate/number-of-known-hashes-above-threshold] // BUG (ModifiedFnvFunctionDetection.ql) } - enum JobEngine + enum JobEngine // $ Alert[cs/solorigate/number-of-known-commands-in-enum-above-threshold] { Idle, Exit, @@ -62,222 +62,222 @@ enum JobEngine None } - void Abort() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void AddFileExecutionEngine() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void AddRegistryExecutionEngine() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void AdjustTokenPrivileges() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void Base64Decode() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void Base64Encode() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void ByteArrayToHexString() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void CheckServerConnection() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void Close() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void CloseHandle() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void CollectSystemDescription() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void Compress() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void CreateSecureString() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void CreateString() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void CreateUploadRequest() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void CreateUploadRequestImpl() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void Decompress() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void DecryptShort() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void Deflate() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void DelayMin() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void DelayMs() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void DeleteFile() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void DeleteRegistryValue() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void DeleteValue() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void ExecuteEngine() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void FileExists() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetAddresses() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetAddressFamily() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetArgumentIndex() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetBaseUri() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetBaseUriImpl() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetCache() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetCurrentProcess() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetCurrentString() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetDescriptionId() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetFileHash() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetFileSystemEntries() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetHash() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetHive() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetIntArray() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetIPHostEntry() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetManagementObjectProperty() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetNetworkAdapterConfiguration() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetNewOwnerName() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetNextString() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetNextStringEx() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetOrCreateUserID() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetOrionImprovementCustomerId() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetOSVersion() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetPreviousString() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetProcessByDescription() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetRegistrySubKeyAndValueNames() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetStatus() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetStringHash() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetSubKeyAndValueNames() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetUserAgent() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetValue() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void GetWebProxy() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void HexStringToByteArray() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void Inflate() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void Initialize() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void InitiateSystemShutdownExW() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void IsNullOrInvalidName() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void IsSynchronized() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void KillTask() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void LookupPrivilegeValueW() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void OpenProcessToken() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void ParseServiceResponse() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void Quote() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void ReadConfig() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void ReadDeviceInfo() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void ReadRegistryValue() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void ReadReportStatus() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void ReadServiceStatus() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void RebootComputer() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void RunTask() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void SearchAssemblies() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void SearchConfigurations() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void SearchServices() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void SetAutomaticMode() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void SetKeyOwner() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void SetKeyOwnerWithPrivileges() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void SetKeyPermissions() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void SetManualMode() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void SetProcessPrivilege() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void SetRegistryValue() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void SetTime() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void SetValue() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void SplitString() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void ToString() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void TrackEvent() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void TrackProcesses() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void Unquote() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void Unzip() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void Update() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void UpdateBuffer() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void UpdateNotification() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void UploadSystemDescription() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void Valid() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void WriteConfig() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void WriteFile() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void WriteReportStatus() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void WriteServiceStatus() { } // BUG : NumberOfKnownMethodNamesAboveThreshold - void Zip() { } // BUG : NumberOfKnownMethodNamesAboveThreshold + void Abort() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void AddFileExecutionEngine() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void AddRegistryExecutionEngine() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void AdjustTokenPrivileges() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void Base64Decode() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void Base64Encode() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void ByteArrayToHexString() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void CheckServerConnection() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void Close() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void CloseHandle() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void CollectSystemDescription() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void Compress() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void CreateSecureString() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void CreateString() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void CreateUploadRequest() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void CreateUploadRequestImpl() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void Decompress() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void DecryptShort() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void Deflate() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void DelayMin() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void DelayMs() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void DeleteFile() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void DeleteRegistryValue() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void DeleteValue() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void ExecuteEngine() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void FileExists() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetAddresses() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetAddressFamily() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetArgumentIndex() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetBaseUri() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetBaseUriImpl() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetCache() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetCurrentProcess() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetCurrentString() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetDescriptionId() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetFileHash() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetFileSystemEntries() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetHash() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetHive() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetIntArray() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetIPHostEntry() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetManagementObjectProperty() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetNetworkAdapterConfiguration() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetNewOwnerName() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetNextString() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetNextStringEx() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetOrCreateUserID() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetOrionImprovementCustomerId() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetOSVersion() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetPreviousString() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetProcessByDescription() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetRegistrySubKeyAndValueNames() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetStatus() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetStringHash() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetSubKeyAndValueNames() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetUserAgent() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetValue() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void GetWebProxy() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void HexStringToByteArray() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void Inflate() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void Initialize() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void InitiateSystemShutdownExW() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void IsNullOrInvalidName() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void IsSynchronized() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void KillTask() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void LookupPrivilegeValueW() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void OpenProcessToken() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void ParseServiceResponse() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void Quote() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void ReadConfig() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void ReadDeviceInfo() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void ReadRegistryValue() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void ReadReportStatus() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void ReadServiceStatus() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void RebootComputer() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void RunTask() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void SearchAssemblies() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void SearchConfigurations() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void SearchServices() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void SetAutomaticMode() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void SetKeyOwner() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void SetKeyOwnerWithPrivileges() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void SetKeyPermissions() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void SetManualMode() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void SetProcessPrivilege() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void SetRegistryValue() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void SetTime() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void SetValue() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void SplitString() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void ToString() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void TrackEvent() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void TrackProcesses() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void Unquote() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void Unzip() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void Update() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void UpdateBuffer() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void UpdateNotification() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void UploadSystemDescription() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void Valid() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void WriteConfig() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void WriteFile() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void WriteReportStatus() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void WriteServiceStatus() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold + void Zip() { } // $ Alert[cs/solorigate/number-of-known-method-names-above-threshold] // BUG : NumberOfKnownMethodNamesAboveThreshold void Hashes() { ulong[] hashes = { // BUG : NumberOfKnownHashesAboveThreshold - 10063651499895178962, 10235971842993272939, 10296494671777307979, - 10336842116636872171, 10374841591685794123, 10393903804869831898, - 10463926208560207521, 10484659978517092504, 10501212300031893463, - 10545868833523019926, 10657751674541025650, 106672141413120087, 10734127004244879770, - 10829648878147112121, 1099511628211, 11073283311104541690, 1109067043404435916, - 11109294216876344399, 11266044540366291518, 11385275378891906608, - 11771945869106552231, 11801746708619571308, 11818825521849580123, - 11913842725949116895, 12027963942392743532, 12094027092655598256, - 12343334044036541897, 12445177985737237804, 12445232961318634374, - 12574535824074203265, 12679195163651834776, 12709986806548166638, - 12718416789200275332, 12785322942775634499, 12790084614253405985, - 12969190449276002545, 13014156621614176974, 13029357933491444455, - 13135068273077306806, 13260224381505715848, 13316211011159594063, - 13464308873961738403, 13544031715334011032, 13581776705111912829, - 13599785766252827703, 13611051401579634621, 13611814135072561278, - 13655261125244647696, 1367627386496056834, 1368907909245890092, 13693525876560827283, - 13783346438774742614, 13799353263187722717, 13825071784440082496, - 13852439084267373191, 13876356431472225791, 14055243717250701608, - 14079676299181301772, 14095938998438966337, 14111374107076822891, - 14193859431895170587, 14226582801651130532, 14243671177281069512, - 14256853800858727521, 14480775929210717493, 14482658293117931546, - 14513577387099045298, 14630721578341374856, 14695981039346656037, - 14710585101020280896, 1475579823244607677, 14868920869169964081, 14968320160131875803, - 14971809093655817917, 15039834196857999838, 15092207615430402812, - 15114163911481793350, 15194901817027173566, 15267980678929160412, - 15457732070353984570, 15514036435533858158, 15535773470978271326, - 15587050164583443069, 155978580751494388, 15695338751700748390, 15997665423159927228, - 16066522799090129502, 16066651430762394116, 16112751343173365533, - 16130138450758310172, 1614465773938842903, 16292685861617888592, 16335643316870329598, - 16423314183614230717, 16570804352575357627, 1682585410644922036, 16858955978146406642, - 16990567851129491937, 17017923349298346219, 17097380490166623672, - 17109238199226571972, 17204844226884380288, 17291806236368054941, - 17351543633914244545, 17439059603042731363, 17574002783607647274, - 17624147599670377042, 17633734304611248415, 17683972236092287897, - 17849680105131524334, 17939405613729073960, 17956969551821596225, - 17978774977754553159, 17984632978012874803, 17997967489723066537, - 18147627057830191163, 18150909006539876521, 18159703063075866524, - 18246404330670877335, 18294908219222222902, 18392881921099771407, - 18446744073709551613, 191060519014405309, 2032008861530788751, 2128122064571842954, - 2147483647, 2147745794, 2380224015317016190, 2478231962306073784, - 2532538262737333146, 2589926981877829912, 2597124982561782591, 2600364143812063535, - 2717025511528702475, 2734787258623754862, 27407921587843457, 2760663353550280147, - 2797129108883749491, 2810460305047003196, 292198192373389586, 2934149816356927366, - 3045986759481489935, 3178468437029279937, 3200333496547938354, 3320026265773918739, - 3320767229281015341, 3341747963119755850, 3407972863931386250, 3413052607651207697, - 3413886037471417852, 3421197789791424393, 3421213182954201407, 3425260965299690882, - 3538022140597504361, 3575761800716667678, 3588624367609827560, 3626142665768487764, - 3642525650883269872, 3656637464651387014, 3660705254426876796, 3769837838875367802, - 3778500091710709090, 3796405623695665524, 3869935012404164040, 3890769468012566366, - 3890794756780010537, 397780960855462669, 4030236413975199654, 4088976323439621041, - 4454255944391929578, 4501656691368064027, 4578480846255629462, 4821863173800309721, - 4931721628717906635, 506634811745884560, 5132256620104998637, 5183687599225757871, - 521157249538507889, 5219431737322569038, 541172992193764396, 5415426428750045503, - 5449730069165757263, 5587557070429522647, 5614586596107908838, 576626207276463000, - 5942282052525294911, 5945487981219695001, 5984963105389676759, 607197993339007484, - 6088115528707848728, 6116246686670134098, 6180361713414290679, 6195833633417633900, - 6274014997237900919, 640589622539783622, 6461429591783621719, 6491986958834001955, - 6508141243778577344, 6605813339339102567, 682250828679635420, 6827032273910657891, - 6943102301517884811, 700598796416086955, 7080175711202577138, 7175363135479931834, - 7315838824213522000, 7412338704062093516, 7516148236133302073, 7574774749059321801, - 7701683279824397773, 7775177810774851294, 7810436520414958497, 7878537243757499832, - 79089792725215063, 7982848972385914508, 8052533790968282297, 8129411991672431889, - 8146185202538899243, 835151375515278827, 8381292265993977266, 8408095252303317471, - 8473756179280619170, 8478833628889826985, 8612208440357175863, 8697424601205169055, - 8698326794961817906, 8709004393777297355, 8727477769544302060, 8760312338504300643, - 8799118153397725683, 8873858923435176895, 8994091295115840290, 9007106680104765185, - 9061219083560670602, 9149947745824492274, 917638920165491138, 9234894663364701749, - 9333057603143916814, 9384605490088500348, 9531326785919727076, 9555688264681862794, - 9559632696372799208, 9903758755917170407 + 10063651499895178962, 10235971842993272939, 10296494671777307979, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 10336842116636872171, 10374841591685794123, 10393903804869831898, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 10463926208560207521, 10484659978517092504, 10501212300031893463, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 10545868833523019926, 10657751674541025650, 106672141413120087, 10734127004244879770, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 10829648878147112121, 1099511628211, 11073283311104541690, 1109067043404435916, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 11109294216876344399, 11266044540366291518, 11385275378891906608, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 11771945869106552231, 11801746708619571308, 11818825521849580123, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 11913842725949116895, 12027963942392743532, 12094027092655598256, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 12343334044036541897, 12445177985737237804, 12445232961318634374, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 12574535824074203265, 12679195163651834776, 12709986806548166638, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 12718416789200275332, 12785322942775634499, 12790084614253405985, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 12969190449276002545, 13014156621614176974, 13029357933491444455, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 13135068273077306806, 13260224381505715848, 13316211011159594063, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 13464308873961738403, 13544031715334011032, 13581776705111912829, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 13599785766252827703, 13611051401579634621, 13611814135072561278, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 13655261125244647696, 1367627386496056834, 1368907909245890092, 13693525876560827283, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 13783346438774742614, 13799353263187722717, 13825071784440082496, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 13852439084267373191, 13876356431472225791, 14055243717250701608, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 14079676299181301772, 14095938998438966337, 14111374107076822891, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 14193859431895170587, 14226582801651130532, 14243671177281069512, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 14256853800858727521, 14480775929210717493, 14482658293117931546, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 14513577387099045298, 14630721578341374856, 14695981039346656037, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 14710585101020280896, 1475579823244607677, 14868920869169964081, 14968320160131875803, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 14971809093655817917, 15039834196857999838, 15092207615430402812, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 15114163911481793350, 15194901817027173566, 15267980678929160412, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 15457732070353984570, 15514036435533858158, 15535773470978271326, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 15587050164583443069, 155978580751494388, 15695338751700748390, 15997665423159927228, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 16066522799090129502, 16066651430762394116, 16112751343173365533, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 16130138450758310172, 1614465773938842903, 16292685861617888592, 16335643316870329598, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 16423314183614230717, 16570804352575357627, 1682585410644922036, 16858955978146406642, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 16990567851129491937, 17017923349298346219, 17097380490166623672, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 17109238199226571972, 17204844226884380288, 17291806236368054941, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 17351543633914244545, 17439059603042731363, 17574002783607647274, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 17624147599670377042, 17633734304611248415, 17683972236092287897, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 17849680105131524334, 17939405613729073960, 17956969551821596225, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 17978774977754553159, 17984632978012874803, 17997967489723066537, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 18147627057830191163, 18150909006539876521, 18159703063075866524, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 18246404330670877335, 18294908219222222902, 18392881921099771407, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 18446744073709551613, 191060519014405309, 2032008861530788751, 2128122064571842954, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 2147483647, 2147745794, 2380224015317016190, 2478231962306073784, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 2532538262737333146, 2589926981877829912, 2597124982561782591, 2600364143812063535, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 2717025511528702475, 2734787258623754862, 27407921587843457, 2760663353550280147, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 2797129108883749491, 2810460305047003196, 292198192373389586, 2934149816356927366, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 3045986759481489935, 3178468437029279937, 3200333496547938354, 3320026265773918739, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 3320767229281015341, 3341747963119755850, 3407972863931386250, 3413052607651207697, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 3413886037471417852, 3421197789791424393, 3421213182954201407, 3425260965299690882, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 3538022140597504361, 3575761800716667678, 3588624367609827560, 3626142665768487764, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 3642525650883269872, 3656637464651387014, 3660705254426876796, 3769837838875367802, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 3778500091710709090, 3796405623695665524, 3869935012404164040, 3890769468012566366, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 3890794756780010537, 397780960855462669, 4030236413975199654, 4088976323439621041, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 4454255944391929578, 4501656691368064027, 4578480846255629462, 4821863173800309721, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 4931721628717906635, 506634811745884560, 5132256620104998637, 5183687599225757871, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 521157249538507889, 5219431737322569038, 541172992193764396, 5415426428750045503, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 5449730069165757263, 5587557070429522647, 5614586596107908838, 576626207276463000, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 5942282052525294911, 5945487981219695001, 5984963105389676759, 607197993339007484, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 6088115528707848728, 6116246686670134098, 6180361713414290679, 6195833633417633900, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 6274014997237900919, 640589622539783622, 6461429591783621719, 6491986958834001955, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 6508141243778577344, 6605813339339102567, 682250828679635420, 6827032273910657891, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 6943102301517884811, 700598796416086955, 7080175711202577138, 7175363135479931834, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 7315838824213522000, 7412338704062093516, 7516148236133302073, 7574774749059321801, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 7701683279824397773, 7775177810774851294, 7810436520414958497, 7878537243757499832, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 79089792725215063, 7982848972385914508, 8052533790968282297, 8129411991672431889, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 8146185202538899243, 835151375515278827, 8381292265993977266, 8408095252303317471, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 8473756179280619170, 8478833628889826985, 8612208440357175863, 8697424601205169055, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 8698326794961817906, 8709004393777297355, 8727477769544302060, 8760312338504300643, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 8799118153397725683, 8873858923435176895, 8994091295115840290, 9007106680104765185, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 9061219083560670602, 9149947745824492274, 917638920165491138, 9234894663364701749, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 9333057603143916814, 9384605490088500348, 9531326785919727076, 9555688264681862794, // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] + 9559632696372799208, 9903758755917170407 // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold] }; } void Literals() { string[] literals = { // BUG : NumberOfKnownLiteralsAboveThreshold - "(?i)([^a-z]|^)(test)([^a-z]|$)", "(?i)(solarwinds)", "[{0,5}] {1,-16} {2}\t{3,5} {4}\\{5}\n", - "[{0,5}] {1}\n", "[E] {0} {1} {2}", - "\"\\{[0-9a-f-]{36}\\}\"|\"[0-9a-f]{32}\"|\"[0-9a-f]{16}\"", ".CortexPlugin", ".Orion", - "\"EventName\":\"EventManager\",", "\"EventType\":\"Orion\",", - "\\OrionImprovement\\SolarWinds.OrionImprovement.exe", - "0123456789abcdefghijklmnopqrstuvwxyz-_.", "\"sessionId\":\"{0}\",", "\"steps\":[", - "\"Succeeded\":true,", "\"Timestamp\":\"\\/Date({0})\\/\",", "\"userId\":\"{0}\",", - "{0} {1} HTTP/{2}\n", "10140", "144.86.226.0", "154.118.140.0", "172.16.0.0", "18.130.0.0", - "184.72.0.0", "192.168.0.0", "199.201.117.0", "20.140.0.0", "20100", "20220", "217.163.7.0", - "224.0.0.0", "240.0.0.0", "255.240.0.0", "255.254.0.0", "255.255.248.0", "3.0.0.382", - "41.84.159.0", "43140", "4320", "43260", "524287", "583da945-62af-10e8-4902-a8f205c72b2e", - "65280", "71.152.53.0", "74.114.24.0", "8.18.144.0", "87.238.80.0", "96.31.172.0", "983040", - "99.79.0.0", "Administrator", "advapi32.dll", "Apollo", "appsync-api", "avsvmcloud.com", - "api.solarwinds.com", "-root", "-cert", "-universal_ca", "-ca", "-primary_ca", "-timestamp", - "-global", "-secureca", "CloudMonitoring", "MACAddress", "DHCPEnabled", "DHCPServer", - "DNSHostName", "DNSDomainSuffixSearchOrder", "DNSServerSearchOrder", "IPAddress", "IPSubnet", - "DefaultIPGateway", "OSArchitecture", "InstallDate", "Organization", "RegisteredUser", - "fc00::", "fe00::", "fec0::", "ffc0::", "ff00::", "HKCC", "HKCR", "HKCU", "HKDD", - "HKEY_CLASSES_ROOT", "HKEY_CURRENT_CONFIG", "HKEY_CURRENT_USER", "HKEY_DYN_DATA", - "HKEY_LOCAL_MACHINE", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography", - "HKEY_PERFOMANCE_DATA", "HKEY_USERS", "HKLM", "HKPD", "HKU", "If-None-Match", - "Microsoft-CryptoAPI/", "Nodes", "Volumes", "Interfaces", "Components", "opensans", - "Organization", "OSArchitecture", "ParentProcessID", "PathName", "ReportWatcherPostpone", - "ReportWatcherRetry", "S-1-5-", "SeRestorePrivilege", "SeShutdownPrivilege", - "SeTakeOwnershipPrivilege", "SolarWinds", "SolarWindsOrionImprovementClient/", - "SourceCodePro", "SourceHanSans", "SourceHanSerif", "SourceSerifPro", "Start", "swip/Events", - "swip/upd/", "swip/Upload.ashx", "SYSTEM", "SYSTEM\\CurrentControlSet\\services", "us-east-1", - "us-east-2", "us-west-2", "fonts/woff/{0}-{1}-{2}{3}.woff2", - "fonts/woff/{0}-{1}-{2}-webfont{3}.woff2", "ph2eifo3n5utg1j8d94qrvbmk0sal76c", - "pki/crl/{0}{1}{2}.crl", "rq3gsalt6u1iyfzop572d49bnx8cvmkewhj", - "Select * From Win32_NetworkAdapterConfiguration where IPEnabled=true", - "Select * From Win32_OperatingSystem", "Select * From Win32_Process", - "Select * From Win32_SystemDriver", "Select * From Win32_UserAccount" + "(?i)([^a-z]|^)(test)([^a-z]|$)", "(?i)(solarwinds)", "[{0,5}] {1,-16} {2}\t{3,5} {4}\\{5}\n", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "[{0,5}] {1}\n", "[E] {0} {1} {2}", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "\"\\{[0-9a-f-]{36}\\}\"|\"[0-9a-f]{32}\"|\"[0-9a-f]{16}\"", ".CortexPlugin", ".Orion", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "\"EventName\":\"EventManager\",", "\"EventType\":\"Orion\",", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "\\OrionImprovement\\SolarWinds.OrionImprovement.exe", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "0123456789abcdefghijklmnopqrstuvwxyz-_.", "\"sessionId\":\"{0}\",", "\"steps\":[", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "\"Succeeded\":true,", "\"Timestamp\":\"\\/Date({0})\\/\",", "\"userId\":\"{0}\",", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "{0} {1} HTTP/{2}\n", "10140", "144.86.226.0", "154.118.140.0", "172.16.0.0", "18.130.0.0", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "184.72.0.0", "192.168.0.0", "199.201.117.0", "20.140.0.0", "20100", "20220", "217.163.7.0", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "224.0.0.0", "240.0.0.0", "255.240.0.0", "255.254.0.0", "255.255.248.0", "3.0.0.382", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "41.84.159.0", "43140", "4320", "43260", "524287", "583da945-62af-10e8-4902-a8f205c72b2e", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "65280", "71.152.53.0", "74.114.24.0", "8.18.144.0", "87.238.80.0", "96.31.172.0", "983040", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "99.79.0.0", "Administrator", "advapi32.dll", "Apollo", "appsync-api", "avsvmcloud.com", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "api.solarwinds.com", "-root", "-cert", "-universal_ca", "-ca", "-primary_ca", "-timestamp", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "-global", "-secureca", "CloudMonitoring", "MACAddress", "DHCPEnabled", "DHCPServer", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "DNSHostName", "DNSDomainSuffixSearchOrder", "DNSServerSearchOrder", "IPAddress", "IPSubnet", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "DefaultIPGateway", "OSArchitecture", "InstallDate", "Organization", "RegisteredUser", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "fc00::", "fe00::", "fec0::", "ffc0::", "ff00::", "HKCC", "HKCR", "HKCU", "HKDD", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "HKEY_CLASSES_ROOT", "HKEY_CURRENT_CONFIG", "HKEY_CURRENT_USER", "HKEY_DYN_DATA", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "HKEY_LOCAL_MACHINE", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "HKEY_PERFOMANCE_DATA", "HKEY_USERS", "HKLM", "HKPD", "HKU", "If-None-Match", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "Microsoft-CryptoAPI/", "Nodes", "Volumes", "Interfaces", "Components", "opensans", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "Organization", "OSArchitecture", "ParentProcessID", "PathName", "ReportWatcherPostpone", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "ReportWatcherRetry", "S-1-5-", "SeRestorePrivilege", "SeShutdownPrivilege", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "SeTakeOwnershipPrivilege", "SolarWinds", "SolarWindsOrionImprovementClient/", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "SourceCodePro", "SourceHanSans", "SourceHanSerif", "SourceSerifPro", "Start", "swip/Events", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "swip/upd/", "swip/Upload.ashx", "SYSTEM", "SYSTEM\\CurrentControlSet\\services", "us-east-1", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "us-east-2", "us-west-2", "fonts/woff/{0}-{1}-{2}{3}.woff2", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "fonts/woff/{0}-{1}-{2}-webfont{3}.woff2", "ph2eifo3n5utg1j8d94qrvbmk0sal76c", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "pki/crl/{0}{1}{2}.crl", "rq3gsalt6u1iyfzop572d49bnx8cvmkewhj", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "Select * From Win32_NetworkAdapterConfiguration where IPEnabled=true", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "Select * From Win32_OperatingSystem", "Select * From Win32_Process", // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] + "Select * From Win32_SystemDriver", "Select * From Win32_UserAccount" // $ Alert[cs/solorigate/number-of-known-literals-above-threshold] }; - + } void SwallowExceptionTest() @@ -286,15 +286,15 @@ void SwallowExceptionTest() Literals(); } catch // BUG : SwallowEverythingExceptionHandler - {} + {} // $ Alert[cs/solorigate/swallow-everything-exception] try{ Literals(); } catch( Exception e) // BUG : SwallowEverythingExceptionHandler { - // - } + // + } // $ Alert[cs/solorigate/swallow-everything-exception] try{ Literals(); diff --git a/csharp/ql/integration-tests/all-platforms/blazor/BlazorTest/Components/MyOutput.razor b/csharp/ql/integration-tests/all-platforms/blazor/BlazorTest/Components/MyOutput.razor index e583e6b2e9c6..5476d75ccf9b 100644 --- a/csharp/ql/integration-tests/all-platforms/blazor/BlazorTest/Components/MyOutput.razor +++ b/csharp/ql/integration-tests/all-platforms/blazor/BlazorTest/Components/MyOutput.razor @@ -2,7 +2,7 @@

Value from InputText: @Value

-

Raw value from InputText: @(new MarkupString(Value))

+

Raw value from InputText: @(new MarkupString(Value))

@* $ Alert[cs/web/xss]=r1 *@
@code { diff --git a/csharp/ql/integration-tests/all-platforms/blazor/BlazorTest/Components/Pages/TestPage.razor b/csharp/ql/integration-tests/all-platforms/blazor/BlazorTest/Components/Pages/TestPage.razor index ac3ccbe19207..7a7a02ec222d 100644 --- a/csharp/ql/integration-tests/all-platforms/blazor/BlazorTest/Components/Pages/TestPage.razor +++ b/csharp/ql/integration-tests/all-platforms/blazor/BlazorTest/Components/Pages/TestPage.razor @@ -8,7 +8,7 @@

Route parameter

Go to: /test/@XssUrl

Parameter from URL: @UrlParam

-

Raw parameter from URL: @((MarkupString)UrlParam)

+

Raw parameter from URL: @((MarkupString)UrlParam)

@* $ Alert[cs/web/xss]=r2 $ Alert[cs/web/xss]=r2 *@
@@ -17,7 +17,7 @@

Query parameter

Go to: /test/?qs=@XssUrl

Parameter from query string: @QueryParam

-

Raw parameter from query string: @(new MarkupString(QueryParam))

+

Raw parameter from query string: @(new MarkupString(QueryParam))

@* $ Alert[cs/web/xss]=r3 $ Alert[cs/web/xss]=r3 *@
@@ -82,7 +82,7 @@
- + @* $ Source[cs/web/xss]=r1 *@
@code { diff --git a/csharp/ql/integration-tests/all-platforms/blazor/XSS.qlref b/csharp/ql/integration-tests/all-platforms/blazor/XSS.qlref index 89b5b951bdb6..a71d47846701 100644 --- a/csharp/ql/integration-tests/all-platforms/blazor/XSS.qlref +++ b/csharp/ql/integration-tests/all-platforms/blazor/XSS.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-079/XSS.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Components/MyOutput.razor b/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Components/MyOutput.razor index e583e6b2e9c6..5476d75ccf9b 100644 --- a/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Components/MyOutput.razor +++ b/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Components/MyOutput.razor @@ -2,7 +2,7 @@

Value from InputText: @Value

-

Raw value from InputText: @(new MarkupString(Value))

+

Raw value from InputText: @(new MarkupString(Value))

@* $ Alert[cs/web/xss]=r1 *@
@code { diff --git a/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Components/Pages/TestPage.razor b/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Components/Pages/TestPage.razor index ac3ccbe19207..7a7a02ec222d 100644 --- a/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Components/Pages/TestPage.razor +++ b/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Components/Pages/TestPage.razor @@ -8,7 +8,7 @@

Route parameter

Go to: /test/@XssUrl

Parameter from URL: @UrlParam

-

Raw parameter from URL: @((MarkupString)UrlParam)

+

Raw parameter from URL: @((MarkupString)UrlParam)

@* $ Alert[cs/web/xss]=r2 $ Alert[cs/web/xss]=r2 *@
@@ -17,7 +17,7 @@

Query parameter

Go to: /test/?qs=@XssUrl

Parameter from query string: @QueryParam

-

Raw parameter from query string: @(new MarkupString(QueryParam))

+

Raw parameter from query string: @(new MarkupString(QueryParam))

@* $ Alert[cs/web/xss]=r3 $ Alert[cs/web/xss]=r3 *@
@@ -82,7 +82,7 @@
- + @* $ Source[cs/web/xss]=r1 *@
@code { diff --git a/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/XSS.qlref b/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/XSS.qlref index 89b5b951bdb6..a71d47846701 100644 --- a/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/XSS.qlref +++ b/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/XSS.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-079/XSS.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/integration-tests/all-platforms/blazor_net_8/BlazorTest/Components/MyOutput.razor b/csharp/ql/integration-tests/all-platforms/blazor_net_8/BlazorTest/Components/MyOutput.razor index e583e6b2e9c6..5476d75ccf9b 100644 --- a/csharp/ql/integration-tests/all-platforms/blazor_net_8/BlazorTest/Components/MyOutput.razor +++ b/csharp/ql/integration-tests/all-platforms/blazor_net_8/BlazorTest/Components/MyOutput.razor @@ -2,7 +2,7 @@

Value from InputText: @Value

-

Raw value from InputText: @(new MarkupString(Value))

+

Raw value from InputText: @(new MarkupString(Value))

@* $ Alert[cs/web/xss]=r1 *@
@code { diff --git a/csharp/ql/integration-tests/all-platforms/blazor_net_8/BlazorTest/Components/Pages/TestPage.razor b/csharp/ql/integration-tests/all-platforms/blazor_net_8/BlazorTest/Components/Pages/TestPage.razor index ac3ccbe19207..7a7a02ec222d 100644 --- a/csharp/ql/integration-tests/all-platforms/blazor_net_8/BlazorTest/Components/Pages/TestPage.razor +++ b/csharp/ql/integration-tests/all-platforms/blazor_net_8/BlazorTest/Components/Pages/TestPage.razor @@ -8,7 +8,7 @@

Route parameter

Go to: /test/@XssUrl

Parameter from URL: @UrlParam

-

Raw parameter from URL: @((MarkupString)UrlParam)

+

Raw parameter from URL: @((MarkupString)UrlParam)

@* $ Alert[cs/web/xss]=r2 $ Alert[cs/web/xss]=r2 *@
@@ -17,7 +17,7 @@

Query parameter

Go to: /test/?qs=@XssUrl

Parameter from query string: @QueryParam

-

Raw parameter from query string: @(new MarkupString(QueryParam))

+

Raw parameter from query string: @(new MarkupString(QueryParam))

@* $ Alert[cs/web/xss]=r3 $ Alert[cs/web/xss]=r3 *@
@@ -82,7 +82,7 @@
- + @* $ Source[cs/web/xss]=r1 *@
@code { diff --git a/csharp/ql/integration-tests/all-platforms/blazor_net_8/XSS.qlref b/csharp/ql/integration-tests/all-platforms/blazor_net_8/XSS.qlref index 89b5b951bdb6..a71d47846701 100644 --- a/csharp/ql/integration-tests/all-platforms/blazor_net_8/XSS.qlref +++ b/csharp/ql/integration-tests/all-platforms/blazor_net_8/XSS.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-079/XSS.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/integration-tests/all-platforms/standalone/DatabaseQualityDiagnostics.qlref b/csharp/ql/integration-tests/all-platforms/standalone/DatabaseQualityDiagnostics.qlref index 6ff2dbd1d5f5..5d28fb2ecf9a 100644 --- a/csharp/ql/integration-tests/all-platforms/standalone/DatabaseQualityDiagnostics.qlref +++ b/csharp/ql/integration-tests/all-platforms/standalone/DatabaseQualityDiagnostics.qlref @@ -1 +1 @@ -Telemetry/DatabaseQualityDiagnostics.ql \ No newline at end of file +query: Telemetry/DatabaseQualityDiagnostics.ql diff --git a/csharp/ql/integration-tests/all-platforms/standalone_buildless_option/DatabaseQualityDiagnostics.qlref b/csharp/ql/integration-tests/all-platforms/standalone_buildless_option/DatabaseQualityDiagnostics.qlref index 6ff2dbd1d5f5..5d28fb2ecf9a 100644 --- a/csharp/ql/integration-tests/all-platforms/standalone_buildless_option/DatabaseQualityDiagnostics.qlref +++ b/csharp/ql/integration-tests/all-platforms/standalone_buildless_option/DatabaseQualityDiagnostics.qlref @@ -1 +1 @@ -Telemetry/DatabaseQualityDiagnostics.ql \ No newline at end of file +query: Telemetry/DatabaseQualityDiagnostics.ql diff --git a/csharp/ql/src/Security Features/CWE-020/RuntimeChecksBypassBad.cs b/csharp/ql/src/Security Features/CWE-020/RuntimeChecksBypassBad.cs index 5d89942f9fe8..8777e35874a2 100644 --- a/csharp/ql/src/Security Features/CWE-020/RuntimeChecksBypassBad.cs +++ b/csharp/ql/src/Security Features/CWE-020/RuntimeChecksBypassBad.cs @@ -16,6 +16,6 @@ public PersonBad(int age) [OnDeserializing] void ISerializable.GetObjectData(SerializationInfo info, StreamingContext context) { - Age = info.GetInt32("age"); // BAD - write is unsafe + Age = info.GetInt32("age"); // $ Alert // BAD - write is unsafe } } diff --git a/csharp/ql/test/experimental/CWE-918/RequestForgery.qlref b/csharp/ql/test/experimental/CWE-918/RequestForgery.qlref index 3d529ae5a2ca..d4f3819dbac4 100644 --- a/csharp/ql/test/experimental/CWE-918/RequestForgery.qlref +++ b/csharp/ql/test/experimental/CWE-918/RequestForgery.qlref @@ -1 +1,2 @@ -experimental/CWE-918/RequestForgery.ql \ No newline at end of file +query: experimental/CWE-918/RequestForgery.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/experimental/Security Features/CWE-759/HashWithoutSalt.cs b/csharp/ql/test/experimental/Security Features/CWE-759/HashWithoutSalt.cs index 302936c0ea62..3f1bd5927438 100644 --- a/csharp/ql/test/experimental/Security Features/CWE-759/HashWithoutSalt.cs +++ b/csharp/ql/test/experimental/Security Features/CWE-759/HashWithoutSalt.cs @@ -15,9 +15,9 @@ public class Test // BAD - Hash without a salt. public static String HashPassword(string password, string strAlgName ="SHA256") { - IBuffer passBuff = CryptographicBuffer.ConvertStringToBinary(password, BinaryStringEncoding.Utf8); + IBuffer passBuff = CryptographicBuffer.ConvertStringToBinary(password, BinaryStringEncoding.Utf8); // $ Source HashAlgorithmProvider algProvider = HashAlgorithmProvider.OpenAlgorithm(strAlgName); - IBuffer hashBuff = algProvider.HashData(passBuff); + IBuffer hashBuff = algProvider.HashData(passBuff); // $ Alert return CryptographicBuffer.EncodeToBase64String(hashBuff); } @@ -35,8 +35,8 @@ public static string HashPassword2(string password, string salt, string strAlgNa public static string HashPassword(string password) { SHA256 sha256Hash = SHA256.Create(); - byte[] passBytes = System.Text.Encoding.ASCII.GetBytes(password); - byte[] hashBytes = sha256Hash.ComputeHash(passBytes); + byte[] passBytes = System.Text.Encoding.ASCII.GetBytes(password); // $ Source + byte[] hashBytes = sha256Hash.ComputeHash(passBytes); // $ Alert return Convert.ToBase64String(hashBytes); } @@ -47,11 +47,11 @@ public static string HashPassword2(string password) byte[] saltBytes = GenerateSalt(); // Add the salt to the hash. - byte[] rawSalted = new byte[passBytes.Length + saltBytes.Length]; + byte[] rawSalted = new byte[passBytes.Length + saltBytes.Length]; passBytes.CopyTo(rawSalted, 0); saltBytes.CopyTo(rawSalted, passBytes.Length); - //Create the salted hash. + //Create the salted hash. SHA256 sha256 = SHA256.Create(); byte[] saltedPassBytes = sha256.ComputeHash(rawSalted); @@ -67,8 +67,8 @@ public static string HashPassword2(string password) public static string HashPassword3(string password) { HashAlgorithm hashAlg = new SHA256CryptoServiceProvider(); - byte[] passBytes = System.Text.Encoding.ASCII.GetBytes(password); - byte[] hashBytes = hashAlg.ComputeHash(passBytes); + byte[] passBytes = System.Text.Encoding.ASCII.GetBytes(password); // $ Source + byte[] hashBytes = hashAlg.ComputeHash(passBytes); // $ Alert return Convert.ToBase64String(hashBytes); } @@ -164,7 +164,7 @@ private string GetMD5HashBinHex (string toBeHashed) StringBuilder sb = new StringBuilder (); foreach (byte b in result) sb.Append (b.ToString ("x2")); - + return sb.ToString (); } diff --git a/csharp/ql/test/experimental/Security Features/CWE-759/HashWithoutSalt.qlref b/csharp/ql/test/experimental/Security Features/CWE-759/HashWithoutSalt.qlref index 4816eabeacbc..ed571d23e490 100644 --- a/csharp/ql/test/experimental/Security Features/CWE-759/HashWithoutSalt.qlref +++ b/csharp/ql/test/experimental/Security Features/CWE-759/HashWithoutSalt.qlref @@ -1,2 +1,4 @@ query: experimental/Security Features/CWE-759/HashWithoutSalt.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.qlref b/csharp/ql/test/experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.qlref index 527ea9259733..2c6cebb2dfc9 100644 --- a/csharp/ql/test/experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.qlref +++ b/csharp/ql/test/experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.qlref @@ -1 +1,2 @@ -experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.ql \ No newline at end of file +query: experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/experimental/Security Features/JsonWebTokenHandler/delegation-test.cs b/csharp/ql/test/experimental/Security Features/JsonWebTokenHandler/delegation-test.cs index 01af41c4b0c0..6fb922f5badd 100644 --- a/csharp/ql/test/experimental/Security Features/JsonWebTokenHandler/delegation-test.cs +++ b/csharp/ql/test/experimental/Security Features/JsonWebTokenHandler/delegation-test.cs @@ -98,8 +98,8 @@ public void TestCase01() SaveSigninToken = true }; - tokenValidationParamsBaseline.LifetimeValidator = (notBefore, expires, securityToken, validationParameters) => ValidateLifetimeAlwaysTrue(securityToken, validationParameters); // BUG delegated-security-validations-always-return-true - tokenValidationParamsBaseline.AudienceValidator = (IEnumerable audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => true; // BUG delegated-security-validations-always-return-true + tokenValidationParamsBaseline.LifetimeValidator = (notBefore, expires, securityToken, validationParameters) => ValidateLifetimeAlwaysTrue(securityToken, validationParameters); // $ Alert[cs/json-webtoken-handler/delegated-security-validations-always-return-true] // BUG delegated-security-validations-always-return-true + tokenValidationParamsBaseline.AudienceValidator = (IEnumerable audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => true; // $ Alert[cs/json-webtoken-handler/delegated-security-validations-always-return-true] // BUG delegated-security-validations-always-return-true tokenValidationParamsBaseline.TokenReplayValidator = (DateTime? expirationTime, string securityToken, TokenValidationParameters validationParameters) => // GOOD { if (securityToken is null) @@ -111,12 +111,12 @@ public void TestCase01() tokenValidationParamsBaseline.LifetimeValidator = (notBefore, expires, securityToken, validationParameters) => ValidateLifetime02(securityToken, validationParameters); // GOOD tokenValidationParamsBaseline.AudienceValidator = (IEnumerable audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => {return securityToken is null?false:true; }; // GOOD - - tokenValidationParamsBaseline.AudienceValidator = (IEnumerable audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => { return true; }; // BUG - tokenValidationParamsBaseline.AudienceValidator = (IEnumerable audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => !false ; // BUG - tokenValidationParamsBaseline.AudienceValidator = (IEnumerable audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => { return securityToken is null?true:true; }; // BUG - tokenValidationParamsBaseline.AudienceValidator = (IEnumerable audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => { return ValidateLifetimeAlwaysTrue(securityToken, validationParameters);}; //BUG - tokenValidationParamsBaseline.AudienceValidator = (audiences, securityToken, validationParameters) => ValidateLifetimeAlwaysTrue(securityToken, validationParameters); //BUG + + tokenValidationParamsBaseline.AudienceValidator = (IEnumerable audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => { return true; }; // $ Alert[cs/json-webtoken-handler/delegated-security-validations-always-return-true] // BUG + tokenValidationParamsBaseline.AudienceValidator = (IEnumerable audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => !false ; // $ Alert[cs/json-webtoken-handler/delegated-security-validations-always-return-true] // BUG + tokenValidationParamsBaseline.AudienceValidator = (IEnumerable audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => { return securityToken is null?true:true; }; // $ Alert[cs/json-webtoken-handler/delegated-security-validations-always-return-true] // BUG + tokenValidationParamsBaseline.AudienceValidator = (IEnumerable audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => { return ValidateLifetimeAlwaysTrue(securityToken, validationParameters);}; //BUG // $ Alert[cs/json-webtoken-handler/delegated-security-validations-always-return-true] + tokenValidationParamsBaseline.AudienceValidator = (audiences, securityToken, validationParameters) => ValidateLifetimeAlwaysTrue(securityToken, validationParameters); //BUG // $ Alert[cs/json-webtoken-handler/delegated-security-validations-always-return-true] } @@ -134,4 +134,4 @@ internal static bool ValidateLifetimeAlwaysTrue02( return !false; } } -} \ No newline at end of file +} diff --git a/csharp/ql/test/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled-test.cs b/csharp/ql/test/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled-test.cs index 505aba41416f..9d302e051ba0 100644 --- a/csharp/ql/test/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled-test.cs +++ b/csharp/ql/test/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled-test.cs @@ -28,16 +28,16 @@ public void TestCase01() ClockSkew = TimeSpan.FromMinutes(5), ValidateActor = false, ValidateIssuerSigningKey = false, - ValidateIssuer = false, // BUG - ValidateAudience = false, // BUG - ValidateLifetime = false, // BUG - RequireExpirationTime = false, // BUG + ValidateIssuer = false, // $ Alert[cs/json-webtoken-handler/security-validations-disabled] // BUG + ValidateAudience = false, // $ Alert[cs/json-webtoken-handler/security-validations-disabled] // BUG + ValidateLifetime = false, // $ Alert[cs/json-webtoken-handler/security-validations-disabled] // BUG + RequireExpirationTime = false, // $ Alert[cs/json-webtoken-handler/security-validations-disabled] // BUG ValidateTokenReplay = false, RequireSignedTokens = false, - RequireAudience = false, // BUG + RequireAudience = false, // $ Alert[cs/json-webtoken-handler/security-validations-disabled] // BUG SaveSigninToken = false }; } } -} \ No newline at end of file +} diff --git a/csharp/ql/test/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.qlref b/csharp/ql/test/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.qlref index ee07957fa06c..6e09f8b533ba 100644 --- a/csharp/ql/test/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.qlref +++ b/csharp/ql/test/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.qlref @@ -1 +1,2 @@ -experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.ql \ No newline at end of file +query: experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/experimental/Security Features/Serialization/DefiningDatasetRelatedType.qlref b/csharp/ql/test/experimental/Security Features/Serialization/DefiningDatasetRelatedType.qlref index 7283db95daf5..2000d5d88765 100644 --- a/csharp/ql/test/experimental/Security Features/Serialization/DefiningDatasetRelatedType.qlref +++ b/csharp/ql/test/experimental/Security Features/Serialization/DefiningDatasetRelatedType.qlref @@ -1 +1,2 @@ -experimental/Security Features/Serialization/DefiningDatasetRelatedType.ql \ No newline at end of file +query: experimental/Security Features/Serialization/DefiningDatasetRelatedType.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/experimental/Security Features/Serialization/DefiningPotentiallyUnsafeXmlSerializer.qlref b/csharp/ql/test/experimental/Security Features/Serialization/DefiningPotentiallyUnsafeXmlSerializer.qlref index 8a8632c6ee3b..767133e00a8e 100644 --- a/csharp/ql/test/experimental/Security Features/Serialization/DefiningPotentiallyUnsafeXmlSerializer.qlref +++ b/csharp/ql/test/experimental/Security Features/Serialization/DefiningPotentiallyUnsafeXmlSerializer.qlref @@ -1 +1,2 @@ -experimental/Security Features/Serialization/DefiningPotentiallyUnsafeXmlSerializer.ql \ No newline at end of file +query: experimental/Security Features/Serialization/DefiningPotentiallyUnsafeXmlSerializer.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/experimental/Security Features/Serialization/UnsafeTypeUsedDataContractSerializer.qlref b/csharp/ql/test/experimental/Security Features/Serialization/UnsafeTypeUsedDataContractSerializer.qlref index 1593497c7932..62c0d0c79d22 100644 --- a/csharp/ql/test/experimental/Security Features/Serialization/UnsafeTypeUsedDataContractSerializer.qlref +++ b/csharp/ql/test/experimental/Security Features/Serialization/UnsafeTypeUsedDataContractSerializer.qlref @@ -1 +1,2 @@ -experimental/Security Features/Serialization/UnsafeTypeUsedDataContractSerializer.ql \ No newline at end of file +query: experimental/Security Features/Serialization/UnsafeTypeUsedDataContractSerializer.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/experimental/Security Features/Serialization/XmlDeserializationWithDataSet.qlref b/csharp/ql/test/experimental/Security Features/Serialization/XmlDeserializationWithDataSet.qlref index 8054e46f929b..1d26399183e2 100644 --- a/csharp/ql/test/experimental/Security Features/Serialization/XmlDeserializationWithDataSet.qlref +++ b/csharp/ql/test/experimental/Security Features/Serialization/XmlDeserializationWithDataSet.qlref @@ -1 +1,2 @@ -experimental/Security Features/Serialization/XmlDeserializationWithDataSet.ql \ No newline at end of file +query: experimental/Security Features/Serialization/XmlDeserializationWithDataSet.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/experimental/Security Features/Serialization/test0.cs b/csharp/ql/test/experimental/Security Features/Serialization/test0.cs index d2b2e772245a..7f16b7132f3c 100644 --- a/csharp/ql/test/experimental/Security Features/Serialization/test0.cs +++ b/csharp/ql/test/experimental/Security Features/Serialization/test0.cs @@ -8,9 +8,9 @@ namespace DataSetSerializationTest { - public class DerivesFromDeprecatedType1 : XmlSerializer // warning:DefiningDatasetRelatedType.ql + public class DerivesFromDeprecatedType1 : XmlSerializer // $ Alert[cs/dataset-serialization/defining-dataset-related-type] // warning:DefiningDatasetRelatedType.ql { - public DataSet MyDataSet { get; set; } // bug:DefiningPotentiallyUnsafeXmlSerializer.ql + public DataSet MyDataSet { get; set; } // $ Alert[cs/dataset-serialization/defining-potentially-unsafe-xml-serializer] // bug:DefiningPotentiallyUnsafeXmlSerializer.ql public DerivesFromDeprecatedType1() { @@ -54,9 +54,9 @@ public override void WriteEndObject(XmlDictionaryWriter writer) { } */ [Serializable()] - public class AttributeSerializer01 // warning:DefiningDatasetRelatedType.ql + public class AttributeSerializer01 // $ Alert[cs/dataset-serialization/defining-dataset-related-type] // warning:DefiningDatasetRelatedType.ql { - private DataSet MyDataSet; // bug:DefiningPotentiallyUnsafeXmlSerializer.ql + private DataSet MyDataSet; // $ Alert[cs/dataset-serialization/defining-potentially-unsafe-xml-serializer] // bug:DefiningPotentiallyUnsafeXmlSerializer.ql AttributeSerializer01() { @@ -83,15 +83,15 @@ static void datatable_readxmlschema_01(string fileName) { DataTable newTable = new DataTable(); System.Xml.XmlTextReader reader = new System.Xml.XmlTextReader(fs); - newTable.ReadXmlSchema(reader); //bug:XmlDeserializationWithDataSet.ql + newTable.ReadXmlSchema(reader); //bug:XmlDeserializationWithDataSet.ql // $ Alert[cs/dataset-serialization/xml-deserialization-with-dataset] } } static void Main(string[] args) { - XmlSerializer x = new XmlSerializer(typeof(DataSet)); // bug:UnsafeTypeUsedDataContractSerializer.ql - XmlSerializer y = new XmlSerializer(typeof(AttributeSerializer01)); //bug:UnsafeTypeUsedDataContractSerializer.ql + XmlSerializer x = new XmlSerializer(typeof(DataSet)); // $ Alert[cs/dataset-serialization/unsafe-type-used-data-contract-serializer] // bug:UnsafeTypeUsedDataContractSerializer.ql + XmlSerializer y = new XmlSerializer(typeof(AttributeSerializer01)); //bug:UnsafeTypeUsedDataContractSerializer.ql // $ Alert[cs/dataset-serialization/unsafe-type-used-data-contract-serializer] Console.WriteLine("Hello World!"); } diff --git a/csharp/ql/test/experimental/Security Features/backdoor/DangerousNativeFunctionCall.qlref b/csharp/ql/test/experimental/Security Features/backdoor/DangerousNativeFunctionCall.qlref index 1215c001b40c..4a8dc07046fe 100644 --- a/csharp/ql/test/experimental/Security Features/backdoor/DangerousNativeFunctionCall.qlref +++ b/csharp/ql/test/experimental/Security Features/backdoor/DangerousNativeFunctionCall.qlref @@ -1 +1,2 @@ -experimental/Security Features/backdoor/DangerousNativeFunctionCall.ql \ No newline at end of file +query: experimental/Security Features/backdoor/DangerousNativeFunctionCall.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/experimental/Security Features/backdoor/PotentialTimeBomb.qlref b/csharp/ql/test/experimental/Security Features/backdoor/PotentialTimeBomb.qlref index f76817aa089e..c2b5b618cec9 100644 --- a/csharp/ql/test/experimental/Security Features/backdoor/PotentialTimeBomb.qlref +++ b/csharp/ql/test/experimental/Security Features/backdoor/PotentialTimeBomb.qlref @@ -1 +1,2 @@ -experimental/Security Features/backdoor/PotentialTimeBomb.ql \ No newline at end of file +query: experimental/Security Features/backdoor/PotentialTimeBomb.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.qlref b/csharp/ql/test/experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.qlref index d1d0d520d61e..767d3e6961af 100644 --- a/csharp/ql/test/experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.qlref +++ b/csharp/ql/test/experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.qlref @@ -1 +1,2 @@ -experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.ql \ No newline at end of file +query: experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/experimental/Security Features/backdoor/test.cs b/csharp/ql/test/experimental/Security Features/backdoor/test.cs index 1aecc80aa83f..87bd78f362d5 100644 --- a/csharp/ql/test/experimental/Security Features/backdoor/test.cs +++ b/csharp/ql/test/experimental/Security Features/backdoor/test.cs @@ -29,7 +29,7 @@ class External void TestDangerousNativeFunctionCall() { - InitiateSystemShutdownExW(null, null, 0U, true, true, 2147745794U); // BUG : DangerousNativeFunctionCall + InitiateSystemShutdownExW(null, null, 0U, true, true, 2147745794U); // $ Alert[cs/backdoor/dangerous-native-functions] // BUG : DangerousNativeFunctionCall } ulong GetFvnHash(string s) @@ -74,4 +74,4 @@ void TestTimeBomb() } } -} \ No newline at end of file +} diff --git a/csharp/ql/test/library-tests/arguments/PrintAst.qlref b/csharp/ql/test/library-tests/arguments/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/arguments/PrintAst.qlref +++ b/csharp/ql/test/library-tests/arguments/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/assignments/PrintAst.qlref b/csharp/ql/test/library-tests/assignments/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/assignments/PrintAst.qlref +++ b/csharp/ql/test/library-tests/assignments/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/attributes/PrintAst.qlref b/csharp/ql/test/library-tests/attributes/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/attributes/PrintAst.qlref +++ b/csharp/ql/test/library-tests/attributes/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/comments/PrintAst.qlref b/csharp/ql/test/library-tests/comments/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/comments/PrintAst.qlref +++ b/csharp/ql/test/library-tests/comments/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/compilations/CompilerError.qlref b/csharp/ql/test/library-tests/compilations/CompilerError.qlref index a0132abfe57b..4bceeaba10c1 100644 --- a/csharp/ql/test/library-tests/compilations/CompilerError.qlref +++ b/csharp/ql/test/library-tests/compilations/CompilerError.qlref @@ -1 +1 @@ -Diagnostics/CompilerError.ql \ No newline at end of file +query: Diagnostics/CompilerError.ql diff --git a/csharp/ql/test/library-tests/compilations/CompilerMessage.qlref b/csharp/ql/test/library-tests/compilations/CompilerMessage.qlref index 0628dcba52e5..c4a8ee06a014 100644 --- a/csharp/ql/test/library-tests/compilations/CompilerMessage.qlref +++ b/csharp/ql/test/library-tests/compilations/CompilerMessage.qlref @@ -1 +1 @@ -Diagnostics/CompilerMessage.ql \ No newline at end of file +query: Diagnostics/CompilerMessage.ql diff --git a/csharp/ql/test/library-tests/compilations/ExtractorError.qlref b/csharp/ql/test/library-tests/compilations/ExtractorError.qlref index 14290bb4ace5..d343d7778b82 100644 --- a/csharp/ql/test/library-tests/compilations/ExtractorError.qlref +++ b/csharp/ql/test/library-tests/compilations/ExtractorError.qlref @@ -1 +1 @@ -Diagnostics/ExtractorError.ql +query: Diagnostics/ExtractorError.ql diff --git a/csharp/ql/test/library-tests/compilations/ExtractorMessage.qlref b/csharp/ql/test/library-tests/compilations/ExtractorMessage.qlref index ce6ac3bff0ab..cedb003d69c3 100644 --- a/csharp/ql/test/library-tests/compilations/ExtractorMessage.qlref +++ b/csharp/ql/test/library-tests/compilations/ExtractorMessage.qlref @@ -1 +1 @@ -Diagnostics/ExtractorMessage.ql \ No newline at end of file +query: Diagnostics/ExtractorMessage.ql diff --git a/csharp/ql/test/library-tests/constructors/PrintAst.qlref b/csharp/ql/test/library-tests/constructors/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/constructors/PrintAst.qlref +++ b/csharp/ql/test/library-tests/constructors/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/conversion/operator/PrintAst.qlref b/csharp/ql/test/library-tests/conversion/operator/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/conversion/operator/PrintAst.qlref +++ b/csharp/ql/test/library-tests/conversion/operator/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/csharp11/PrintAst.qlref b/csharp/ql/test/library-tests/csharp11/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/csharp11/PrintAst.qlref +++ b/csharp/ql/test/library-tests/csharp11/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/csharp6/PrintAst.qlref b/csharp/ql/test/library-tests/csharp6/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/csharp6/PrintAst.qlref +++ b/csharp/ql/test/library-tests/csharp6/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/csharp7.1/PrintAst.qlref b/csharp/ql/test/library-tests/csharp7.1/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/csharp7.1/PrintAst.qlref +++ b/csharp/ql/test/library-tests/csharp7.1/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/csharp7.2/PrintAst.qlref b/csharp/ql/test/library-tests/csharp7.2/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/csharp7.2/PrintAst.qlref +++ b/csharp/ql/test/library-tests/csharp7.2/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/csharp7.3/PrintAst.qlref b/csharp/ql/test/library-tests/csharp7.3/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/csharp7.3/PrintAst.qlref +++ b/csharp/ql/test/library-tests/csharp7.3/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/csharp7/PrintAst.qlref b/csharp/ql/test/library-tests/csharp7/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/csharp7/PrintAst.qlref +++ b/csharp/ql/test/library-tests/csharp7/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/csharp8/PrintAst.qlref b/csharp/ql/test/library-tests/csharp8/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/csharp8/PrintAst.qlref +++ b/csharp/ql/test/library-tests/csharp8/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/csharp9/PrintAst.qlref b/csharp/ql/test/library-tests/csharp9/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/csharp9/PrintAst.qlref +++ b/csharp/ql/test/library-tests/csharp9/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/dataflow/implicittostring/PrintAst.qlref b/csharp/ql/test/library-tests/dataflow/implicittostring/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/dataflow/implicittostring/PrintAst.qlref +++ b/csharp/ql/test/library-tests/dataflow/implicittostring/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/dataflow/tuples/PrintAst.qlref b/csharp/ql/test/library-tests/dataflow/tuples/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/dataflow/tuples/PrintAst.qlref +++ b/csharp/ql/test/library-tests/dataflow/tuples/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/definitions/PrintAst.qlref b/csharp/ql/test/library-tests/definitions/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/definitions/PrintAst.qlref +++ b/csharp/ql/test/library-tests/definitions/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/definitions/definitions.qlref b/csharp/ql/test/library-tests/definitions/definitions.qlref index 11e03f5ab070..89fab02d1037 100644 --- a/csharp/ql/test/library-tests/definitions/definitions.qlref +++ b/csharp/ql/test/library-tests/definitions/definitions.qlref @@ -1 +1 @@ -definitions.ql \ No newline at end of file +query: definitions.ql diff --git a/csharp/ql/test/library-tests/delegates/PrintAst.qlref b/csharp/ql/test/library-tests/delegates/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/delegates/PrintAst.qlref +++ b/csharp/ql/test/library-tests/delegates/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/diagnostics/DiagnosticExtractorErrors.qlref b/csharp/ql/test/library-tests/diagnostics/DiagnosticExtractorErrors.qlref index 7068705cc1be..498f8bf078e9 100644 --- a/csharp/ql/test/library-tests/diagnostics/DiagnosticExtractorErrors.qlref +++ b/csharp/ql/test/library-tests/diagnostics/DiagnosticExtractorErrors.qlref @@ -1 +1 @@ -Diagnostics/DiagnosticExtractionErrors.ql +query: Diagnostics/DiagnosticExtractionErrors.ql diff --git a/csharp/ql/test/library-tests/diagnostics/ExtractedFiles.qlref b/csharp/ql/test/library-tests/diagnostics/ExtractedFiles.qlref index e900e9c5314b..58bc903a431d 100644 --- a/csharp/ql/test/library-tests/diagnostics/ExtractedFiles.qlref +++ b/csharp/ql/test/library-tests/diagnostics/ExtractedFiles.qlref @@ -1 +1 @@ -Diagnostics/ExtractedFiles.ql +query: Diagnostics/ExtractedFiles.ql diff --git a/csharp/ql/test/library-tests/dynamic/PrintAst.qlref b/csharp/ql/test/library-tests/dynamic/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/dynamic/PrintAst.qlref +++ b/csharp/ql/test/library-tests/dynamic/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/enums/PrintAst.qlref b/csharp/ql/test/library-tests/enums/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/enums/PrintAst.qlref +++ b/csharp/ql/test/library-tests/enums/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/events/PrintAst.qlref b/csharp/ql/test/library-tests/events/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/events/PrintAst.qlref +++ b/csharp/ql/test/library-tests/events/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/exceptions/PrintAst.qlref b/csharp/ql/test/library-tests/exceptions/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/exceptions/PrintAst.qlref +++ b/csharp/ql/test/library-tests/exceptions/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/expressions/PrintAst.qlref b/csharp/ql/test/library-tests/expressions/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/expressions/PrintAst.qlref +++ b/csharp/ql/test/library-tests/expressions/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/extension/PrintAst.qlref b/csharp/ql/test/library-tests/extension/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/extension/PrintAst.qlref +++ b/csharp/ql/test/library-tests/extension/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/fields/PrintAst.qlref b/csharp/ql/test/library-tests/fields/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/fields/PrintAst.qlref +++ b/csharp/ql/test/library-tests/fields/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/filters/ClassifyFiles/ClassifyFiles.qlref b/csharp/ql/test/library-tests/filters/ClassifyFiles/ClassifyFiles.qlref index 638bf4567627..612f5dfb3322 100644 --- a/csharp/ql/test/library-tests/filters/ClassifyFiles/ClassifyFiles.qlref +++ b/csharp/ql/test/library-tests/filters/ClassifyFiles/ClassifyFiles.qlref @@ -1 +1 @@ -filters/ClassifyFiles.ql \ No newline at end of file +query: filters/ClassifyFiles.ql diff --git a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Components_Pages_TestPage_razor.g.cs b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Components_Pages_TestPage_razor.g.cs index 8732f8c7e4be..372ee49242fd 100644 --- a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Components_Pages_TestPage_razor.g.cs +++ b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Components_Pages_TestPage_razor.g.cs @@ -135,7 +135,7 @@ protected override void BuildRenderTree(global::Microsoft.AspNetCore.Components. __builder.AddContent(18, "Raw parameter from URL: "); __builder.AddContent(19, #nullable restore -(MarkupString)UrlParam +(MarkupString)UrlParam // $ Alert[cs/web/xss]=r1 $ Alert[cs/web/xss]=r1 #line default #line hidden @@ -185,7 +185,7 @@ protected override void BuildRenderTree(global::Microsoft.AspNetCore.Components. __builder.AddContent(35, "Raw parameter from query string: "); __builder.AddContent(36, #nullable restore -new MarkupString(QueryParam) +new MarkupString(QueryParam) // $ Alert[cs/web/xss]=r2 $ Alert[cs/web/xss]=r2 #line default #line hidden diff --git a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Name.cs b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Name.cs index a9d098470e44..344f5cbf6ac3 100644 --- a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Name.cs +++ b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Name.cs @@ -10,7 +10,7 @@ protected override void BuildRenderTree(Microsoft.AspNetCore.Components.Renderin { builder.OpenElement(0, "div"); builder.OpenElement(1, "p"); - builder.AddContent(2, (MarkupString)TheName); + builder.AddContent(2, (MarkupString)TheName); // $ Alert[cs/web/xss]=r3 $ Alert[cs/web/xss]=r4 builder.CloseElement(); builder.CloseElement(); } @@ -19,4 +19,4 @@ protected override void BuildRenderTree(Microsoft.AspNetCore.Components.Renderin [Parameter] public string TheName { get; set; } } -} \ No newline at end of file +} diff --git a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList.cs b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList.cs index ceffb35303e5..31126310dff1 100644 --- a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList.cs +++ b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList.cs @@ -28,7 +28,7 @@ protected override void BuildRenderTree(Microsoft.AspNetCore.Components.Renderin builder.OpenElement(6, "p"); builder.AddContent(7, "Name: "); builder.OpenComponent(8); - builder.AddComponentParameter(9, nameof(VulnerableBlazorApp.Components.Name.TheName), Name); + builder.AddComponentParameter(9, nameof(VulnerableBlazorApp.Components.Name.TheName), Name); // $ Source[cs/web/xss]=r4 builder.CloseComponent(); builder.CloseElement(); } @@ -47,4 +47,4 @@ protected override void OnParametersSet() public List Names { get; set; } = new List(); } -} \ No newline at end of file +} diff --git a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList2.cs b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList2.cs index d27d6f2dcde9..fc6298943d3a 100644 --- a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList2.cs +++ b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList2.cs @@ -28,7 +28,7 @@ protected override void BuildRenderTree(Microsoft.AspNetCore.Components.Renderin builder.OpenElement(6, "p"); builder.AddContent(7, "Name: "); builder.OpenComponent(8); - builder.AddComponentParameter(9, "TheName", Name); + builder.AddComponentParameter(9, "TheName", Name); // $ Source[cs/web/xss]=r3 builder.CloseComponent(); builder.CloseElement(); } @@ -47,4 +47,4 @@ protected override void OnParametersSet() public List Names { get; set; } = new List(); } -} \ No newline at end of file +} diff --git a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Xss.qlref b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Xss.qlref index 89b5b951bdb6..a71d47846701 100644 --- a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Xss.qlref +++ b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Xss.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-079/XSS.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/library-tests/generics/PrintAst.qlref b/csharp/ql/test/library-tests/generics/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/generics/PrintAst.qlref +++ b/csharp/ql/test/library-tests/generics/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/goto/PrintAst.qlref b/csharp/ql/test/library-tests/goto/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/goto/PrintAst.qlref +++ b/csharp/ql/test/library-tests/goto/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/indexers/PrintAst.qlref b/csharp/ql/test/library-tests/indexers/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/indexers/PrintAst.qlref +++ b/csharp/ql/test/library-tests/indexers/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/initializers/PrintAst.qlref b/csharp/ql/test/library-tests/initializers/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/initializers/PrintAst.qlref +++ b/csharp/ql/test/library-tests/initializers/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/linq/PrintAst.qlref b/csharp/ql/test/library-tests/linq/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/linq/PrintAst.qlref +++ b/csharp/ql/test/library-tests/linq/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/members/PrintAst.qlref b/csharp/ql/test/library-tests/members/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/members/PrintAst.qlref +++ b/csharp/ql/test/library-tests/members/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/methods/PrintAst.qlref b/csharp/ql/test/library-tests/methods/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/methods/PrintAst.qlref +++ b/csharp/ql/test/library-tests/methods/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/nameof/PrintAst.qlref b/csharp/ql/test/library-tests/nameof/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/nameof/PrintAst.qlref +++ b/csharp/ql/test/library-tests/nameof/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/namespaces/PrintAst.qlref b/csharp/ql/test/library-tests/namespaces/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/namespaces/PrintAst.qlref +++ b/csharp/ql/test/library-tests/namespaces/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/nestedtypes/PrintAst.qlref b/csharp/ql/test/library-tests/nestedtypes/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/nestedtypes/PrintAst.qlref +++ b/csharp/ql/test/library-tests/nestedtypes/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/operators/PrintAst.qlref b/csharp/ql/test/library-tests/operators/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/operators/PrintAst.qlref +++ b/csharp/ql/test/library-tests/operators/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/partial/PrintAst.qlref b/csharp/ql/test/library-tests/partial/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/partial/PrintAst.qlref +++ b/csharp/ql/test/library-tests/partial/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/properties/PrintAst.qlref b/csharp/ql/test/library-tests/properties/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/properties/PrintAst.qlref +++ b/csharp/ql/test/library-tests/properties/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/statements/PrintAst.qlref b/csharp/ql/test/library-tests/statements/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/statements/PrintAst.qlref +++ b/csharp/ql/test/library-tests/statements/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/stringinterpolation/PrintAst.qlref b/csharp/ql/test/library-tests/stringinterpolation/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/stringinterpolation/PrintAst.qlref +++ b/csharp/ql/test/library-tests/stringinterpolation/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/types/PrintAst.qlref b/csharp/ql/test/library-tests/types/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/types/PrintAst.qlref +++ b/csharp/ql/test/library-tests/types/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/library-tests/unsafe/PrintAst.qlref b/csharp/ql/test/library-tests/unsafe/PrintAst.qlref index f867dd01f9f8..1db66182b0ab 100644 --- a/csharp/ql/test/library-tests/unsafe/PrintAst.qlref +++ b/csharp/ql/test/library-tests/unsafe/PrintAst.qlref @@ -1 +1 @@ -shared/PrintAst.ql \ No newline at end of file +query: shared/PrintAst.ql diff --git a/csharp/ql/test/query-tests/API Abuse/CallToGCCollect/CallToGCCollect.qlref b/csharp/ql/test/query-tests/API Abuse/CallToGCCollect/CallToGCCollect.qlref index ca6961e370bf..c911197abb35 100644 --- a/csharp/ql/test/query-tests/API Abuse/CallToGCCollect/CallToGCCollect.qlref +++ b/csharp/ql/test/query-tests/API Abuse/CallToGCCollect/CallToGCCollect.qlref @@ -1 +1,2 @@ -API Abuse/CallToGCCollect.ql \ No newline at end of file +query: API Abuse/CallToGCCollect.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/API Abuse/CallToGCCollect/CallToGCCollectBad.cs b/csharp/ql/test/query-tests/API Abuse/CallToGCCollect/CallToGCCollectBad.cs index acc30b87c8d9..b081d201f10d 100644 --- a/csharp/ql/test/query-tests/API Abuse/CallToGCCollect/CallToGCCollectBad.cs +++ b/csharp/ql/test/query-tests/API Abuse/CallToGCCollect/CallToGCCollectBad.cs @@ -4,6 +4,6 @@ class Bad { void M() { - GC.Collect(); + GC.Collect(); // $ Alert } } diff --git a/csharp/ql/test/query-tests/API Abuse/CallToObsoleteMethod/CallToObsoleteMethod.cs b/csharp/ql/test/query-tests/API Abuse/CallToObsoleteMethod/CallToObsoleteMethod.cs index c546c406f310..ea0ffeeb7645 100644 --- a/csharp/ql/test/query-tests/API Abuse/CallToObsoleteMethod/CallToObsoleteMethod.cs +++ b/csharp/ql/test/query-tests/API Abuse/CallToObsoleteMethod/CallToObsoleteMethod.cs @@ -16,7 +16,7 @@ static void NotObsoleteMethod() static void Main(string[] args) { // BAD: Call to obsolete method - ObsoleteMethod(); + ObsoleteMethod(); // $ Alert // GOOD: Call to non-obsolete method NotObsoleteMethod(); diff --git a/csharp/ql/test/query-tests/API Abuse/CallToObsoleteMethod/CallToObsoleteMethod.qlref b/csharp/ql/test/query-tests/API Abuse/CallToObsoleteMethod/CallToObsoleteMethod.qlref index 08b2c9a51d4e..028fb010e8ef 100644 --- a/csharp/ql/test/query-tests/API Abuse/CallToObsoleteMethod/CallToObsoleteMethod.qlref +++ b/csharp/ql/test/query-tests/API Abuse/CallToObsoleteMethod/CallToObsoleteMethod.qlref @@ -1 +1,2 @@ -API Abuse/CallToObsoleteMethod.ql \ No newline at end of file +query: API Abuse/CallToObsoleteMethod.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/API Abuse/CallToObsoleteMethod/CallToObsoleteMethodBad.cs b/csharp/ql/test/query-tests/API Abuse/CallToObsoleteMethod/CallToObsoleteMethodBad.cs index c8c10de283d5..9ea4f5b80a44 100644 --- a/csharp/ql/test/query-tests/API Abuse/CallToObsoleteMethod/CallToObsoleteMethodBad.cs +++ b/csharp/ql/test/query-tests/API Abuse/CallToObsoleteMethod/CallToObsoleteMethodBad.cs @@ -4,7 +4,7 @@ class Bad { void M() { - Logger.Log("Hello, World!"); + Logger.Log("Hello, World!"); // $ Alert } static class Logger diff --git a/csharp/ql/test/query-tests/API Abuse/ClassDoesNotImplementEquals/ClassDoesNotImplementEquals.cs b/csharp/ql/test/query-tests/API Abuse/ClassDoesNotImplementEquals/ClassDoesNotImplementEquals.cs index a2e5f7333e9e..865b31f2ca07 100644 --- a/csharp/ql/test/query-tests/API Abuse/ClassDoesNotImplementEquals/ClassDoesNotImplementEquals.cs +++ b/csharp/ql/test/query-tests/API Abuse/ClassDoesNotImplementEquals/ClassDoesNotImplementEquals.cs @@ -1,7 +1,7 @@ using System; // BAD -class Incorrect +class Incorrect // $ Alert { public static bool operator ==(Incorrect a, Incorrect b) => default(bool); public static bool operator !=(Incorrect a, Incorrect b) => !(a == b); @@ -21,7 +21,7 @@ class Correct } // BAD: needs to redefine Equals -class IncorrectOverrides : Correct +class IncorrectOverrides : Correct // $ Alert { public static bool operator ==(IncorrectOverrides a, IncorrectOverrides b) => default(bool); public static bool operator !=(IncorrectOverrides a, IncorrectOverrides b) => !(a == b); @@ -47,7 +47,7 @@ static void Main(string[] args) } // BAD: should also implement Equals. -class MyEquatable : IEquatable +class MyEquatable : IEquatable // $ Alert { public bool Equals(MyEquatable other) { diff --git a/csharp/ql/test/query-tests/API Abuse/ClassDoesNotImplementEquals/ClassDoesNotImplementEquals.qlref b/csharp/ql/test/query-tests/API Abuse/ClassDoesNotImplementEquals/ClassDoesNotImplementEquals.qlref index 5ffe8a70dec4..9b025e76c304 100644 --- a/csharp/ql/test/query-tests/API Abuse/ClassDoesNotImplementEquals/ClassDoesNotImplementEquals.qlref +++ b/csharp/ql/test/query-tests/API Abuse/ClassDoesNotImplementEquals/ClassDoesNotImplementEquals.qlref @@ -1 +1,2 @@ -API Abuse/ClassDoesNotImplementEquals.ql \ No newline at end of file +query: API Abuse/ClassDoesNotImplementEquals.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/API Abuse/ClassDoesNotImplementEquals/ClassDoesNotImplementEqualsBad.cs b/csharp/ql/test/query-tests/API Abuse/ClassDoesNotImplementEquals/ClassDoesNotImplementEqualsBad.cs index 619f462a96c8..305bd87c2cf8 100644 --- a/csharp/ql/test/query-tests/API Abuse/ClassDoesNotImplementEquals/ClassDoesNotImplementEqualsBad.cs +++ b/csharp/ql/test/query-tests/API Abuse/ClassDoesNotImplementEquals/ClassDoesNotImplementEqualsBad.cs @@ -21,7 +21,7 @@ public override bool Equals(object obj) } } - class GasolineCar : Car + class GasolineCar : Car // $ Alert { protected bool unleaded; diff --git a/csharp/ql/test/query-tests/API Abuse/ClassImplementsICloneable/ClassImplementsICloneable.qlref b/csharp/ql/test/query-tests/API Abuse/ClassImplementsICloneable/ClassImplementsICloneable.qlref index e597d142a2d1..65eb6ca729d1 100644 --- a/csharp/ql/test/query-tests/API Abuse/ClassImplementsICloneable/ClassImplementsICloneable.qlref +++ b/csharp/ql/test/query-tests/API Abuse/ClassImplementsICloneable/ClassImplementsICloneable.qlref @@ -1 +1,2 @@ -API Abuse/ClassImplementsICloneable.ql \ No newline at end of file +query: API Abuse/ClassImplementsICloneable.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/API Abuse/ClassImplementsICloneable/ClassImplementsICloneableBad.cs b/csharp/ql/test/query-tests/API Abuse/ClassImplementsICloneable/ClassImplementsICloneableBad.cs index 0999bd87d281..e1636158bf2f 100644 --- a/csharp/ql/test/query-tests/API Abuse/ClassImplementsICloneable/ClassImplementsICloneableBad.cs +++ b/csharp/ql/test/query-tests/API Abuse/ClassImplementsICloneable/ClassImplementsICloneableBad.cs @@ -8,7 +8,7 @@ class Thing public Thing(int i) { I = i; } } - class Shallow : ICloneable + class Shallow : ICloneable // $ Alert { public Thing T { get; set; } public Shallow(Thing t) { T = t; } @@ -17,7 +17,7 @@ class Shallow : ICloneable public object Clone() { return new Shallow(T); } } - class Deep : ICloneable + class Deep : ICloneable // $ Alert { public Thing T { get; set; } public Deep(Thing t) { T = t; } diff --git a/csharp/ql/test/query-tests/API Abuse/DisposeNotCalledOnException/DisposeNotCalledOnException.cs b/csharp/ql/test/query-tests/API Abuse/DisposeNotCalledOnException/DisposeNotCalledOnException.cs index acde0fc477f7..31505eb740c6 100644 --- a/csharp/ql/test/query-tests/API Abuse/DisposeNotCalledOnException/DisposeNotCalledOnException.cs +++ b/csharp/ql/test/query-tests/API Abuse/DisposeNotCalledOnException/DisposeNotCalledOnException.cs @@ -45,17 +45,17 @@ public void Method() // BAD: No Dispose call in case of exception SqlConnection c1d = new SqlConnection(); c1d.Open(); - c1d.Dispose(); + c1d.Dispose(); // $ Alert // BAD: No Dispose call in case of exception SqlConnection c1e = new SqlConnection(); Throw1(c1e); - c1e.Dispose(); + c1e.Dispose(); // $ Alert // BAD: No Dispose call in case of exception SqlConnection c1f = new SqlConnection(); Throw2(c1f); - c1f.Dispose(); + c1f.Dispose(); // $ Alert // GOOD: using declaration using SqlConnection c2 = new SqlConnection(""); diff --git a/csharp/ql/test/query-tests/API Abuse/DisposeNotCalledOnException/DisposeNotCalledOnException.qlref b/csharp/ql/test/query-tests/API Abuse/DisposeNotCalledOnException/DisposeNotCalledOnException.qlref index d55f9b7dcba7..4273ca0a55c6 100644 --- a/csharp/ql/test/query-tests/API Abuse/DisposeNotCalledOnException/DisposeNotCalledOnException.qlref +++ b/csharp/ql/test/query-tests/API Abuse/DisposeNotCalledOnException/DisposeNotCalledOnException.qlref @@ -1 +1,2 @@ -API Abuse/DisposeNotCalledOnException.ql \ No newline at end of file +query: API Abuse/DisposeNotCalledOnException.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/API Abuse/DisposeNotCalledOnException/DisposeNotCalledOnExceptionBad.cs b/csharp/ql/test/query-tests/API Abuse/DisposeNotCalledOnException/DisposeNotCalledOnExceptionBad.cs index c0674285bba1..22827a1e3d03 100644 --- a/csharp/ql/test/query-tests/API Abuse/DisposeNotCalledOnException/DisposeNotCalledOnExceptionBad.cs +++ b/csharp/ql/test/query-tests/API Abuse/DisposeNotCalledOnException/DisposeNotCalledOnExceptionBad.cs @@ -11,8 +11,8 @@ public SqlDataReader GetAllCustomers() var cmd = new SqlCommand("SELECT * FROM Customers", conn); var ret = cmd.ExecuteReader(); - cmd.Dispose(); - conn.Dispose(); + cmd.Dispose(); // $ Alert + conn.Dispose(); // $ Alert return ret; } diff --git a/csharp/ql/test/query-tests/API Abuse/InconsistentEqualsGetHashCode/InconsistentEqualsGetHashCode.cs b/csharp/ql/test/query-tests/API Abuse/InconsistentEqualsGetHashCode/InconsistentEqualsGetHashCode.cs index 8e8b8f8430b3..f05764f99c55 100644 --- a/csharp/ql/test/query-tests/API Abuse/InconsistentEqualsGetHashCode/InconsistentEqualsGetHashCode.cs +++ b/csharp/ql/test/query-tests/API Abuse/InconsistentEqualsGetHashCode/InconsistentEqualsGetHashCode.cs @@ -1,6 +1,6 @@ using System; -class ClassMissingGetHashCode +class ClassMissingGetHashCode // $ Alert { public override bool Equals(object other) { @@ -13,7 +13,7 @@ public override bool Equals(object other) } } -class ClassMissingEquals +class ClassMissingEquals // $ Alert { public new bool Equals(object other) { // not overridden diff --git a/csharp/ql/test/query-tests/API Abuse/InconsistentEqualsGetHashCode/InconsistentEqualsGetHashCode.qlref b/csharp/ql/test/query-tests/API Abuse/InconsistentEqualsGetHashCode/InconsistentEqualsGetHashCode.qlref index 6425e440f739..26171a4ca75d 100644 --- a/csharp/ql/test/query-tests/API Abuse/InconsistentEqualsGetHashCode/InconsistentEqualsGetHashCode.qlref +++ b/csharp/ql/test/query-tests/API Abuse/InconsistentEqualsGetHashCode/InconsistentEqualsGetHashCode.qlref @@ -1 +1,2 @@ -API Abuse/InconsistentEqualsGetHashCode.ql \ No newline at end of file +query: API Abuse/InconsistentEqualsGetHashCode.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/API Abuse/InconsistentEqualsGetHashCode/InconsistentEqualsGetHashCodeBad.cs b/csharp/ql/test/query-tests/API Abuse/InconsistentEqualsGetHashCode/InconsistentEqualsGetHashCodeBad.cs index 6b3b95966dc9..00da432846f3 100644 --- a/csharp/ql/test/query-tests/API Abuse/InconsistentEqualsGetHashCode/InconsistentEqualsGetHashCodeBad.cs +++ b/csharp/ql/test/query-tests/API Abuse/InconsistentEqualsGetHashCode/InconsistentEqualsGetHashCodeBad.cs @@ -1,6 +1,6 @@ using System; -class Bad +class Bad // $ Alert { private int id; diff --git a/csharp/ql/test/query-tests/API Abuse/IncorrectCompareToSignature/IncorrectCompareToSignature.cs b/csharp/ql/test/query-tests/API Abuse/IncorrectCompareToSignature/IncorrectCompareToSignature.cs index 5b5780ed9778..5c6744472116 100644 --- a/csharp/ql/test/query-tests/API Abuse/IncorrectCompareToSignature/IncorrectCompareToSignature.cs +++ b/csharp/ql/test/query-tests/API Abuse/IncorrectCompareToSignature/IncorrectCompareToSignature.cs @@ -2,7 +2,7 @@ class C1 { - public int CompareTo(T other) => throw null; // BAD + public int CompareTo(T other) => throw null; // $ Alert // BAD } class C2 { } diff --git a/csharp/ql/test/query-tests/API Abuse/IncorrectCompareToSignature/IncorrectCompareToSignature.qlref b/csharp/ql/test/query-tests/API Abuse/IncorrectCompareToSignature/IncorrectCompareToSignature.qlref index 23abf6ab339d..afab98e27ce5 100644 --- a/csharp/ql/test/query-tests/API Abuse/IncorrectCompareToSignature/IncorrectCompareToSignature.qlref +++ b/csharp/ql/test/query-tests/API Abuse/IncorrectCompareToSignature/IncorrectCompareToSignature.qlref @@ -1 +1,2 @@ -API Abuse/IncorrectCompareToSignature.ql \ No newline at end of file +query: API Abuse/IncorrectCompareToSignature.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/API Abuse/IncorrectCompareToSignature/IncorrectCompareToSignatureBad.cs b/csharp/ql/test/query-tests/API Abuse/IncorrectCompareToSignature/IncorrectCompareToSignatureBad.cs index efeb55ce65bc..33b1e3ad8d45 100644 --- a/csharp/ql/test/query-tests/API Abuse/IncorrectCompareToSignature/IncorrectCompareToSignatureBad.cs +++ b/csharp/ql/test/query-tests/API Abuse/IncorrectCompareToSignature/IncorrectCompareToSignatureBad.cs @@ -2,5 +2,5 @@ class Bad { - public int CompareTo(Bad b) => 0; + public int CompareTo(Bad b) => 0; // $ Alert } diff --git a/csharp/ql/test/query-tests/API Abuse/IncorrectEqualsSignature/IncorrectEqualsSignature.cs b/csharp/ql/test/query-tests/API Abuse/IncorrectEqualsSignature/IncorrectEqualsSignature.cs index effb17a558a2..f858cc35a0fc 100644 --- a/csharp/ql/test/query-tests/API Abuse/IncorrectEqualsSignature/IncorrectEqualsSignature.cs +++ b/csharp/ql/test/query-tests/API Abuse/IncorrectEqualsSignature/IncorrectEqualsSignature.cs @@ -3,7 +3,7 @@ // BAD class Incorrect { - public bool Equals(Incorrect other) => false; + public bool Equals(Incorrect other) => false; // $ Alert } // GOOD diff --git a/csharp/ql/test/query-tests/API Abuse/IncorrectEqualsSignature/IncorrectEqualsSignature.qlref b/csharp/ql/test/query-tests/API Abuse/IncorrectEqualsSignature/IncorrectEqualsSignature.qlref index f56496da8be1..c05a5f0af8d0 100644 --- a/csharp/ql/test/query-tests/API Abuse/IncorrectEqualsSignature/IncorrectEqualsSignature.qlref +++ b/csharp/ql/test/query-tests/API Abuse/IncorrectEqualsSignature/IncorrectEqualsSignature.qlref @@ -1 +1,2 @@ -API Abuse/IncorrectEqualsSignature.ql \ No newline at end of file +query: API Abuse/IncorrectEqualsSignature.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/API Abuse/IncorrectEqualsSignature/IncorrectEqualsSignatureBad.cs b/csharp/ql/test/query-tests/API Abuse/IncorrectEqualsSignature/IncorrectEqualsSignatureBad.cs index 723110d1de11..7b03d029eb8a 100644 --- a/csharp/ql/test/query-tests/API Abuse/IncorrectEqualsSignature/IncorrectEqualsSignatureBad.cs +++ b/csharp/ql/test/query-tests/API Abuse/IncorrectEqualsSignature/IncorrectEqualsSignatureBad.cs @@ -9,6 +9,6 @@ public Bad(int Id) this.id = Id; } - public bool Equals(Bad b) => + public bool Equals(Bad b) => // $ Alert this.id == b.id; } diff --git a/csharp/ql/test/query-tests/API Abuse/MissingDisposeCall/MissingDisposeCall.cs b/csharp/ql/test/query-tests/API Abuse/MissingDisposeCall/MissingDisposeCall.cs index dd069476b1bb..b71c2f2a5c93 100644 --- a/csharp/ql/test/query-tests/API Abuse/MissingDisposeCall/MissingDisposeCall.cs +++ b/csharp/ql/test/query-tests/API Abuse/MissingDisposeCall/MissingDisposeCall.cs @@ -20,7 +20,7 @@ class C1 : IDisposable C1 Field1; // GOOD C1 Field2; // BAD - public virtual void Dispose() + public virtual void Dispose() // $ Alert { Field1.Dispose(); } @@ -31,7 +31,7 @@ class C2 : C1 C1 Field1; // GOOD C1 Field2; // BAD - public override void Dispose() + public override void Dispose() // $ Alert { base.Dispose(); Field1.Dispose(); @@ -49,7 +49,7 @@ class C5 : C4 C1 Field1; // GOOD C1 Field2; // BAD - public override void Dispose(bool disposing) + public override void Dispose(bool disposing) // $ Alert { base.Dispose(disposing); if (disposing) @@ -64,7 +64,7 @@ class C6 : Component C1 Field1; // GOOD C1 Field2; // BAD - protected override void Dispose(bool disposing) + protected override void Dispose(bool disposing) // $ Alert { base.Dispose(disposing); if (disposing) diff --git a/csharp/ql/test/query-tests/API Abuse/MissingDisposeCall/MissingDisposeCall.qlref b/csharp/ql/test/query-tests/API Abuse/MissingDisposeCall/MissingDisposeCall.qlref index a1d172302306..442cf4780c15 100644 --- a/csharp/ql/test/query-tests/API Abuse/MissingDisposeCall/MissingDisposeCall.qlref +++ b/csharp/ql/test/query-tests/API Abuse/MissingDisposeCall/MissingDisposeCall.qlref @@ -1 +1,2 @@ -API Abuse/MissingDisposeCall.ql \ No newline at end of file +query: API Abuse/MissingDisposeCall.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/API Abuse/MissingDisposeCall/MissingDisposeCallBad.cs b/csharp/ql/test/query-tests/API Abuse/MissingDisposeCall/MissingDisposeCallBad.cs index 6386abc84003..ed3a1851c87f 100644 --- a/csharp/ql/test/query-tests/API Abuse/MissingDisposeCall/MissingDisposeCallBad.cs +++ b/csharp/ql/test/query-tests/API Abuse/MissingDisposeCall/MissingDisposeCallBad.cs @@ -6,7 +6,7 @@ class Bad : IDisposable private FileStream stream1 = new FileStream("a.txt", FileMode.Open); private FileStream stream2 = new FileStream("b.txt", FileMode.Open); - public void Dispose() + public void Dispose() // $ Alert { stream1.Dispose(); } diff --git a/csharp/ql/test/query-tests/API Abuse/MissingDisposeMethod/MissingDisposeMethod.cs b/csharp/ql/test/query-tests/API Abuse/MissingDisposeMethod/MissingDisposeMethod.cs index 1e71bba55eb2..998bc757cd55 100644 --- a/csharp/ql/test/query-tests/API Abuse/MissingDisposeMethod/MissingDisposeMethod.cs +++ b/csharp/ql/test/query-tests/API Abuse/MissingDisposeMethod/MissingDisposeMethod.cs @@ -25,7 +25,7 @@ public virtual void Dispose() } } -class C2 : C1 +class C2 : C1 // $ Alert { C2 Field; // BAD } @@ -41,13 +41,13 @@ public override void Dispose() } } -class WebPage : Page +class WebPage : Page // $ Alert { C1 Field1; // BAD Control Field2; // GOOD } -class WebControl : Control +class WebControl : Control // $ Alert { C1 Field1; // BAD Control Field2; // GOOD @@ -73,12 +73,12 @@ public override void Dispose(bool disposing) } } -class C6 : C4 +class C6 : C4 // $ Alert { C2 Field; // BAD } -class C7 : Component +class C7 : Component // $ Alert { C2 Field; // BAD } @@ -97,7 +97,7 @@ protected override void Dispose(bool disposing) } } -class C9 : C1 +class C9 : C1 // $ Alert { C2 Field; // BAD diff --git a/csharp/ql/test/query-tests/API Abuse/MissingDisposeMethod/MissingDisposeMethod.qlref b/csharp/ql/test/query-tests/API Abuse/MissingDisposeMethod/MissingDisposeMethod.qlref index 61be6bbcf704..d9cb769bef36 100644 --- a/csharp/ql/test/query-tests/API Abuse/MissingDisposeMethod/MissingDisposeMethod.qlref +++ b/csharp/ql/test/query-tests/API Abuse/MissingDisposeMethod/MissingDisposeMethod.qlref @@ -1 +1,2 @@ -API Abuse/MissingDisposeMethod.ql \ No newline at end of file +query: API Abuse/MissingDisposeMethod.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/API Abuse/MissingDisposeMethod/MissingDisposeMethodBad.cs b/csharp/ql/test/query-tests/API Abuse/MissingDisposeMethod/MissingDisposeMethodBad.cs index db8067735cfb..5cc9d68d7fae 100644 --- a/csharp/ql/test/query-tests/API Abuse/MissingDisposeMethod/MissingDisposeMethodBad.cs +++ b/csharp/ql/test/query-tests/API Abuse/MissingDisposeMethod/MissingDisposeMethodBad.cs @@ -11,7 +11,7 @@ public virtual void Dispose() } } -class Bad : BadBase +class Bad : BadBase // $ Alert { private FileStream stream2 = new FileStream("b.txt", FileMode.Open); } diff --git a/csharp/ql/test/query-tests/API Abuse/NonOverridingMethod/NonOverridingMethod.cs b/csharp/ql/test/query-tests/API Abuse/NonOverridingMethod/NonOverridingMethod.cs index b2cb30b17ada..a35d0d0b51a5 100644 --- a/csharp/ql/test/query-tests/API Abuse/NonOverridingMethod/NonOverridingMethod.cs +++ b/csharp/ql/test/query-tests/API Abuse/NonOverridingMethod/NonOverridingMethod.cs @@ -12,13 +12,13 @@ class C1 class C2 : C1 { // BAD: M1 does not override C1.M1 - public int M1() { return 1; } + public int M1() { return 1; } // $ Alert // GOOD: M2 overrides using the explicit keyword "override" public override int M2() { return 2; } // BAD: M3 does not override C1.M3 - public IEnumerable M3() { return null; } + public IEnumerable M3() { return null; } // $ Alert // GOOD: M4 overrides using the explicit keyword "override" public override IEnumerable M4() { return null; } diff --git a/csharp/ql/test/query-tests/API Abuse/NonOverridingMethod/NonOverridingMethod.qlref b/csharp/ql/test/query-tests/API Abuse/NonOverridingMethod/NonOverridingMethod.qlref index fb31441316c0..7fe57a6c15cb 100644 --- a/csharp/ql/test/query-tests/API Abuse/NonOverridingMethod/NonOverridingMethod.qlref +++ b/csharp/ql/test/query-tests/API Abuse/NonOverridingMethod/NonOverridingMethod.qlref @@ -1 +1,2 @@ -API Abuse/NonOverridingMethod.ql \ No newline at end of file +query: API Abuse/NonOverridingMethod.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/API Abuse/NonOverridingMethod/NonOverridingMethodBad.cs b/csharp/ql/test/query-tests/API Abuse/NonOverridingMethod/NonOverridingMethodBad.cs index cb76d9ab9947..8641dd60fbe7 100644 --- a/csharp/ql/test/query-tests/API Abuse/NonOverridingMethod/NonOverridingMethodBad.cs +++ b/csharp/ql/test/query-tests/API Abuse/NonOverridingMethod/NonOverridingMethodBad.cs @@ -7,6 +7,6 @@ public virtual void Foo() { } class Sub : Super { - public void Foo() { } + public void Foo() { } // $ Alert } } diff --git a/csharp/ql/test/query-tests/API Abuse/NullArgumentToEquals/NullArgumentToEquals.cs b/csharp/ql/test/query-tests/API Abuse/NullArgumentToEquals/NullArgumentToEquals.cs index 08219f61a73e..97af033f9346 100644 --- a/csharp/ql/test/query-tests/API Abuse/NullArgumentToEquals/NullArgumentToEquals.cs +++ b/csharp/ql/test/query-tests/API Abuse/NullArgumentToEquals/NullArgumentToEquals.cs @@ -3,16 +3,16 @@ class NullArgumentToEquals void M() { int i = 0; - i.Equals(null); // BAD + i.Equals(null); // $ Alert // BAD int? i2 = null; i2.Equals(null); // GOOD C c = null; - c.Equals(null); // BAD + c.Equals(null); // $ Alert // BAD object o = null; - o.Equals(null); // BAD + o.Equals(null); // $ Alert // BAD } class C diff --git a/csharp/ql/test/query-tests/API Abuse/NullArgumentToEquals/NullArgumentToEquals.qlref b/csharp/ql/test/query-tests/API Abuse/NullArgumentToEquals/NullArgumentToEquals.qlref index c6b40febef05..12129a164b04 100644 --- a/csharp/ql/test/query-tests/API Abuse/NullArgumentToEquals/NullArgumentToEquals.qlref +++ b/csharp/ql/test/query-tests/API Abuse/NullArgumentToEquals/NullArgumentToEquals.qlref @@ -1 +1,2 @@ -API Abuse/NullArgumentToEquals.ql \ No newline at end of file +query: API Abuse/NullArgumentToEquals.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/API Abuse/NullArgumentToEquals/NullArgumentToEqualsBad.cs b/csharp/ql/test/query-tests/API Abuse/NullArgumentToEquals/NullArgumentToEqualsBad.cs index 612aaa2b1ac6..932ced4ef4a2 100644 --- a/csharp/ql/test/query-tests/API Abuse/NullArgumentToEquals/NullArgumentToEqualsBad.cs +++ b/csharp/ql/test/query-tests/API Abuse/NullArgumentToEquals/NullArgumentToEqualsBad.cs @@ -1,4 +1,4 @@ class Bad { - bool IsNull(object o) => o.Equals(null); + bool IsNull(object o) => o.Equals(null); // $ Alert } diff --git a/csharp/ql/test/query-tests/API Abuse/UncheckedReturnValue/UncheckedReturnValue.cs b/csharp/ql/test/query-tests/API Abuse/UncheckedReturnValue/UncheckedReturnValue.cs index cf290a84bcbb..3a03dddc63ce 100644 --- a/csharp/ql/test/query-tests/API Abuse/UncheckedReturnValue/UncheckedReturnValue.cs +++ b/csharp/ql/test/query-tests/API Abuse/UncheckedReturnValue/UncheckedReturnValue.cs @@ -21,7 +21,7 @@ static void Main(string[] args) ret = intHashSet.Add(42); // BAD: - stringHashSet.Add("42"); + stringHashSet.Add("42"); // $ Alert } } @@ -64,8 +64,8 @@ static void Main(string[] args) ret = s.Read(null, 0, 0); ret = s.Read(null, 0, 0); ret = s.Read(null, 0, 0); - s.Read(null, 0, 0); // always check - s.ReadByte(); // always check + s.Read(null, 0, 0); // $ Alert // always check + s.ReadByte(); // $ Alert // always check } } @@ -82,7 +82,7 @@ static void M() ret1 = M1(); ret1 = M1(); ret1 = M1(); - M1(); // BAD + M1(); // $ Alert // BAD M1(); // GOOD var ret2 = M2(); @@ -103,7 +103,7 @@ static void M() ret2 = M2(); ret2 = M2(); ret2 = M2(); - M2(); // BAD + M2(); // $ Alert // BAD var ret3 = M3(null); ret3 = M3(null); @@ -115,7 +115,7 @@ static void M() ret3 = M3(null); ret3 = M3(null); M3(null); // GOOD - M3(null); // BAD + M3(null); // $ Alert // BAD M3(null); // GOOD } diff --git a/csharp/ql/test/query-tests/API Abuse/UncheckedReturnValue/UncheckedReturnValue.qlref b/csharp/ql/test/query-tests/API Abuse/UncheckedReturnValue/UncheckedReturnValue.qlref index ca9751d2857a..c04faa8008ad 100644 --- a/csharp/ql/test/query-tests/API Abuse/UncheckedReturnValue/UncheckedReturnValue.qlref +++ b/csharp/ql/test/query-tests/API Abuse/UncheckedReturnValue/UncheckedReturnValue.qlref @@ -1 +1,2 @@ -API Abuse/UncheckedReturnValue.ql \ No newline at end of file +query: API Abuse/UncheckedReturnValue.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/API Abuse/UncheckedReturnValue/UncheckedReturnValueBad.cs b/csharp/ql/test/query-tests/API Abuse/UncheckedReturnValue/UncheckedReturnValueBad.cs index 394906e70241..6d9743172c29 100644 --- a/csharp/ql/test/query-tests/API Abuse/UncheckedReturnValue/UncheckedReturnValueBad.cs +++ b/csharp/ql/test/query-tests/API Abuse/UncheckedReturnValue/UncheckedReturnValueBad.cs @@ -26,13 +26,13 @@ public void IgnoreOne() if (DoPrint("I")) Console.WriteLine("I"); - DoPrint("J"); + DoPrint("J"); // $ Alert } void IgnoreRead(string path) { var file = new byte[10]; using (var f = new FileStream(path, FileMode.Open)) - f.Read(file, 0, file.Length); + f.Read(file, 0, file.Length); // $ Alert } } diff --git a/csharp/ql/test/query-tests/ASP/BlockCodeResponseWrite/BlockCodeResponseWrite.qlref b/csharp/ql/test/query-tests/ASP/BlockCodeResponseWrite/BlockCodeResponseWrite.qlref index 40da4c8a2d57..35d5389b7189 100644 --- a/csharp/ql/test/query-tests/ASP/BlockCodeResponseWrite/BlockCodeResponseWrite.qlref +++ b/csharp/ql/test/query-tests/ASP/BlockCodeResponseWrite/BlockCodeResponseWrite.qlref @@ -1 +1,2 @@ -ASP/BlockCodeResponseWrite.ql +query: ASP/BlockCodeResponseWrite.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/ASP/BlockCodeResponseWrite/BlockCodeResponseWriteBad.aspx b/csharp/ql/test/query-tests/ASP/BlockCodeResponseWrite/BlockCodeResponseWriteBad.aspx index 1e4a0fffc015..ebf2cadc8b3f 100644 --- a/csharp/ql/test/query-tests/ASP/BlockCodeResponseWrite/BlockCodeResponseWriteBad.aspx +++ b/csharp/ql/test/query-tests/ASP/BlockCodeResponseWrite/BlockCodeResponseWriteBad.aspx @@ -2,6 +2,6 @@ -

2 + 3 = <%Response.Write(2 + 3)%>

+

2 + 3 = <%Response.Write(2 + 3)%>

<%-- $ Alert[cs/asp/response-write] --%> diff --git a/csharp/ql/test/query-tests/ASP/BlockCodeResponseWrite/test.aspx b/csharp/ql/test/query-tests/ASP/BlockCodeResponseWrite/test.aspx index 1e4a0fffc015..ebf2cadc8b3f 100644 --- a/csharp/ql/test/query-tests/ASP/BlockCodeResponseWrite/test.aspx +++ b/csharp/ql/test/query-tests/ASP/BlockCodeResponseWrite/test.aspx @@ -2,6 +2,6 @@ -

2 + 3 = <%Response.Write(2 + 3)%>

+

2 + 3 = <%Response.Write(2 + 3)%>

<%-- $ Alert[cs/asp/response-write] --%> diff --git a/csharp/ql/test/query-tests/ASP/ComplexInlineCode/ComplexInlineCode.qlref b/csharp/ql/test/query-tests/ASP/ComplexInlineCode/ComplexInlineCode.qlref index 85395099ce9a..9a5bdd6c37e6 100644 --- a/csharp/ql/test/query-tests/ASP/ComplexInlineCode/ComplexInlineCode.qlref +++ b/csharp/ql/test/query-tests/ASP/ComplexInlineCode/ComplexInlineCode.qlref @@ -1 +1,2 @@ -ASP/ComplexInlineCode.ql +query: ASP/ComplexInlineCode.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/ASP/ComplexInlineCode/ComplexInlineCodeBad.aspx b/csharp/ql/test/query-tests/ASP/ComplexInlineCode/ComplexInlineCodeBad.aspx index f4457d89606f..b8e0a25ac2c8 100644 --- a/csharp/ql/test/query-tests/ASP/ComplexInlineCode/ComplexInlineCodeBad.aspx +++ b/csharp/ql/test/query-tests/ASP/ComplexInlineCode/ComplexInlineCodeBad.aspx @@ -15,6 +15,6 @@ } else { ec.Emit (Response, OpCodes.Ldloca, builder); } -%> +%> <%-- $ Alert[cs/asp/complex-inline-code] --%> diff --git a/csharp/ql/test/query-tests/ASP/ComplexInlineCode/test.aspx b/csharp/ql/test/query-tests/ASP/ComplexInlineCode/test.aspx index 1c2d09586ab5..39055702e35c 100644 --- a/csharp/ql/test/query-tests/ASP/ComplexInlineCode/test.aspx +++ b/csharp/ql/test/query-tests/ASP/ComplexInlineCode/test.aspx @@ -9,7 +9,7 @@ Response.write(3 + 2); } End If -%>

+%>

<%-- $ Alert[cs/asp/complex-inline-code] --%>

2 + 3 = <%=2 + 3%>

diff --git a/csharp/ql/test/query-tests/ASP/NonInternationalizedText/NonInternationalizedText.qlref b/csharp/ql/test/query-tests/ASP/NonInternationalizedText/NonInternationalizedText.qlref index 16700623f76e..0ca3c026d73e 100644 --- a/csharp/ql/test/query-tests/ASP/NonInternationalizedText/NonInternationalizedText.qlref +++ b/csharp/ql/test/query-tests/ASP/NonInternationalizedText/NonInternationalizedText.qlref @@ -1 +1,2 @@ -ASP/NonInternationalizedText.ql +query: ASP/NonInternationalizedText.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/ASP/NonInternationalizedText/NonInternationalizedTextBad.aspx b/csharp/ql/test/query-tests/ASP/NonInternationalizedText/NonInternationalizedTextBad.aspx index 2d5e7757d3af..935a9c19e0ef 100644 --- a/csharp/ql/test/query-tests/ASP/NonInternationalizedText/NonInternationalizedTextBad.aspx +++ b/csharp/ql/test/query-tests/ASP/NonInternationalizedText/NonInternationalizedTextBad.aspx @@ -2,6 +2,6 @@ -

Amount: <%= Amount %>

+

Amount: <%= Amount %>

<%-- $ Alert[cs/asp/text-not-internationalized] --%> diff --git a/csharp/ql/test/query-tests/ASP/NonInternationalizedText/test.aspx b/csharp/ql/test/query-tests/ASP/NonInternationalizedText/test.aspx index 44b6ab46947f..7027d6a07cb9 100644 --- a/csharp/ql/test/query-tests/ASP/NonInternationalizedText/test.aspx +++ b/csharp/ql/test/query-tests/ASP/NonInternationalizedText/test.aspx @@ -2,6 +2,6 @@ -

This text is plain English.

+

This text is plain English.

<%-- $ Alert[cs/asp/text-not-internationalized] --%> diff --git a/csharp/ql/test/query-tests/ASP/SplitControlStructure/SplitControlStructure.qlref b/csharp/ql/test/query-tests/ASP/SplitControlStructure/SplitControlStructure.qlref index 4e98f2ecbaa5..57c16f0abe63 100644 --- a/csharp/ql/test/query-tests/ASP/SplitControlStructure/SplitControlStructure.qlref +++ b/csharp/ql/test/query-tests/ASP/SplitControlStructure/SplitControlStructure.qlref @@ -1 +1,2 @@ -ASP/SplitControlStructure.ql +query: ASP/SplitControlStructure.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/ASP/SplitControlStructure/SplitControlStructureBad.aspx b/csharp/ql/test/query-tests/ASP/SplitControlStructure/SplitControlStructureBad.aspx index 4ef3f00f3bfc..870c3df8fd37 100644 --- a/csharp/ql/test/query-tests/ASP/SplitControlStructure/SplitControlStructureBad.aspx +++ b/csharp/ql/test/query-tests/ASP/SplitControlStructure/SplitControlStructureBad.aspx @@ -2,7 +2,7 @@ -<% If ShouldWarn() Then %> +<% If ShouldWarn() Then %> <%-- $ Alert[cs/asp/split-control-structure] --%>

WARNING: <%=warning()%>

<% End If %> diff --git a/csharp/ql/test/query-tests/ASP/SplitControlStructure/test.aspx b/csharp/ql/test/query-tests/ASP/SplitControlStructure/test.aspx index 8cd7245d0ca6..69d889b570a5 100644 --- a/csharp/ql/test/query-tests/ASP/SplitControlStructure/test.aspx +++ b/csharp/ql/test/query-tests/ASP/SplitControlStructure/test.aspx @@ -2,7 +2,7 @@ -<% If Something() Then %> +<% If Something() Then %> <%-- $ Alert[cs/asp/split-control-structure] --%>

2 + 3 = <%=2 + 3%>

<% End If %> diff --git a/csharp/ql/test/query-tests/AlertSuppression/AlertSuppression.qlref b/csharp/ql/test/query-tests/AlertSuppression/AlertSuppression.qlref index 1641277045f7..dc898fca718c 100644 --- a/csharp/ql/test/query-tests/AlertSuppression/AlertSuppression.qlref +++ b/csharp/ql/test/query-tests/AlertSuppression/AlertSuppression.qlref @@ -1 +1 @@ -AlertSuppression.ql \ No newline at end of file +query: AlertSuppression.ql diff --git a/csharp/ql/test/query-tests/Architecture/Dependencies/MutualDependency/MutualDependency.qlref b/csharp/ql/test/query-tests/Architecture/Dependencies/MutualDependency/MutualDependency.qlref index ab1dbe353ef6..273ed4d757a6 100644 --- a/csharp/ql/test/query-tests/Architecture/Dependencies/MutualDependency/MutualDependency.qlref +++ b/csharp/ql/test/query-tests/Architecture/Dependencies/MutualDependency/MutualDependency.qlref @@ -1 +1,2 @@ -Architecture/Dependencies/MutualDependency.ql \ No newline at end of file +query: Architecture/Dependencies/MutualDependency.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Architecture/Dependencies/MutualDependency/MutualDependencyBad.cs b/csharp/ql/test/query-tests/Architecture/Dependencies/MutualDependency/MutualDependencyBad.cs index 370b75b45890..4aeddea95ba8 100644 --- a/csharp/ql/test/query-tests/Architecture/Dependencies/MutualDependency/MutualDependencyBad.cs +++ b/csharp/ql/test/query-tests/Architecture/Dependencies/MutualDependency/MutualDependencyBad.cs @@ -1,6 +1,6 @@ public class Bad { - private class BadModel + private class BadModel // $ Alert { private int i; private BadView view; diff --git a/csharp/ql/test/query-tests/Architecture/Refactoring Opportunities/FeatureEnvy/FeatureEnvy.qlref b/csharp/ql/test/query-tests/Architecture/Refactoring Opportunities/FeatureEnvy/FeatureEnvy.qlref index 9a63a65cd867..6931ecc2f7ec 100644 --- a/csharp/ql/test/query-tests/Architecture/Refactoring Opportunities/FeatureEnvy/FeatureEnvy.qlref +++ b/csharp/ql/test/query-tests/Architecture/Refactoring Opportunities/FeatureEnvy/FeatureEnvy.qlref @@ -1 +1,2 @@ -Architecture/Refactoring Opportunities/FeatureEnvy.ql \ No newline at end of file +query: Architecture/Refactoring Opportunities/FeatureEnvy.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Architecture/Refactoring Opportunities/FeatureEnvy/FeatureEnvyBad.cs b/csharp/ql/test/query-tests/Architecture/Refactoring Opportunities/FeatureEnvy/FeatureEnvyBad.cs index 15678d585760..a3f064ff746c 100644 --- a/csharp/ql/test/query-tests/Architecture/Refactoring Opportunities/FeatureEnvy/FeatureEnvyBad.cs +++ b/csharp/ql/test/query-tests/Architecture/Refactoring Opportunities/FeatureEnvy/FeatureEnvyBad.cs @@ -13,7 +13,7 @@ class Item class Basket { - decimal GetTotalPrice(Item i) + decimal GetTotalPrice(Item i) // $ Alert { if (i.IsOutOfStock) throw new Exception("Item ${i} is out of stock."); diff --git a/csharp/ql/test/query-tests/Architecture/Refactoring Opportunities/InappropriateIntimacy/InappropriateIntimacy.cs b/csharp/ql/test/query-tests/Architecture/Refactoring Opportunities/InappropriateIntimacy/InappropriateIntimacy.cs index 95ff360b3d88..19ce015cdb54 100644 --- a/csharp/ql/test/query-tests/Architecture/Refactoring Opportunities/InappropriateIntimacy/InappropriateIntimacy.cs +++ b/csharp/ql/test/query-tests/Architecture/Refactoring Opportunities/InappropriateIntimacy/InappropriateIntimacy.cs @@ -2,7 +2,7 @@ class InappropriateIntimacy { - class A + class A // $ Alert { public int F1; public int F2; @@ -25,7 +25,7 @@ int M(B b) => b.F1 + b.F2 + b.F3 + b.F4 + b.F5 + b.F6 + b.F7 + b.F8 + b.F9 + b.F10 + b.F11 + b.F12 + b.F13 + b.F14 + b.F15 + b.F16; } - class B + class B // $ Alert { public int F1; public int F2; diff --git a/csharp/ql/test/query-tests/Architecture/Refactoring Opportunities/InappropriateIntimacy/InappropriateIntimacy.qlref b/csharp/ql/test/query-tests/Architecture/Refactoring Opportunities/InappropriateIntimacy/InappropriateIntimacy.qlref index 3b1c4aa5b018..938449179aef 100644 --- a/csharp/ql/test/query-tests/Architecture/Refactoring Opportunities/InappropriateIntimacy/InappropriateIntimacy.qlref +++ b/csharp/ql/test/query-tests/Architecture/Refactoring Opportunities/InappropriateIntimacy/InappropriateIntimacy.qlref @@ -1 +1,2 @@ -Architecture/Refactoring Opportunities/InappropriateIntimacy.ql \ No newline at end of file +query: Architecture/Refactoring Opportunities/InappropriateIntimacy.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Bad Practices/Comments/CommentedOutCode/CommentedOutCode.cs b/csharp/ql/test/query-tests/Bad Practices/Comments/CommentedOutCode/CommentedOutCode.cs index 93575ea6d8b2..117edca06aae 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Comments/CommentedOutCode/CommentedOutCode.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Comments/CommentedOutCode/CommentedOutCode.cs @@ -23,5 +23,5 @@ class Class // int y=3; // Comment // int z=4; // Comment // - // end of example + // $ Alert // end of example } diff --git a/csharp/ql/test/query-tests/Bad Practices/Comments/CommentedOutCode/CommentedOutCode.qlref b/csharp/ql/test/query-tests/Bad Practices/Comments/CommentedOutCode/CommentedOutCode.qlref index 99318fe478e5..59b1ba27b8e2 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Comments/CommentedOutCode/CommentedOutCode.qlref +++ b/csharp/ql/test/query-tests/Bad Practices/Comments/CommentedOutCode/CommentedOutCode.qlref @@ -1 +1,2 @@ -Bad Practices/Comments/CommentedOutCode.ql +query: Bad Practices/Comments/CommentedOutCode.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Bad Practices/Comments/TodoComments/TodoComments.cs b/csharp/ql/test/query-tests/Bad Practices/Comments/TodoComments/TodoComments.cs index e4f13bb4c64c..a78b3ae13e9f 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Comments/TodoComments/TodoComments.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Comments/TodoComments/TodoComments.cs @@ -1,8 +1,8 @@ class C { - // BAD: A TODO comment - // BAD: A FIXME comment + // $ Alert // BAD: A TODO comment + // $ Alert // BAD: A FIXME comment // GOOD: A normal comment // GOOD: Lowercase todo fixme } diff --git a/csharp/ql/test/query-tests/Bad Practices/Comments/TodoComments/TodoComments.qlref b/csharp/ql/test/query-tests/Bad Practices/Comments/TodoComments/TodoComments.qlref index b9114382c5b6..6cdc7b06d6e3 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Comments/TodoComments/TodoComments.qlref +++ b/csharp/ql/test/query-tests/Bad Practices/Comments/TodoComments/TodoComments.qlref @@ -1 +1,2 @@ -Bad Practices/Comments/TodoComments.ql +query: Bad Practices/Comments/TodoComments.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Bad Practices/Comments/TodoComments/TodoCommentsBad.cs b/csharp/ql/test/query-tests/Bad Practices/Comments/TodoComments/TodoCommentsBad.cs index 172305a3bc73..d3d482f726f1 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Comments/TodoComments/TodoCommentsBad.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Comments/TodoComments/TodoCommentsBad.cs @@ -4,7 +4,7 @@ class Bad { public static double SolveQuadratic(double a, double b, double c) { - // TODO: handle case where a == 0 + // $ Alert // TODO: handle case where a == 0 return (-b + Math.Sqrt(b * b - 4 * a * c)) / (2 * a); } } diff --git a/csharp/ql/test/query-tests/Bad Practices/Declarations/EmptyInterface/EmptyInterface.qlref b/csharp/ql/test/query-tests/Bad Practices/Declarations/EmptyInterface/EmptyInterface.qlref index 3984405db6bd..b2b0cf600bce 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Declarations/EmptyInterface/EmptyInterface.qlref +++ b/csharp/ql/test/query-tests/Bad Practices/Declarations/EmptyInterface/EmptyInterface.qlref @@ -1 +1,2 @@ -Bad Practices/Declarations/EmptyInterface.ql \ No newline at end of file +query: Bad Practices/Declarations/EmptyInterface.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Bad Practices/Declarations/EmptyInterface/EmptyInterfaceBad.cs b/csharp/ql/test/query-tests/Bad Practices/Declarations/EmptyInterface/EmptyInterfaceBad.cs index 00f577a62a4f..09fcf1003d71 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Declarations/EmptyInterface/EmptyInterfaceBad.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Declarations/EmptyInterface/EmptyInterfaceBad.cs @@ -2,6 +2,6 @@ class Bad { - interface IsPrintable { } + interface IsPrintable { } // $ Alert class Form1 : IsPrintable { } } diff --git a/csharp/ql/test/query-tests/Bad Practices/Declarations/LocalScopeVariableShadowsMember/LocalScopeVariableShadowsMember.cs b/csharp/ql/test/query-tests/Bad Practices/Declarations/LocalScopeVariableShadowsMember/LocalScopeVariableShadowsMember.cs index cf3062f8af65..05e3dab22c45 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Declarations/LocalScopeVariableShadowsMember/LocalScopeVariableShadowsMember.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Declarations/LocalScopeVariableShadowsMember/LocalScopeVariableShadowsMember.cs @@ -4,13 +4,13 @@ class C { protected int f; - protected virtual void M1(int f) { } // BAD + protected virtual void M1(int f) { } // $ Alert // BAD int M2(int f) => this.f + f; // GOOD void M3() { - var f = ""; // BAD + var f = ""; // $ Alert // BAD } void M4() @@ -23,13 +23,13 @@ struct S { int f; - void M1(int f) { } // BAD + void M1(int f) { } // $ Alert // BAD int M2(int f) => this.f + f; // GOOD void M3() { - var f = ""; // BAD + var f = ""; // $ Alert // BAD } void M4() @@ -45,9 +45,9 @@ interface I class C2 : C, I { - protected override void M1(int f) { } // BAD + protected override void M1(int f) { } // $ Alert // BAD - public void M5(int f) { } // BAD + public void M5(int f) { } // $ Alert // BAD } class C3 : C, I diff --git a/csharp/ql/test/query-tests/Bad Practices/Declarations/LocalScopeVariableShadowsMember/LocalScopeVariableShadowsMember.qlref b/csharp/ql/test/query-tests/Bad Practices/Declarations/LocalScopeVariableShadowsMember/LocalScopeVariableShadowsMember.qlref index 913445e68f24..d7d02b3a9b8d 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Declarations/LocalScopeVariableShadowsMember/LocalScopeVariableShadowsMember.qlref +++ b/csharp/ql/test/query-tests/Bad Practices/Declarations/LocalScopeVariableShadowsMember/LocalScopeVariableShadowsMember.qlref @@ -1 +1,2 @@ -Bad Practices/Declarations/LocalScopeVariableShadowsMember.ql \ No newline at end of file +query: Bad Practices/Declarations/LocalScopeVariableShadowsMember.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Bad Practices/Declarations/LocalScopeVariableShadowsMember/LocalScopeVariableShadowsMemberBad.cs b/csharp/ql/test/query-tests/Bad Practices/Declarations/LocalScopeVariableShadowsMember/LocalScopeVariableShadowsMemberBad.cs index 80ce45469375..d2be18995763 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Declarations/LocalScopeVariableShadowsMember/LocalScopeVariableShadowsMemberBad.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Declarations/LocalScopeVariableShadowsMember/LocalScopeVariableShadowsMemberBad.cs @@ -7,7 +7,7 @@ class Bad public void DisplayDetails() { - var title = "Person Details"; + var title = "Person Details"; // $ Alert var message = "Title: " + title + "\nName: " + name; MessageBox.Show(message, title); } diff --git a/csharp/ql/test/query-tests/Bad Practices/Declarations/NoConstantsOnly/NoConstantsOnly.cs b/csharp/ql/test/query-tests/Bad Practices/Declarations/NoConstantsOnly/NoConstantsOnly.cs index 0d7d15b56532..0fa96bccb0f2 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Declarations/NoConstantsOnly/NoConstantsOnly.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Declarations/NoConstantsOnly/NoConstantsOnly.cs @@ -2,7 +2,7 @@ class NoConstantsOnly { - abstract class MathConstants + abstract class MathConstants // $ Alert { public const double Pi = 3.14; // BAD } diff --git a/csharp/ql/test/query-tests/Bad Practices/Declarations/NoConstantsOnly/NoConstantsOnly.qlref b/csharp/ql/test/query-tests/Bad Practices/Declarations/NoConstantsOnly/NoConstantsOnly.qlref index 3b7e478699de..b46263c9d51a 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Declarations/NoConstantsOnly/NoConstantsOnly.qlref +++ b/csharp/ql/test/query-tests/Bad Practices/Declarations/NoConstantsOnly/NoConstantsOnly.qlref @@ -1 +1,2 @@ -Bad Practices/Declarations/NoConstantsOnly.ql \ No newline at end of file +query: Bad Practices/Declarations/NoConstantsOnly.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Bad Practices/Declarations/NoConstantsOnly/NoConstantsOnlyBad.cs b/csharp/ql/test/query-tests/Bad Practices/Declarations/NoConstantsOnly/NoConstantsOnlyBad.cs index 28f308546ad6..cd92eabd7cf1 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Declarations/NoConstantsOnly/NoConstantsOnlyBad.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Declarations/NoConstantsOnly/NoConstantsOnlyBad.cs @@ -2,7 +2,7 @@ class Bad { - abstract class MathConstants + abstract class MathConstants // $ Alert { public static readonly double Pi = 3.14; } diff --git a/csharp/ql/test/query-tests/Bad Practices/Declarations/TooManyRefParameters/TooManyRefParameters.qlref b/csharp/ql/test/query-tests/Bad Practices/Declarations/TooManyRefParameters/TooManyRefParameters.qlref index 867e4e929bd0..37d7e6ce81ee 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Declarations/TooManyRefParameters/TooManyRefParameters.qlref +++ b/csharp/ql/test/query-tests/Bad Practices/Declarations/TooManyRefParameters/TooManyRefParameters.qlref @@ -1 +1,2 @@ -Bad Practices/Declarations/TooManyRefParameters.ql \ No newline at end of file +query: Bad Practices/Declarations/TooManyRefParameters.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Bad Practices/Declarations/TooManyRefParameters/TooManyRefParametersBad.cs b/csharp/ql/test/query-tests/Bad Practices/Declarations/TooManyRefParameters/TooManyRefParametersBad.cs index 08da4c6c3345..2d8f65570eea 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Declarations/TooManyRefParameters/TooManyRefParametersBad.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Declarations/TooManyRefParameters/TooManyRefParametersBad.cs @@ -2,7 +2,7 @@ class Bad { - private static void PopulateDetails(ref string name, ref string address, ref string tel) + private static void PopulateDetails(ref string name, ref string address, ref string tel) // $ Alert { name = "Foo"; address = "23 Bar Street"; diff --git a/csharp/ql/test/query-tests/Bad Practices/EmptyCatchBlock/EmptyCatchBlock.cs b/csharp/ql/test/query-tests/Bad Practices/EmptyCatchBlock/EmptyCatchBlock.cs index e57deea7f3d1..812c271e1762 100644 --- a/csharp/ql/test/query-tests/Bad Practices/EmptyCatchBlock/EmptyCatchBlock.cs +++ b/csharp/ql/test/query-tests/Bad Practices/EmptyCatchBlock/EmptyCatchBlock.cs @@ -9,7 +9,7 @@ void bad() } catch (Exception) { - } + } // $ Alert } void good() diff --git a/csharp/ql/test/query-tests/Bad Practices/EmptyCatchBlock/EmptyCatchBlock.qlref b/csharp/ql/test/query-tests/Bad Practices/EmptyCatchBlock/EmptyCatchBlock.qlref index 734bb1cadf90..3ba3a0114731 100644 --- a/csharp/ql/test/query-tests/Bad Practices/EmptyCatchBlock/EmptyCatchBlock.qlref +++ b/csharp/ql/test/query-tests/Bad Practices/EmptyCatchBlock/EmptyCatchBlock.qlref @@ -1 +1,2 @@ -Bad Practices/EmptyCatchBlock.ql \ No newline at end of file +query: Bad Practices/EmptyCatchBlock.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/AbstractToConcreteCollection/AbstractToConcreteCollection.cs b/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/AbstractToConcreteCollection/AbstractToConcreteCollection.cs index 795952a82055..8fc03028947f 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/AbstractToConcreteCollection/AbstractToConcreteCollection.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/AbstractToConcreteCollection/AbstractToConcreteCollection.cs @@ -4,7 +4,7 @@ class AbstractToConcreteCollection { void M(IEnumerable strings) { - var list = (List) strings; // BAD + var list = (List) strings; // $ Alert // BAD var o = (object) strings; // GOOD } } diff --git a/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/AbstractToConcreteCollection/AbstractToConcreteCollection.qlref b/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/AbstractToConcreteCollection/AbstractToConcreteCollection.qlref index 307c259dbbb9..26e061e5206e 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/AbstractToConcreteCollection/AbstractToConcreteCollection.qlref +++ b/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/AbstractToConcreteCollection/AbstractToConcreteCollection.qlref @@ -1 +1,2 @@ -Bad Practices/Implementation Hiding/AbstractToConcreteCollection.ql \ No newline at end of file +query: Bad Practices/Implementation Hiding/AbstractToConcreteCollection.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/AbstractToConcreteCollection/AbstractToConcreteCollectionBad.cs b/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/AbstractToConcreteCollection/AbstractToConcreteCollectionBad.cs index 9538fb9d7a06..92b80ea94d73 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/AbstractToConcreteCollection/AbstractToConcreteCollectionBad.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/AbstractToConcreteCollection/AbstractToConcreteCollectionBad.cs @@ -5,7 +5,7 @@ class Bad public static void Main(string[] args) { var names = GetNames(); - var list = (List) names; + var list = (List) names; // $ Alert list.Add("Eve"); } diff --git a/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/ExposeRepresentation/ExposeRepresentation.cs b/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/ExposeRepresentation/ExposeRepresentation.cs index 01b05a000278..073ae9086cfd 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/ExposeRepresentation/ExposeRepresentation.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/ExposeRepresentation/ExposeRepresentation.cs @@ -5,7 +5,7 @@ class ExposeRepresentation class Range { private int[] rarray = new int[2]; - public void Set(int[] a) { rarray = a; } + public void Set(int[] a) { rarray = a; } // $ Alert } public static void Main(string[] args) diff --git a/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/ExposeRepresentation/ExposeRepresentation.qlref b/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/ExposeRepresentation/ExposeRepresentation.qlref index e8bd17759d48..eafb170539aa 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/ExposeRepresentation/ExposeRepresentation.qlref +++ b/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/ExposeRepresentation/ExposeRepresentation.qlref @@ -1 +1,2 @@ -Bad Practices/Implementation Hiding/ExposeRepresentation.ql \ No newline at end of file +query: Bad Practices/Implementation Hiding/ExposeRepresentation.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/ExposeRepresentation/ExposeRepresentationBad.cs b/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/ExposeRepresentation/ExposeRepresentationBad.cs index 221f906aa97f..ee56212d1737 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/ExposeRepresentation/ExposeRepresentationBad.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/ExposeRepresentation/ExposeRepresentationBad.cs @@ -15,7 +15,7 @@ public Range(int min, int max) } } - public int[] Get() => rarray; + public int[] Get() => rarray; // $ Alert } public static void Main(string[] args) diff --git a/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/StaticArray/StaticArray.cs b/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/StaticArray/StaticArray.cs index 210be320a6ee..c42eef53adcc 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/StaticArray/StaticArray.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/StaticArray/StaticArray.cs @@ -10,13 +10,13 @@ class Program public static readonly int[] EmptyArray4; // GOOD: empty - public static readonly int[] NonEmptyArray1 = new int[] { 42 }; // BAD + public static readonly int[] NonEmptyArray1 = new int[] { 42 }; // $ Alert // BAD static readonly int[] NonEmptyArray2 = new int[] { 42 }; // GOOD: private - public static readonly int[] NonEmptyArray3; // BAD + public static readonly int[] NonEmptyArray3; // $ Alert // BAD - public static readonly int[] Array = new int[new Random().Next()]; // BAD + public static readonly int[] Array = new int[new Random().Next()]; // $ Alert // BAD static Program() { diff --git a/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/StaticArray/StaticArray.qlref b/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/StaticArray/StaticArray.qlref index 8dcd9bf72bed..e49a055b5a5e 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/StaticArray/StaticArray.qlref +++ b/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/StaticArray/StaticArray.qlref @@ -1 +1,2 @@ -Bad Practices/Implementation Hiding/StaticArray.ql \ No newline at end of file +query: Bad Practices/Implementation Hiding/StaticArray.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/StaticArray/StaticArrayBad.cs b/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/StaticArray/StaticArrayBad.cs index fe035d4e4f1d..57d8f21c1956 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/StaticArray/StaticArrayBad.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/StaticArray/StaticArrayBad.cs @@ -1,6 +1,6 @@ class Bad { - public static readonly string[] Foo = { "hello", "world" }; + public static readonly string[] Foo = { "hello", "world" }; // $ Alert public static void Main(string[] args) { Foo[0] = "goodbye"; diff --git a/csharp/ql/test/query-tests/Bad Practices/Naming Conventions/ConfusingMethodNames/ConfusingMethodNames.qlref b/csharp/ql/test/query-tests/Bad Practices/Naming Conventions/ConfusingMethodNames/ConfusingMethodNames.qlref index 3308ff3889ef..94d4dc04c64f 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Naming Conventions/ConfusingMethodNames/ConfusingMethodNames.qlref +++ b/csharp/ql/test/query-tests/Bad Practices/Naming Conventions/ConfusingMethodNames/ConfusingMethodNames.qlref @@ -1 +1,2 @@ -Bad Practices/Naming Conventions/ConfusingMethodNames.ql +query: Bad Practices/Naming Conventions/ConfusingMethodNames.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Bad Practices/Naming Conventions/ConfusingMethodNames/Program.cs b/csharp/ql/test/query-tests/Bad Practices/Naming Conventions/ConfusingMethodNames/Program.cs index 7ec82a410312..119c46139af5 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Naming Conventions/ConfusingMethodNames/Program.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Naming Conventions/ConfusingMethodNames/Program.cs @@ -1,6 +1,6 @@ class C1 { - int F() => 0; // BAD: Confusing + int F() => 0; // $ Alert // BAD: Confusing int f() => 0; int G() => 0; // GOOD: Same name int G(int x) => x; diff --git a/csharp/ql/test/query-tests/Bad Practices/Naming Conventions/VariableNameTooShort/VariableNameTooShort.cs b/csharp/ql/test/query-tests/Bad Practices/Naming Conventions/VariableNameTooShort/VariableNameTooShort.cs index a5eb951e148a..bbabb2e0ceec 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Naming Conventions/VariableNameTooShort/VariableNameTooShort.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Naming Conventions/VariableNameTooShort/VariableNameTooShort.cs @@ -3,14 +3,14 @@ class VariableNameTooShort { - int F; // BAD + int F; // $ Alert // BAD int Foo; // GOOD Func Func = _ => ""; - void M(int i /* BAD */, int[] args /* GOOD */) + void M(int i /* BAD */, int[] args /* GOOD */) // $ Alert { args.Select(x /* GOOD */ => x + 1); - Func func = x /* BAD */ => x + 1; + Func func = x /* BAD */ => x + 1; // $ Alert } } diff --git a/csharp/ql/test/query-tests/Bad Practices/Naming Conventions/VariableNameTooShort/VariableNameTooShort.qlref b/csharp/ql/test/query-tests/Bad Practices/Naming Conventions/VariableNameTooShort/VariableNameTooShort.qlref index 02458a1b30fc..c80ef4583b05 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Naming Conventions/VariableNameTooShort/VariableNameTooShort.qlref +++ b/csharp/ql/test/query-tests/Bad Practices/Naming Conventions/VariableNameTooShort/VariableNameTooShort.qlref @@ -1 +1,2 @@ -Bad Practices/Naming Conventions/VariableNameTooShort.ql \ No newline at end of file +query: Bad Practices/Naming Conventions/VariableNameTooShort.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Bad Practices/Path Combine/PathCombine.cs b/csharp/ql/test/query-tests/Bad Practices/Path Combine/PathCombine.cs index bf9b19c4a5c7..d3595dfb540f 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Path Combine/PathCombine.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Path Combine/PathCombine.cs @@ -4,7 +4,7 @@ class PathCombine { void bad() { - Path.Combine(@"C:\Users", @"C:\Program Files"); + Path.Combine(@"C:\Users", @"C:\Program Files"); // $ Alert } void good() diff --git a/csharp/ql/test/query-tests/Bad Practices/Path Combine/PathCombine.qlref b/csharp/ql/test/query-tests/Bad Practices/Path Combine/PathCombine.qlref index eaf41d047402..db4baecbd0f7 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Path Combine/PathCombine.qlref +++ b/csharp/ql/test/query-tests/Bad Practices/Path Combine/PathCombine.qlref @@ -1 +1,2 @@ -Bad Practices/PathCombine.ql \ No newline at end of file +query: Bad Practices/PathCombine.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Bad Practices/VirtualCallInConstructorOrDestructor/VirtualCallInConstructorOrDestructor.cs b/csharp/ql/test/query-tests/Bad Practices/VirtualCallInConstructorOrDestructor/VirtualCallInConstructorOrDestructor.cs index 767c4e484a14..6db005e00cef 100644 --- a/csharp/ql/test/query-tests/Bad Practices/VirtualCallInConstructorOrDestructor/VirtualCallInConstructorOrDestructor.cs +++ b/csharp/ql/test/query-tests/Bad Practices/VirtualCallInConstructorOrDestructor/VirtualCallInConstructorOrDestructor.cs @@ -42,7 +42,7 @@ class C : B C() { // Method call - f_virtual(); // BAD + f_virtual(); // $ Alert // BAD f_sealed(); // GOOD f_nonvirtual(); // GOOD f_interface(); // GOOD @@ -51,23 +51,23 @@ class C : B // Method access Action a; - a = f_virtual; // BAD + a = f_virtual; // $ Alert // BAD a = f_sealed; // GOOD a = f_nonvirtual; // GOOD a = f_interface; // GOOD // Property access - int i = p_virtual; // BAD + int i = p_virtual; // $ Alert // BAD i = p_sealed; // GOOD i = p_nonvirtual; // GOOD // Indexer access - i = this[0]; // BAD + i = this[0]; // $ Alert // BAD i = this[""]; // GOOD i = this[new object()]; // GOOD // Event access - e_virtual += f_nonvirtual; // BAD + e_virtual += f_nonvirtual; // $ Alert // BAD e_sealed += f_nonvirtual; // GOOD e_nonvirtual += f_nonvirtual; // GOOD } diff --git a/csharp/ql/test/query-tests/Bad Practices/VirtualCallInConstructorOrDestructor/VirtualCallInConstructorOrDestructor.qlref b/csharp/ql/test/query-tests/Bad Practices/VirtualCallInConstructorOrDestructor/VirtualCallInConstructorOrDestructor.qlref index 22b4b9fc49c7..b7e586c7dac9 100644 --- a/csharp/ql/test/query-tests/Bad Practices/VirtualCallInConstructorOrDestructor/VirtualCallInConstructorOrDestructor.qlref +++ b/csharp/ql/test/query-tests/Bad Practices/VirtualCallInConstructorOrDestructor/VirtualCallInConstructorOrDestructor.qlref @@ -1 +1,2 @@ -Bad Practices/VirtualCallInConstructorOrDestructor.ql \ No newline at end of file +query: Bad Practices/VirtualCallInConstructorOrDestructor.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/CSI/CompareIdenticalValues/CompareIdenticalValues.cs b/csharp/ql/test/query-tests/CSI/CompareIdenticalValues/CompareIdenticalValues.cs index 719aaa865761..540ce6bb8146 100644 --- a/csharp/ql/test/query-tests/CSI/CompareIdenticalValues/CompareIdenticalValues.cs +++ b/csharp/ql/test/query-tests/CSI/CompareIdenticalValues/CompareIdenticalValues.cs @@ -11,8 +11,8 @@ class CompareIdenticalValues : Super { public void M() { - if (this.Foo == Foo) ; - if (base.Foo == Foo) ; + if (this.Foo == Foo) ; // $ Alert + if (base.Foo == Foo) ; // $ Alert if (Foo == new CompareIdenticalValues().Foo) ; var x = "Abc"; @@ -20,45 +20,45 @@ public void M() var temp = x == x; // BAD: but flagged by cs/constant-comparison double d = double.NaN; - if (d == d) ; // !double.IsNan(d) - if (d <= d) ; // !double.IsNan(d), but unlikely to be intentional - if (d >= d) ; // !double.IsNan(d), but unlikely to be intentional - if (d != d) ; // double.IsNan(d) - if (d > d) ; // always false - if (d < d) ; // always false + if (d == d) ; // $ Alert // !double.IsNan(d) + if (d <= d) ; // $ Alert // !double.IsNan(d), but unlikely to be intentional + if (d >= d) ; // $ Alert // !double.IsNan(d), but unlikely to be intentional + if (d != d) ; // $ Alert // double.IsNan(d) + if (d > d) ; // $ Alert // always false + if (d < d) ; // $ Alert // always false float f = float.NaN; - if (f == f) ; // !float.IsNan(f) - if (f <= f) ; // !float.IsNan(f), but unlikely to be intentional - if (f >= f) ; // !float.IsNan(f), but unlikely to be intentional - if (f != f) ; // float.IsNan(f) - if (f > f) ; // always false - if (f < f) ; // always false + if (f == f) ; // $ Alert // !float.IsNan(f) + if (f <= f) ; // $ Alert // !float.IsNan(f), but unlikely to be intentional + if (f >= f) ; // $ Alert // !float.IsNan(f), but unlikely to be intentional + if (f != f) ; // $ Alert // float.IsNan(f) + if (f > f) ; // $ Alert // always false + if (f < f) ; // $ Alert // always false int i = 0; if (i == i) ; // BAD: but flagged by cs/constant-condition if (i != i) ; // BAD: but flagged by cs/constant-condition CompareIdenticalValues c = null; - c.Prop.Equals(c.Prop); - Equals(c.Prop.Prop.Prop.Foo + 2, c.Prop.Prop.Prop.Foo + 2); + c.Prop.Equals(c.Prop); // $ Alert + Equals(c.Prop.Prop.Prop.Foo + 2, c.Prop.Prop.Prop.Foo + 2); // $ Alert Equals(c.Prop.Prop.Prop.Foo, c.Prop.Prop.Foo); if (base.Bar == Bar) ; - if (Bar == this.Bar) ; - Equals(this); + if (Bar == this.Bar) ; // $ Alert + Equals(this); // $ Alert if (1 + 1 == 2) ; // BAD: but flagged by cs/constant-condition if (1 + 1 == 3) ; if (0 == 1) ; var a = new int[0]; - if (a[0] == a[0]) ; + if (a[0] == a[0]) ; // $ Alert - if (this.Bar[0] == Bar[1 - 1]) ; + if (this.Bar[0] == Bar[1 - 1]) ; // $ Alert if (this.Bar[0] == Bar[1]) ; - if (this.Prop[Foo] == Prop[this.Foo]) ; + if (this.Prop[Foo] == Prop[this.Foo]) ; // $ Alert if (this.Prop[0] == Prop[1]) ; } @@ -73,17 +73,17 @@ public void IsBoxed(T x) where T : I public void IsBoxedWrong1(T x) where T : struct { - ReferenceEquals(x, x); + ReferenceEquals(x, x); // $ Alert } public void IsBoxedWrong2(T x) where T : class { - ReferenceEquals(x, x); + ReferenceEquals(x, x); // $ Alert } public void IsBoxedWrong3(T x) where T : Super { - ReferenceEquals(x, x); + ReferenceEquals(x, x); // $ Alert } public int this[int i] { get { return 0; } } diff --git a/csharp/ql/test/query-tests/CSI/CompareIdenticalValues/CompareIdenticalValues.qlref b/csharp/ql/test/query-tests/CSI/CompareIdenticalValues/CompareIdenticalValues.qlref index 9df8726c3122..cbe82efdbb0e 100644 --- a/csharp/ql/test/query-tests/CSI/CompareIdenticalValues/CompareIdenticalValues.qlref +++ b/csharp/ql/test/query-tests/CSI/CompareIdenticalValues/CompareIdenticalValues.qlref @@ -1 +1,2 @@ -CSI/CompareIdenticalValues.ql \ No newline at end of file +query: CSI/CompareIdenticalValues.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Concurrency/FutileSyncOnField/FutileSyncOnField.cs b/csharp/ql/test/query-tests/Concurrency/FutileSyncOnField/FutileSyncOnField.cs index b0fd29e17fa9..3bb2733dee0a 100644 --- a/csharp/ql/test/query-tests/Concurrency/FutileSyncOnField/FutileSyncOnField.cs +++ b/csharp/ql/test/query-tests/Concurrency/FutileSyncOnField/FutileSyncOnField.cs @@ -10,12 +10,12 @@ void f(Object o2) void test() { - lock (o) + lock (o) // $ Alert { o = new Foo(); // BAD } - lock (o) + lock (o) // $ Alert { f(o = null); // BAD } @@ -25,7 +25,7 @@ void test() o = new Foo(); // GOOD } - lock (o2) + lock (o2) // $ Alert { GetNewObject(out o2); // BAD } diff --git a/csharp/ql/test/query-tests/Concurrency/FutileSyncOnField/FutileSyncOnField.qlref b/csharp/ql/test/query-tests/Concurrency/FutileSyncOnField/FutileSyncOnField.qlref index f3967efa87b8..74b0da761fbf 100644 --- a/csharp/ql/test/query-tests/Concurrency/FutileSyncOnField/FutileSyncOnField.qlref +++ b/csharp/ql/test/query-tests/Concurrency/FutileSyncOnField/FutileSyncOnField.qlref @@ -1 +1,2 @@ -Concurrency/FutileSyncOnField.ql \ No newline at end of file +query: Concurrency/FutileSyncOnField.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Concurrency/LockOrder/LockOrder.cs b/csharp/ql/test/query-tests/Concurrency/LockOrder/LockOrder.cs index d2634c3e793b..69f1b89c657e 100644 --- a/csharp/ql/test/query-tests/Concurrency/LockOrder/LockOrder.cs +++ b/csharp/ql/test/query-tests/Concurrency/LockOrder/LockOrder.cs @@ -3,7 +3,7 @@ class LocalTest { // BAD: b is flagged. - Object a, b, c; + Object a, b, c; // $ Alert void F() { @@ -24,7 +24,7 @@ void H() class GlobalTest { // BAD: b is flagged. - static Object a, b, c; + static Object a, b, c; // $ Alert void F() { @@ -51,7 +51,7 @@ void I() class LambdaTest { // BAD: a is flagged. - static Object a, b; + static Object a, b; // $ Alert void F() { diff --git a/csharp/ql/test/query-tests/Concurrency/LockOrder/LockOrder.qlref b/csharp/ql/test/query-tests/Concurrency/LockOrder/LockOrder.qlref index ee922bdeb80a..7404f9bf0183 100644 --- a/csharp/ql/test/query-tests/Concurrency/LockOrder/LockOrder.qlref +++ b/csharp/ql/test/query-tests/Concurrency/LockOrder/LockOrder.qlref @@ -1 +1,2 @@ -Concurrency/LockOrder.ql \ No newline at end of file +query: Concurrency/LockOrder.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Concurrency/LockOrder/LockOrderBad.cs b/csharp/ql/test/query-tests/Concurrency/LockOrder/LockOrderBad.cs index a9dd05ac8663..f2c3b18f1b44 100644 --- a/csharp/ql/test/query-tests/Concurrency/LockOrder/LockOrderBad.cs +++ b/csharp/ql/test/query-tests/Concurrency/LockOrder/LockOrderBad.cs @@ -3,7 +3,7 @@ class Deadlock { - private readonly Object lock1 = new Object(); + private readonly Object lock1 = new Object(); // $ Alert private readonly Object lock2 = new Object(); public void thread1() diff --git a/csharp/ql/test/query-tests/Concurrency/LockThis/LockThis.cs b/csharp/ql/test/query-tests/Concurrency/LockThis/LockThis.cs index f1bc631ced95..02c7afff5c96 100644 --- a/csharp/ql/test/query-tests/Concurrency/LockThis/LockThis.cs +++ b/csharp/ql/test/query-tests/Concurrency/LockThis/LockThis.cs @@ -6,7 +6,7 @@ class Program void f() { - lock (this) // Not OK + lock (this) // $ Alert // Not OK { } diff --git a/csharp/ql/test/query-tests/Concurrency/LockThis/LockThis.qlref b/csharp/ql/test/query-tests/Concurrency/LockThis/LockThis.qlref index 1cdf31326db7..7eb86f638bd3 100644 --- a/csharp/ql/test/query-tests/Concurrency/LockThis/LockThis.qlref +++ b/csharp/ql/test/query-tests/Concurrency/LockThis/LockThis.qlref @@ -1 +1,2 @@ -Concurrency/LockThis.ql \ No newline at end of file +query: Concurrency/LockThis.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Concurrency/LockedWait/LockedWait.cs b/csharp/ql/test/query-tests/Concurrency/LockedWait/LockedWait.cs index 8fbee2d035af..2067229d9ff9 100644 --- a/csharp/ql/test/query-tests/Concurrency/LockedWait/LockedWait.cs +++ b/csharp/ql/test/query-tests/Concurrency/LockedWait/LockedWait.cs @@ -22,14 +22,14 @@ static void Main() lock (lock1) { - System.Threading.Monitor.Wait(lock2); // BAD + System.Threading.Monitor.Wait(lock2); // $ Alert // BAD } lock (lock1) { lock (lock2) { - System.Threading.Monitor.Wait(lock2); // BAD + System.Threading.Monitor.Wait(lock2); // $ Alert // BAD } } @@ -37,7 +37,7 @@ static void Main() { lock (lock2) { - System.Threading.Monitor.Wait(lock1); // BAD + System.Threading.Monitor.Wait(lock1); // $ Alert // BAD } } } @@ -45,13 +45,13 @@ static void Main() [MethodImpl(MethodImplOptions.Synchronized)] void Lock2() { - System.Threading.Monitor.Wait(lock1); // BAD + System.Threading.Monitor.Wait(lock1); // $ Alert // BAD System.Threading.Monitor.Wait(this); // GOOD - System.Threading.Monitor.Wait(typeof(Program)); // BAD - System.Threading.Monitor.Wait(typeof(Int32)); // BAD + System.Threading.Monitor.Wait(typeof(Program)); // $ Alert // BAD + System.Threading.Monitor.Wait(typeof(Int32)); // $ Alert // BAD lock (lock1) { - System.Threading.Monitor.Wait(lock1); // BAD + System.Threading.Monitor.Wait(lock1); // $ Alert // BAD } } @@ -60,28 +60,28 @@ static void Lock3() { lock (lock1) { - System.Threading.Monitor.Wait(lock1); // BAD + System.Threading.Monitor.Wait(lock1); // $ Alert // BAD } - System.Threading.Monitor.Wait(lock1); // BAD + System.Threading.Monitor.Wait(lock1); // $ Alert // BAD System.Threading.Monitor.Wait(typeof(Program)); // GOOD - System.Threading.Monitor.Wait(typeof(Int32)); // BAD + System.Threading.Monitor.Wait(typeof(Int32)); // $ Alert // BAD } void Lock4() { lock (this) { - System.Threading.Monitor.Wait(typeof(Program)); // BAD + System.Threading.Monitor.Wait(typeof(Program)); // $ Alert // BAD System.Threading.Monitor.Wait(this); // GOOD - System.Threading.Monitor.Wait(lock1); // BAD + System.Threading.Monitor.Wait(lock1); // $ Alert // BAD } lock (typeof(Program)) { System.Threading.Monitor.Wait(typeof(Program)); // GOOD - System.Threading.Monitor.Wait(this); // BAD - System.Threading.Monitor.Wait(lock1); // BAD - System.Threading.Monitor.Wait(typeof(Int32)); // BAD + System.Threading.Monitor.Wait(this); // $ Alert // BAD + System.Threading.Monitor.Wait(lock1); // $ Alert // BAD + System.Threading.Monitor.Wait(typeof(Int32)); // $ Alert // BAD } } } diff --git a/csharp/ql/test/query-tests/Concurrency/LockedWait/LockedWait.qlref b/csharp/ql/test/query-tests/Concurrency/LockedWait/LockedWait.qlref index 559d900bb6cd..64c4021f0d81 100644 --- a/csharp/ql/test/query-tests/Concurrency/LockedWait/LockedWait.qlref +++ b/csharp/ql/test/query-tests/Concurrency/LockedWait/LockedWait.qlref @@ -1 +1,2 @@ -Concurrency/LockedWait.ql \ No newline at end of file +query: Concurrency/LockedWait.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Concurrency/SynchSetUnsynchGet/SynchSetUnsynchGet.cs b/csharp/ql/test/query-tests/Concurrency/SynchSetUnsynchGet/SynchSetUnsynchGet.cs index 8b41604a9e67..288783fabae0 100644 --- a/csharp/ql/test/query-tests/Concurrency/SynchSetUnsynchGet/SynchSetUnsynchGet.cs +++ b/csharp/ql/test/query-tests/Concurrency/SynchSetUnsynchGet/SynchSetUnsynchGet.cs @@ -6,7 +6,7 @@ class C1 object mutex = new Object(); // BAD: getter is unlocked - int BadProperty1 + int BadProperty1 // $ Alert { get { @@ -20,7 +20,7 @@ int BadProperty1 } // BAD: getter is not properly locked - int BadProperty2 + int BadProperty2 // $ Alert { get { diff --git a/csharp/ql/test/query-tests/Concurrency/SynchSetUnsynchGet/SynchSetUnsynchGet.qlref b/csharp/ql/test/query-tests/Concurrency/SynchSetUnsynchGet/SynchSetUnsynchGet.qlref index e1b6f28159c6..4604a0daa6c2 100644 --- a/csharp/ql/test/query-tests/Concurrency/SynchSetUnsynchGet/SynchSetUnsynchGet.qlref +++ b/csharp/ql/test/query-tests/Concurrency/SynchSetUnsynchGet/SynchSetUnsynchGet.qlref @@ -1 +1,2 @@ -Concurrency/SynchSetUnsynchGet.ql \ No newline at end of file +query: Concurrency/SynchSetUnsynchGet.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Concurrency/UnsafeLazyInitialization/UnsafeLazyInitialization.cs b/csharp/ql/test/query-tests/Concurrency/UnsafeLazyInitialization/UnsafeLazyInitialization.cs index cd83b18e65c4..6a292c83ae5b 100644 --- a/csharp/ql/test/query-tests/Concurrency/UnsafeLazyInitialization/UnsafeLazyInitialization.cs +++ b/csharp/ql/test/query-tests/Concurrency/UnsafeLazyInitialization/UnsafeLazyInitialization.cs @@ -23,13 +23,13 @@ void Fn() obj1 = null; } } - } + } // $ Alert // BAD if (obj1 == null) lock (mutex) if (obj1 == null) - obj1 = null; + obj1 = null; // $ Alert // GOOD: A value-type if (cond1) @@ -84,7 +84,7 @@ void Fn() if (null == obj1) obj1 = null; } - } + } // $ Alert // GOOD: not a field object a = null; @@ -103,7 +103,7 @@ void Fn() obj1 = null; } } - } + } // $ Alert // BAD: both obj1 and obj3 are flagged. if (obj1 == null && obj3 == null) @@ -116,7 +116,7 @@ void Fn() obj3 = null; } } - } + } // $ Alert // GOOD: Locking a struct if (struct1 == struct2) @@ -134,7 +134,7 @@ void Fn() if (struct1.x is null) lock (mutex) if(struct1.x is null) - struct1.x = 3; + struct1.x = 3; // $ Alert // GOOD: Tuples are structs so cannot be volatile. if(pair1 == (1,2)) diff --git a/csharp/ql/test/query-tests/Concurrency/UnsafeLazyInitialization/UnsafeLazyInitialization.qlref b/csharp/ql/test/query-tests/Concurrency/UnsafeLazyInitialization/UnsafeLazyInitialization.qlref index 084b5abcc176..a78173ad9fb8 100644 --- a/csharp/ql/test/query-tests/Concurrency/UnsafeLazyInitialization/UnsafeLazyInitialization.qlref +++ b/csharp/ql/test/query-tests/Concurrency/UnsafeLazyInitialization/UnsafeLazyInitialization.qlref @@ -1 +1,2 @@ -Concurrency/UnsafeLazyInitialization.ql \ No newline at end of file +query: Concurrency/UnsafeLazyInitialization.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Concurrency/UnsynchronizedStaticAccess/UnsynchronizedStaticAccess.cs b/csharp/ql/test/query-tests/Concurrency/UnsynchronizedStaticAccess/UnsynchronizedStaticAccess.cs index c78ca515b518..eef9339a23fe 100644 --- a/csharp/ql/test/query-tests/Concurrency/UnsynchronizedStaticAccess/UnsynchronizedStaticAccess.cs +++ b/csharp/ql/test/query-tests/Concurrency/UnsynchronizedStaticAccess/UnsynchronizedStaticAccess.cs @@ -20,7 +20,7 @@ public static void aWriter() public void test() { // BAD: unsynchronized access - string val = dict["foo"]; + string val = dict["foo"]; // $ Alert lock (mutex) { @@ -66,6 +66,6 @@ private void testLocked() private void testMethod() { // BAD: called concurrently by thread - string val = dict["foo"]; + string val = dict["foo"]; // $ Alert } } diff --git a/csharp/ql/test/query-tests/Concurrency/UnsynchronizedStaticAccess/UnsynchronizedStaticAccess.qlref b/csharp/ql/test/query-tests/Concurrency/UnsynchronizedStaticAccess/UnsynchronizedStaticAccess.qlref index 59d6716994fd..2fceef745285 100644 --- a/csharp/ql/test/query-tests/Concurrency/UnsynchronizedStaticAccess/UnsynchronizedStaticAccess.qlref +++ b/csharp/ql/test/query-tests/Concurrency/UnsynchronizedStaticAccess/UnsynchronizedStaticAccess.qlref @@ -1 +1,2 @@ -Concurrency/UnsynchronizedStaticAccess.ql \ No newline at end of file +query: Concurrency/UnsynchronizedStaticAccess.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Configuration/PasswordInConfigurationFile/EmptyPasswordInConfigurationFile.qlref b/csharp/ql/test/query-tests/Configuration/PasswordInConfigurationFile/EmptyPasswordInConfigurationFile.qlref index 9dae41964f3f..75899b3d5f2e 100644 --- a/csharp/ql/test/query-tests/Configuration/PasswordInConfigurationFile/EmptyPasswordInConfigurationFile.qlref +++ b/csharp/ql/test/query-tests/Configuration/PasswordInConfigurationFile/EmptyPasswordInConfigurationFile.qlref @@ -1 +1,2 @@ -Configuration/EmptyPasswordInConfigurationFile.ql +query: Configuration/EmptyPasswordInConfigurationFile.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Configuration/PasswordInConfigurationFile/PasswordInConfigurationFile.qlref b/csharp/ql/test/query-tests/Configuration/PasswordInConfigurationFile/PasswordInConfigurationFile.qlref index b440a1f6909b..9ae43388c25c 100644 --- a/csharp/ql/test/query-tests/Configuration/PasswordInConfigurationFile/PasswordInConfigurationFile.qlref +++ b/csharp/ql/test/query-tests/Configuration/PasswordInConfigurationFile/PasswordInConfigurationFile.qlref @@ -1 +1,2 @@ -Configuration/PasswordInConfigurationFile.ql +query: Configuration/PasswordInConfigurationFile.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Configuration/PasswordInConfigurationFile/config.xml b/csharp/ql/test/query-tests/Configuration/PasswordInConfigurationFile/config.xml index a72d5f8fa752..7a5f382236f8 100644 --- a/csharp/ql/test/query-tests/Configuration/PasswordInConfigurationFile/config.xml +++ b/csharp/ql/test/query-tests/Configuration/PasswordInConfigurationFile/config.xml @@ -1,15 +1,15 @@ - - + + - - + + - - - - + + + + diff --git a/csharp/ql/test/query-tests/Dead Code/NonAssignedFields/NonAssignedFields.cs b/csharp/ql/test/query-tests/Dead Code/NonAssignedFields/NonAssignedFields.cs index f7f18a187da2..00f79bc89d74 100644 --- a/csharp/ql/test/query-tests/Dead Code/NonAssignedFields/NonAssignedFields.cs +++ b/csharp/ql/test/query-tests/Dead Code/NonAssignedFields/NonAssignedFields.cs @@ -84,8 +84,8 @@ struct PtrToStructure2 class Fields1 { // BAD: - int BadNonAssigned; - object BadAssignedNull = null; + int BadNonAssigned; // $ Alert + object BadAssignedNull = null; // $ Alert // GOOD: int GoodAssignedByInitializer = 0; diff --git a/csharp/ql/test/query-tests/Dead Code/NonAssignedFields/NonAssignedFields.qlref b/csharp/ql/test/query-tests/Dead Code/NonAssignedFields/NonAssignedFields.qlref index 39148492539f..c2632de3dd2e 100644 --- a/csharp/ql/test/query-tests/Dead Code/NonAssignedFields/NonAssignedFields.qlref +++ b/csharp/ql/test/query-tests/Dead Code/NonAssignedFields/NonAssignedFields.qlref @@ -1 +1,2 @@ -Dead Code/NonAssignedFields.ql \ No newline at end of file +query: Dead Code/NonAssignedFields.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Dead Code/Tests/DeadRefTypes.qlref b/csharp/ql/test/query-tests/Dead Code/Tests/DeadRefTypes.qlref index 56db2195eb87..e8ba93a5e7fc 100644 --- a/csharp/ql/test/query-tests/Dead Code/Tests/DeadRefTypes.qlref +++ b/csharp/ql/test/query-tests/Dead Code/Tests/DeadRefTypes.qlref @@ -1 +1,2 @@ -Dead Code/DeadRefTypes.ql \ No newline at end of file +query: Dead Code/DeadRefTypes.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Dead Code/Tests/UnusedField.qlref b/csharp/ql/test/query-tests/Dead Code/Tests/UnusedField.qlref index 8464f79cd9bc..3803f9ec7bad 100644 --- a/csharp/ql/test/query-tests/Dead Code/Tests/UnusedField.qlref +++ b/csharp/ql/test/query-tests/Dead Code/Tests/UnusedField.qlref @@ -1 +1,2 @@ -Dead Code/UnusedField.ql +query: Dead Code/UnusedField.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Dead Code/Tests/UnusedMethod.qlref b/csharp/ql/test/query-tests/Dead Code/Tests/UnusedMethod.qlref index efc3937de8c0..9edba82f5dbf 100644 --- a/csharp/ql/test/query-tests/Dead Code/Tests/UnusedMethod.qlref +++ b/csharp/ql/test/query-tests/Dead Code/Tests/UnusedMethod.qlref @@ -1 +1,2 @@ -Dead Code/UnusedMethod.ql +query: Dead Code/UnusedMethod.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Dead Code/Tests/deadcode.cs b/csharp/ql/test/query-tests/Dead Code/Tests/deadcode.cs index d6905a6100fd..fb406104d6ad 100644 --- a/csharp/ql/test/query-tests/Dead Code/Tests/deadcode.cs +++ b/csharp/ql/test/query-tests/Dead Code/Tests/deadcode.cs @@ -21,7 +21,7 @@ sealed class Exported : Interface1 } // BAD: Class is dead -sealed class Dead2 +sealed class Dead2 // $ Alert[cs/unused-reftype] { } @@ -82,7 +82,7 @@ static int Main(string[] args) public struct S { - C Field; // dead + C Field; // $ Alert[cs/unused-field] // dead class C { } // not dead } diff --git a/csharp/ql/test/query-tests/Dead Code/Tests/regression.cs b/csharp/ql/test/query-tests/Dead Code/Tests/regression.cs index 3f6a4a2937b4..bc4a3d6ce893 100644 --- a/csharp/ql/test/query-tests/Dead Code/Tests/regression.cs +++ b/csharp/ql/test/query-tests/Dead Code/Tests/regression.cs @@ -4,7 +4,7 @@ class Test : IComparer { // this is really dead - private string dead = "Actual dead field"; + private string dead = "Actual dead field"; // $ Alert[cs/unused-field] private static void Main(string[] args) { @@ -48,7 +48,7 @@ private static int PartCompare(string a, string b) } // this is really dead - private void ActualDeadMethod() { } + private void ActualDeadMethod() { } // $ Alert[cs/unused-method] // this is live private void DynamicSig(dynamic d) { } @@ -57,7 +57,7 @@ private void DynamicSig(dynamic d) { } private void DynamicallyCalled(int i) { } // this is dead - private void NotDynamicallyCalled(int i) { } + private void NotDynamicallyCalled(int i) { } // $ Alert[cs/unused-method] // this is live private void DynamicallyCalledOnDynamicType(int i) { } @@ -74,14 +74,14 @@ public static int GenericTest() static int liveFieldAccessedFromGeneric; // BAD: This is dead - void DeadCaller() + void DeadCaller() // $ Alert[cs/unused-method] { DeadGeneric(0); DeadGeneric(0.0); } // BAD: This is dead (called from dead) - void DeadGeneric(V a) { } + void DeadGeneric(V a) { } // $ Alert[cs/unused-method] } class GenericClass @@ -102,18 +102,18 @@ int LiveGeneric(V v) int liveField; // BAD: These are not live - void DeadGeneric1() + void DeadGeneric1() // $ Alert[cs/unused-method] { DeadGeneric2(0); DeadGeneric2(1.0); } - void DeadGeneric2(V v) { } + void DeadGeneric2(V v) { } // $ Alert[cs/unused-method] // BAD: This is dead (never accessed) - int deadField; + int deadField; // $ Alert[cs/unused-field] // BAD: This is dead (only ever written) - int deadWrittenField; + int deadWrittenField; // $ Alert[cs/unused-field] } class MemberInitialization @@ -126,7 +126,7 @@ class ThisIsLive : ITest { } public class FieldOutParam { // BAD: Only written (by an out param) - int deadField; + int deadField; // $ Alert[cs/unused-field] public void Test() { diff --git a/csharp/ql/test/query-tests/Documentation/XmldocExtraParam.qlref b/csharp/ql/test/query-tests/Documentation/XmldocExtraParam.qlref index fd8371466b6f..8439ce413ec1 100644 --- a/csharp/ql/test/query-tests/Documentation/XmldocExtraParam.qlref +++ b/csharp/ql/test/query-tests/Documentation/XmldocExtraParam.qlref @@ -1 +1,2 @@ -Documentation/XmldocExtraParam.ql +query: Documentation/XmldocExtraParam.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Documentation/XmldocExtraTypeParam.qlref b/csharp/ql/test/query-tests/Documentation/XmldocExtraTypeParam.qlref index bc8515e6675c..67de8cb4600e 100644 --- a/csharp/ql/test/query-tests/Documentation/XmldocExtraTypeParam.qlref +++ b/csharp/ql/test/query-tests/Documentation/XmldocExtraTypeParam.qlref @@ -1 +1,2 @@ -Documentation/XmldocExtraTypeParam.ql \ No newline at end of file +query: Documentation/XmldocExtraTypeParam.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Documentation/XmldocMissing.qlref b/csharp/ql/test/query-tests/Documentation/XmldocMissing.qlref index 281a5cb07029..6ca5136a2e38 100644 --- a/csharp/ql/test/query-tests/Documentation/XmldocMissing.qlref +++ b/csharp/ql/test/query-tests/Documentation/XmldocMissing.qlref @@ -1 +1,2 @@ -Documentation/XmldocMissing.ql \ No newline at end of file +query: Documentation/XmldocMissing.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Documentation/XmldocMissingException.qlref b/csharp/ql/test/query-tests/Documentation/XmldocMissingException.qlref index ec059908e38c..4cd247832588 100644 --- a/csharp/ql/test/query-tests/Documentation/XmldocMissingException.qlref +++ b/csharp/ql/test/query-tests/Documentation/XmldocMissingException.qlref @@ -1 +1,2 @@ -Documentation/XmldocMissingException.ql +query: Documentation/XmldocMissingException.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Documentation/XmldocMissingParam.qlref b/csharp/ql/test/query-tests/Documentation/XmldocMissingParam.qlref index 9a8d6f801b7b..9b34d284c01d 100644 --- a/csharp/ql/test/query-tests/Documentation/XmldocMissingParam.qlref +++ b/csharp/ql/test/query-tests/Documentation/XmldocMissingParam.qlref @@ -1 +1,2 @@ -Documentation/XmldocMissingParam.ql +query: Documentation/XmldocMissingParam.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Documentation/XmldocMissingReturn.qlref b/csharp/ql/test/query-tests/Documentation/XmldocMissingReturn.qlref index 6eb8865b4b5d..ad0ea9697424 100644 --- a/csharp/ql/test/query-tests/Documentation/XmldocMissingReturn.qlref +++ b/csharp/ql/test/query-tests/Documentation/XmldocMissingReturn.qlref @@ -1 +1,2 @@ -Documentation/XmldocMissingReturn.ql +query: Documentation/XmldocMissingReturn.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Documentation/XmldocMissingSummary.qlref b/csharp/ql/test/query-tests/Documentation/XmldocMissingSummary.qlref index 5046e31a3db4..b90b6e39ce7f 100644 --- a/csharp/ql/test/query-tests/Documentation/XmldocMissingSummary.qlref +++ b/csharp/ql/test/query-tests/Documentation/XmldocMissingSummary.qlref @@ -1 +1,2 @@ -Documentation/XmldocMissingSummary.ql +query: Documentation/XmldocMissingSummary.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Documentation/XmldocMissingTypeParam.qlref b/csharp/ql/test/query-tests/Documentation/XmldocMissingTypeParam.qlref index f06bbb263d02..7090a1612d89 100644 --- a/csharp/ql/test/query-tests/Documentation/XmldocMissingTypeParam.qlref +++ b/csharp/ql/test/query-tests/Documentation/XmldocMissingTypeParam.qlref @@ -1 +1,2 @@ -Documentation/XmldocMissingTypeParam.ql +query: Documentation/XmldocMissingTypeParam.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Documentation/documentation.cs b/csharp/ql/test/query-tests/Documentation/documentation.cs index 810e9b5a34af..1efeeb8d4599 100644 --- a/csharp/ql/test/query-tests/Documentation/documentation.cs +++ b/csharp/ql/test/query-tests/Documentation/documentation.cs @@ -30,13 +30,13 @@ public virtual int method1(int p1, int p2) /// BAD: This XML comment is missing several tags /// BAD: This parameter does not exist /// BAD: This should say Exception2 - public int method2(int p1, int p2) + public int method2(int p1, int p2) // $ Alert[cs/xmldoc/missing-exception] Alert[cs/xmldoc/missing-parameter] Alert[cs/xmldoc/missing-return] Alert[cs/xmldoc/missing-summary] Alert[cs/xmldoc/unknown-parameter] { return p1 > 0 ? throw new Exception2() : p2; } // BAD: Missing documentation comment - public int method3() + public int method3() // $ Alert[cs/xmldoc/missing-xmldoc] { return 0; } @@ -48,7 +48,7 @@ internal int method4() } // BAD: Public class is not documented - public class Class2 + public class Class2 // $ Alert[cs/xmldoc/missing-xmldoc] { } @@ -71,7 +71,7 @@ public Class1(int p) } // BAD: Constructor is public and not documented - public Class1(int a, int b) + public Class1(int a, int b) // $ Alert[cs/xmldoc/missing-xmldoc] { } @@ -80,7 +80,7 @@ public Class1(int a, int b) /// BAD: Contains an extra typeparam /// /// The type - class Class4 { } + class Class4 { } // $ Alert[cs/xmldoc/missing-type-parameter] Alert[cs/xmldoc/unknown-type-parameter] /// /// GOOD: Type params are correctly labeled @@ -95,7 +95,7 @@ class Class5 { } /// /// BAD typeparam /// GOOD typeparam - void method5() { } + void method5() { } // $ Alert[cs/xmldoc/missing-type-parameter] Alert[cs/xmldoc/unknown-type-parameter] // BAD: These fields are empty /// @@ -103,7 +103,7 @@ void method5() { } /// /// /// - public virtual int method4(int p1, int p2) { return p1; } + public virtual int method4(int p1, int p2) { return p1; } // $ Alert[cs/xmldoc/missing-parameter] Alert[cs/xmldoc/missing-return] Alert[cs/xmldoc/missing-summary] Alert[cs/xmldoc/missing-type-parameter] } class Class2 : Class1 @@ -132,7 +132,7 @@ public void method5() // BAD: Has only System.Runtime.CompilerServices attribute [System.Runtime.CompilerServices.My2] - public void method6() + public void method6() // $ Alert[cs/xmldoc/missing-xmldoc] { } } diff --git a/csharp/ql/test/query-tests/EmptyBlock/EmptyBlock.cs b/csharp/ql/test/query-tests/EmptyBlock/EmptyBlock.cs index b3e0cff6ae30..4095af2863a4 100644 --- a/csharp/ql/test/query-tests/EmptyBlock/EmptyBlock.cs +++ b/csharp/ql/test/query-tests/EmptyBlock/EmptyBlock.cs @@ -7,7 +7,7 @@ static void Method(string[] args) // BAD foreach (var arg in args) { - } + } // $ Alert // OK - comment foreach (var arg in args) @@ -24,7 +24,7 @@ static void Method(string[] args) // BAD if (true) { - } + } // $ Alert // OK - comment if (true) @@ -46,6 +46,6 @@ static void Method(string[] args) // BAD: there is no update for (int i = 0; i < 10;) { - } + } // $ Alert } } diff --git a/csharp/ql/test/query-tests/EmptyBlock/EmptyBlock.qlref b/csharp/ql/test/query-tests/EmptyBlock/EmptyBlock.qlref index af8a3a21f8a7..5fe264815b80 100644 --- a/csharp/ql/test/query-tests/EmptyBlock/EmptyBlock.qlref +++ b/csharp/ql/test/query-tests/EmptyBlock/EmptyBlock.qlref @@ -1 +1,2 @@ -Likely Bugs/Statements/EmptyBlock.ql +query: Likely Bugs/Statements/EmptyBlock.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Language Abuse/CatchOfGenericException/CatchOfGenericException.cs b/csharp/ql/test/query-tests/Language Abuse/CatchOfGenericException/CatchOfGenericException.cs index 64c4038d3319..45dc182cc729 100644 --- a/csharp/ql/test/query-tests/Language Abuse/CatchOfGenericException/CatchOfGenericException.cs +++ b/csharp/ql/test/query-tests/Language Abuse/CatchOfGenericException/CatchOfGenericException.cs @@ -9,14 +9,14 @@ void M(bool rethrow) } catch (Exception) { // BAD - } + } // $ Alert try { } catch { // BAD - } + } // $ Alert try { @@ -53,6 +53,6 @@ double reciprocal(double input) { // BAD // division by zero, return 0 return 0; - } + } // $ Alert } } diff --git a/csharp/ql/test/query-tests/Language Abuse/CatchOfGenericException/CatchOfGenericException.qlref b/csharp/ql/test/query-tests/Language Abuse/CatchOfGenericException/CatchOfGenericException.qlref index 9606fc128a75..c5b986a2b663 100644 --- a/csharp/ql/test/query-tests/Language Abuse/CatchOfGenericException/CatchOfGenericException.qlref +++ b/csharp/ql/test/query-tests/Language Abuse/CatchOfGenericException/CatchOfGenericException.qlref @@ -1 +1,2 @@ -Language Abuse/CatchOfGenericException.ql \ No newline at end of file +query: Language Abuse/CatchOfGenericException.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Language Abuse/ChainedIs/ChainedIs.cs b/csharp/ql/test/query-tests/Language Abuse/ChainedIs/ChainedIs.cs index ffe1da808750..3917ff990801 100644 --- a/csharp/ql/test/query-tests/Language Abuse/ChainedIs/ChainedIs.cs +++ b/csharp/ql/test/query-tests/Language Abuse/ChainedIs/ChainedIs.cs @@ -62,7 +62,7 @@ public void M(object x) } else if (x is F) { - } // BAD + } // $ Alert // BAD } class A { } diff --git a/csharp/ql/test/query-tests/Language Abuse/ChainedIs/ChainedIs.qlref b/csharp/ql/test/query-tests/Language Abuse/ChainedIs/ChainedIs.qlref index 0d67fca32396..a46923159024 100644 --- a/csharp/ql/test/query-tests/Language Abuse/ChainedIs/ChainedIs.qlref +++ b/csharp/ql/test/query-tests/Language Abuse/ChainedIs/ChainedIs.qlref @@ -1 +1,2 @@ -Language Abuse/ChainedIs.ql +query: Language Abuse/ChainedIs.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Language Abuse/DubiousTypeTestOfThis/DubiousTypeTestOfThis.cs b/csharp/ql/test/query-tests/Language Abuse/DubiousTypeTestOfThis/DubiousTypeTestOfThis.cs index a6cad0e456e4..c8a3e85f3630 100644 --- a/csharp/ql/test/query-tests/Language Abuse/DubiousTypeTestOfThis/DubiousTypeTestOfThis.cs +++ b/csharp/ql/test/query-tests/Language Abuse/DubiousTypeTestOfThis/DubiousTypeTestOfThis.cs @@ -4,10 +4,10 @@ class BaseClass { public int add(int x) { - if (this is FiveAdder) + if (this is FiveAdder) // $ Alert return x + 5; - if (this is TenAdder) + if (this is TenAdder) // $ Alert return x + 10; return 0; diff --git a/csharp/ql/test/query-tests/Language Abuse/DubiousTypeTestOfThis/DubiousTypeTestOfThis.qlref b/csharp/ql/test/query-tests/Language Abuse/DubiousTypeTestOfThis/DubiousTypeTestOfThis.qlref index cf59e9dbd51a..c51f8fb4f465 100644 --- a/csharp/ql/test/query-tests/Language Abuse/DubiousTypeTestOfThis/DubiousTypeTestOfThis.qlref +++ b/csharp/ql/test/query-tests/Language Abuse/DubiousTypeTestOfThis/DubiousTypeTestOfThis.qlref @@ -1 +1,2 @@ -Language Abuse/DubiousTypeTestOfThis.ql \ No newline at end of file +query: Language Abuse/DubiousTypeTestOfThis.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Language Abuse/DubiousTypeTestOfThis/DubiousTypeTestOfThis2.cs b/csharp/ql/test/query-tests/Language Abuse/DubiousTypeTestOfThis/DubiousTypeTestOfThis2.cs index 0c3a8e543f7d..8f09181dafd9 100644 --- a/csharp/ql/test/query-tests/Language Abuse/DubiousTypeTestOfThis/DubiousTypeTestOfThis2.cs +++ b/csharp/ql/test/query-tests/Language Abuse/DubiousTypeTestOfThis/DubiousTypeTestOfThis2.cs @@ -5,7 +5,7 @@ class C { void M() { - if (this is D) ; // BAD + if (this is D) ; // $ Alert // BAD Debug.Assert(this is D); // GOOD } } diff --git a/csharp/ql/test/query-tests/Language Abuse/ForeachCapture/ForeachCapture.cs b/csharp/ql/test/query-tests/Language Abuse/ForeachCapture/ForeachCapture.cs index 18fdcc9c1bc9..9af0f31392da 100644 --- a/csharp/ql/test/query-tests/Language Abuse/ForeachCapture/ForeachCapture.cs +++ b/csharp/ql/test/query-tests/Language Abuse/ForeachCapture/ForeachCapture.cs @@ -11,7 +11,7 @@ static void Main(string[] args) foreach (var arg in args) { // BAD: Storing a delegate in an event. - event1 += () => arg; + event1 += () => arg; // $ Alert // GOOD: Make a copy of the loop variable. var argCopy = arg; @@ -21,7 +21,7 @@ static void Main(string[] args) goodUseOfDelegate(() => arg); // BAD: Calling a function which stores the delegate - badUseOfDelegate(() => arg); + badUseOfDelegate(() => arg); // $ Alert // GOOD: The delegate does not escape the loop Del d = () => arg; diff --git a/csharp/ql/test/query-tests/Language Abuse/ForeachCapture/ForeachCapture.qlref b/csharp/ql/test/query-tests/Language Abuse/ForeachCapture/ForeachCapture.qlref index 733f31198af9..01f701f769f9 100644 --- a/csharp/ql/test/query-tests/Language Abuse/ForeachCapture/ForeachCapture.qlref +++ b/csharp/ql/test/query-tests/Language Abuse/ForeachCapture/ForeachCapture.qlref @@ -1 +1,2 @@ -Language Abuse/ForeachCapture.ql +query: Language Abuse/ForeachCapture.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Language Abuse/MissedTernaryOpportunity/MissedTernaryOpportunity.cs b/csharp/ql/test/query-tests/Language Abuse/MissedTernaryOpportunity/MissedTernaryOpportunity.cs index 407bde9643e4..f5796513c781 100644 --- a/csharp/ql/test/query-tests/Language Abuse/MissedTernaryOpportunity/MissedTernaryOpportunity.cs +++ b/csharp/ql/test/query-tests/Language Abuse/MissedTernaryOpportunity/MissedTernaryOpportunity.cs @@ -6,11 +6,11 @@ public bool M() { if (true) { return false; } else { Field++; return true; } // GOOD return true ? false : true; // GOOD - if (true) return false; else { { return true; } } // BAD + if (true) return false; else { { return true; } } // $ Alert // BAD var x = ""; if (true) { Field = 0; } else { x = ""; } // GOOD if (true) { Field = 0; } else { x = ""; Field = 1; } // GOOD Field = true ? 0 : 1; // GOOD - if (true) { this.Field = 0; } else Field = 1; // BAD + if (true) { this.Field = 0; } else Field = 1; // $ Alert // BAD } } diff --git a/csharp/ql/test/query-tests/Language Abuse/MissedTernaryOpportunity/MissedTernaryOpportunity.qlref b/csharp/ql/test/query-tests/Language Abuse/MissedTernaryOpportunity/MissedTernaryOpportunity.qlref index 7efb97ac6fe4..4d45b7edd2fb 100644 --- a/csharp/ql/test/query-tests/Language Abuse/MissedTernaryOpportunity/MissedTernaryOpportunity.qlref +++ b/csharp/ql/test/query-tests/Language Abuse/MissedTernaryOpportunity/MissedTernaryOpportunity.qlref @@ -1 +1,2 @@ -Language Abuse/MissedTernaryOpportunity.ql +query: Language Abuse/MissedTernaryOpportunity.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Language Abuse/NestedIf/NestedIf.qlref b/csharp/ql/test/query-tests/Language Abuse/NestedIf/NestedIf.qlref index c3c2012be180..19cd4d8ca684 100644 --- a/csharp/ql/test/query-tests/Language Abuse/NestedIf/NestedIf.qlref +++ b/csharp/ql/test/query-tests/Language Abuse/NestedIf/NestedIf.qlref @@ -1 +1,2 @@ -Language Abuse/NestedIf.ql \ No newline at end of file +query: Language Abuse/NestedIf.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Language Abuse/NestedIf/nestedif.cs b/csharp/ql/test/query-tests/Language Abuse/NestedIf/nestedif.cs index 733325d2c597..bb59facd9c89 100644 --- a/csharp/ql/test/query-tests/Language Abuse/NestedIf/nestedif.cs +++ b/csharp/ql/test/query-tests/Language Abuse/NestedIf/nestedif.cs @@ -5,10 +5,10 @@ class NestedIf void fn() { // BAD: - if (true) if (false) return; + if (true) if (false) return; // $ Alert // BAD - if (true) if (false) if (true) return; + if (true) if (false) if (true) return; // $ Alert // BAD: using braces if (true) @@ -18,7 +18,7 @@ void fn() { } } - } + } // $ Alert // GOOD: contains else part if (true) diff --git a/csharp/ql/test/query-tests/Language Abuse/RethrowException/RethrowException.cs b/csharp/ql/test/query-tests/Language Abuse/RethrowException/RethrowException.cs index ee7cf41a0a21..a42490db4d36 100644 --- a/csharp/ql/test/query-tests/Language Abuse/RethrowException/RethrowException.cs +++ b/csharp/ql/test/query-tests/Language Abuse/RethrowException/RethrowException.cs @@ -9,7 +9,7 @@ static void Main(string[] args) } catch (Exception e) { - throw e; // BAD + throw e; // $ Alert // BAD } try @@ -18,7 +18,7 @@ static void Main(string[] args) catch (Exception e) { if (true) - throw e; // BAD + throw e; // $ Alert // BAD } try diff --git a/csharp/ql/test/query-tests/Language Abuse/RethrowException/RethrowException.qlref b/csharp/ql/test/query-tests/Language Abuse/RethrowException/RethrowException.qlref index b406a8b5fccd..1f83a6b74e62 100644 --- a/csharp/ql/test/query-tests/Language Abuse/RethrowException/RethrowException.qlref +++ b/csharp/ql/test/query-tests/Language Abuse/RethrowException/RethrowException.qlref @@ -1 +1,2 @@ -Language Abuse/RethrowException.ql \ No newline at end of file +query: Language Abuse/RethrowException.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Language Abuse/SimplifyBoolExpr/SimplifyBoolExpr.cs b/csharp/ql/test/query-tests/Language Abuse/SimplifyBoolExpr/SimplifyBoolExpr.cs index 5ea4c8c15cf5..175507010a13 100644 --- a/csharp/ql/test/query-tests/Language Abuse/SimplifyBoolExpr/SimplifyBoolExpr.cs +++ b/csharp/ql/test/query-tests/Language Abuse/SimplifyBoolExpr/SimplifyBoolExpr.cs @@ -6,36 +6,36 @@ void Fn() bool b = false; int x = 0, y = 0; - if (b == true) ; - if (b == false) ; - if (true == b) ; - if (false == b) ; - if (b != true) ; - if (b != false) ; - if (true != b) ; - if (false != b) ; - if (b && true) ; - if (b && false) ; - if (true && b) ; - if (false && b) ; - if (b || true) ; - if (b || false) ; - if (true || b) ; - if (false || b) ; - if (!(x == y)) ; - if (!(x != y)) ; - if (!(x < y)) ; - if (!(x <= y)) ; - if (!(x >= y)) ; - if (!(x > y)) ; - if (b ? true : false) ; - if (b ? true : true) ; - if (b ? false : true) ; - if (b ? true : true) ; - if (b ? b : false) ; - if (b ? b : true) ; - if (b ? false : b) ; - if (b ? true : b) ; + if (b == true) ; // $ Alert + if (b == false) ; // $ Alert + if (true == b) ; // $ Alert + if (false == b) ; // $ Alert + if (b != true) ; // $ Alert + if (b != false) ; // $ Alert + if (true != b) ; // $ Alert + if (false != b) ; // $ Alert + if (b && true) ; // $ Alert + if (b && false) ; // $ Alert + if (true && b) ; // $ Alert + if (false && b) ; // $ Alert + if (b || true) ; // $ Alert + if (b || false) ; // $ Alert + if (true || b) ; // $ Alert + if (false || b) ; // $ Alert + if (!(x == y)) ; // $ Alert + if (!(x != y)) ; // $ Alert + if (!(x < y)) ; // $ Alert + if (!(x <= y)) ; // $ Alert + if (!(x >= y)) ; // $ Alert + if (!(x > y)) ; // $ Alert + if (b ? true : false) ; // $ Alert + if (b ? true : true) ; // $ Alert + if (b ? false : true) ; // $ Alert + if (b ? true : true) ; // $ Alert + if (b ? b : false) ; // $ Alert + if (b ? b : true) ; // $ Alert + if (b ? false : b) ; // $ Alert + if (b ? true : b) ; // $ Alert // BAD if (true ? b : b) ; diff --git a/csharp/ql/test/query-tests/Language Abuse/SimplifyBoolExpr/SimplifyBoolExpr.qlref b/csharp/ql/test/query-tests/Language Abuse/SimplifyBoolExpr/SimplifyBoolExpr.qlref index 27f8ee90aa90..222fc236213b 100644 --- a/csharp/ql/test/query-tests/Language Abuse/SimplifyBoolExpr/SimplifyBoolExpr.qlref +++ b/csharp/ql/test/query-tests/Language Abuse/SimplifyBoolExpr/SimplifyBoolExpr.qlref @@ -1 +1,2 @@ -Language Abuse/SimplifyBoolExpr.ql \ No newline at end of file +query: Language Abuse/SimplifyBoolExpr.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Language Abuse/SimplifyBoolExpr/SimplifyBoolExprBad.cs b/csharp/ql/test/query-tests/Language Abuse/SimplifyBoolExpr/SimplifyBoolExprBad.cs index e65c2a88fbf7..89e72c2780ab 100644 --- a/csharp/ql/test/query-tests/Language Abuse/SimplifyBoolExpr/SimplifyBoolExprBad.cs +++ b/csharp/ql/test/query-tests/Language Abuse/SimplifyBoolExpr/SimplifyBoolExprBad.cs @@ -2,7 +2,7 @@ class Bad { int Size { get; set; } - bool Espresso => !(Size > 4); - bool Latte => Espresso == false && Size <= 8; - bool Grande => Espresso == false ? Latte != true : false; + bool Espresso => !(Size > 4); // $ Alert + bool Latte => Espresso == false && Size <= 8; // $ Alert + bool Grande => Espresso == false ? Latte != true : false; // $ Alert } diff --git a/csharp/ql/test/query-tests/Language Abuse/UselessCastToSelf/UselessCastToSelf.cs b/csharp/ql/test/query-tests/Language Abuse/UselessCastToSelf/UselessCastToSelf.cs index e3aa1ad3067c..3b3f06ded0f0 100644 --- a/csharp/ql/test/query-tests/Language Abuse/UselessCastToSelf/UselessCastToSelf.cs +++ b/csharp/ql/test/query-tests/Language Abuse/UselessCastToSelf/UselessCastToSelf.cs @@ -6,11 +6,11 @@ class Test void f() { // BAD - var bad1 = (int)1; - var bad2 = (Test)this; - var bad3 = this as Test; + var bad1 = (int)1; // $ Alert + var bad2 = (Test)this; // $ Alert + var bad3 = this as Test; // $ Alert func = (Func)(x => x); // MISSING - exprFunc = (Expression>)(x => x); + exprFunc = (Expression>)(x => x); // $ Alert // GOOD var good1 = (object)1; @@ -22,16 +22,16 @@ void f() var good7 = (Action)((int x) => { }); func = x => x; exprFunc = x => x; - exprFuncUntyped = (Expression>)(x => x); // FP + exprFuncUntyped = (Expression>)(x => x); // $ Alert // FP } enum Enum { A = 2, B = 1 | A, - C = 1 | (int)A, // BAD + C = 1 | (int)A, // $ Alert // BAD D = 9 | (32 << A), - E = 9 | (32 << (int)A) // BAD + E = 9 | (32 << (int)A) // $ Alert // BAD } private Func func; diff --git a/csharp/ql/test/query-tests/Language Abuse/UselessCastToSelf/UselessCastToSelf.qlref b/csharp/ql/test/query-tests/Language Abuse/UselessCastToSelf/UselessCastToSelf.qlref index 7a137fff0870..6e56b5c55af3 100644 --- a/csharp/ql/test/query-tests/Language Abuse/UselessCastToSelf/UselessCastToSelf.qlref +++ b/csharp/ql/test/query-tests/Language Abuse/UselessCastToSelf/UselessCastToSelf.qlref @@ -1 +1,2 @@ -Language Abuse/UselessCastToSelf.ql \ No newline at end of file +query: Language Abuse/UselessCastToSelf.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Language Abuse/UselessIsBeforeAs/UselessIsBeforeAs.cs b/csharp/ql/test/query-tests/Language Abuse/UselessIsBeforeAs/UselessIsBeforeAs.cs index af7d26c98f58..981fda177faa 100644 --- a/csharp/ql/test/query-tests/Language Abuse/UselessIsBeforeAs/UselessIsBeforeAs.cs +++ b/csharp/ql/test/query-tests/Language Abuse/UselessIsBeforeAs/UselessIsBeforeAs.cs @@ -5,7 +5,7 @@ public object M(object x) if (x is string) { M(x as string); // GOOD - return (x as string) + " "; // BAD + return (x as string) + " "; // $ Alert // BAD } else { diff --git a/csharp/ql/test/query-tests/Language Abuse/UselessIsBeforeAs/UselessIsBeforeAs.qlref b/csharp/ql/test/query-tests/Language Abuse/UselessIsBeforeAs/UselessIsBeforeAs.qlref index 9a5a7fd703c1..3c499bb78025 100644 --- a/csharp/ql/test/query-tests/Language Abuse/UselessIsBeforeAs/UselessIsBeforeAs.qlref +++ b/csharp/ql/test/query-tests/Language Abuse/UselessIsBeforeAs/UselessIsBeforeAs.qlref @@ -1 +1,2 @@ -Language Abuse/UselessIsBeforeAs.ql +query: Language Abuse/UselessIsBeforeAs.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Language Abuse/UselessNullCoalescingExpression/UselessNullCoalescingExpression.cs b/csharp/ql/test/query-tests/Language Abuse/UselessNullCoalescingExpression/UselessNullCoalescingExpression.cs index f05782416fd5..63f29437a9b7 100644 --- a/csharp/ql/test/query-tests/Language Abuse/UselessNullCoalescingExpression/UselessNullCoalescingExpression.cs +++ b/csharp/ql/test/query-tests/Language Abuse/UselessNullCoalescingExpression/UselessNullCoalescingExpression.cs @@ -6,14 +6,14 @@ void Main(int? param) { int? a = 5, b; - a = a ?? a; // BAD - a = a ?? (b = a); // BAD - a = Prop ?? Prop; // BAD - a = param ?? param; // BAD - a = a ?? use(a); // BAD - a = Field ?? this.Field; // BAD - a ??= a; // BAD - a ??= b = a; // BAD + a = a ?? a; // $ Alert // BAD + a = a ?? (b = a); // $ Alert // BAD + a = Prop ?? Prop; // $ Alert // BAD + a = param ?? param; // $ Alert // BAD + a = a ?? use(a); // $ Alert // BAD + a = Field ?? this.Field; // $ Alert // BAD + a ??= a; // $ Alert // BAD + a ??= b = a; // $ Alert // BAD a = a ?? cache(ref a); // GOOD a = a ?? store(out a); // GOOD diff --git a/csharp/ql/test/query-tests/Language Abuse/UselessNullCoalescingExpression/UselessNullCoalescingExpression.qlref b/csharp/ql/test/query-tests/Language Abuse/UselessNullCoalescingExpression/UselessNullCoalescingExpression.qlref index 1eb957001c9e..1145cc6ae816 100644 --- a/csharp/ql/test/query-tests/Language Abuse/UselessNullCoalescingExpression/UselessNullCoalescingExpression.qlref +++ b/csharp/ql/test/query-tests/Language Abuse/UselessNullCoalescingExpression/UselessNullCoalescingExpression.qlref @@ -1 +1,2 @@ -Language Abuse/UselessNullCoalescingExpression.ql \ No newline at end of file +query: Language Abuse/UselessNullCoalescingExpression.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Language Abuse/UselessUpcast/UselessUpcast.cs b/csharp/ql/test/query-tests/Language Abuse/UselessUpcast/UselessUpcast.cs index 0ec950e836d3..2a3f69946311 100644 --- a/csharp/ql/test/query-tests/Language Abuse/UselessUpcast/UselessUpcast.cs +++ b/csharp/ql/test/query-tests/Language Abuse/UselessUpcast/UselessUpcast.cs @@ -49,13 +49,13 @@ void Test1(string[] args) B b = new B(); object o; - o = (A)b; // BAD + o = (A)b; // $ Alert // BAD o = (B)b; // GOOD: Not an upcast b.M((A)b); // GOOD: Disambiguating method call - a.M1((A)b); // BAD + a.M1((A)b); // $ Alert // BAD a.M2((A)b); // GOOD: Disambiguating method call o = true ? (A)a : b; // GOOD: Needed for ternary @@ -64,7 +64,7 @@ void Test1(string[] args) Fn((A)b); // GOOD: Disambiguating method call - Fn2((A)b); // BAD + Fn2((A)b); // $ Alert // BAD ((I2)a).Foo(); // GOOD: Cast to an interface @@ -80,7 +80,7 @@ void Test1(string[] args) StaticMethods.M1((A)b); // GOOD: disambiguate targets from `StaticMethods` void M2(A _) { } - M2((A)b); // BAD: local functions cannot be overloaded + M2((A)b); // $ Alert // BAD: local functions cannot be overloaded } static void M2(A _) { } @@ -89,7 +89,7 @@ void Test2(B b) { // BAD: even though `StaticMethods` has an `M2`, only overloads in // `Tests` are taken into account - M2((A)b); + M2((A)b); // $ Alert } class Nested @@ -100,7 +100,7 @@ static void Test(C c) { // BAD: even though `StaticMethods` and `Tests` have `M2`s, only // overloads in `Nested` are taken into account - M2((B)c); + M2((B)c); // $ Alert } } } @@ -155,11 +155,11 @@ public Sub(Sub s) : base((I1)s) { } // GOOD class SubSub : Sub { - SubSub(SubSub ss) : base((Sub)ss) { } // BAD + SubSub(SubSub ss) : base((Sub)ss) { } // $ Alert // BAD void M(SubSub ss) { - new Sub((Sub)ss); // BAD + new Sub((Sub)ss); // $ Alert // BAD } } diff --git a/csharp/ql/test/query-tests/Language Abuse/UselessUpcast/UselessUpcast.qlref b/csharp/ql/test/query-tests/Language Abuse/UselessUpcast/UselessUpcast.qlref index f0a49b78b14b..d48a3f989428 100644 --- a/csharp/ql/test/query-tests/Language Abuse/UselessUpcast/UselessUpcast.qlref +++ b/csharp/ql/test/query-tests/Language Abuse/UselessUpcast/UselessUpcast.qlref @@ -1 +1,2 @@ -Language Abuse/UselessUpcast.ql \ No newline at end of file +query: Language Abuse/UselessUpcast.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Language Abuse/UselessUpcast/UselessUpcastBad.cs b/csharp/ql/test/query-tests/Language Abuse/UselessUpcast/UselessUpcastBad.cs index c69db3104fb1..f3c20dc5d574 100644 --- a/csharp/ql/test/query-tests/Language Abuse/UselessUpcast/UselessUpcastBad.cs +++ b/csharp/ql/test/query-tests/Language Abuse/UselessUpcast/UselessUpcastBad.cs @@ -6,6 +6,6 @@ class Sub : Super {} void M() { var sub = new Sub(); - Super super = (Super)sub; + Super super = (Super)sub; // $ Alert } } diff --git a/csharp/ql/test/query-tests/Likely Bugs/BadCheckOdd/BadCheckOdd.cs b/csharp/ql/test/query-tests/Likely Bugs/BadCheckOdd/BadCheckOdd.cs index c5e87a4ed1e6..5bdfc4d6b512 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/BadCheckOdd/BadCheckOdd.cs +++ b/csharp/ql/test/query-tests/Likely Bugs/BadCheckOdd/BadCheckOdd.cs @@ -14,13 +14,13 @@ static void Main(string[] args) int a = 2; // BAD - if (a % 2 == 1) + if (a % 2 == 1) // $ Alert Console.Out.WriteLine("a is odd"); - if (a % 2 != 1) + if (a % 2 != 1) // $ Alert Console.Out.WriteLine("a is even"); - if (a % 2 > 0) + if (a % 2 > 0) // $ Alert Console.Out.WriteLine("a is odd"); - if ((a % 2) > 0) + if ((a % 2) > 0) // $ Alert Console.Out.WriteLine("a is odd"); // GOOD diff --git a/csharp/ql/test/query-tests/Likely Bugs/BadCheckOdd/BadCheckOdd.qlref b/csharp/ql/test/query-tests/Likely Bugs/BadCheckOdd/BadCheckOdd.qlref index 759b3f4ab230..b65ba073c357 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/BadCheckOdd/BadCheckOdd.qlref +++ b/csharp/ql/test/query-tests/Likely Bugs/BadCheckOdd/BadCheckOdd.qlref @@ -1 +1,2 @@ -Likely Bugs/BadCheckOdd.ql \ No newline at end of file +query: Likely Bugs/BadCheckOdd.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Likely Bugs/Collections/ContainerLengthCmpOffByOne/ContainerLengthCmpOffByOne.cs b/csharp/ql/test/query-tests/Likely Bugs/Collections/ContainerLengthCmpOffByOne/ContainerLengthCmpOffByOne.cs index d68bbfc274ec..a3266b494e8d 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/Collections/ContainerLengthCmpOffByOne/ContainerLengthCmpOffByOne.cs +++ b/csharp/ql/test/query-tests/Likely Bugs/Collections/ContainerLengthCmpOffByOne/ContainerLengthCmpOffByOne.cs @@ -5,13 +5,13 @@ class Test void Test1(string[] args) { // BAD: Loop upper bound is off-by-one - for (int i = 0; i <= args.Length; i++) + for (int i = 0; i <= args.Length; i++) // $ Alert { Console.WriteLine(args[i]); } // BAD: Loop upper bound is off-by-one - for (int i = 0; args.Length >= i; i++) + for (int i = 0; args.Length >= i; i++) // $ Alert { Console.WriteLine(args[i]); } @@ -24,13 +24,13 @@ void Test1(string[] args) int j = 0; // BAD: Off-by-one on index validity check - if (j <= args.Length) + if (j <= args.Length) // $ Alert { Console.WriteLine(args[j]); } // BAD: Off-by-one on index validity check - if (args.Length >= j) + if (args.Length >= j) // $ Alert { Console.WriteLine(args[j]); } diff --git a/csharp/ql/test/query-tests/Likely Bugs/Collections/ContainerLengthCmpOffByOne/ContainerLengthCmpOffByOne.qlref b/csharp/ql/test/query-tests/Likely Bugs/Collections/ContainerLengthCmpOffByOne/ContainerLengthCmpOffByOne.qlref index 637dac3c9b85..ce56c59063f7 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/Collections/ContainerLengthCmpOffByOne/ContainerLengthCmpOffByOne.qlref +++ b/csharp/ql/test/query-tests/Likely Bugs/Collections/ContainerLengthCmpOffByOne/ContainerLengthCmpOffByOne.qlref @@ -1 +1,2 @@ -Likely Bugs/Collections/ContainerLengthCmpOffByOne.ql \ No newline at end of file +query: Likely Bugs/Collections/ContainerLengthCmpOffByOne.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Likely Bugs/Collections/ContainerSizeCmpZero/ContainerSizeCmpZero.cs b/csharp/ql/test/query-tests/Likely Bugs/Collections/ContainerSizeCmpZero/ContainerSizeCmpZero.cs index 1fb70bd8dff2..3418b184d5f1 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/Collections/ContainerSizeCmpZero/ContainerSizeCmpZero.cs +++ b/csharp/ql/test/query-tests/Likely Bugs/Collections/ContainerSizeCmpZero/ContainerSizeCmpZero.cs @@ -29,16 +29,16 @@ static void Main(string[] args) // Arrays // NOT OK: always true - b = args.Length >= 0; + b = args.Length >= 0; // $ Alert // NOT OK: always true - b = 0 <= args.Length; + b = 0 <= args.Length; // $ Alert // NOT OK: always false - b = args.Length < 0; + b = args.Length < 0; // $ Alert // NOT OK: always false - b = 0 > args.Length; + b = 0 > args.Length; // $ Alert // OK: sometimes could be false b = args.Length > 0; @@ -58,12 +58,12 @@ static void Main(string[] args) var ys = new Stack(); // NOT OK - b = xs.Count >= 0; - b = 0 <= xs.Count; - b = 0 <= ys.Count; + b = xs.Count >= 0; // $ Alert + b = 0 <= xs.Count; // $ Alert + b = 0 <= ys.Count; // $ Alert - b = xs.Count < 0; - b = 0 > ys.Count; + b = xs.Count < 0; // $ Alert + b = 0 > ys.Count; // $ Alert // OK b = xs.Count >= -1; @@ -74,15 +74,15 @@ static void Main(string[] args) ///////// // missed in java, but not here - b = xs.Count >= (short)0; - b = xs.Count >= (byte)0; + b = xs.Count >= (short)0; // $ Alert + b = xs.Count >= (byte)0; // $ Alert ///////// // missed cases // NOT OK - b = xs.Count >= 0 + 0; - b = xs.Count >= 0 - 0; + b = xs.Count >= 0 + 0; // $ Alert + b = xs.Count >= 0 - 0; // $ Alert b = args.LongLength >= 0L; @@ -91,24 +91,24 @@ static void Main(string[] args) var zs = new MyList>(); // NOT OK - b = zs.Count >= 0; - b = zs.Count < 0; + b = zs.Count >= 0; // $ Alert + b = zs.Count < 0; // $ Alert // NOT OK - b = zs[0].Count >= 0; + b = zs[0].Count >= 0; // $ Alert // NOT OK - b = zs[0][0].Length >= 0; + b = zs[0][0].Length >= 0; // $ Alert ///////// // Dictionaries var ws = new Dictionary(); // NOT OK: Always true - b = ws.Count >= 0; + b = ws.Count >= 0; // $ Alert // NOT OK: Always true - b = 0 <= ws.Count; + b = 0 <= ws.Count; // $ Alert // OK: can be false b = ws.Count >= -1; @@ -123,12 +123,12 @@ static void Main(string[] args) var vs = new System.Collections.BitArray(1); // NOT OK: Always true - b = us.Count >= 0; - b = 0 > vs.Count; + b = us.Count >= 0; // $ Alert + b = 0 > vs.Count; // $ Alert // NOT OK: Always true - b = 0 <= us.Count; - b = vs.Count < 0; + b = 0 <= us.Count; // $ Alert + b = vs.Count < 0; // $ Alert // OK: can be false b = us.Count >= -1; @@ -144,13 +144,13 @@ static bool ReadOnlyCollection(IReadOnlyCollection xs, IReadOnlyList= 0; - b = 0 <= xs.Count; - b = 0 <= ys.Count; + b = xs.Count >= 0; // $ Alert + b = 0 <= xs.Count; // $ Alert + b = 0 <= ys.Count; // $ Alert - b = xs.Count < 0; - b = ys.Count < 0; - b = 0 > xs.Count; + b = xs.Count < 0; // $ Alert + b = ys.Count < 0; // $ Alert + b = 0 > xs.Count; // $ Alert return b; } @@ -158,6 +158,6 @@ static bool ReadOnlyCollection(IReadOnlyCollection xs, IReadOnlyList c) { Debug.Assert(c.Count >= 0); // OK - return c.Count >= 0; // NOT OK + return c.Count >= 0; // $ Alert // NOT OK } } diff --git a/csharp/ql/test/query-tests/Likely Bugs/Collections/ContainerSizeCmpZero/ContainerSizeCmpZero.qlref b/csharp/ql/test/query-tests/Likely Bugs/Collections/ContainerSizeCmpZero/ContainerSizeCmpZero.qlref index 17c0434a3a81..92952b25bdb6 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/Collections/ContainerSizeCmpZero/ContainerSizeCmpZero.qlref +++ b/csharp/ql/test/query-tests/Likely Bugs/Collections/ContainerSizeCmpZero/ContainerSizeCmpZero.qlref @@ -1 +1,2 @@ -Likely Bugs/Collections/ContainerSizeCmpZero.ql \ No newline at end of file +query: Likely Bugs/Collections/ContainerSizeCmpZero.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Likely Bugs/DangerousNonShortCircuitLogic/DangerousNonShortCircuitLogic.cs b/csharp/ql/test/query-tests/Likely Bugs/DangerousNonShortCircuitLogic/DangerousNonShortCircuitLogic.cs index 0d10e11b7f63..976f18c7e153 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/DangerousNonShortCircuitLogic/DangerousNonShortCircuitLogic.cs +++ b/csharp/ql/test/query-tests/Likely Bugs/DangerousNonShortCircuitLogic/DangerousNonShortCircuitLogic.cs @@ -12,10 +12,10 @@ void M() if (c != null ^ this.Field > 0) ; // GOOD if (c != null && c.Field > 0) ; // GOOD - if (c != null & c.Field > 0) ; // BAD - if (c == null | c.Property == "") ; // BAD - if (c == null | c[0]) ; // BAD - if (c == null | c.Method()) ; // BAD + if (c != null & c.Field > 0) ; // $ Alert // BAD + if (c == null | c.Property == "") ; // $ Alert // BAD + if (c == null | c[0]) ; // $ Alert // BAD + if (c == null | c.Method()) ; // $ Alert // BAD var b = true; b &= c.Method(); // GOOD @@ -34,4 +34,3 @@ class C public bool Method(out int x) { x = 0; return false; } } } - diff --git a/csharp/ql/test/query-tests/Likely Bugs/DangerousNonShortCircuitLogic/DangerousNonShortCircuitLogic.qlref b/csharp/ql/test/query-tests/Likely Bugs/DangerousNonShortCircuitLogic/DangerousNonShortCircuitLogic.qlref index 6e192b5b73f1..c150d5b2bd61 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/DangerousNonShortCircuitLogic/DangerousNonShortCircuitLogic.qlref +++ b/csharp/ql/test/query-tests/Likely Bugs/DangerousNonShortCircuitLogic/DangerousNonShortCircuitLogic.qlref @@ -1 +1,2 @@ -Likely Bugs/DangerousNonShortCircuitLogic.ql \ No newline at end of file +query: Likely Bugs/DangerousNonShortCircuitLogic.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Likely Bugs/Dynamic/BadDynamicCall.qlref b/csharp/ql/test/query-tests/Likely Bugs/Dynamic/BadDynamicCall.qlref index e9490e9041ad..60268eb9d750 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/Dynamic/BadDynamicCall.qlref +++ b/csharp/ql/test/query-tests/Likely Bugs/Dynamic/BadDynamicCall.qlref @@ -1 +1,2 @@ -Likely Bugs/Dynamic/BadDynamicCall.ql \ No newline at end of file +query: Likely Bugs/Dynamic/BadDynamicCall.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Likely Bugs/Dynamic/dynamic.cs b/csharp/ql/test/query-tests/Likely Bugs/Dynamic/dynamic.cs index 66626400b902..06f18e05320f 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/Dynamic/dynamic.cs +++ b/csharp/ql/test/query-tests/Likely Bugs/Dynamic/dynamic.cs @@ -43,17 +43,17 @@ void TestCall() x.M5(1, new string[1]); // These are BAD: - x.M1(1); - x.M2(); - x.M2("", 1); - x.M2(1, "", 2.0); - x.M3(); - x.M3(1, 2, 3, 4); - x.M4(); - x.M4(1, 2); - x.M4(""); - x.M4(1, new object[1]); - x.M6(); + x.M1(1); // $ Alert + x.M2(); // $ Alert + x.M2("", 1); // $ Alert + x.M2(1, "", 2.0); // $ Alert + x.M3(); // $ Alert + x.M3(1, 2, 3, 4); // $ Alert + x.M4(); // $ Alert + x.M4(1, 2); // $ Alert + x.M4(""); // $ Alert + x.M4(1, new object[1]); // $ Alert + x.M6(); // $ Alert // These are GOOD: x.M7(2); @@ -61,8 +61,8 @@ void TestCall() x.M5(1, new string[] { "abc" }, new string[] { "def" }); // These are BAD: - x.M7(2, "abc"); - x.M8(1, new string[] { "abc" }, new string[] { "def" }); + x.M7(2, "abc"); // $ Alert + x.M8(1, new string[] { "abc" }, new string[] { "def" }); // $ Alert // These are GOOD: if ("" + "" == "") ; @@ -73,7 +73,7 @@ void TestCall() d -= 10; // These are BAD: - x = x + x; + x = x + x; // $ Alert // These are GOOD: dynamic d2 = GetI(); @@ -81,7 +81,7 @@ void TestCall() // These are BAD: dynamic d3 = GetI(); - d3.M(); + d3.M(); // $ Alert // These are GOOD dynamic d4 = ""; diff --git a/csharp/ql/test/query-tests/Likely Bugs/EqualsArray/EqualsArray.cs b/csharp/ql/test/query-tests/Likely Bugs/EqualsArray/EqualsArray.cs index dba87ee0450c..1639ee8f8445 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/EqualsArray/EqualsArray.cs +++ b/csharp/ql/test/query-tests/Likely Bugs/EqualsArray/EqualsArray.cs @@ -8,7 +8,7 @@ public class Test // NOT OK public bool AreTheseMyNumbers(int[] numbers) { - return this.numbers.Equals(numbers); + return this.numbers.Equals(numbers); // $ Alert } // OK @@ -20,13 +20,13 @@ public bool HonestAreTheseMyNumbers(int[] numbers) // NOT OK (string is also IEnumerable) public bool Incomparable(string s) { - return numbers.Equals(s); + return numbers.Equals(s); // $ Alert } // NOT OK public bool CollectionEquals(IEnumerable c1) { - return c1.Equals(c1); + return c1.Equals(c1); // $ Alert } class CollectionImplementingIEnumerable1 : IEnumerable @@ -84,7 +84,7 @@ public override bool Equals(object other) // NOT OK: Nothing overrides Equals() bool OverriddenEquals(CollectionImplementingIEnumerable1 c) { - return c.Equals(c); + return c.Equals(c); // $ Alert } // OK: ImplementEquals overrides Equals() diff --git a/csharp/ql/test/query-tests/Likely Bugs/EqualsArray/EqualsArray.qlref b/csharp/ql/test/query-tests/Likely Bugs/EqualsArray/EqualsArray.qlref index d96256b3b972..8e560893a1de 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/EqualsArray/EqualsArray.qlref +++ b/csharp/ql/test/query-tests/Likely Bugs/EqualsArray/EqualsArray.qlref @@ -1 +1,2 @@ -Likely Bugs/EqualsArray.ql \ No newline at end of file +query: Likely Bugs/EqualsArray.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Likely Bugs/EqualsUsesAs/EqualsUsesAs.cs b/csharp/ql/test/query-tests/Likely Bugs/EqualsUsesAs/EqualsUsesAs.cs index f50ada45a414..a83e94bd23da 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/EqualsUsesAs/EqualsUsesAs.cs +++ b/csharp/ql/test/query-tests/Likely Bugs/EqualsUsesAs/EqualsUsesAs.cs @@ -2,7 +2,7 @@ public class Test1 { public override bool Equals(object other) { - var otherTest = other as Test1; // BAD + var otherTest = other as Test1; // $ Alert // BAD return otherTest != null; } } diff --git a/csharp/ql/test/query-tests/Likely Bugs/EqualsUsesAs/EqualsUsesAs.qlref b/csharp/ql/test/query-tests/Likely Bugs/EqualsUsesAs/EqualsUsesAs.qlref index e3ec94efc2c9..269ea2e6e511 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/EqualsUsesAs/EqualsUsesAs.qlref +++ b/csharp/ql/test/query-tests/Likely Bugs/EqualsUsesAs/EqualsUsesAs.qlref @@ -1 +1,2 @@ -Likely Bugs/EqualsUsesAs.ql \ No newline at end of file +query: Likely Bugs/EqualsUsesAs.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Likely Bugs/EqualsUsesIs/EqualsUsesIs.cs b/csharp/ql/test/query-tests/Likely Bugs/EqualsUsesIs/EqualsUsesIs.cs index 6e1db1bd05a2..ab8c3da664a4 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/EqualsUsesIs/EqualsUsesIs.cs +++ b/csharp/ql/test/query-tests/Likely Bugs/EqualsUsesIs/EqualsUsesIs.cs @@ -2,7 +2,7 @@ public class Test1 { public override bool Equals(object other) { - return other is Test1; // BAD + return other is Test1; // $ Alert // BAD } } diff --git a/csharp/ql/test/query-tests/Likely Bugs/EqualsUsesIs/EqualsUsesIs.qlref b/csharp/ql/test/query-tests/Likely Bugs/EqualsUsesIs/EqualsUsesIs.qlref index 04003a637c0b..cbff9b573dd6 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/EqualsUsesIs/EqualsUsesIs.qlref +++ b/csharp/ql/test/query-tests/Likely Bugs/EqualsUsesIs/EqualsUsesIs.qlref @@ -1 +1,2 @@ -Likely Bugs/EqualsUsesIs.ql \ No newline at end of file +query: Likely Bugs/EqualsUsesIs.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Likely Bugs/IncomparableEquals/IncomparableEquals.cs b/csharp/ql/test/query-tests/Likely Bugs/IncomparableEquals/IncomparableEquals.cs index cb9c97e8aa93..52043bfd4f41 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/IncomparableEquals/IncomparableEquals.cs +++ b/csharp/ql/test/query-tests/Likely Bugs/IncomparableEquals/IncomparableEquals.cs @@ -3,7 +3,7 @@ public class Test public bool M() { var x = new Test2(); - return this.Equals(x); // BAD + return this.Equals(x); // $ Alert // BAD } } diff --git a/csharp/ql/test/query-tests/Likely Bugs/IncomparableEquals/IncomparableEquals.qlref b/csharp/ql/test/query-tests/Likely Bugs/IncomparableEquals/IncomparableEquals.qlref index 96eae4e2eac5..91b47c6ddd94 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/IncomparableEquals/IncomparableEquals.qlref +++ b/csharp/ql/test/query-tests/Likely Bugs/IncomparableEquals/IncomparableEquals.qlref @@ -1 +1,2 @@ -Likely Bugs/IncomparableEquals.ql \ No newline at end of file +query: Likely Bugs/IncomparableEquals.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Likely Bugs/InconsistentCompareTo/InconsistentCompareTo.cs b/csharp/ql/test/query-tests/Likely Bugs/InconsistentCompareTo/InconsistentCompareTo.cs index b405dc09e1f2..78a9749afebb 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/InconsistentCompareTo/InconsistentCompareTo.cs +++ b/csharp/ql/test/query-tests/Likely Bugs/InconsistentCompareTo/InconsistentCompareTo.cs @@ -31,25 +31,25 @@ abstract class GoodComparableAbstract : IComparable public abstract int CompareTo(object other); } -class BadComparable : IComparable +class BadComparable : IComparable // $ Alert { public int CompareTo(object other) { return 0; } public override int GetHashCode() { return 0; } } -class BadComparableInt : IComparable +class BadComparableInt : IComparable // $ Alert { public int CompareTo(int x) { return 0; } public override int GetHashCode() { return 0; } } -class BadComparableT : IComparable +class BadComparableT : IComparable // $ Alert { public int CompareTo(T t) { return 0; } public override int GetHashCode() { return 0; } } -class BadComparableNewEquals : IComparable +class BadComparableNewEquals : IComparable // $ Alert { public int CompareTo(object other) { return 0; } public new bool Equals(object other) { return false; } diff --git a/csharp/ql/test/query-tests/Likely Bugs/InconsistentCompareTo/InconsistentCompareTo.qlref b/csharp/ql/test/query-tests/Likely Bugs/InconsistentCompareTo/InconsistentCompareTo.qlref index 5663237f6729..03552e829c86 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/InconsistentCompareTo/InconsistentCompareTo.qlref +++ b/csharp/ql/test/query-tests/Likely Bugs/InconsistentCompareTo/InconsistentCompareTo.qlref @@ -1 +1,2 @@ -Likely Bugs/InconsistentCompareTo.ql \ No newline at end of file +query: Likely Bugs/InconsistentCompareTo.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Likely Bugs/MishandlingJapaneseEra/MishandlingJapaneseEra.qlref b/csharp/ql/test/query-tests/Likely Bugs/MishandlingJapaneseEra/MishandlingJapaneseEra.qlref index cf11ec925453..791b603a2e9f 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/MishandlingJapaneseEra/MishandlingJapaneseEra.qlref +++ b/csharp/ql/test/query-tests/Likely Bugs/MishandlingJapaneseEra/MishandlingJapaneseEra.qlref @@ -1 +1,2 @@ -Likely Bugs/MishandlingJapaneseEra.ql \ No newline at end of file +query: Likely Bugs/MishandlingJapaneseEra.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Likely Bugs/MishandlingJapaneseEra/Program.cs b/csharp/ql/test/query-tests/Likely Bugs/MishandlingJapaneseEra/Program.cs index 561b093f2308..9412593929a1 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/MishandlingJapaneseEra/Program.cs +++ b/csharp/ql/test/query-tests/Likely Bugs/MishandlingJapaneseEra/Program.cs @@ -9,28 +9,28 @@ class Program static void Main(string[] args) { // BAD: hard-coded era start date - var henseiStart = new DateTime(1989, 1, 8); + var henseiStart = new DateTime(1989, 1, 8); // $ Alert // BAD: hard-coded era start dates, list - List listOfEraStart = new List { new DateTime(1989, 1, 8) }; + List listOfEraStart = new List { new DateTime(1989, 1, 8) }; // $ Alert // BAD: hardcoded era name string currentEra = "Heisei"; DateTimeOffset dateNow = DateTimeOffset.Now; - DateTimeOffset dateThisEra = new DateTimeOffset(1989, 1, 8, 0, 0, 0, 0, TimeSpan.Zero); + DateTimeOffset dateThisEra = new DateTimeOffset(1989, 1, 8, 0, 0, 0, 0, TimeSpan.Zero); // $ Alert CultureInfo japaneseCulture = CultureInfo.GetCultureInfo("ja-JP"); JapaneseCalendar jk = new JapaneseCalendar(); // BAD: datetime is created from constant year in the current era, and the result will change with era change - var datejkCurrentEra = jk.ToDateTime(32, 2, 1, 9, 9, 9, 9); + var datejkCurrentEra = jk.ToDateTime(32, 2, 1, 9, 9, 9, 9); // $ Alert Console.WriteLine("Date for datejkCurrentEra {0} and year {1}", datejkCurrentEra.ToString(japaneseCulture), jk.GetYear (datejkCurrentEra)); // BAD: datetime is created from constant year in the current era, and the result will change with era change - var datejk = jk.ToDateTime(32, 2, 1, 9, 9, 9, 9, 0); + var datejk = jk.ToDateTime(32, 2, 1, 9, 9, 9, 9, 0); // $ Alert Console.WriteLine("Date for jk {0} and year {1}", datejk.ToString(japaneseCulture), jk.GetYear (datejk)); // OK: datetime is created from constant year in the specific era, and the result will not change with era change @@ -46,7 +46,7 @@ static void Main(string[] args) Console.WriteLine("Which converts to year {0}", realYear); // BAD: creating DateTime using specified Japanese era date. This may yield a different date when era changes - DateTime val = new DateTime(32, 2, 1, new JapaneseCalendar()); + DateTime val = new DateTime(32, 2, 1, new JapaneseCalendar()); // $ Alert Console.WriteLine("DateTime from constructor {0}", val); // OK: variable data for Year, not necessarily hard-coded and can come from adjusted source diff --git a/csharp/ql/test/query-tests/Likely Bugs/NestedLoopsSameVariable/NestedLoopsSameVariable.cs b/csharp/ql/test/query-tests/Likely Bugs/NestedLoopsSameVariable/NestedLoopsSameVariable.cs index cd01795f202b..8dc1062d15b7 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/NestedLoopsSameVariable/NestedLoopsSameVariable.cs +++ b/csharp/ql/test/query-tests/Likely Bugs/NestedLoopsSameVariable/NestedLoopsSameVariable.cs @@ -6,7 +6,7 @@ static void Main(string[] args) { for (int i = 0; i < 2; i++) { - for (int j = 0; j < 2; i++) + for (int j = 0; j < 2; i++) // $ Alert { Console.WriteLine(i + " " + j); } diff --git a/csharp/ql/test/query-tests/Likely Bugs/NestedLoopsSameVariable/NestedLoopsSameVariable.qlref b/csharp/ql/test/query-tests/Likely Bugs/NestedLoopsSameVariable/NestedLoopsSameVariable.qlref index c28b56d296d0..1e4470543922 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/NestedLoopsSameVariable/NestedLoopsSameVariable.qlref +++ b/csharp/ql/test/query-tests/Likely Bugs/NestedLoopsSameVariable/NestedLoopsSameVariable.qlref @@ -1 +1,2 @@ -Likely Bugs/NestedLoopsSameVariable.ql \ No newline at end of file +query: Likely Bugs/NestedLoopsSameVariable.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Likely Bugs/NestedLoopsSameVariable/Test.cs b/csharp/ql/test/query-tests/Likely Bugs/NestedLoopsSameVariable/Test.cs index 7b08cd2c9145..671ffccb1d07 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/NestedLoopsSameVariable/Test.cs +++ b/csharp/ql/test/query-tests/Likely Bugs/NestedLoopsSameVariable/Test.cs @@ -19,7 +19,7 @@ void DifferentCondition1() for (int i=0; i<10; ++i) { // BAD: considered to be a different condition - for (; 10>i; ++i) + for (; 10>i; ++i) // $ Alert { Console.WriteLine(i); } @@ -31,7 +31,7 @@ void DifferentCondition2() for (int i=0; i<10; ++i) { // BAD: different condition - for (; i<9; ++i) + for (; i<9; ++i) // $ Alert { Console.WriteLine(i); } @@ -43,7 +43,7 @@ void DifferentConditions3() for (int i=0; i<10; ++i) { // BAD: different condition - for (; i<=10; ++i) + for (; i<=10; ++i) // $ Alert { Console.WriteLine(i); } @@ -54,7 +54,7 @@ void UseAfterInnerLoop() { for (int i=0; i<10; ++i) { - for (; i<10; ++i) + for (; i<10; ++i) // $ Alert { } diff --git a/csharp/ql/test/query-tests/Likely Bugs/ObjectComparison/ObjectComparison.cs b/csharp/ql/test/query-tests/Likely Bugs/ObjectComparison/ObjectComparison.cs index 2774b9229fb9..abaaf77ab44e 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/ObjectComparison/ObjectComparison.cs +++ b/csharp/ql/test/query-tests/Likely Bugs/ObjectComparison/ObjectComparison.cs @@ -13,10 +13,10 @@ void M() ObjectComparisonTest y = new ObjectComparisonTest(); var b = x == y; // GOOD: but still reference equality - b = (object)x == y; // BAD - b = x == (object)y; // BAD - b = (I)x == y; // BAD - b = x == (I)y; // BAD + b = (object)x == y; // $ Alert // BAD + b = x == (object)y; // $ Alert // BAD + b = (I)x == y; // $ Alert // BAD + b = x == (I)y; // $ Alert // BAD b = (object)x == Field1; // GOOD b = Field1 == (object)x; // GOOD diff --git a/csharp/ql/test/query-tests/Likely Bugs/ObjectComparison/ObjectComparison.qlref b/csharp/ql/test/query-tests/Likely Bugs/ObjectComparison/ObjectComparison.qlref index 6f834d6d6548..e47228487204 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/ObjectComparison/ObjectComparison.qlref +++ b/csharp/ql/test/query-tests/Likely Bugs/ObjectComparison/ObjectComparison.qlref @@ -1 +1,2 @@ -Likely Bugs/ObjectComparison.ql \ No newline at end of file +query: Likely Bugs/ObjectComparison.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Likely Bugs/PossibleLossOfPrecision/PossibleLossOfPrecision.cs b/csharp/ql/test/query-tests/Likely Bugs/PossibleLossOfPrecision/PossibleLossOfPrecision.cs index 9a5cdc7c4901..639e914e4799 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/PossibleLossOfPrecision/PossibleLossOfPrecision.cs +++ b/csharp/ql/test/query-tests/Likely Bugs/PossibleLossOfPrecision/PossibleLossOfPrecision.cs @@ -11,18 +11,18 @@ static void main(string[] args) decimal dec; // These are BAD: - d = 1 / 2; - f = 1 / 2; - d = -1 / 2; - f = -2 / 3; - d = x / y; - f = x / y; - d = x / 2; - d = 4 / y; - d = 1.0 + 1 / 2; - d = 2.0 * (1 / 2); - d = 1 + 1 / 2 + 4 / 2; - d = 1 * (1 / 2); + d = 1 / 2; // $ Alert + f = 1 / 2; // $ Alert + d = -1 / 2; // $ Alert + f = -2 / 3; // $ Alert + d = x / y; // $ Alert + f = x / y; // $ Alert + d = x / 2; // $ Alert + d = 4 / y; // $ Alert + d = 1.0 + 1 / 2; // $ Alert + d = 2.0 * (1 / 2); // $ Alert + d = 1 + 1 / 2 + 4 / 2; // $ Alert + d = 1 * (1 / 2); // $ Alert // These are GOOD: d = 4 / 2; @@ -30,8 +30,8 @@ static void main(string[] args) i = 5 / 10; // These are BAD: - dec = 2 * i + 1; - dec = unchecked(int.MaxValue * int.MaxValue); + dec = 2 * i + 1; // $ Alert + dec = unchecked(int.MaxValue * int.MaxValue); // $ Alert // These are GOOD: dec = 2 * (uint)int.MaxValue - 1; diff --git a/csharp/ql/test/query-tests/Likely Bugs/PossibleLossOfPrecision/PossibleLossOfPrecision.qlref b/csharp/ql/test/query-tests/Likely Bugs/PossibleLossOfPrecision/PossibleLossOfPrecision.qlref index ecddf650e791..82a58e295a56 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/PossibleLossOfPrecision/PossibleLossOfPrecision.qlref +++ b/csharp/ql/test/query-tests/Likely Bugs/PossibleLossOfPrecision/PossibleLossOfPrecision.qlref @@ -1 +1,2 @@ -Likely Bugs/PossibleLossOfPrecision.ql \ No newline at end of file +query: Likely Bugs/PossibleLossOfPrecision.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Likely Bugs/RandomUsedOnce/RandomUsedOnce.cs b/csharp/ql/test/query-tests/Likely Bugs/RandomUsedOnce/RandomUsedOnce.cs index fac7c9135af2..f62866a6bc37 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/RandomUsedOnce/RandomUsedOnce.cs +++ b/csharp/ql/test/query-tests/Likely Bugs/RandomUsedOnce/RandomUsedOnce.cs @@ -8,14 +8,14 @@ class RandomTest { void f() { - new Random().Next(); // BAD + new Random().Next(); // $ Alert // BAD byte[] buffer = new byte[10]; - new Random().NextBytes(buffer); // BAD + new Random().NextBytes(buffer); // $ Alert // BAD - new Random().NextDouble(); // BAD - new Random().Next(10); // BAD - new Random().Next(10, 20); // BAD + new Random().NextDouble(); // $ Alert // BAD + new Random().Next(10); // $ Alert // BAD + new Random().Next(10, 20); // $ Alert // BAD new Random().Equals(null); // GOOD } diff --git a/csharp/ql/test/query-tests/Likely Bugs/RandomUsedOnce/RandomUsedOnce.qlref b/csharp/ql/test/query-tests/Likely Bugs/RandomUsedOnce/RandomUsedOnce.qlref index bff453451145..f9bb6c3eeb50 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/RandomUsedOnce/RandomUsedOnce.qlref +++ b/csharp/ql/test/query-tests/Likely Bugs/RandomUsedOnce/RandomUsedOnce.qlref @@ -1 +1,2 @@ -Likely Bugs/RandomUsedOnce.ql \ No newline at end of file +query: Likely Bugs/RandomUsedOnce.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Likely Bugs/RecursiveEquals/RecursiveEquals.cs b/csharp/ql/test/query-tests/Likely Bugs/RecursiveEquals/RecursiveEquals.cs index 3182dc8430c3..f97b22ed2241 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/RecursiveEquals/RecursiveEquals.cs +++ b/csharp/ql/test/query-tests/Likely Bugs/RecursiveEquals/RecursiveEquals.cs @@ -6,7 +6,7 @@ class Bad public override bool Equals(object rhs) { if (rhs.GetType() != this.GetType()) return false; - return Equals(rhs); + return Equals(rhs); // $ Alert } public bool Equals(Bad rhs) diff --git a/csharp/ql/test/query-tests/Likely Bugs/RecursiveEquals/RecursiveEquals.qlref b/csharp/ql/test/query-tests/Likely Bugs/RecursiveEquals/RecursiveEquals.qlref index d78738e7f9d1..68a07bb347dd 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/RecursiveEquals/RecursiveEquals.qlref +++ b/csharp/ql/test/query-tests/Likely Bugs/RecursiveEquals/RecursiveEquals.qlref @@ -1 +1,2 @@ -Likely Bugs/RecursiveEquals.ql \ No newline at end of file +query: Likely Bugs/RecursiveEquals.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Likely Bugs/SelfAssignment/SelfAssignment.qlref b/csharp/ql/test/query-tests/Likely Bugs/SelfAssignment/SelfAssignment.qlref index 28778bdd1c8b..82f6d5d9682b 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/SelfAssignment/SelfAssignment.qlref +++ b/csharp/ql/test/query-tests/Likely Bugs/SelfAssignment/SelfAssignment.qlref @@ -1 +1,2 @@ -Likely Bugs/SelfAssignment.ql +query: Likely Bugs/SelfAssignment.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Likely Bugs/SelfAssignment/selfassigns.cs b/csharp/ql/test/query-tests/Likely Bugs/SelfAssignment/selfassigns.cs index 6d1387a5e1db..c65c39349b37 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/SelfAssignment/selfassigns.cs +++ b/csharp/ql/test/query-tests/Likely Bugs/SelfAssignment/selfassigns.cs @@ -70,17 +70,17 @@ public void OK(SelfAssigns obj, int x) public void NotOK(SelfAssigns obj, int y) { - this[4] = this[4]; - y = y; - obj.y = obj.y; - z = this.z; - this.z = z; - obj.Normal1 = obj.Normal1; - obj.Normal2 = obj.Normal2; - base.IntField = IntField; - this.BoolProp = base.BoolProp; - this.Self.Self.Self.StringProp = Self.Self.Self.StringProp; - intArray[1] = this.intArray[1 + 0]; + this[4] = this[4]; // $ Alert + y = y; // $ Alert + obj.y = obj.y; // $ Alert + z = this.z; // $ Alert + this.z = z; // $ Alert + obj.Normal1 = obj.Normal1; // $ Alert + obj.Normal2 = obj.Normal2; // $ Alert + base.IntField = IntField; // $ Alert + this.BoolProp = base.BoolProp; // $ Alert + this.Self.Self.Self.StringProp = Self.Self.Self.StringProp; // $ Alert + intArray[1] = this.intArray[1 + 0]; // $ Alert } enum Enum diff --git a/csharp/ql/test/query-tests/Likely Bugs/StaticFieldWrittenByInstance/StaticFieldWrittenByInstance.cs b/csharp/ql/test/query-tests/Likely Bugs/StaticFieldWrittenByInstance/StaticFieldWrittenByInstance.cs index 244a6b2fd156..ad95d66798df 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/StaticFieldWrittenByInstance/StaticFieldWrittenByInstance.cs +++ b/csharp/ql/test/query-tests/Likely Bugs/StaticFieldWrittenByInstance/StaticFieldWrittenByInstance.cs @@ -12,7 +12,7 @@ static StaticFields() StaticFields() { - staticField = 0; // BAD + staticField = 0; // $ Alert // BAD instanceField = 0; // OK } @@ -23,7 +23,7 @@ static void StaticTest() void InstanceTest() { - staticField = 0; // BAD + staticField = 0; // $ Alert // BAD instanceField = 0; // OK } @@ -40,7 +40,7 @@ object Prop { get { - return backingField ?? (backingField = new object()); // BAD + return backingField ?? (backingField = new object()); // $ Alert // BAD } } } diff --git a/csharp/ql/test/query-tests/Likely Bugs/StaticFieldWrittenByInstance/StaticFieldWrittenByInstance.qlref b/csharp/ql/test/query-tests/Likely Bugs/StaticFieldWrittenByInstance/StaticFieldWrittenByInstance.qlref index 6c3a7cc48249..62a3ba9ac281 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/StaticFieldWrittenByInstance/StaticFieldWrittenByInstance.qlref +++ b/csharp/ql/test/query-tests/Likely Bugs/StaticFieldWrittenByInstance/StaticFieldWrittenByInstance.qlref @@ -1 +1,2 @@ -Likely Bugs/StaticFieldWrittenByInstance.ql +query: Likely Bugs/StaticFieldWrittenByInstance.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Likely Bugs/StringBuilderCharInit/StringBufferCharInit.qlref b/csharp/ql/test/query-tests/Likely Bugs/StringBuilderCharInit/StringBufferCharInit.qlref index 8d6feb01896b..10a4fb9ee8e3 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/StringBuilderCharInit/StringBufferCharInit.qlref +++ b/csharp/ql/test/query-tests/Likely Bugs/StringBuilderCharInit/StringBufferCharInit.qlref @@ -1 +1,2 @@ -Likely Bugs/StringBuilderCharInit.ql \ No newline at end of file +query: Likely Bugs/StringBuilderCharInit.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Likely Bugs/StringBuilderCharInit/StringBuilderCharInit.cs b/csharp/ql/test/query-tests/Likely Bugs/StringBuilderCharInit/StringBuilderCharInit.cs index 256199df1776..a6d15816aeb2 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/StringBuilderCharInit/StringBuilderCharInit.cs +++ b/csharp/ql/test/query-tests/Likely Bugs/StringBuilderCharInit/StringBuilderCharInit.cs @@ -6,14 +6,14 @@ static void Main() { new StringBuilder(); new StringBuilder(12); - new StringBuilder('a'); // BAD + new StringBuilder('a'); // $ Alert // BAD new StringBuilder(3, 4); - new StringBuilder(3, 'a'); // BAD - new StringBuilder('a', 'b'); // BAD + new StringBuilder(3, 'a'); // $ Alert // BAD + new StringBuilder('a', 'b'); // $ Alert // BAD new StringBuilder(""); new StringBuilder("", 12); - new StringBuilder("", 'a'); // BAD + new StringBuilder("", 'a'); // $ Alert // BAD new StringBuilder("abc", 1, 1, 12); - new StringBuilder("abc", 1, 1, 'a'); // BAD + new StringBuilder("abc", 1, 1, 'a'); // $ Alert // BAD } } diff --git a/csharp/ql/test/query-tests/Likely Bugs/ThreadUnsafeICryptoTransform/ThreadUnsafeICryptoTransform.cs b/csharp/ql/test/query-tests/Likely Bugs/ThreadUnsafeICryptoTransform/ThreadUnsafeICryptoTransform.cs index e886518dcdf1..9cf42b90263b 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/ThreadUnsafeICryptoTransform/ThreadUnsafeICryptoTransform.cs +++ b/csharp/ql/test/query-tests/Likely Bugs/ThreadUnsafeICryptoTransform/ThreadUnsafeICryptoTransform.cs @@ -37,12 +37,12 @@ public ListNonStatic() /// public class Nest03 { - private static readonly Nest01 _n = new Nest01(); + private static readonly Nest01 _n = new Nest01(); // $ Alert } public class Nest04 { - static ListNonStatic _list = new ListNonStatic(); + static ListNonStatic _list = new ListNonStatic(); // $ Alert } public static class StaticMemberChildUsage @@ -53,7 +53,7 @@ public enum DigestAlgorithm SHA256, } - private static readonly IDictionary HashMap = new Dictionary + private static readonly IDictionary HashMap = new Dictionary // $ Alert { { DigestAlgorithm.SHA1, SHA1.Create() }, { DigestAlgorithm.SHA256, SHA256.Create() }, @@ -62,12 +62,12 @@ public enum DigestAlgorithm public class StaticMember { - private static SHA1 _sha1 = SHA1.Create(); + private static SHA1 _sha1 = SHA1.Create(); // $ Alert } public class IndirectStatic2 { - static Nest02 _n = new Nest02(); + static Nest02 _n = new Nest02(); // $ Alert } /// diff --git a/csharp/ql/test/query-tests/Likely Bugs/ThreadUnsafeICryptoTransform/ThreadUnsafeICryptoTransform.qlref b/csharp/ql/test/query-tests/Likely Bugs/ThreadUnsafeICryptoTransform/ThreadUnsafeICryptoTransform.qlref index e247961a538d..7a9c70237578 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/ThreadUnsafeICryptoTransform/ThreadUnsafeICryptoTransform.qlref +++ b/csharp/ql/test/query-tests/Likely Bugs/ThreadUnsafeICryptoTransform/ThreadUnsafeICryptoTransform.qlref @@ -1 +1,2 @@ -Likely Bugs/ThreadUnsafeICryptoTransform.ql \ No newline at end of file +query: Likely Bugs/ThreadUnsafeICryptoTransform.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Likely Bugs/ThreadUnsafeICryptoTransformLambda/ThreadUnsafeICryptoTransformLambda.cs b/csharp/ql/test/query-tests/Likely Bugs/ThreadUnsafeICryptoTransformLambda/ThreadUnsafeICryptoTransformLambda.cs index f62c25025fc2..83018409f5cf 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/ThreadUnsafeICryptoTransformLambda/ThreadUnsafeICryptoTransformLambda.cs +++ b/csharp/ql/test/query-tests/Likely Bugs/ThreadUnsafeICryptoTransformLambda/ThreadUnsafeICryptoTransformLambda.cs @@ -23,7 +23,7 @@ public static void Run(int max) // BUG expected var threads = Enumerable.Range(0, threadCount) - .Select(_ => new ThreadStart(start)) + .Select(_ => new ThreadStart(start)) // $ Alert .Select(x => new Thread(x)) .ToList(); foreach (var t in threads) t.Start(); @@ -85,7 +85,7 @@ public static void Run(int max) } }; var threads = Enumerable.Range(0, threadCount) - .Select(_ => new ThreadStart(start)) + .Select(_ => new ThreadStart(start)) // $ Alert .Select(x => new Thread(x)) .ToList(); foreach (var t in threads) t.Start(); @@ -143,12 +143,12 @@ public static void Run() { var bytes = new byte[4]; Convert.ToBase64String(sha1.ComputeHash(bytes)); - }, + }, // $ Alert () => { var bytes = new byte[4]; Convert.ToBase64String(sha1.ComputeHash(bytes)); - } + } // $ Alert ); } diff --git a/csharp/ql/test/query-tests/Likely Bugs/ThreadUnsafeICryptoTransformLambda/ThreadUnsafeICryptoTransformLambda.qlref b/csharp/ql/test/query-tests/Likely Bugs/ThreadUnsafeICryptoTransformLambda/ThreadUnsafeICryptoTransformLambda.qlref index 0a869270c9ba..f206d84cd77e 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/ThreadUnsafeICryptoTransformLambda/ThreadUnsafeICryptoTransformLambda.qlref +++ b/csharp/ql/test/query-tests/Likely Bugs/ThreadUnsafeICryptoTransformLambda/ThreadUnsafeICryptoTransformLambda.qlref @@ -1 +1,2 @@ -Likely Bugs/ThreadUnsafeICryptoTransformLambda.ql \ No newline at end of file +query: Likely Bugs/ThreadUnsafeICryptoTransformLambda.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Likely Bugs/UncheckedCastInEquals/UncheckedCastInEquals.cs b/csharp/ql/test/query-tests/Likely Bugs/UncheckedCastInEquals/UncheckedCastInEquals.cs index 31e2336d0ca3..346dcc94c070 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/UncheckedCastInEquals/UncheckedCastInEquals.cs +++ b/csharp/ql/test/query-tests/Likely Bugs/UncheckedCastInEquals/UncheckedCastInEquals.cs @@ -4,6 +4,6 @@ public class Test public override bool Equals(object other) { - return ((Test)other).Field == this.Field; + return ((Test)other).Field == this.Field; // $ Alert } } diff --git a/csharp/ql/test/query-tests/Likely Bugs/UncheckedCastInEquals/UncheckedCastInEquals.qlref b/csharp/ql/test/query-tests/Likely Bugs/UncheckedCastInEquals/UncheckedCastInEquals.qlref index 4fc0cc8938f5..fa38710c7511 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/UncheckedCastInEquals/UncheckedCastInEquals.qlref +++ b/csharp/ql/test/query-tests/Likely Bugs/UncheckedCastInEquals/UncheckedCastInEquals.qlref @@ -1 +1,2 @@ -Likely Bugs/UncheckedCastInEquals.ql \ No newline at end of file +query: Likely Bugs/UncheckedCastInEquals.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Likely Bugs/UnsafeYearConstruction/Program.cs b/csharp/ql/test/query-tests/Likely Bugs/UnsafeYearConstruction/Program.cs index b7b6b4d4e3a6..83c18ca52763 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/UnsafeYearConstruction/Program.cs +++ b/csharp/ql/test/query-tests/Likely Bugs/UnsafeYearConstruction/Program.cs @@ -10,11 +10,11 @@ public PipelineProperties() { var now = DateTime.UtcNow; // BAD - this.Start = new DateTime(now.Year - 1, now.Month, now.Day, 0, 0, 0, DateTimeKind.Utc); + this.Start = new DateTime(now.Year - 1, now.Month, now.Day, 0, 0, 0, DateTimeKind.Utc); // $ Alert - var endYear = now.Year + 1; + var endYear = now.Year + 1; // $ Source // BAD - this.End = new DateTime(endYear, now.Month, now.Day, 0, 0, 1, DateTimeKind.Utc); + this.End = new DateTime(endYear, now.Month, now.Day, 0, 0, 1, DateTimeKind.Utc); // $ Alert // GOOD this.Start = now.AddYears(-1).Date; @@ -23,14 +23,14 @@ public PipelineProperties() private void Test(int year, int month, int day) { // BAD (arithmetic operation from StartTest) - this.Start = new DateTime(year, month, day); + this.Start = new DateTime(year, month, day); // $ Alert } public void StartTest() { var now = DateTime.UtcNow; // flows into Test (source for bug) - Test(now.Year - 1, now.Month, now.Day); + Test(now.Year - 1, now.Month, now.Day); // $ Source } public void StartTestFP() diff --git a/csharp/ql/test/query-tests/Likely Bugs/UnsafeYearConstruction/UnsafeYearConstruction.qlref b/csharp/ql/test/query-tests/Likely Bugs/UnsafeYearConstruction/UnsafeYearConstruction.qlref index 37fd40fb036c..8eebe63939d1 100644 --- a/csharp/ql/test/query-tests/Likely Bugs/UnsafeYearConstruction/UnsafeYearConstruction.qlref +++ b/csharp/ql/test/query-tests/Likely Bugs/UnsafeYearConstruction/UnsafeYearConstruction.qlref @@ -1 +1,2 @@ -Likely Bugs/LeapYear/UnsafeYearConstruction.ql \ No newline at end of file +query: Likely Bugs/LeapYear/UnsafeYearConstruction.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Linq/MissedCastOpportunity/MissedCastOpportunity.cs b/csharp/ql/test/query-tests/Linq/MissedCastOpportunity/MissedCastOpportunity.cs index fe5617c228a1..5bd7f5dcec08 100644 --- a/csharp/ql/test/query-tests/Linq/MissedCastOpportunity/MissedCastOpportunity.cs +++ b/csharp/ql/test/query-tests/Linq/MissedCastOpportunity/MissedCastOpportunity.cs @@ -11,7 +11,7 @@ public void M1(List animals) { Dog d = (Dog)a; d.Woof(); - } + } // $ Alert } public void M2(NonEnumerableClass nec) @@ -31,7 +31,7 @@ public void M3(Animal[] animals) { Dog d = (Dog)animal; d.Woof(); - } + } // $ Alert } public void M4(Array animals) @@ -41,7 +41,7 @@ public void M4(Array animals) { Dog d = (Dog)animal; d.Woof(); - } + } // $ Alert } public void M5(IEnumerable animals) @@ -51,7 +51,7 @@ public void M5(IEnumerable animals) { Dog d = (Dog)animal; d.Woof(); - } + } // $ Alert } public class NonEnumerableClass diff --git a/csharp/ql/test/query-tests/Linq/MissedCastOpportunity/MissedCastOpportunity.qlref b/csharp/ql/test/query-tests/Linq/MissedCastOpportunity/MissedCastOpportunity.qlref index 8d70f9995033..3731b64605f5 100644 --- a/csharp/ql/test/query-tests/Linq/MissedCastOpportunity/MissedCastOpportunity.qlref +++ b/csharp/ql/test/query-tests/Linq/MissedCastOpportunity/MissedCastOpportunity.qlref @@ -1 +1,2 @@ -Linq/MissedCastOpportunity.ql +query: Linq/MissedCastOpportunity.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Linq/MissedWhereOpportunity/MissedWhereOpportunity.cs b/csharp/ql/test/query-tests/Linq/MissedWhereOpportunity/MissedWhereOpportunity.cs index d1326c70ee23..0fee1e9c48ff 100644 --- a/csharp/ql/test/query-tests/Linq/MissedWhereOpportunity/MissedWhereOpportunity.cs +++ b/csharp/ql/test/query-tests/Linq/MissedWhereOpportunity/MissedWhereOpportunity.cs @@ -13,7 +13,7 @@ public void M1(List lst) continue; Console.WriteLine(i); Console.WriteLine((i / 2)); - } + } // $ Alert // BAD: Can be replaced with lst.Where(e => e % 2 == 0) foreach (int i in lst) @@ -23,7 +23,7 @@ public void M1(List lst) Console.WriteLine(i); Console.WriteLine((i / 2)); } - } + } // $ Alert } public void M2(NonEnumerableClass nec) @@ -49,7 +49,7 @@ public void M3(int[] arr) Console.WriteLine(n); Console.WriteLine((n / 2)); } - } + } // $ Alert } public void M4(Array arr) @@ -73,7 +73,7 @@ public void M5(IEnumerable elements) { Console.WriteLine(element); } - } + } // $ Alert } public class NonEnumerableClass diff --git a/csharp/ql/test/query-tests/Linq/MissedWhereOpportunity/MissedWhereOpportunity.qlref b/csharp/ql/test/query-tests/Linq/MissedWhereOpportunity/MissedWhereOpportunity.qlref index 4a08b459a6c3..815371aba99c 100644 --- a/csharp/ql/test/query-tests/Linq/MissedWhereOpportunity/MissedWhereOpportunity.qlref +++ b/csharp/ql/test/query-tests/Linq/MissedWhereOpportunity/MissedWhereOpportunity.qlref @@ -1 +1,2 @@ -Linq/MissedWhereOpportunity.ql +query: Linq/MissedWhereOpportunity.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/MagicConstants/AttributeInts.cs b/csharp/ql/test/query-tests/MagicConstants/AttributeInts.cs index 370dc0a948f2..441525751b80 100644 --- a/csharp/ql/test/query-tests/MagicConstants/AttributeInts.cs +++ b/csharp/ql/test/query-tests/MagicConstants/AttributeInts.cs @@ -20,7 +20,7 @@ void f1() void f2() { // BAD - var x = 555 + + var x = 555 + // $ Alert[cs/magic-number] 555 + 555 + 555 + 555 + 555 + 555 + 555 + 555 + 555 + 555 + 555 + 555 + 555 + 555 + 555 + 555 + 555 + 555 + 555 + 555; } diff --git a/csharp/ql/test/query-tests/MagicConstants/AttributeStrings.cs b/csharp/ql/test/query-tests/MagicConstants/AttributeStrings.cs index 5dd81b335f71..4100d12f93fc 100644 --- a/csharp/ql/test/query-tests/MagicConstants/AttributeStrings.cs +++ b/csharp/ql/test/query-tests/MagicConstants/AttributeStrings.cs @@ -3,7 +3,7 @@ class MyClass { public static void Main() { - System.Console.WriteLine("Hello, World!"); + System.Console.WriteLine("Hello, World!"); // $ Alert[cs/magic-string] System.Console.WriteLine("Hello, World!"); System.Console.WriteLine("Hello, World!"); System.Console.WriteLine("Hello, World!"); diff --git a/csharp/ql/test/query-tests/MagicConstants/AttributeStrings.qlref b/csharp/ql/test/query-tests/MagicConstants/AttributeStrings.qlref index c471ffedda83..7b0fd125d426 100644 --- a/csharp/ql/test/query-tests/MagicConstants/AttributeStrings.qlref +++ b/csharp/ql/test/query-tests/MagicConstants/AttributeStrings.qlref @@ -1 +1,2 @@ -Bad Practices/Magic Constants/MagicConstantsString.ql \ No newline at end of file +query: Bad Practices/Magic Constants/MagicConstantsString.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/MagicConstants/HashCode.cs b/csharp/ql/test/query-tests/MagicConstants/HashCode.cs index 71308f8fb6c6..7767fa6499db 100644 --- a/csharp/ql/test/query-tests/MagicConstants/HashCode.cs +++ b/csharp/ql/test/query-tests/MagicConstants/HashCode.cs @@ -13,7 +13,7 @@ int NotHashCode() { // BAD: Number 391 is repeated. return - 391 + + 391 + // $ Alert[cs/magic-number] 391 + 391 + 391 + 391 + 391 + 391 + 391 + 391 + 391 + 391 + 391 + 391 + 391 + 391 + 391 + 391 + 391 + 391 + 391 + 391 + 397; } diff --git a/csharp/ql/test/query-tests/MagicConstants/MagicConstantsNumbers.qlref b/csharp/ql/test/query-tests/MagicConstants/MagicConstantsNumbers.qlref index 8047296eeeba..514381dce917 100644 --- a/csharp/ql/test/query-tests/MagicConstants/MagicConstantsNumbers.qlref +++ b/csharp/ql/test/query-tests/MagicConstants/MagicConstantsNumbers.qlref @@ -1 +1,2 @@ -Bad Practices/Magic Constants/MagicConstantsNumbers.ql \ No newline at end of file +query: Bad Practices/Magic Constants/MagicConstantsNumbers.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/MagicConstants/MagicNumbersUseConstant.cs b/csharp/ql/test/query-tests/MagicConstants/MagicNumbersUseConstant.cs index 35f1bbb1435a..039ac137dda2 100644 --- a/csharp/ql/test/query-tests/MagicConstants/MagicNumbersUseConstant.cs +++ b/csharp/ql/test/query-tests/MagicConstants/MagicNumbersUseConstant.cs @@ -16,12 +16,12 @@ class UseConstantNumber byte[] values2 = { 241 }; // BAD: Use constant - int values3 = 241; + int values3 = 241; // $ Alert[cs/use-number-constant] void Test() { // BAD: Use constant - var v1 = 241; + var v1 = 241; // $ Alert[cs/use-number-constant] // GOOD: Constant used var v2 = IntConstants.PUBLIC_CONST; diff --git a/csharp/ql/test/query-tests/MagicConstants/MagicNumbersUseConstant.qlref b/csharp/ql/test/query-tests/MagicConstants/MagicNumbersUseConstant.qlref index 65c1a785c6cf..75437932f589 100644 --- a/csharp/ql/test/query-tests/MagicConstants/MagicNumbersUseConstant.qlref +++ b/csharp/ql/test/query-tests/MagicConstants/MagicNumbersUseConstant.qlref @@ -1 +1,2 @@ -Bad Practices/Magic Constants/MagicNumbersUseConstant.ql \ No newline at end of file +query: Bad Practices/Magic Constants/MagicNumbersUseConstant.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/MagicConstants/MagicStringsUseConstant.cs b/csharp/ql/test/query-tests/MagicConstants/MagicStringsUseConstant.cs index c0b0fc8189c6..a09bf27c8d9a 100644 --- a/csharp/ql/test/query-tests/MagicConstants/MagicStringsUseConstant.cs +++ b/csharp/ql/test/query-tests/MagicConstants/MagicStringsUseConstant.cs @@ -14,12 +14,12 @@ class UseConstantString string[] values1 = { "abcdefgh" }; // BAD: Use constant - string values2 = "abcdefgh"; + string values2 = "abcdefgh"; // $ Alert[cs/use-string-constant] void Test() { // BAD: Use constant - var v1 = "abcdefgh"; + var v1 = "abcdefgh"; // $ Alert[cs/use-string-constant] // GOOD: Constant used. var v2 = StringConstants.PUBLIC_CONSTANT; diff --git a/csharp/ql/test/query-tests/MagicConstants/MagicStringsUseConstant.qlref b/csharp/ql/test/query-tests/MagicConstants/MagicStringsUseConstant.qlref index 72b6dcbab7d4..7ded4ffe161b 100644 --- a/csharp/ql/test/query-tests/MagicConstants/MagicStringsUseConstant.qlref +++ b/csharp/ql/test/query-tests/MagicConstants/MagicStringsUseConstant.qlref @@ -1 +1,2 @@ -Bad Practices/Magic Constants/MagicStringsUseConstant.ql \ No newline at end of file +query: Bad Practices/Magic Constants/MagicStringsUseConstant.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Metrics/Files/FLinesOfCommentedCode/flinesofcommentedcode.qlref b/csharp/ql/test/query-tests/Metrics/Files/FLinesOfCommentedCode/flinesofcommentedcode.qlref index 85a80a9627eb..952183500693 100644 --- a/csharp/ql/test/query-tests/Metrics/Files/FLinesOfCommentedCode/flinesofcommentedcode.qlref +++ b/csharp/ql/test/query-tests/Metrics/Files/FLinesOfCommentedCode/flinesofcommentedcode.qlref @@ -1 +1 @@ -Metrics/Files/FLinesOfCommentedCode.ql \ No newline at end of file +query: Metrics/Files/FLinesOfCommentedCode.ql diff --git a/csharp/ql/test/query-tests/Metrics/RefTypes/TNumberOfFields/EnumSize.qlref b/csharp/ql/test/query-tests/Metrics/RefTypes/TNumberOfFields/EnumSize.qlref index c20a0d3886c1..67b897b1f5dc 100644 --- a/csharp/ql/test/query-tests/Metrics/RefTypes/TNumberOfFields/EnumSize.qlref +++ b/csharp/ql/test/query-tests/Metrics/RefTypes/TNumberOfFields/EnumSize.qlref @@ -1 +1 @@ -Metrics/RefTypes/TNumberOfFields.ql \ No newline at end of file +query: Metrics/RefTypes/TNumberOfFields.ql diff --git a/csharp/ql/test/query-tests/Metrics/Summaries/LinesOfCode.qlref b/csharp/ql/test/query-tests/Metrics/Summaries/LinesOfCode.qlref index 8c18065043fd..7510037b8101 100644 --- a/csharp/ql/test/query-tests/Metrics/Summaries/LinesOfCode.qlref +++ b/csharp/ql/test/query-tests/Metrics/Summaries/LinesOfCode.qlref @@ -1 +1 @@ -Metrics/Summaries/LinesOfCode.ql \ No newline at end of file +query: Metrics/Summaries/LinesOfCode.ql diff --git a/csharp/ql/test/query-tests/Performance/StringBuilderInLoop/StringBuilderInLoop.cs b/csharp/ql/test/query-tests/Performance/StringBuilderInLoop/StringBuilderInLoop.cs index 63b8d5b386eb..dc1c24e3d3eb 100644 --- a/csharp/ql/test/query-tests/Performance/StringBuilderInLoop/StringBuilderInLoop.cs +++ b/csharp/ql/test/query-tests/Performance/StringBuilderInLoop/StringBuilderInLoop.cs @@ -7,7 +7,7 @@ static void Main(string[] args) { foreach (var arg in args) { - var sb = new StringBuilder(); // BAD: Creation in loop + var sb = new StringBuilder(); // $ Alert // BAD: Creation in loop sb.Append("Hello ").Append(arg); Console.WriteLine(sb); } @@ -33,7 +33,7 @@ void ControlFlow(string[] args) sb = new StringBuilder(); // GOOD: Not in all control paths else sb.Clear(); - lock (sb) sb = new StringBuilder(); // BAD: In all control paths + lock (sb) sb = new StringBuilder(); // $ Alert // BAD: In all control paths sb.Append("Hello ").Append(arg); Console.WriteLine(sb); } diff --git a/csharp/ql/test/query-tests/Performance/StringBuilderInLoop/StringBuilderInLoop.qlref b/csharp/ql/test/query-tests/Performance/StringBuilderInLoop/StringBuilderInLoop.qlref index 3b5d707f51e6..8b8d7b8e147b 100644 --- a/csharp/ql/test/query-tests/Performance/StringBuilderInLoop/StringBuilderInLoop.qlref +++ b/csharp/ql/test/query-tests/Performance/StringBuilderInLoop/StringBuilderInLoop.qlref @@ -1 +1,2 @@ -Performance/StringBuilderInLoop.ql \ No newline at end of file +query: Performance/StringBuilderInLoop.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Performance/StringConcatenationInLoop/StringConcatenationInLoop.cs b/csharp/ql/test/query-tests/Performance/StringConcatenationInLoop/StringConcatenationInLoop.cs index 4947363a083c..80dde40d5532 100644 --- a/csharp/ql/test/query-tests/Performance/StringConcatenationInLoop/StringConcatenationInLoop.cs +++ b/csharp/ql/test/query-tests/Performance/StringConcatenationInLoop/StringConcatenationInLoop.cs @@ -10,8 +10,8 @@ public Program() var x1 = ""; for (var i = 0; i < 1000; i++) { - x0 += "" + i; // BAD - x1 = x1 + i; // BAD + x0 += "" + i; // $ Alert // BAD + x1 = x1 + i; // $ Alert // BAD var x2 = ""; x2 += x1; // GOOD } diff --git a/csharp/ql/test/query-tests/Performance/StringConcatenationInLoop/StringConcatenationInLoop.qlref b/csharp/ql/test/query-tests/Performance/StringConcatenationInLoop/StringConcatenationInLoop.qlref index edd774f1e609..302e7fefd8a6 100644 --- a/csharp/ql/test/query-tests/Performance/StringConcatenationInLoop/StringConcatenationInLoop.qlref +++ b/csharp/ql/test/query-tests/Performance/StringConcatenationInLoop/StringConcatenationInLoop.qlref @@ -1 +1,2 @@ -Performance/StringConcatenationInLoop.ql \ No newline at end of file +query: Performance/StringConcatenationInLoop.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Performance/UseTryGetValue/UseTryGetValue.cs b/csharp/ql/test/query-tests/Performance/UseTryGetValue/UseTryGetValue.cs index 296ffaa82f27..9f39c43926e2 100644 --- a/csharp/ql/test/query-tests/Performance/UseTryGetValue/UseTryGetValue.cs +++ b/csharp/ql/test/query-tests/Performance/UseTryGetValue/UseTryGetValue.cs @@ -16,24 +16,24 @@ static void Main(string[] args) dict.TryGetValue(2, out x); // These are BAD - if (dict.ContainsKey(1)) x = dict[1]; - if (dict.ContainsKey(1) && dict[1] == 2) ; - if (!dict.ContainsKey(1) && dict[1] == 2) ; - if (!dict.ContainsKey(1) || dict[1] == 2) ; - if (dict.ContainsKey(1) || dict[1] == 2) ; + if (dict.ContainsKey(1)) x = dict[1]; // $ Alert + if (dict.ContainsKey(1) && dict[1] == 2) ; // $ Alert + if (!dict.ContainsKey(1) && dict[1] == 2) ; // $ Alert + if (!dict.ContainsKey(1) || dict[1] == 2) ; // $ Alert + if (dict.ContainsKey(1) || dict[1] == 2) ; // $ Alert - if (dict.ContainsKey(1)) + if (dict.ContainsKey(1)) // $ Alert x = dict[1]; else x = dict[1]; - if (!dict.ContainsKey(1)) + if (!dict.ContainsKey(1)) // $ Alert x = dict[1]; else x = dict[1]; - x = dict.ContainsKey(1) ? dict[1] : dict[1]; - x = !dict.ContainsKey(1) ? dict[1] : dict[1]; - x = true && !dict.ContainsKey(1) ? dict[1] : dict[1]; + x = dict.ContainsKey(1) ? dict[1] : dict[1]; // $ Alert + x = !dict.ContainsKey(1) ? dict[1] : dict[1]; // $ Alert + x = true && !dict.ContainsKey(1) ? dict[1] : dict[1]; // $ Alert // GOOD: Different index if (dict.ContainsKey(0)) x = dict[1]; diff --git a/csharp/ql/test/query-tests/Performance/UseTryGetValue/UseTryGetValue.qlref b/csharp/ql/test/query-tests/Performance/UseTryGetValue/UseTryGetValue.qlref index 13889c6245fc..5ca355f78242 100644 --- a/csharp/ql/test/query-tests/Performance/UseTryGetValue/UseTryGetValue.qlref +++ b/csharp/ql/test/query-tests/Performance/UseTryGetValue/UseTryGetValue.qlref @@ -1 +1,2 @@ -Performance/UseTryGetValue.ql \ No newline at end of file +query: Performance/UseTryGetValue.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/ReadOnlyContainer/ReadOnlyContainer.cs b/csharp/ql/test/query-tests/ReadOnlyContainer/ReadOnlyContainer.cs index f9914566bb98..b627b6e65b3f 100644 --- a/csharp/ql/test/query-tests/ReadOnlyContainer/ReadOnlyContainer.cs +++ b/csharp/ql/test/query-tests/ReadOnlyContainer/ReadOnlyContainer.cs @@ -6,11 +6,11 @@ class Test { // Test variable scope - IList v1 = new List(); // BAD: private scope + IList v1 = new List(); // $ Alert // BAD: private scope void f() { - var v2 = new List(); // BAD: local scope + var v2 = new List(); // $ Alert // BAD: local scope var x = v1.Contains(1); var y = v2.Contains(2); } @@ -27,7 +27,7 @@ void g() // Test initializer IList n3 = new List { 1, 2, 3 }; // GOOD: initialized - IList v3; // BAD: unassigned + IList v3; // $ Alert // BAD: unassigned void h() { @@ -52,7 +52,7 @@ void f1() n5 = new List { 1, 2, 3 }; n5.Contains(1); - var v4 = new List(); // BAD: assigned only from empty list + var v4 = new List(); // $ Alert // BAD: assigned only from empty list v4 = new List(); v4.Contains(1); @@ -73,30 +73,30 @@ void f3() void f4() { - var v5 = new Dictionary(); // BAD + var v5 = new Dictionary(); // $ Alert // BAD v5.ContainsKey(1); v5.ContainsValue(1); v5.GetEnumerator(); var tmp = new HashSet(); - var v6 = new HashSet(); // BAD + var v6 = new HashSet(); // $ Alert // BAD v6.IsSubsetOf(tmp); v6.IsProperSubsetOf(tmp); v6.IsSupersetOf(tmp); v6.IsProperSupersetOf(tmp); - var v7 = new LinkedList(); // BAD + var v7 = new LinkedList(); // $ Alert // BAD v7.Contains(1); - var v8 = new Queue(); // BAD + var v8 = new Queue(); // $ Alert // BAD v8.Dequeue(); v8.Peek(); v8.ToArray(); - var v9 = new Stack(); // BAD + var v9 = new Stack(); // $ Alert // BAD v9.Pop(); - var v10 = new List(); // BAD: property access + var v10 = new List(); // $ Alert // BAD: property access var x = v10.Count; } @@ -118,7 +118,7 @@ void f5() void f6() { - var v11 = new Dictionary(); // BAD: read by Index + var v11 = new Dictionary(); // $ Alert // BAD: read by Index var x = v11[1]; var n12 = new Dictionary(); // GOOD: written by Index @@ -155,7 +155,7 @@ void f8(object arguments) void f9() { - var l1 = new MyList(); // BAD + var l1 = new MyList(); // $ Alert // BAD var x1 = l1[0]; var l2 = new MyList(); // GOOD diff --git a/csharp/ql/test/query-tests/ReadOnlyContainer/ReadOnlyContainer.qlref b/csharp/ql/test/query-tests/ReadOnlyContainer/ReadOnlyContainer.qlref index 2f4f5248a6bb..623d63c75056 100644 --- a/csharp/ql/test/query-tests/ReadOnlyContainer/ReadOnlyContainer.qlref +++ b/csharp/ql/test/query-tests/ReadOnlyContainer/ReadOnlyContainer.qlref @@ -1 +1,2 @@ -Likely Bugs/Collections/ReadOnlyContainer.ql \ No newline at end of file +query: Likely Bugs/Collections/ReadOnlyContainer.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-011/ASPNetDebug.qlref b/csharp/ql/test/query-tests/Security Features/CWE-011/ASPNetDebug.qlref index da2dbc17be05..f197b183e75e 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-011/ASPNetDebug.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-011/ASPNetDebug.qlref @@ -1 +1,2 @@ -Security Features/CWE-011/ASPNetDebug.ql \ No newline at end of file +query: Security Features/CWE-011/ASPNetDebug.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-011/bad1/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-011/bad1/Web.config index ffc04c240fae..c79a46e2c881 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-011/bad1/Web.config +++ b/csharp/ql/test/query-tests/Security Features/CWE-011/bad1/Web.config @@ -4,6 +4,6 @@ + /> diff --git a/csharp/ql/test/query-tests/Security Features/CWE-011/bad2/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-011/bad2/Web.config index ffc04c240fae..c79a46e2c881 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-011/bad2/Web.config +++ b/csharp/ql/test/query-tests/Security Features/CWE-011/bad2/Web.config @@ -4,6 +4,6 @@ + /> diff --git a/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetMaxRequestLength/ASPNetMaxRequestLength.qlref b/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetMaxRequestLength/ASPNetMaxRequestLength.qlref index 7469d5d2e98a..5c2fc1ad4f63 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetMaxRequestLength/ASPNetMaxRequestLength.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetMaxRequestLength/ASPNetMaxRequestLength.qlref @@ -1 +1,2 @@ -Security Features/CWE-016/ASPNetMaxRequestLength.ql \ No newline at end of file +query: Security Features/CWE-016/ASPNetMaxRequestLength.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetMaxRequestLength/bad/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetMaxRequestLength/bad/Web.config index ea52bd2505b8..a9e98986c4cb 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetMaxRequestLength/bad/Web.config +++ b/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetMaxRequestLength/bad/Web.config @@ -1,6 +1,6 @@ - + - \ No newline at end of file + diff --git a/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetPagesValidateRequest/ASPNetPagesValidateRequest.qlref b/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetPagesValidateRequest/ASPNetPagesValidateRequest.qlref index 2116949f754e..5eaf78b95be4 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetPagesValidateRequest/ASPNetPagesValidateRequest.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetPagesValidateRequest/ASPNetPagesValidateRequest.qlref @@ -1 +1,2 @@ -Security Features/CWE-016/ASPNetPagesValidateRequest.ql \ No newline at end of file +query: Security Features/CWE-016/ASPNetPagesValidateRequest.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetPagesValidateRequest/ASPNetPagesValidateRequestBad.config b/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetPagesValidateRequest/ASPNetPagesValidateRequestBad.config index e8fbc48cb6e8..927a73b39d00 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetPagesValidateRequest/ASPNetPagesValidateRequestBad.config +++ b/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetPagesValidateRequest/ASPNetPagesValidateRequestBad.config @@ -1,5 +1,5 @@ - + - \ No newline at end of file + diff --git a/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetRequestValidationMode/ASPNetRequestValidationMode.qlref b/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetRequestValidationMode/ASPNetRequestValidationMode.qlref index 86ac50728428..c057ae5aa6c8 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetRequestValidationMode/ASPNetRequestValidationMode.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetRequestValidationMode/ASPNetRequestValidationMode.qlref @@ -1 +1,2 @@ -Security Features/CWE-016/ASPNetRequestValidationMode.ql \ No newline at end of file +query: Security Features/CWE-016/ASPNetRequestValidationMode.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetRequestValidationMode/ASPNetRequestValidationModeBad.config b/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetRequestValidationMode/ASPNetRequestValidationModeBad.config index e2c8b8dc9031..2a9be99dc51e 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetRequestValidationMode/ASPNetRequestValidationModeBad.config +++ b/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetRequestValidationMode/ASPNetRequestValidationModeBad.config @@ -1,5 +1,5 @@ - + diff --git a/csharp/ql/test/query-tests/Security Features/CWE-020/ExternalAPIsUsedWithUntrustedData.qlref b/csharp/ql/test/query-tests/Security Features/CWE-020/ExternalAPIsUsedWithUntrustedData.qlref index 68f234e9d372..44a26f7eb0f4 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-020/ExternalAPIsUsedWithUntrustedData.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-020/ExternalAPIsUsedWithUntrustedData.qlref @@ -1 +1 @@ -Security Features/CWE-020/ExternalAPIsUsedWithUntrustedData.ql \ No newline at end of file +query: Security Features/CWE-020/ExternalAPIsUsedWithUntrustedData.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-020/RuntimeChecksBypass.cs b/csharp/ql/test/query-tests/Security Features/CWE-020/RuntimeChecksBypass.cs index aea3c4e244f8..c43a6a4777f4 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-020/RuntimeChecksBypass.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-020/RuntimeChecksBypass.cs @@ -17,7 +17,7 @@ public Test1(string v) [OnDeserializing] public void Deserialize() { - f = GetString(); // BAD, non-constant and non-object creation expr + f = GetString(); // $ Alert // BAD, non-constant and non-object creation expr } string GetString() { throw null; } @@ -123,7 +123,7 @@ public Test5(int age) [OnDeserializing] void ISerializable.GetObjectData(SerializationInfo info, StreamingContext context) { - Age = info.GetInt32("age"); // BAD + Age = info.GetInt32("age"); // $ Alert // BAD } } @@ -167,7 +167,7 @@ void ISerializable.GetObjectData(SerializationInfo info, StreamingContext contex int age = info.GetInt32("age"); if (false) throw new SerializationException("age"); - Age = age; // BAD + Age = age; // $ Alert // BAD } } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-020/RuntimeChecksBypassBad.cs b/csharp/ql/test/query-tests/Security Features/CWE-020/RuntimeChecksBypassBad.cs index 5d89942f9fe8..8777e35874a2 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-020/RuntimeChecksBypassBad.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-020/RuntimeChecksBypassBad.cs @@ -16,6 +16,6 @@ public PersonBad(int age) [OnDeserializing] void ISerializable.GetObjectData(SerializationInfo info, StreamingContext context) { - Age = info.GetInt32("age"); // BAD - write is unsafe + Age = info.GetInt32("age"); // $ Alert // BAD - write is unsafe } } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-020/RuntimeChecksbypass.qlref b/csharp/ql/test/query-tests/Security Features/CWE-020/RuntimeChecksbypass.qlref index c5615a7415c4..375a7f00e550 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-020/RuntimeChecksbypass.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-020/RuntimeChecksbypass.qlref @@ -1 +1,2 @@ -Security Features/CWE-020/RuntimeChecksBypass.ql \ No newline at end of file +query: Security Features/CWE-020/RuntimeChecksBypass.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedData.cs b/csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedData.cs index 7b0f789c2aec..997ecc4f5cd2 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedData.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedData.cs @@ -6,11 +6,11 @@ public class UntrustedData : IHttpHandler { public void ProcessRequest(HttpContext ctx) { - var name = ctx.Request.QueryString["name"]; + var name = ctx.Request.QueryString["name"]; // $ Alert[cs/untrusted-data-to-external-api]=r1 $ Alert[cs/untrusted-data-to-external-api]=r1 $ Source[cs/untrusted-data-to-external-api]=r2 var len = name.Length; var myEncodedString = HttpUtility.HtmlEncode(name); - ctx.Response.Write(name); + ctx.Response.Write(name); // $ Alert[cs/untrusted-data-to-external-api]=r2 } public bool IsReusable => true; diff --git a/csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedDataToExternalAPI.qlref b/csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedDataToExternalAPI.qlref index 22d3fe2ef63c..65b603105088 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedDataToExternalAPI.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedDataToExternalAPI.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-020/UntrustedDataToExternalAPI.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.cs b/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.cs index 3ea90facfd3c..a22efa5e25fa 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.cs @@ -7,14 +7,14 @@ public class TaintedPathHandler : IHttpHandler public void ProcessRequest(HttpContext ctx) { - String path = ctx.Request.QueryString["page"]; + String path = ctx.Request.QueryString["page"]; // $ Source[cs/path-injection]=r1 $ Source[cs/path-injection]=r2 $ Source[cs/path-injection]=r3 $ Source[cs/path-injection]=r4 $ Source[cs/path-injection]=r5 $ Source[cs/path-injection]=r6 $ Source[cs/path-injection]=r7 // BAD: Used via a File.Create... call. - using (StreamWriter sw = File.CreateText(path)) + using (StreamWriter sw = File.CreateText(path)) // $ Alert[cs/path-injection]=r1 { sw.WriteLine("Hello"); } // BAD: Used via StreamWriter constructor - using (StreamWriter sw = new StreamWriter(path)) + using (StreamWriter sw = new StreamWriter(path)) // $ Alert[cs/path-injection]=r2 { sw.WriteLine("Hello"); } @@ -22,20 +22,20 @@ public void ProcessRequest(HttpContext ctx) // BAD: Check is insufficient, text is read. if (!path.StartsWith("../")) { - File.ReadAllText(path); + File.ReadAllText(path); // $ Alert[cs/path-injection]=r3 } // BAD: Check is insufficient, text is read. if (!string.IsNullOrEmpty(path)) { - File.ReadAllText(path); + File.ReadAllText(path); // $ Alert[cs/path-injection]=r4 } // BAD: Check is insufficient, text is read. string badPath = "/home/user/" + path; - if (File.Exists(badPath)) + if (File.Exists(badPath)) // $ Alert[cs/path-injection]=r5 { - ctx.Response.Write(File.ReadAllText(badPath)); + ctx.Response.Write(File.ReadAllText(badPath)); // $ Alert[cs/path-injection]=r6 } // GOOD: Tainted path is passed through MapPath @@ -48,7 +48,7 @@ public void ProcessRequest(HttpContext ctx) File.ReadAllText(path); } - Directory.Exists(path); + Directory.Exists(path); // $ Alert[cs/path-injection]=r7 // GOOD: A Guid. File.ReadAllText(new Guid(path).ToString()); diff --git a/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.qlref b/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.qlref index 10abc41286cf..9ab7666c8f1e 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.qlref @@ -1,3 +1,5 @@ query: Security Features/CWE-022/TaintedPath.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.cs b/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.cs index 1ec93bba3edd..189fb1a6eb6e 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.cs @@ -12,15 +12,15 @@ public static void UnzipFileByFile(ZipArchive archive, { foreach (var entry in archive.Entries) { - string fullPath = Path.GetFullPath(entry.FullName); + string fullPath = Path.GetFullPath(entry.FullName); // $ Alert[cs/zipslip]=r1 $ Alert[cs/zipslip]=r2 $ Alert[cs/zipslip]=r3 string fileName = Path.GetFileName(entry.FullName); string filename = entry.Name; - string file = entry.FullName; + string file = entry.FullName; // $ Alert[cs/zipslip]=r4 if (!string.IsNullOrEmpty(file)) { // BAD string destFileName = Path.Combine(destDirectory, file); - entry.ExtractToFile(destFileName, true); + entry.ExtractToFile(destFileName, true); // $ Sink[cs/zipslip]=r4 // GOOD string sanitizedFileName = Path.Combine(destDirectory, fileName); @@ -28,15 +28,15 @@ public static void UnzipFileByFile(ZipArchive archive, // BAD string destFilePath = Path.Combine(destDirectory, fullPath); - entry.ExtractToFile(destFilePath, true); + entry.ExtractToFile(destFilePath, true); // $ Sink[cs/zipslip]=r1 // BAD: destFilePath isn't fully resolved, so may still contain .. if (destFilePath.StartsWith(destDirectory)) - entry.ExtractToFile(destFilePath, true); + entry.ExtractToFile(destFilePath, true); // $ Sink[cs/zipslip]=r2 // BAD destFilePath = Path.GetFullPath(Path.Combine(destDirectory, fullPath)); - entry.ExtractToFile(destFilePath, true); + entry.ExtractToFile(destFilePath, true); // $ Sink[cs/zipslip]=r3 // GOOD: a check for StartsWith against a fully resolved path if (destFilePath.StartsWith(destDirectory)) @@ -58,28 +58,28 @@ private static int UnzipToStream(Stream zipStream, string installDir) foreach (ZipArchiveEntry entry in archive.Entries) { // figure out where we are putting the file - String destFilePath = Path.Combine(InstallDir, entry.FullName); + String destFilePath = Path.Combine(InstallDir, entry.FullName); // $ Alert[cs/zipslip]=r5 $ Alert[cs/zipslip]=r6 $ Alert[cs/zipslip]=r7 $ Alert[cs/zipslip]=r8 Directory.CreateDirectory(Path.GetDirectoryName(destFilePath)); using (Stream archiveFileStream = entry.Open()) { // BAD: writing to file stream - using (Stream tfsFileStream = new FileStream(destFilePath, FileMode.CreateNew, FileAccess.ReadWrite, FileShare.None)) + using (Stream tfsFileStream = new FileStream(destFilePath, FileMode.CreateNew, FileAccess.ReadWrite, FileShare.None)) // $ Sink[cs/zipslip]=r5 { Console.WriteLine(@"Writing ""{0}""", destFilePath); archiveFileStream.CopyTo(tfsFileStream); } // BAD: can do it this way too - using (Stream tfsFileStream = File.Create(destFilePath)) + using (Stream tfsFileStream = File.Create(destFilePath)) // $ Sink[cs/zipslip]=r6 { Console.WriteLine(@"Writing ""{0}""", destFilePath); archiveFileStream.CopyTo(tfsFileStream); } // BAD: creating stream using fileInfo - var fileInfo = new FileInfo(destFilePath); + var fileInfo = new FileInfo(destFilePath); // $ Sink[cs/zipslip]=r7 using (FileStream fs = fileInfo.OpenWrite()) { Console.WriteLine(@"Writing ""{0}""", destFilePath); @@ -87,7 +87,7 @@ private static int UnzipToStream(Stream zipStream, string installDir) } // BAD: creating stream using fileInfo - var fileInfo1 = new FileInfo(destFilePath); + var fileInfo1 = new FileInfo(destFilePath); // $ Sink[cs/zipslip]=r8 using (FileStream fs = fileInfo1.Open(FileMode.Create)) { Console.WriteLine(@"Writing ""{0}""", destFilePath); diff --git a/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.qlref b/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.qlref index f8a7ab34e883..9d8f3ad5a64b 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-022/ZipSlip.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlipBad.cs b/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlipBad.cs index fb6bce23b72f..5a996edbad86 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlipBad.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlipBad.cs @@ -6,7 +6,7 @@ class Bad public static void WriteToDirectory(ZipArchiveEntry entry, string destDirectory) { - string destFileName = Path.Combine(destDirectory, entry.FullName); - entry.ExtractToFile(destFileName); + string destFileName = Path.Combine(destDirectory, entry.FullName); // $ Alert[cs/zipslip]=r9 + entry.ExtractToFile(destFileName); // $ Sink[cs/zipslip]=r9 } } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.cs b/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.cs index df3db94b4335..36ece73221e3 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.cs @@ -24,16 +24,16 @@ class CommandInjection public void WebCommandInjection() { // BAD: Reading from textbox, then using that in the arguments and file name - string userInput = categoryTextBox.Text; - Process.Start("foo.exe" + userInput, "/c " + userInput); + string userInput = categoryTextBox.Text; // $ Source[cs/command-line-injection]=r1 $ Source[cs/command-line-injection]=r2 $ Source[cs/command-line-injection]=r3 $ Source[cs/command-line-injection]=r4 $ Source[cs/command-line-injection]=r5 $ Source[cs/command-line-injection]=r6 $ Source[cs/command-line-injection]=r7 + Process.Start("foo.exe" + userInput, "/c " + userInput); // $ Alert[cs/command-line-injection]=r1 $ Alert[cs/command-line-injection]=r2 - ProcessStartInfo startInfo = new ProcessStartInfo(userInput, userInput); + ProcessStartInfo startInfo = new ProcessStartInfo(userInput, userInput); // $ Alert[cs/command-line-injection]=r3 $ Alert[cs/command-line-injection]=r4 Process.Start(startInfo); ProcessStartInfo startInfoProps = new ProcessStartInfo(); - startInfoProps.FileName = userInput; - startInfoProps.Arguments = userInput; - startInfoProps.WorkingDirectory = userInput; + startInfoProps.FileName = userInput; // $ Alert[cs/command-line-injection]=r5 + startInfoProps.Arguments = userInput; // $ Alert[cs/command-line-injection]=r6 + startInfoProps.WorkingDirectory = userInput; // $ Alert[cs/command-line-injection]=r7 Process.Start(startInfoProps); } @@ -43,12 +43,12 @@ public void StoredCommandInjection() { connection.Open(); SqlCommand customerCommand = new SqlCommand("SELECT * FROM customers", connection); - SqlDataReader customerReader = customerCommand.ExecuteReader(); + SqlDataReader customerReader = customerCommand.ExecuteReader(); // $ Source[cs/command-line-injection]=r8 while (customerReader.Read()) { // BAD: Read from database, and use it to directly execute a command - Process.Start("foo.exe", "/c " + customerReader.GetString(1)); + Process.Start("foo.exe", "/c " + customerReader.GetString(1)); // $ Alert[cs/command-line-injection]=r8 } customerReader.Close(); } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.qlref b/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.qlref index 366f5105393f..607983370399 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-078/CommandInjection.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.cs b/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.cs index 1096634b6903..1e30735d3265 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.cs @@ -14,12 +14,12 @@ public void processRequest(HttpContext context) { connection.Open(); SqlCommand customerCommand = new SqlCommand("SELECT * FROM customers", connection); - SqlDataReader customerReader = customerCommand.ExecuteReader(); + SqlDataReader customerReader = customerCommand.ExecuteReader(); // $ Source[cs/web/xss]=r1 while (customerReader.Read()) { // BAD: Read from database, write it straight to a response - context.Response.Write("Orders for " + customerReader.GetString(1)); + context.Response.Write("Orders for " + customerReader.GetString(1)); // $ Alert[cs/web/xss]=r1 } customerReader.Close(); } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.qlref b/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.qlref index 89b5b951bdb6..a71d47846701 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-079/XSS.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.cs b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.cs index eba40b891d58..6db6b4fc4b68 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.cs @@ -23,10 +23,10 @@ public void WebUIXSS() { // BAD: Reading from textbox, then writing an amended value to a control that does not HTML encode StringBuilder userInput = new StringBuilder(); - userInput.AppendFormat("{0} test", categoryTextBox.Text); - calendar.Caption = userInput.ToString(); - table.Caption = userInput.ToString(); - label.Text = userInput.ToString(); + userInput.AppendFormat("{0} test", categoryTextBox.Text); // $ Source[cs/web/xss]=r1 $ Source[cs/web/xss]=r2 $ Source[cs/web/xss]=r3 + calendar.Caption = userInput.ToString(); // $ Alert[cs/web/xss]=r1 + table.Caption = userInput.ToString(); // $ Alert[cs/web/xss]=r2 + label.Text = userInput.ToString(); // $ Alert[cs/web/xss]=r3 // GOOD: Reading from textbox, then writing an amended value to a control that does HTML encode categoryTextBox.Text = userInput.ToString(); @@ -35,8 +35,8 @@ public void WebUIXSS() public void processRequest(HttpContext context) { // BAD: Read user input from a request, write it straight to a response - string name = context.Request.QueryString["name"]; - context.Response.Write(name); + string name = context.Request.QueryString["name"]; // $ Source[cs/web/xss]=r4 + context.Response.Write(name); // $ Alert[cs/web/xss]=r4 // GOOD: Read user input from a request, but encode it before writing to the response string name2 = context.Request.QueryString["name"]; @@ -55,9 +55,9 @@ public void processNumber(HttpContext context) public void mvcProcess(HttpContext context) { // BAD: Mimic what happens in cshtml pages - string name = context.Request.Unvalidated.QueryString["name"]; + string name = context.Request.Unvalidated.QueryString["name"]; // $ Source[cs/web/xss]=r5 HtmlHelper html = new HtmlHelper(null, null); - html.Raw(name); + html.Raw(name); // $ Alert[cs/web/xss]=r5 } public void listener(HttpContext context) @@ -73,27 +73,27 @@ public void listener(HttpContext context) public void contextBase(HttpContextBase context) { // BAD: Writing user input directly to a HttpListenerResponse - string name = context.Request.QueryString["name"]; - context.Response.Write(name); + string name = context.Request.QueryString["name"]; // $ Source[cs/web/xss]=r6 + context.Response.Write(name); // $ Alert[cs/web/xss]=r6 // BAD: Writing user input directly to a HttpListenerResponse - string name2 = context.Request["name"]; - context.Response.Write(name2); + string name2 = context.Request["name"]; // $ Source[cs/web/xss]=r7 + context.Response.Write(name2); // $ Alert[cs/web/xss]=r7 } public void htmlStrings(HttpContextBase context) { // BAD: Writing user input into a HtmlString without encoding - string name = context.Request.QueryString["name"]; - new HtmlString(name); - new MvcHtmlString(name); + string name = context.Request.QueryString["name"]; // $ Source[cs/web/xss]=r8 $ Source[cs/web/xss]=r9 + new HtmlString(name); // $ Alert[cs/web/xss]=r8 + new MvcHtmlString(name); // $ Alert[cs/web/xss]=r9 new MyHtmlString(context.Request); } public void WebContent(HttpContextBase context) { // BAD: Writing user input into a StringContent without encoding - string name = context.Request.QueryString["name"]; - new StringContent(name); + string name = context.Request.QueryString["name"]; // $ Source[cs/web/xss]=r10 + new StringContent(name); // $ Alert[cs/web/xss]=r10 } public void HtmlEncoded(HttpContextBase context) @@ -137,7 +137,7 @@ public MyHtmlString(HttpRequestBase request) public string ToHtmlString() { - return Request.RawUrl; + return Request.RawUrl; // $ Alert[cs/web/xss]=r11 $ Alert[cs/web/xss]=r11 } } } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.qlref b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.qlref index 89b5b951bdb6..a71d47846701 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-079/XSS.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/script.aspx b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/script.aspx index 5dd4830d7567..7581e301c02f 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/script.aspx +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/script.aspx @@ -9,13 +9,13 @@ diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSRazorPages/XSS.qlref b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSRazorPages/XSS.qlref index faad1d6403c1..553ccc892d04 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSRazorPages/XSS.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSRazorPages/XSS.qlref @@ -1 +1,2 @@ -Security Features/CWE-079/XSS.ql \ No newline at end of file +query: Security Features/CWE-079/XSS.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.cs b/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.cs index ddd24e19729f..725d5bbe93c0 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.cs @@ -9,36 +9,36 @@ public class LDAPInjectionHandler : IHttpHandler { public void ProcessRequest(HttpContext ctx) { - string userName = ctx.Request.QueryString["username"]; + string userName = ctx.Request.QueryString["username"]; // $ Source[cs/ldap-injection]=r1 $ Source[cs/ldap-injection]=r2 $ Source[cs/ldap-injection]=r3 $ Source[cs/ldap-injection]=r4 $ Source[cs/ldap-injection]=r5 $ Source[cs/ldap-injection]=r6 // BAD: Filter includes user input without encoding - DirectorySearcher ds = new DirectorySearcher("accountname=" + userName); + DirectorySearcher ds = new DirectorySearcher("accountname=" + userName); // $ Alert[cs/ldap-injection]=r1 DirectorySearcher ds2 = new DirectorySearcher(); - ds.Filter = "accountname=" + userName; + ds.Filter = "accountname=" + userName; // $ Alert[cs/ldap-injection]=r2 // GOOD: Filter includes user input with encoding DirectorySearcher ds3 = new DirectorySearcher("accountname=" + LDAPEncode(userName)); // BAD: SearchRequest Filter includes user input without encoding SearchRequest sr = new SearchRequest(); - sr.Filter = "accountname=" + userName; - SearchRequest sr2 = new SearchRequest(null, "accountname=" + userName, System.DirectoryServices.Protocols.SearchScope.Base, null); + sr.Filter = "accountname=" + userName; // $ Alert[cs/ldap-injection]=r3 + SearchRequest sr2 = new SearchRequest(null, "accountname=" + userName, System.DirectoryServices.Protocols.SearchScope.Base, null); // $ Alert[cs/ldap-injection]=r4 // BAD: Distinguished Name includes user input without encoding - DirectoryEntry de = new DirectoryEntry("LDAP://Cn=" + userName); + DirectoryEntry de = new DirectoryEntry("LDAP://Cn=" + userName); // $ Alert[cs/ldap-injection]=r5 DirectoryEntry de2 = new DirectoryEntry(); - de2.Path = "LDAP://Cn=" + userName; + de2.Path = "LDAP://Cn=" + userName; // $ Alert[cs/ldap-injection]=r6 using (SqlConnection connection = new SqlConnection("")) { connection.Open(); SqlCommand customerCommand = new SqlCommand("SELECT * FROM customers", connection); - SqlDataReader customerReader = customerCommand.ExecuteReader(); + SqlDataReader customerReader = customerCommand.ExecuteReader(); // $ Source[cs/ldap-injection]=r7 while (customerReader.Read()) { // BAD: Read from database, write it straight to a response - DirectorySearcher ds4 = new DirectorySearcher("accountname=" + customerReader.GetString(1)); + DirectorySearcher ds4 = new DirectorySearcher("accountname=" + customerReader.GetString(1)); // $ Alert[cs/ldap-injection]=r7 } customerReader.Close(); } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.qlref b/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.qlref index 06bd1eedc4f4..13eefd4645f9 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-090/LDAPInjection.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/Test.cs b/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/Test.cs index f9dd6f3289e8..c394ed4b8cbb 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/Test.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/Test.cs @@ -5,14 +5,14 @@ public class XMLInjectionHandler : IHttpHandler { public void ProcessRequest(HttpContext ctx) { - string employeeName = ctx.Request.QueryString["employeeName"]; + string employeeName = ctx.Request.QueryString["employeeName"]; // $ Source[cs/xml-injection]=r1 using (XmlWriter writer = XmlWriter.Create("employees.xml")) { writer.WriteStartDocument(); // BAD: Insert user input directly into XML - writer.WriteRaw("" + employeeName + ""); + writer.WriteRaw("" + employeeName + ""); // $ Alert[cs/xml-injection]=r1 // GOOD: Escape user input before inserting into string writer.WriteRaw("" + SecurityElement.Escape(employeeName) + ""); diff --git a/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/XMLInjection.qlref b/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/XMLInjection.qlref index e39297fce167..96779d60ccb0 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/XMLInjection.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/XMLInjection.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-091/XMLInjection.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.cs b/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.cs index e03bc9821f50..a557ebf4c724 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.cs @@ -20,13 +20,13 @@ public class CommandInjectionHandler : IHttpHandler { public void ProcessRequest(HttpContext ctx) { - string code = ctx.Request.QueryString["code"]; + string code = ctx.Request.QueryString["code"]; // $ Source[cs/code-injection]=r1 $ Source[cs/code-injection]=r2 CSharpCodeProvider c = new CSharpCodeProvider(); ICodeCompiler icc = c.CreateCompiler(); CompilerParameters cp = new CompilerParameters(); // BAD: Compiling unvalidated code from the user - CompilerResults cr = icc.CompileAssemblyFromSource(cp, code); + CompilerResults cr = icc.CompileAssemblyFromSource(cp, code); // $ Alert[cs/code-injection]=r1 System.Reflection.Assembly a = cr.CompiledAssembly; object o = a.CreateInstance("MyNamespace.MyClass"); @@ -37,7 +37,7 @@ public void ProcessRequest(HttpContext ctx) object s = mi.Invoke(o, null); // BAD: Use the Roslyn APIs to dynamically evaluate C# - CSharpScript.EvaluateAsync(code); + CSharpScript.EvaluateAsync(code); // $ Alert[cs/code-injection]=r2 } public bool IsReusable @@ -53,6 +53,6 @@ public bool IsReusable void OnButtonClicked() { // BAD: Use the Roslyn APIs to dynamically evaluate C# - CSharpScript.EvaluateAsync(box1.Text); + CSharpScript.EvaluateAsync(box1.Text); // $ Alert[cs/code-injection]=r3 $ Alert[cs/code-injection]=r3 } } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.qlref b/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.qlref index 80eedc1b4c7c..53389dffbe49 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-094/CodeInjection.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.cs b/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.cs index aed9219090a7..dc7666744383 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.cs @@ -5,12 +5,12 @@ public class ResourceInjectionHandler : IHttpHandler { public void ProcessRequest(HttpContext ctx) { - string userName = ctx.Request.QueryString["userName"]; + string userName = ctx.Request.QueryString["userName"]; // $ Source[cs/resource-injection]=r1 $ Source[cs/resource-injection]=r2 string connectionString = "server=(local);user id=" + userName + ";password= pass;"; // BAD: Direct use of user input in a connection string for the constructor - SqlConnection sqlConnection = new SqlConnection(connectionString); + SqlConnection sqlConnection = new SqlConnection(connectionString); // $ Alert[cs/resource-injection]=r1 // BAD: Direct use of user input assigned to a connection string property - sqlConnection.ConnectionString = connectionString; + sqlConnection.ConnectionString = connectionString; // $ Alert[cs/resource-injection]=r2 // GOOD: Use SqlConnectionStringBuilder SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder(); builder["Data Source"] = "(local)"; diff --git a/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.qlref b/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.qlref index 5292de5ee84f..e2e487631687 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-099/ResourceInjection.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.cs b/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.cs index 4ca87924c687..869b0731351f 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.cs @@ -9,22 +9,22 @@ public class MissingXMLValidationHandler : IHttpHandler public void ProcessRequest(HttpContext ctx) { - String userProvidedXml = ctx.Request.QueryString["userProvidedXml"]; + String userProvidedXml = ctx.Request.QueryString["userProvidedXml"]; // $ Source[cs/xml/missing-validation]=r1 $ Source[cs/xml/missing-validation]=r2 $ Source[cs/xml/missing-validation]=r3 $ Source[cs/xml/missing-validation]=r4 $ Source[cs/xml/missing-validation]=r5 // BAD: User provided XML is processed without any validation, // because there is no settings instance configured. - XmlReader.Create(new StringReader(userProvidedXml)); + XmlReader.Create(new StringReader(userProvidedXml)); // $ Alert[cs/xml/missing-validation]=r1 // BAD: User provided XML is processed without any validation, // because the settings instance does not specify the ValidationType XmlReaderSettings badSettings1 = new XmlReaderSettings(); - XmlReader.Create(new StringReader(userProvidedXml), badSettings1); + XmlReader.Create(new StringReader(userProvidedXml), badSettings1); // $ Alert[cs/xml/missing-validation]=r2 // BAD: User provided XML is processed without any validation, // because the settings instance specifies DTD as the ValidationType XmlReaderSettings badSettings2 = new XmlReaderSettings(); badSettings2.ValidationType = ValidationType.DTD; - XmlReader.Create(new StringReader(userProvidedXml), badSettings2); + XmlReader.Create(new StringReader(userProvidedXml), badSettings2); // $ Alert[cs/xml/missing-validation]=r3 // GOOD: User provided XML is processed with validation XmlReaderSettings goodSettings = new XmlReaderSettings(); @@ -42,7 +42,7 @@ public void ProcessRequest(HttpContext ctx) XmlSchemaSet sc2 = new XmlSchemaSet(); sc2.Add("urn:my-schema", "my.xsd"); goodSettings.Schemas = sc2; - XmlReader.Create(new StringReader(userProvidedXml), badSettings3); + XmlReader.Create(new StringReader(userProvidedXml), badSettings3); // $ Alert[cs/xml/missing-validation]=r4 $ Alert[cs/xml/missing-validation]=r5 } public bool IsReusable diff --git a/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.qlref b/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.qlref index 6f71112a01c1..3f8c9fe16878 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-112/MissingXMLValidation.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/AssemblyPathInjection.qlref b/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/AssemblyPathInjection.qlref index 5979609654f9..f789023c52dc 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/AssemblyPathInjection.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/AssemblyPathInjection.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-114/AssemblyPathInjection.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/Test.cs b/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/Test.cs index e0217a6d4866..8adba3f0dc84 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/Test.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/Test.cs @@ -4,10 +4,10 @@ public class DLLInjectionHandler : IHttpHandler { public void ProcessRequest(HttpContext ctx) { - string libraryName = ctx.Request.QueryString["libraryName"]; + string libraryName = ctx.Request.QueryString["libraryName"]; // $ Source[cs/assembly-path-injection]=r1 // BAD: Load DLL based on user input - var badDLL = Assembly.LoadFile(libraryName); + var badDLL = Assembly.LoadFile(libraryName); // $ Alert[cs/assembly-path-injection]=r1 // GOOD: Load DLL using fixed string var goodDLL = Assembly.LoadFile(@"C:\visual studio 2012\Projects\ConsoleApplication1\ConsoleApplication1\DLL.dll"); diff --git a/csharp/ql/test/query-tests/Security Features/CWE-119/LocalUnvalidatedArithmetic.cs b/csharp/ql/test/query-tests/Security Features/CWE-119/LocalUnvalidatedArithmetic.cs index 4fc60b899e67..42cc1062c2da 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-119/LocalUnvalidatedArithmetic.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-119/LocalUnvalidatedArithmetic.cs @@ -14,7 +14,7 @@ public unsafe void CalcPointer(PossiblyOverridableClass possiblyOverridable, cha fixed (char* charPointer = charArray) { // BAD: Unvalidate use in pointer arithmetic - char* newCharPointer = charPointer + possiblyOverridable.getNumber(); + char* newCharPointer = charPointer + possiblyOverridable.getNumber(); // $ Alert *newCharPointer = 'A'; // BAD: Unvalidate use in pointer arithmetic int number = possiblyOverridable.getNumber(); diff --git a/csharp/ql/test/query-tests/Security Features/CWE-119/LocalUnvalidatedArithmetic.qlref b/csharp/ql/test/query-tests/Security Features/CWE-119/LocalUnvalidatedArithmetic.qlref index c6b75e927954..13eea010dbe7 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-119/LocalUnvalidatedArithmetic.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-119/LocalUnvalidatedArithmetic.qlref @@ -1 +1,2 @@ -Security Features/CWE-119/LocalUnvalidatedArithmetic.ql \ No newline at end of file +query: Security Features/CWE-119/LocalUnvalidatedArithmetic.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.cs b/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.cs index e993bc368ae7..7173ab82f892 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.cs @@ -11,26 +11,26 @@ public void ProcessRequest(HttpContext ctx) try { var password = "123456"; - ctx.Response.Write(password); // BAD + ctx.Response.Write(password); // $ Alert[cs/sensitive-data-transmission]=r1 $ Alert[cs/sensitive-data-transmission]=r1 // BAD } catch (System.Data.SqlClient.SqlException ex) { - ctx.Response.Write(ex.ToString()); // BAD + ctx.Response.Write(ex.ToString()); // $ Alert[cs/sensitive-data-transmission]=r2 $ Alert[cs/sensitive-data-transmission]=r2 // BAD } catch (DbException ex) { - ctx.Response.Write(ex.Message); // BAD - ctx.Response.Write(ex.ToString()); // BAD - ctx.Response.Write(ex.Data["password"]); // BAD + ctx.Response.Write(ex.Message); // $ Alert[cs/sensitive-data-transmission]=r3 $ Alert[cs/sensitive-data-transmission]=r3 // BAD + ctx.Response.Write(ex.ToString()); // $ Alert[cs/sensitive-data-transmission]=r4 $ Alert[cs/sensitive-data-transmission]=r4 // BAD + ctx.Response.Write(ex.Data["password"]); // $ Alert[cs/sensitive-data-transmission]=r5 $ Alert[cs/sensitive-data-transmission]=r5 // BAD } } void SendPasswordToEmail() { - var p = GetField("password"); // p is now tainted - var message = new MailMessage("from", "to", p, p); // BAD - message.Body = "This is your password: " + p; // BAD - message.Subject = p; // BAD + var p = GetField("password"); // p is now tainted // $ Source[cs/sensitive-data-transmission]=r6 $ Source[cs/sensitive-data-transmission]=r7 $ Source[cs/sensitive-data-transmission]=r8 $ Source[cs/sensitive-data-transmission]=r9 + var message = new MailMessage("from", "to", p, p); // $ Alert[cs/sensitive-data-transmission]=r6 $ Alert[cs/sensitive-data-transmission]=r7 // BAD + message.Body = "This is your password: " + p; // $ Alert[cs/sensitive-data-transmission]=r8 // BAD + message.Subject = p; // $ Alert[cs/sensitive-data-transmission]=r9 // BAD } string GetField(string field) diff --git a/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.qlref b/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.qlref index 9ce9ee5643ef..0c2eb8d2b2cc 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-201/ExposureInTransmittedData.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.cs b/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.cs index 74b3fc4dd4d0..45dd823c1834 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.cs @@ -16,11 +16,11 @@ public void ProcessRequest(HttpContext ctx) catch (Exception ex) { // BAD: printing a stack trace back to the response - ctx.Response.Write(ex.ToString()); + ctx.Response.Write(ex.ToString()); // $ Alert[cs/information-exposure-through-exception]=r1 $ Alert[cs/information-exposure-through-exception]=r1 // BAD: implicitly printing a stack trace back to the response - ctx.Response.Write(ex); + ctx.Response.Write(ex); // $ Alert[cs/information-exposure-through-exception]=r2 $ Alert[cs/information-exposure-through-exception]=r2 // BAD: writing StackTrace property to response - ctx.Response.Write(ex.StackTrace); + ctx.Response.Write(ex.StackTrace); // $ Alert[cs/information-exposure-through-exception]=r3 $ Alert[cs/information-exposure-through-exception]=r3 // GOOD: writing Message property to response ctx.Response.Write(ex.Message); return; @@ -36,15 +36,15 @@ public void ProcessRequest(HttpContext ctx) log("Exception occurred", ex); ctx.Response.Write("Exception occurred"); - textBox.Text = ex.InnerException.StackTrace; // BAD - textBox.Text = ex.StackTrace; // BAD - textBox.Text = ex.ToString(); // BAD + textBox.Text = ex.InnerException.StackTrace; // $ Alert[cs/information-exposure-through-exception]=r4 $ Alert[cs/information-exposure-through-exception]=r4 // BAD + textBox.Text = ex.StackTrace; // $ Alert[cs/information-exposure-through-exception]=r5 $ Alert[cs/information-exposure-through-exception]=r5 // BAD + textBox.Text = ex.ToString(); // $ Alert[cs/information-exposure-through-exception]=r6 $ Alert[cs/information-exposure-through-exception]=r6 // BAD textBox.Text = ex.Message; // GOOD return; } // BAD: printing a stack trace back to the response for a custom exception - ctx.Response.Write(new MyException().ToString()); + ctx.Response.Write(new MyException().ToString()); // $ Alert[cs/information-exposure-through-exception]=r7 $ Alert[cs/information-exposure-through-exception]=r7 } class MyException : Exception diff --git a/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.qlref b/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.qlref index e8813fef7a81..295c9e8cc57b 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-209/ExceptionInformationExposure.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOff/MissingASPNETGlobalErrorHandler.qlref b/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOff/MissingASPNETGlobalErrorHandler.qlref index fa43c8d49bec..521ec9079e0e 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOff/MissingASPNETGlobalErrorHandler.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOff/MissingASPNETGlobalErrorHandler.qlref @@ -1 +1,2 @@ -Security Features/CWE-248/MissingASPNETGlobalErrorHandler.ql \ No newline at end of file +query: Security Features/CWE-248/MissingASPNETGlobalErrorHandler.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOff/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOff/Web.config index 768c965080c1..d04829109d33 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOff/Web.config +++ b/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOff/Web.config @@ -2,6 +2,6 @@ - + diff --git a/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOffButGlobal/MissingASPNETGlobalErrorHandler.qlref b/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOffButGlobal/MissingASPNETGlobalErrorHandler.qlref index fa43c8d49bec..521ec9079e0e 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOffButGlobal/MissingASPNETGlobalErrorHandler.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOffButGlobal/MissingASPNETGlobalErrorHandler.qlref @@ -1 +1,2 @@ -Security Features/CWE-248/MissingASPNETGlobalErrorHandler.ql \ No newline at end of file +query: Security Features/CWE-248/MissingASPNETGlobalErrorHandler.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/WebFormsTests/MissingAccessControl.qlref b/csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/WebFormsTests/MissingAccessControl.qlref index a4173778d9fa..8bfd3b626d1f 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/WebFormsTests/MissingAccessControl.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/WebFormsTests/MissingAccessControl.qlref @@ -1 +1,2 @@ -Security Features/CWE-285/MissingAccessControl.ql +query: Security Features/CWE-285/MissingAccessControl.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/WebFormsTests/Test1/EditProfile.aspx.cs b/csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/WebFormsTests/Test1/EditProfile.aspx.cs index b023dc11e80f..cf1be0cfbfea 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/WebFormsTests/Test1/EditProfile.aspx.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/WebFormsTests/Test1/EditProfile.aspx.cs @@ -7,7 +7,7 @@ private void doThings() { } private bool isAuthorized() { return false; } // BAD: The class name indicates that this may be an Edit method, but there is no auth check - protected void btn1_Click(object sender, EventArgs e) { + protected void btn1_Click(object sender, EventArgs e) { // $ Alert doThings(); } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/WebFormsTests/Test1/ViewProfile.aspx.cs b/csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/WebFormsTests/Test1/ViewProfile.aspx.cs index f9d7316d50b2..4ed7b777d2bf 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/WebFormsTests/Test1/ViewProfile.aspx.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/WebFormsTests/Test1/ViewProfile.aspx.cs @@ -11,7 +11,7 @@ protected void btn_safe_Click(object sender, EventArgs e) { } // BAD: The name indicates a Delete method, but no auth is present. - protected void btn_delete1_Click(object sender, EventArgs e) { + protected void btn_delete1_Click(object sender, EventArgs e) { // $ Alert doThings(); } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/WebFormsTests/Test3/B/EditProfile.aspx.cs b/csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/WebFormsTests/Test3/B/EditProfile.aspx.cs index 4b7697f0f88d..13b9f4dd5b5e 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/WebFormsTests/Test3/B/EditProfile.aspx.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/WebFormsTests/Test3/B/EditProfile.aspx.cs @@ -5,7 +5,7 @@ class EditProfile4 : System.Web.UI.Page { private void doThings() { } // BAD: The Web.config file does not specify auth for this path. - protected void btn1_Click(object sender, EventArgs e) { + protected void btn1_Click(object sender, EventArgs e) { // $ Alert doThings(); } } \ No newline at end of file diff --git a/csharp/ql/test/query-tests/Security Features/CWE-312/CleartextStorage.cs b/csharp/ql/test/query-tests/Security Features/CWE-312/CleartextStorage.cs index 74a5568b6683..c5a6c95cd467 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-312/CleartextStorage.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-312/CleartextStorage.cs @@ -12,10 +12,10 @@ public class ClearTextStorageHandler : IHttpHandler public void ProcessRequest(HttpContext ctx) { // BAD: Setting a cookie value or values with sensitive data. - ctx.Response.Cookies["MyCookie"].Value = accountKey; - ctx.Response.Cookies["MyOtherCookie"]["Sensitive"] = GetPassword(); - ctx.Response.Cookies["MyOtherCookie"].Values["Sensitive"] = GetPassword(); - ctx.Response.Cookies["MyCookie"].Value = GetAccountID(); + ctx.Response.Cookies["MyCookie"].Value = accountKey; // $ Alert + ctx.Response.Cookies["MyOtherCookie"]["Sensitive"] = GetPassword(); // $ Alert + ctx.Response.Cookies["MyOtherCookie"].Values["Sensitive"] = GetPassword(); // $ Alert + ctx.Response.Cookies["MyCookie"].Value = GetAccountID(); // $ Alert // GOOD: Encoding the value before setting it. ctx.Response.Cookies["MyCookie"].Value = Encode(accountKey, "Account key"); @@ -23,15 +23,15 @@ public void ProcessRequest(HttpContext ctx) ctx.Response.Cookies["MyCookie"].Value = GetAccountName(); ILogger logger = new ILogger(); // BAD: Logging sensitive data - logger.Warn(GetPassword()); + logger.Warn(GetPassword()); // $ Alert // GOOD: Logging encrypted sensitive data logger.Warn(Encode(GetPassword(), "Password")); - // BAD: Storing sensitive data in local file + // BAD: Storing sensitive data in local file using (var writeStream = File.Open("passwords.txt", FileMode.Create)) { var writer = new StreamWriter(writeStream); - writer.Write(GetPassword()); + writer.Write(GetPassword()); // $ Alert writer.Close(); } @@ -91,9 +91,9 @@ public void OnButtonClicked() { box1.PasswordChar = '*'; box2.UseSystemPasswordChar = true; - logger.Warn(password.Text); // BAD - logger.Warn(box1.Text); // BAD - logger.Warn(box2.Text); // BAD + logger.Warn(password.Text); // $ Alert // BAD + logger.Warn(box1.Text); // $ Alert // BAD + logger.Warn(box2.Text); // $ Alert // BAD logger.Warn(box3.Text); // GOOD } } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-312/CleartextStorage.qlref b/csharp/ql/test/query-tests/Security Features/CWE-312/CleartextStorage.qlref index 0fda4720f54a..78dc420e9c8e 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-312/CleartextStorage.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-312/CleartextStorage.qlref @@ -1 +1,2 @@ -Security Features/CWE-312/CleartextStorage.ql \ No newline at end of file +query: Security Features/CWE-312/CleartextStorage.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.cs b/csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.cs index 0c9c58d0d230..ff8600b85a81 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.cs @@ -14,21 +14,21 @@ static void Main(string[] args) var a = new AesCryptoServiceProvider(); // BAD: explicit key assignment, hard-coded value - a.Key = new byte[] { 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00 }; + a.Key = new byte[] { 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00 }; // $ Alert[cs/hardcoded-key]=r1 $ Alert[cs/hardcoded-key]=r1 var b = new AesCryptoServiceProvider() { // BAD: explicit key assignment, hard-coded value - Key = new byte[] { 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00 } + Key = new byte[] { 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00 } // $ Alert[cs/hardcoded-key]=r2 $ Alert[cs/hardcoded-key]=r2 }; - var c = new byte[] { 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00 }; + var c = new byte[] { 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00 }; // $ Source[cs/hardcoded-key]=r3 $ Source[cs/hardcoded-key]=r4 $ Source[cs/hardcoded-key]=r5 $ Source[cs/hardcoded-key]=r6 var d = c; - var byteArrayFromString = Encoding.UTF8.GetBytes("Hello, world: here is a very bad way to create a key"); + var byteArrayFromString = Encoding.UTF8.GetBytes("Hello, world: here is a very bad way to create a key"); // $ Source[cs/hardcoded-key]=r7 // BAD: key assignment via variable, from hard-coded value - a.Key = d; + a.Key = d; // $ Alert[cs/hardcoded-key]=r3 // GOOD (not really, but better than hard coding) a.Key = File.ReadAllBytes("secret.key"); @@ -65,7 +65,7 @@ public static string Decrypt(byte[] cipherText, byte[] password, byte[] IV) { using (MemoryStream ms = new MemoryStream()) { - using (CryptoStream cs = new CryptoStream(ms, aes.CreateDecryptor(password, IV), CryptoStreamMode.Write)) + using (CryptoStream cs = new CryptoStream(ms, aes.CreateDecryptor(password, IV), CryptoStreamMode.Write)) // $ Alert[cs/hardcoded-key]=r4 { cs.Write(cipherText, 0, cipherText.Length); } @@ -105,7 +105,7 @@ static SymmetricAlgorithm CreateProvider(byte[] key) return new AesManaged() { // BAD: assignment from parameter - Key = key + Key = key // $ Alert[cs/hardcoded-key]=r5 }; } @@ -118,7 +118,7 @@ public static byte[] Encrypt(string plaintext, byte[] key, byte[] IV) using (MemoryStream ms = new MemoryStream()) { // BAD: flow of hardcoded key to CreateEncryptor constructor - using (CryptoStream cs = new CryptoStream(ms, aes.CreateEncryptor(key, IV), CryptoStreamMode.Write)) + using (CryptoStream cs = new CryptoStream(ms, aes.CreateEncryptor(key, IV), CryptoStreamMode.Write)) // $ Alert[cs/hardcoded-key]=r6 $ Alert[cs/hardcoded-key]=r7 { cs.Write(rawPlaintext, 0, rawPlaintext.Length); } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.qlref b/csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.qlref index 5ec9c0d849c1..6006de2bd61b 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-321/HardcodedEncryptionKey.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-327/DontInstallRootCert/DontInstallRootCert.qlref b/csharp/ql/test/query-tests/Security Features/CWE-327/DontInstallRootCert/DontInstallRootCert.qlref index f023214a7848..da9f5248b379 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-327/DontInstallRootCert/DontInstallRootCert.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-327/DontInstallRootCert/DontInstallRootCert.qlref @@ -1 +1,2 @@ -Security Features/CWE-327/DontInstallRootCert.ql \ No newline at end of file +query: Security Features/CWE-327/DontInstallRootCert.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-327/DontInstallRootCert/Test.cs b/csharp/ql/test/query-tests/Security Features/CWE-327/DontInstallRootCert/Test.cs index 8323889cffdd..1c6e3d5e31ff 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-327/DontInstallRootCert/Test.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-327/DontInstallRootCert/Test.cs @@ -12,20 +12,20 @@ public class Class1 public void InstallRootCert() { string file = "mytest.pfx"; // Contains name of certificate file - X509Store store = new X509Store(StoreName.Root); + X509Store store = new X509Store(StoreName.Root); // $ Source store.Open(OpenFlags.ReadWrite); // BAD: adding a certificate to the Root store - store.Add(new X509Certificate2(X509Certificate2.CreateFromCertFile(file))); + store.Add(new X509Certificate2(X509Certificate2.CreateFromCertFile(file))); // $ Alert store.Close(); } public void InstallRootCert2() { string file = "mytest.pfx"; // Contains name of certificate file - X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser); + X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser); // $ Source store.Open(OpenFlags.ReadWrite); // BAD: adding a certificate to the Root store - store.Add(new X509Certificate2(X509Certificate2.CreateFromCertFile(file))); + store.Add(new X509Certificate2(X509Certificate2.CreateFromCertFile(file))); // $ Alert store.Close(); } @@ -67,10 +67,10 @@ public void InstallRootCertRange() new X509Certificate2(X509Certificate2.CreateFromCertFile(file1)), new X509Certificate2(X509Certificate2.CreateFromCertFile(file2)), }; - X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser); + X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser); // $ Source store.Open(OpenFlags.ReadWrite); // BAD: adding multiple certificates to the Root store - store.AddRange(new X509Certificate2Collection(certCollection)); + store.AddRange(new X509Certificate2Collection(certCollection)); // $ Alert store.Close(); } } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnection/InsecureSQLConnection.cs b/csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnection/InsecureSQLConnection.cs index a433d5493851..755130ee32fa 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnection/InsecureSQLConnection.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnection/InsecureSQLConnection.cs @@ -41,24 +41,24 @@ public void StringInInitializer() public void TriggerThis() { // BAD, Encrypt not specified - SqlConnection conn = new SqlConnection("Server=myServerName\\myInstanceName;Database=myDataBase;User Id=myUsername;"); + SqlConnection conn = new SqlConnection("Server=myServerName\\myInstanceName;Database=myDataBase;User Id=myUsername;"); // $ Alert } void Test4() { string connectString = - "Server=1.2.3.4;Database=Anything;UID=ab;Pwd=cd"; + "Server=1.2.3.4;Database=Anything;UID=ab;Pwd=cd"; // $ Source // BAD, Encrypt not specified - SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder(connectString); + SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder(connectString); // $ Alert var conn = new SqlConnection(builder.ConnectionString); } void Test5() { string connectString = - "Server=1.2.3.4;Database=Anything;UID=ab;Pwd=cd;Encrypt=false"; + "Server=1.2.3.4;Database=Anything;UID=ab;Pwd=cd;Encrypt=false"; // $ Source // BAD, Encrypt set to false - SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder(connectString); + SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder(connectString); // $ Alert var conn = new SqlConnection(builder.ConnectionString); } } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnection/InsecureSQLConnection.qlref b/csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnection/InsecureSQLConnection.qlref index 9809e87e73c5..cd92f9704736 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnection/InsecureSQLConnection.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnection/InsecureSQLConnection.qlref @@ -1 +1,2 @@ -Security Features/CWE-327/InsecureSQLConnection.ql \ No newline at end of file +query: Security Features/CWE-327/InsecureSQLConnection.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-327/InsufficientKeySize/InsufficientKeySize.cs b/csharp/ql/test/query-tests/Security Features/CWE-327/InsufficientKeySize/InsufficientKeySize.cs index 56f600e3544d..1d4d4efa7baa 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-327/InsufficientKeySize/InsufficientKeySize.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-327/InsufficientKeySize/InsufficientKeySize.cs @@ -7,21 +7,21 @@ public class InsufficientKeySize public void CryptoMethod() { // BAD: Key size is less than 128 - new RC2CryptoServiceProvider().EffectiveKeySize = 64; + new RC2CryptoServiceProvider().EffectiveKeySize = 64; // $ Alert // GOOD: Key size defaults to 128 new RC2CryptoServiceProvider(); // GOOD: Key size is greater than 128 new RC2CryptoServiceProvider().EffectiveKeySize = 256; // BAD: Key size is less than 2048. - DSACryptoServiceProvider dsaBad = new DSACryptoServiceProvider(512); + DSACryptoServiceProvider dsaBad = new DSACryptoServiceProvider(512); // $ Alert // GOOD: Key size defaults to 2048. DSACryptoServiceProvider dsaGood1 = new DSACryptoServiceProvider(); // GOOD: Key size is greater than 2048. DSACryptoServiceProvider dsaGood2 = new DSACryptoServiceProvider(2048); // BAD: Key size is less than 2048. - RSACryptoServiceProvider rsaBad = new RSACryptoServiceProvider(512); + RSACryptoServiceProvider rsaBad = new RSACryptoServiceProvider(512); // $ Alert // GOOD: Key size defaults to 2048. RSACryptoServiceProvider rsaGood1 = new RSACryptoServiceProvider(); // GOOD: Key size is greater than 2048. diff --git a/csharp/ql/test/query-tests/Security Features/CWE-327/InsufficientKeySize/InsufficientKeySize.qlref b/csharp/ql/test/query-tests/Security Features/CWE-327/InsufficientKeySize/InsufficientKeySize.qlref index 9b9050c417b4..2e460bd79e19 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-327/InsufficientKeySize/InsufficientKeySize.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-327/InsufficientKeySize/InsufficientKeySize.qlref @@ -1 +1,2 @@ -Security Features/InsufficientKeySize.ql \ No newline at end of file +query: Security Features/InsufficientKeySize.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.cs b/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.cs index 58241499c66b..93edb1e318ec 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.cs @@ -9,9 +9,9 @@ public class InsecureRandomness public void RandomTest() { // BAD: Using insecure RNG to generate password - string password = InsecureRandomString(10); - password = InsecureRandomStringFromSelection(10); - password = InsecureRandomStringFromIndexer(10); + string password = InsecureRandomString(10); // $ Alert[cs/insecure-randomness]=r1 + password = InsecureRandomStringFromSelection(10); // $ Alert[cs/insecure-randomness]=r2 + password = InsecureRandomStringFromIndexer(10); // $ Alert[cs/insecure-randomness]=r3 // IGNORE - do not track further than the first assignment to a tainted variable string passwd = password; // GOOD: Use cryptographically secure RNG @@ -25,7 +25,7 @@ public static string InsecureRandomString(int length) byte[] data = new byte[1]; while (result.Length < length) { - data[0] = (byte)r.Next(97, 122); + data[0] = (byte)r.Next(97, 122); // $ Source[cs/insecure-randomness]=r1 result.Append(new ASCIIEncoding().GetString(data)); } return result.ToString(); @@ -57,7 +57,7 @@ public static string InsecureRandomStringFromSelection(int length) Random r = new Random(); while (result.Length < length) { - result += letters[r.Next(3)]; + result += letters[r.Next(3)]; // $ Source[cs/insecure-randomness]=r2 } return result.ToString(); } @@ -69,7 +69,7 @@ public static string InsecureRandomStringFromIndexer(int length) Random r = new Random(); while (result.Length < length) { - result += letters[r.Next(3)]; + result += letters[r.Next(3)]; // $ Source[cs/insecure-randomness]=r3 } return result; } @@ -77,7 +77,7 @@ public static string InsecureRandomStringFromIndexer(int length) public static string BiasPasswordGeneration() { // BAD: Membership.GeneratePassword generates a password with a bias - string password = System.Web.Security.Membership.GeneratePassword(12, 3); + string password = System.Web.Security.Membership.GeneratePassword(12, 3); // $ Alert[cs/insecure-randomness]=r4 $ Alert[cs/insecure-randomness]=r4 return password; } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.qlref b/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.qlref index b2198beb2b45..a79d744ce61c 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.qlref @@ -1,2 +1,4 @@ query: Security Features/InsecureRandomness.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-352/global/MissingAntiForgeryTokenValidation.qlref b/csharp/ql/test/query-tests/Security Features/CWE-352/global/MissingAntiForgeryTokenValidation.qlref index 38fdc5c57385..8948b9773a2d 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-352/global/MissingAntiForgeryTokenValidation.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-352/global/MissingAntiForgeryTokenValidation.qlref @@ -1 +1,2 @@ -Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql \ No newline at end of file +query: Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-352/missing-aspnetcore/MissingAntiForgeryTokenValidation.cs b/csharp/ql/test/query-tests/Security Features/CWE-352/missing-aspnetcore/MissingAntiForgeryTokenValidation.cs index e9e5202b40ab..2b9f3974234c 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-352/missing-aspnetcore/MissingAntiForgeryTokenValidation.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-352/missing-aspnetcore/MissingAntiForgeryTokenValidation.cs @@ -4,7 +4,7 @@ public class HomeController : Controller { // BAD: Anti forgery token has been forgotten [HttpPost] - public ActionResult Login() + public ActionResult Login() // $ Alert[cs/web/missing-token-validation] { return View(); } @@ -55,7 +55,7 @@ public class DerivedUnprotectedController : UnprotectedBaseController { // BAD: No antiforgery validation on this or any base class [HttpPost] - public ActionResult NoInheritedValidation() + public ActionResult NoInheritedValidation() // $ Alert[cs/web/missing-token-validation] { return View(); } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-352/missing-aspnetcore/MissingAntiForgeryTokenValidation.qlref b/csharp/ql/test/query-tests/Security Features/CWE-352/missing-aspnetcore/MissingAntiForgeryTokenValidation.qlref index 5e1ab2426c65..8948b9773a2d 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-352/missing-aspnetcore/MissingAntiForgeryTokenValidation.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-352/missing-aspnetcore/MissingAntiForgeryTokenValidation.qlref @@ -1 +1,2 @@ query: Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-352/missing/MissingAntiForgeryTokenValidation.cs b/csharp/ql/test/query-tests/Security Features/CWE-352/missing/MissingAntiForgeryTokenValidation.cs index a86800e51529..ab258cddf3f7 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-352/missing/MissingAntiForgeryTokenValidation.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-352/missing/MissingAntiForgeryTokenValidation.cs @@ -4,7 +4,7 @@ public class HomeController : Controller { // BAD: Anti forgery token has been forgotten [HttpPost] - public ActionResult Login() + public ActionResult Login() // $ Alert { return View(); } @@ -55,7 +55,7 @@ public class DerivedUnprotectedController : UnprotectedBaseController { // BAD: No antiforgery validation on this or any base class [HttpPost] - public ActionResult NoInheritedValidation() + public ActionResult NoInheritedValidation() // $ Alert { return View(); } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-352/missing/MissingAntiForgeryTokenValidation.qlref b/csharp/ql/test/query-tests/Security Features/CWE-352/missing/MissingAntiForgeryTokenValidation.qlref index 38fdc5c57385..8948b9773a2d 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-352/missing/MissingAntiForgeryTokenValidation.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-352/missing/MissingAntiForgeryTokenValidation.qlref @@ -1 +1,2 @@ -Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql \ No newline at end of file +query: Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-359/ExposureOfPrivateInformation.cs b/csharp/ql/test/query-tests/Security Features/CWE-359/ExposureOfPrivateInformation.cs index 675b05c29de3..21f925536d73 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-359/ExposureOfPrivateInformation.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-359/ExposureOfPrivateInformation.cs @@ -15,19 +15,19 @@ public class ExposureOfPrivateInformationHandler : IHttpHandler public void ProcessRequest(HttpContext ctx) { // BAD: Setting a cookie value or values with private data. - ctx.Response.Cookies["MyCookie"].Value = ctx.Request.QueryString["postcode"]; + ctx.Response.Cookies["MyCookie"].Value = ctx.Request.QueryString["postcode"]; // $ Alert Person p = new Person(); - ctx.Response.Cookies["MyCookie"].Value = p.getTelephone(); + ctx.Response.Cookies["MyCookie"].Value = p.getTelephone(); // $ Alert // BAD: Logging private data ILogger logger = new ILogger(); - logger.Warn(p.getTelephone()); + logger.Warn(p.getTelephone()); // $ Alert // BAD: Storing sensitive data in unencrypted local file using (var writeStream = File.Open("telephones.txt", FileMode.Create)) { var writer = new StreamWriter(writeStream); - writer.Write(p.getTelephone()); + writer.Write(p.getTelephone()); // $ Alert writer.Close(); } @@ -59,7 +59,7 @@ public bool IsReusable void OnButtonClicked() { ILogger logger = new ILogger(); - logger.Warn(postcode.Text); + logger.Warn(postcode.Text); // $ Alert } } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-359/ExposureOfPrivateInformation.qlref b/csharp/ql/test/query-tests/Security Features/CWE-359/ExposureOfPrivateInformation.qlref index 9d578d17de89..fb1a58d5f9e6 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-359/ExposureOfPrivateInformation.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-359/ExposureOfPrivateInformation.qlref @@ -1 +1,2 @@ -Security Features/CWE-359/ExposureOfPrivateInformation.ql \ No newline at end of file +query: Security Features/CWE-359/ExposureOfPrivateInformation.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-384/AbandonSession.cs b/csharp/ql/test/query-tests/Security Features/CWE-384/AbandonSession.cs index d674b33a0365..e2a8411089a7 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-384/AbandonSession.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-384/AbandonSession.cs @@ -8,7 +8,7 @@ public void ProcessRequest(HttpContext ctx) if (FormsAuthentication.Authenticate("username", "password")) { - ctx.Session["foo"] = "bar"; // BAD: Session has not been abandoned + ctx.Session["foo"] = "bar"; // $ Alert // BAD: Session has not been abandoned ctx.Session.Abandon(); ctx.Session["foo"] = "bar"; // GOOD: Session is abandoned } @@ -48,9 +48,9 @@ public void ProcessRequest(HttpContext ctx) if (Membership.ValidateUser("username", "password")) { - ctx.Session["foo"] = "bar"; // BAD: Session not abandoned + ctx.Session["foo"] = "bar"; // $ Alert // BAD: Session not abandoned } - ctx.Session["foo"] = "bar"; // BAD: here as well + ctx.Session["foo"] = "bar"; // $ Alert // BAD: here as well } public bool IsReusable => true; diff --git a/csharp/ql/test/query-tests/Security Features/CWE-384/AbandonSession.qlref b/csharp/ql/test/query-tests/Security Features/CWE-384/AbandonSession.qlref index f67c9a36e202..c3ac664edb29 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-384/AbandonSession.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-384/AbandonSession.qlref @@ -1 +1,2 @@ -Security Features/CWE-384/AbandonSession.ql \ No newline at end of file +query: Security Features/CWE-384/AbandonSession.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/CodeAddedHeader/MissingXFrameOptions.qlref b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/CodeAddedHeader/MissingXFrameOptions.qlref index b8a963200e57..d0d38c4b0117 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/CodeAddedHeader/MissingXFrameOptions.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/CodeAddedHeader/MissingXFrameOptions.qlref @@ -1 +1,2 @@ -Security Features/CWE-451/MissingXFrameOptions.ql +query: Security Features/CWE-451/MissingXFrameOptions.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/NoHeader/MissingXFrameOptions.qlref b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/NoHeader/MissingXFrameOptions.qlref index b8a963200e57..d0d38c4b0117 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/NoHeader/MissingXFrameOptions.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/NoHeader/MissingXFrameOptions.qlref @@ -1 +1,2 @@ -Security Features/CWE-451/MissingXFrameOptions.ql +query: Security Features/CWE-451/MissingXFrameOptions.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/NoHeader/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/NoHeader/Web.config index 8f0b996a0244..66a19f0635a5 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/NoHeader/Web.config +++ b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/NoHeader/Web.config @@ -2,4 +2,4 @@ - + diff --git a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/WebConfigAddedHeader/MissingXFrameOptions.qlref b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/WebConfigAddedHeader/MissingXFrameOptions.qlref index b8a963200e57..d0d38c4b0117 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/WebConfigAddedHeader/MissingXFrameOptions.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/WebConfigAddedHeader/MissingXFrameOptions.qlref @@ -1 +1,2 @@ -Security Features/CWE-451/MissingXFrameOptions.ql +query: Security Features/CWE-451/MissingXFrameOptions.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/WebConfigAddedHeaderInLocation/MissingXFrameOptions.qlref b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/WebConfigAddedHeaderInLocation/MissingXFrameOptions.qlref index b8a963200e57..d0d38c4b0117 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/WebConfigAddedHeaderInLocation/MissingXFrameOptions.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/WebConfigAddedHeaderInLocation/MissingXFrameOptions.qlref @@ -1 +1,2 @@ -Security Features/CWE-451/MissingXFrameOptions.ql +query: Security Features/CWE-451/MissingXFrameOptions.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-539/PersistentCookie/PersistentCookie.cs b/csharp/ql/test/query-tests/Security Features/CWE-539/PersistentCookie/PersistentCookie.cs index 8370fe93ba0d..de23c3caddc9 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-539/PersistentCookie/PersistentCookie.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-539/PersistentCookie/PersistentCookie.cs @@ -4,8 +4,8 @@ class PersistentCookie { void M(System.Web.HttpCookie cookie) { - cookie.Expires = DateTime.Now.AddMonths(12); // BAD + cookie.Expires = DateTime.Now.AddMonths(12); // $ Alert // BAD cookie.Expires = DateTime.Now.AddMinutes(3); // GOOD - cookie.Expires = DateTime.Now.AddSeconds(301); // BAD + cookie.Expires = DateTime.Now.AddSeconds(301); // $ Alert // BAD } } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-539/PersistentCookie/PersistentCookie.qlref b/csharp/ql/test/query-tests/Security Features/CWE-539/PersistentCookie/PersistentCookie.qlref index 1d2111ac3fe7..d321b853086e 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-539/PersistentCookie/PersistentCookie.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-539/PersistentCookie/PersistentCookie.qlref @@ -1 +1,2 @@ -Security Features/PersistentCookie.ql \ No newline at end of file +query: Security Features/PersistentCookie.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-548/ASPNetDirectoryListing.qlref b/csharp/ql/test/query-tests/Security Features/CWE-548/ASPNetDirectoryListing.qlref index 40d1fce18b5c..c792e1fcbe42 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-548/ASPNetDirectoryListing.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-548/ASPNetDirectoryListing.qlref @@ -1 +1,2 @@ -Security Features/CWE-548/ASPNetDirectoryListing.ql \ No newline at end of file +query: Security Features/CWE-548/ASPNetDirectoryListing.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-548/web.config b/csharp/ql/test/query-tests/Security Features/CWE-548/web.config index b4276433838e..0631d8116609 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-548/web.config +++ b/csharp/ql/test/query-tests/Security Features/CWE-548/web.config @@ -1,6 +1,6 @@ - + diff --git a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.cs b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.cs index 3b3aae534adb..673502b960e1 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.cs @@ -10,7 +10,7 @@ public class UrlRedirectHandler : IHttpHandler public void ProcessRequest(HttpContext ctx) { // BAD: a request parameter is incorporated without validation into a URL redirect - ctx.Response.Redirect(ctx.Request.QueryString["page"]); + ctx.Response.Redirect(ctx.Request.QueryString["page"]); // $ Alert[cs/web/unvalidated-url-redirection]=r2 $ Alert[cs/web/unvalidated-url-redirection]=r2 // GOOD: the request parameter is validated against a known fixed string if (VALID_REDIRECT == ctx.Request.QueryString["page"]) @@ -20,7 +20,7 @@ public void ProcessRequest(HttpContext ctx) // GOOD: We check whether this is a local URL before redirecting, using UrlHelper. // As recommended by https://docs.microsoft.com/en-us/aspnet/mvc/overview/security/preventing-open-redirection-attacks - string url = ctx.Request.QueryString["page"]; + string url = ctx.Request.QueryString["page"]; // $ Source[cs/web/unvalidated-url-redirection]=r5 $ Source[cs/web/unvalidated-url-redirection]=r6 $ Source[cs/web/unvalidated-url-redirection]=r7 $ Source[cs/web/unvalidated-url-redirection]=r8 if (new UrlHelper(null).IsLocalUrl(url)) { ctx.Response.Redirect(url); @@ -35,8 +35,8 @@ public void ProcessRequest(HttpContext ctx) } // BAD: Adding or appending a header - ctx.Response.AddHeader("Location", ctx.Request.QueryString["page"]); - ctx.Response.AppendHeader("Location", ctx.Request.QueryString["page"]); + ctx.Response.AddHeader("Location", ctx.Request.QueryString["page"]); // $ Alert[cs/web/unvalidated-url-redirection]=r3 $ Alert[cs/web/unvalidated-url-redirection]=r3 + ctx.Response.AppendHeader("Location", ctx.Request.QueryString["page"]); // $ Alert[cs/web/unvalidated-url-redirection]=r4 $ Alert[cs/web/unvalidated-url-redirection]=r4 // GOOD: Redirecting to the RawUrl only reloads the current Url ctx.Response.Redirect(ctx.Request.RawUrl); @@ -45,7 +45,7 @@ public void ProcessRequest(HttpContext ctx) ctx.Response.Redirect("foo.asp?param=" + url); // BAD: Using Transfer with unvalidated user input - ctx.Server.Transfer(url); + ctx.Server.Transfer(url); // $ Alert[cs/web/unvalidated-url-redirection]=r5 // GOOD: request parameter is URL encoded ctx.Response.Redirect(HttpUtility.UrlEncode(ctx.Request.QueryString["page"])); @@ -61,19 +61,19 @@ public void ProcessRequest(HttpContext ctx) ctx.Response.Redirect($"foo.asp?param={url}"); // BAD: The attacker can control the location - ctx.Response.Redirect($"{url}.asp?param=foo"); + ctx.Response.Redirect($"{url}.asp?param=foo"); // $ Alert[cs/web/unvalidated-url-redirection]=r6 // GOOD: The attacker can only control the parameters, not the location ctx.Response.Redirect(string.Format("foo.asp?param={0}", url)); // BAD: The attacker can control the location - ctx.Response.Redirect(string.Format("{0}.asp?param=foo", url)); + ctx.Response.Redirect(string.Format("{0}.asp?param=foo", url)); // $ Alert[cs/web/unvalidated-url-redirection]=r7 // GOOD: The attacker can only control the parameters, not the location ctx.Response.Redirect(string.Format("foo.asp?{1}param={0}", url, url)); // BAD: The attacker can control the location - ctx.Response.Redirect(string.Format("{1}.asp?{0}param=foo", url, url)); + ctx.Response.Redirect(string.Format("{1}.asp?{0}param=foo", url, url)); // $ Alert[cs/web/unvalidated-url-redirection]=r8 } // Implementation as recommended by Microsoft. diff --git a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.qlref b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.qlref index fdb38b9ffc00..c24957fa4a02 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-601/UrlRedirect.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect2.cs b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect2.cs index 83f499ea048d..6093fbeeb4a7 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect2.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect2.cs @@ -11,7 +11,7 @@ public class UrlRedirectHandler2 : IHttpHandler public void ProcessRequest(HttpContext ctx) { // BAD: a request parameter is incorporated without validation into a URL redirect - ctx.Response.Redirect(ctx.Request.QueryString["page"]); + ctx.Response.Redirect(ctx.Request.QueryString["page"]); // $ Alert[cs/web/unvalidated-url-redirection]=r1 $ Alert[cs/web/unvalidated-url-redirection]=r1 var redirectUrl = ctx.Request.QueryString["page"]; if (VALID_REDIRECTS.Contains(redirectUrl)) diff --git a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirectCore.cs b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirectCore.cs index 2da9652d8547..b147be0fe32a 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirectCore.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirectCore.cs @@ -10,50 +10,50 @@ public class SomeController : ControllerBase private static string SomeValue = "HeaderValue"; [HttpPost] - public void Post([FromBody] string value) + public void Post([FromBody] string value) // $ Source[cs/web/unvalidated-url-redirection]=r9 $ Source[cs/web/unvalidated-url-redirection]=r10 $ Source[cs/web/unvalidated-url-redirection]=r11 $ Source[cs/web/unvalidated-url-redirection]=r12 $ Source[cs/web/unvalidated-url-redirection]=r13 $ Source[cs/web/unvalidated-url-redirection]=r14 $ Source[cs/web/unvalidated-url-redirection]=r15 { // BAD: straight up controller redirect - Redirect(value); + Redirect(value); // $ Alert[cs/web/unvalidated-url-redirection]=r9 // BAD: Setting response headers collection, location = redirect - Response.Headers["location"] = value; + Response.Headers["location"] = value; // $ Alert[cs/web/unvalidated-url-redirection]=r10 // GOOD: Setting response header to a constant value Response.Headers["location"] = SomeValue; // BAD: Setting response headers collection, location = redirect via add method - Response.Headers.Add("location", value); + Response.Headers.Add("location", value); // $ Alert[cs/web/unvalidated-url-redirection]=r11 // GOOD: Setting response header to a constant value Response.Headers.Add("location", "foo"); // BAD: redirect via location - Response.Headers.SetCommaSeparatedValues("location", value); + Response.Headers.SetCommaSeparatedValues("location", value); // $ Alert[cs/web/unvalidated-url-redirection]=r12 // BAD = redirect via setting location value from tainted source - Response.Headers.Append("location", value); + Response.Headers.Append("location", value); // $ Alert[cs/web/unvalidated-url-redirection]=r13 // BAD: redirect via setting location header from comma-separated values - Response.Headers.AppendCommaSeparatedValues("location", value); + Response.Headers.AppendCommaSeparatedValues("location", value); // $ Alert[cs/web/unvalidated-url-redirection]=r14 // BAD: tainted redirect to Action - RedirectToActionPermanent("Error" + value); + RedirectToActionPermanent("Error" + value); // $ Alert[cs/web/unvalidated-url-redirection]=r15 } // PUT: api/Some/5 [HttpPut("{id}")] - public void Put(int id, [FromBody] string value) + public void Put(int id, [FromBody] string value) // $ Source[cs/web/unvalidated-url-redirection]=r16 $ Source[cs/web/unvalidated-url-redirection]=r17 $ Source[cs/web/unvalidated-url-redirection]=r18 { - RedirectToPage(value); + RedirectToPage(value); // $ Alert[cs/web/unvalidated-url-redirection]=r16 var headers = new ResponseHeaders(Response.Headers); // BAD: redirect via header helper class - headers.Location = new Uri(value); + headers.Location = new Uri(value); // $ Alert[cs/web/unvalidated-url-redirection]=r17 // BAD: response redirect - Response.Redirect(value); + Response.Redirect(value); // $ Alert[cs/web/unvalidated-url-redirection]=r18 // GOOD: whitelisted redirect if(Url.IsLocalUrl(value)) diff --git a/csharp/ql/test/query-tests/Security Features/CWE-611/Test.cs b/csharp/ql/test/query-tests/Security Features/CWE-611/Test.cs index 005e79a7fb4f..103d3cca4cc0 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-611/Test.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-611/Test.cs @@ -8,7 +8,7 @@ public class XMLHandler : IHttpHandler public void ProcessRequest(HttpContext ctx) { // BAD: XmlTextReader is insecure with these options, using user-provided data - XmlTextReader reader = new XmlTextReader(ctx.Request.QueryString["document"]) { DtdProcessing = DtdProcessing.Parse, XmlResolver = new XmlUrlResolver() }; + XmlTextReader reader = new XmlTextReader(ctx.Request.QueryString["document"]) { DtdProcessing = DtdProcessing.Parse, XmlResolver = new XmlUrlResolver() }; // $ Alert[cs/xml/insecure-dtd-handling]=r1 $ Alert[cs/xml/insecure-dtd-handling]=r1 $ Alert[cs/insecure-xml-read] } public void insecureXMLBad(string content) @@ -18,10 +18,10 @@ public void insecureXMLBad(string content) settings.XmlResolver = new XmlUrlResolver(); // BAD: insecure settings - XmlReader reader1 = XmlReader.Create(content, settings); + XmlReader reader1 = XmlReader.Create(content, settings); // $ Alert[cs/insecure-xml-read] // BAD: XmlTextReader is insecure with these options - XmlTextReader reader2 = new XmlTextReader(content) { DtdProcessing = DtdProcessing.Parse, XmlResolver = new XmlUrlResolver() }; + XmlTextReader reader2 = new XmlTextReader(content) { DtdProcessing = DtdProcessing.Parse, XmlResolver = new XmlUrlResolver() }; // $ Alert[cs/insecure-xml-read] } public void insecureXMLGood(string content) diff --git a/csharp/ql/test/query-tests/Security Features/CWE-611/UntrustedDataInsecureXml.qlref b/csharp/ql/test/query-tests/Security Features/CWE-611/UntrustedDataInsecureXml.qlref index 7f685106e250..8cc567d8a970 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-611/UntrustedDataInsecureXml.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-611/UntrustedDataInsecureXml.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-611/UntrustedDataInsecureXml.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-611/UseXmlSecureResolver.qlref b/csharp/ql/test/query-tests/Security Features/CWE-611/UseXmlSecureResolver.qlref index b11f53079246..851c79c15932 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-611/UseXmlSecureResolver.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-611/UseXmlSecureResolver.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-611/UseXmlSecureResolver.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInCode/RequireSSL.qlref b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInCode/RequireSSL.qlref index 73523f94fc09..1a762e07498e 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInCode/RequireSSL.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInCode/RequireSSL.qlref @@ -1 +1,2 @@ -Security Features/CWE-614/RequireSSL.ql \ No newline at end of file +query: Security Features/CWE-614/RequireSSL.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInForms/RequireSSL.qlref b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInForms/RequireSSL.qlref index 73523f94fc09..1a762e07498e 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInForms/RequireSSL.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInForms/RequireSSL.qlref @@ -1 +1,2 @@ -Security Features/CWE-614/RequireSSL.ql \ No newline at end of file +query: Security Features/CWE-614/RequireSSL.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/HttpCookiesCorrect/RequireSSL.qlref b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/HttpCookiesCorrect/RequireSSL.qlref index 73523f94fc09..1a762e07498e 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/HttpCookiesCorrect/RequireSSL.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/HttpCookiesCorrect/RequireSSL.qlref @@ -1 +1,2 @@ -Security Features/CWE-614/RequireSSL.ql \ No newline at end of file +query: Security Features/CWE-614/RequireSSL.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/HttpCookiesCorrect/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/HttpCookiesCorrect/Web.config index 1ddaaf2b65f2..7755ae7462d4 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/HttpCookiesCorrect/Web.config +++ b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/HttpCookiesCorrect/Web.config @@ -2,7 +2,7 @@ - + diff --git a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/RequireSSLMissing/RequireSSL.qlref b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/RequireSSLMissing/RequireSSL.qlref index 73523f94fc09..1a762e07498e 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/RequireSSLMissing/RequireSSL.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/RequireSSLMissing/RequireSSL.qlref @@ -1 +1,2 @@ -Security Features/CWE-614/RequireSSL.ql \ No newline at end of file +query: Security Features/CWE-614/RequireSSL.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/RequireSSLMissing/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/RequireSSLMissing/Web.config index 0ab64b1fcb62..45f9f219f096 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/RequireSSLMissing/Web.config +++ b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/RequireSSLMissing/Web.config @@ -2,8 +2,8 @@ - + - + diff --git a/csharp/ql/test/query-tests/Security Features/CWE-639/MVCTests/CommentController.cs b/csharp/ql/test/query-tests/Security Features/CWE-639/MVCTests/CommentController.cs index d446c7ed4864..2508a7c159c3 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-639/MVCTests/CommentController.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-639/MVCTests/CommentController.cs @@ -12,7 +12,7 @@ public CommentController(IAuthorizationService authorizationService) } // BAD: Any user can access this. - public ActionResult Edit1(int commentId, string text) + public ActionResult Edit1(int commentId, string text) // $ Alert { editComment(commentId, text); return View(); @@ -39,7 +39,7 @@ public ActionResult Edit3(int commentId, string text) // BAD: The AllowAnonymous attribute overrides the Authorize attribute [Authorize] [AllowAnonymous] - public ActionResult Edit4(int commentId, string text) + public ActionResult Edit4(int commentId, string text) // $ Alert { editComment(commentId, text); return View(); diff --git a/csharp/ql/test/query-tests/Security Features/CWE-639/MVCTests/InsecureDirectObjectReference.qlref b/csharp/ql/test/query-tests/Security Features/CWE-639/MVCTests/InsecureDirectObjectReference.qlref index 4756d5a76a4f..8fb76298ac58 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-639/MVCTests/InsecureDirectObjectReference.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-639/MVCTests/InsecureDirectObjectReference.qlref @@ -1 +1,2 @@ -Security Features/CWE-639/InsecureDirectObjectReference.ql \ No newline at end of file +query: Security Features/CWE-639/InsecureDirectObjectReference.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-639/MVCTests/MiscTestControllers.cs b/csharp/ql/test/query-tests/Security Features/CWE-639/MVCTests/MiscTestControllers.cs index 503b2955933d..5ff2e2187684 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-639/MVCTests/MiscTestControllers.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-639/MVCTests/MiscTestControllers.cs @@ -23,7 +23,7 @@ public class AController : BaseController { public class BaseAuthController : Controller { // BAD - A subclass of AllowAnonymous is used [MyAllowAnonymous] - public virtual ActionResult EditAnon(int id) { return View(); } + public virtual ActionResult EditAnon(int id) { return View(); } // $ Alert } public class BController : BaseAuthController { @@ -31,7 +31,7 @@ public class BController : BaseAuthController { public ActionResult Edit3(int id) { return View(); } // BAD - MyAllowAnonymous is inherited from overridden method - public override ActionResult EditAnon(int id) { return View(); } + public override ActionResult EditAnon(int id) { return View(); } // $ Alert } [AllowAnonymous] @@ -42,7 +42,7 @@ public class BaseAnonController : Controller { public class CController : BaseAnonController { // BAD - AllowAnonymous is inherited from base class and overrides Authorize [Authorize] - public ActionResult Edit4(int id) { return View(); } + public ActionResult Edit4(int id) { return View(); } // $ Alert } [Authorize] diff --git a/csharp/ql/test/query-tests/Security Features/CWE-639/MVCTests/ProfileController.cs b/csharp/ql/test/query-tests/Security Features/CWE-639/MVCTests/ProfileController.cs index a41c32db6411..adb24ce0c3c9 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-639/MVCTests/ProfileController.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-639/MVCTests/ProfileController.cs @@ -11,7 +11,7 @@ public ActionResult Edit1(int profileId, string text) { // BAD: The AllowAnonymous attribute overrides the Authorize attribute on the class. [AllowAnonymous] - public ActionResult Edit2(int profileId, string text) { + public ActionResult Edit2(int profileId, string text) { // $ Alert editProfileName(profileId, text); return View(); } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-639/WebFormsTests/EditComment.aspx.cs b/csharp/ql/test/query-tests/Security Features/CWE-639/WebFormsTests/EditComment.aspx.cs index 974869a0af4b..bdcf80a010fe 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-639/WebFormsTests/EditComment.aspx.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-639/WebFormsTests/EditComment.aspx.cs @@ -4,7 +4,7 @@ class EditComment : System.Web.UI.Page { // BAD - Any user can access this method. - protected void btn1_Click(object sender, EventArgs e) { + protected void btn1_Click(object sender, EventArgs e) { // $ Alert string commentId = Request.QueryString["Id"]; Comment comment = getCommentById(commentId); comment.Text = "xyz"; diff --git a/csharp/ql/test/query-tests/Security Features/CWE-639/WebFormsTests/InsecureDirectObjectReference.qlref b/csharp/ql/test/query-tests/Security Features/CWE-639/WebFormsTests/InsecureDirectObjectReference.qlref index 4756d5a76a4f..8fb76298ac58 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-639/WebFormsTests/InsecureDirectObjectReference.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-639/WebFormsTests/InsecureDirectObjectReference.qlref @@ -1 +1,2 @@ -Security Features/CWE-639/InsecureDirectObjectReference.ql \ No newline at end of file +query: Security Features/CWE-639/InsecureDirectObjectReference.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.cs b/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.cs index a42a629cc7ec..4ce6e1268a72 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.cs @@ -8,16 +8,16 @@ public class XPathInjectionHandler : IHttpHandler { public void ProcessRequest(HttpContext ctx) { - string userName = ctx.Request.QueryString["userName"]; - string password = ctx.Request.QueryString["password"]; + string userName = ctx.Request.QueryString["userName"]; // $ Source[cs/xml/xpath-injection]=r1 $ Source[cs/xml/xpath-injection]=r3 $ Source[cs/xml/xpath-injection]=r5 $ Source[cs/xml/xpath-injection]=r7 $ Source[cs/xml/xpath-injection]=r9 $ Source[cs/xml/xpath-injection]=r11 $ Source[cs/xml/xpath-injection]=r13 + string password = ctx.Request.QueryString["password"]; // $ Source[cs/xml/xpath-injection]=r2 $ Source[cs/xml/xpath-injection]=r4 $ Source[cs/xml/xpath-injection]=r6 $ Source[cs/xml/xpath-injection]=r8 $ Source[cs/xml/xpath-injection]=r10 $ Source[cs/xml/xpath-injection]=r12 $ Source[cs/xml/xpath-injection]=r14 var s = "//users/user[login/text()='" + userName + "' and password/text() = '" + password + "']/home_dir/text()"; // BAD: User input used directly in an XPath expression - XPathExpression.Compile(s); + XPathExpression.Compile(s); // $ Alert[cs/xml/xpath-injection]=r1 $ Alert[cs/xml/xpath-injection]=r2 XmlNode xmlNode = null; // BAD: User input used directly in an XPath expression to SelectNodes - xmlNode.SelectNodes(s); + xmlNode.SelectNodes(s); // $ Alert[cs/xml/xpath-injection]=r3 $ Alert[cs/xml/xpath-injection]=r4 // GOOD: Uses parameters to avoid including user input directly in XPath expression var expr = XPathExpression.Compile("//users/user[login/text()=$username]/home_dir/text()"); @@ -26,31 +26,31 @@ public void ProcessRequest(HttpContext ctx) var nav = doc.CreateNavigator(); // BAD - nav.Select(s); + nav.Select(s); // $ Alert[cs/xml/xpath-injection]=r5 $ Alert[cs/xml/xpath-injection]=r6 // GOOD nav.Select(expr); // BAD - nav.SelectSingleNode(s); + nav.SelectSingleNode(s); // $ Alert[cs/xml/xpath-injection]=r7 $ Alert[cs/xml/xpath-injection]=r8 // GOOD nav.SelectSingleNode(expr); // BAD - nav.Compile(s); + nav.Compile(s); // $ Alert[cs/xml/xpath-injection]=r9 $ Alert[cs/xml/xpath-injection]=r10 // GOOD nav.Compile("//users/user[login/text()=$username]/home_dir/text()"); // BAD - nav.Evaluate(s); + nav.Evaluate(s); // $ Alert[cs/xml/xpath-injection]=r11 $ Alert[cs/xml/xpath-injection]=r12 // Good nav.Evaluate(expr); // BAD - nav.Matches(s); + nav.Matches(s); // $ Alert[cs/xml/xpath-injection]=r13 $ Alert[cs/xml/xpath-injection]=r14 // GOOD nav.Matches(expr); @@ -71,17 +71,17 @@ public void ProcessStoredRequest() { connection.Open(); SqlCommand customerCommand = new SqlCommand("SELECT * FROM customers", connection); - SqlDataReader customerReader = customerCommand.ExecuteReader(); + SqlDataReader customerReader = customerCommand.ExecuteReader(); // $ Source[cs/xml/xpath-injection]=r15 $ Source[cs/xml/xpath-injection]=r16 while (customerReader.Read()) { string userName = customerReader.GetString(1); string password = customerReader.GetString(2); // BAD: User input used directly in an XPath expression - XPathExpression.Compile("//users/user[login/text()='" + userName + "' and password/text() = '" + password + "']/home_dir/text()"); + XPathExpression.Compile("//users/user[login/text()='" + userName + "' and password/text() = '" + password + "']/home_dir/text()"); // $ Alert[cs/xml/xpath-injection]=r15 XmlNode xmlNode = null; // BAD: User input used directly in an XPath expression to SelectNodes - xmlNode.SelectNodes("//users/user[login/text()='" + userName + "' and password/text() = '" + password + "']/home_dir/text()"); + xmlNode.SelectNodes("//users/user[login/text()='" + userName + "' and password/text() = '" + password + "']/home_dir/text()"); // $ Alert[cs/xml/xpath-injection]=r16 // GOOD: Uses parameters to avoid including user input directly in XPath expression XPathExpression.Compile("//users/user[login/text()=$username]/home_dir/text()"); diff --git a/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.qlref b/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.qlref index a0cdca4727ae..9ffeeb3a2929 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-643/XPathInjection.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ExponentialRegex.cs b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ExponentialRegex.cs index b54b3bbdf81f..30d706fb7f17 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ExponentialRegex.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ExponentialRegex.cs @@ -8,20 +8,20 @@ public class RegexHandler : IHttpHandler public void ProcessRequest(HttpContext ctx) { - string userInput = ctx.Request.QueryString["userInput"]; + string userInput = ctx.Request.QueryString["userInput"]; // $ Source[cs/redos]=r1 $ Source[cs/redos]=r2 $ Source[cs/redos]=r3 $ Source[cs/redos]=r4 $ Source[cs/redos]=r5 // BAD: // Artificial regexes - new Regex("^([a-z]+)+$").Match(userInput); - new Regex("^([a-z]*)*$").Replace(userInput, ""); + new Regex("^([a-z]+)+$").Match(userInput); // $ Alert[cs/redos]=r1 + new Regex("^([a-z]*)*$").Replace(userInput, ""); // $ Alert[cs/redos]=r2 // Known exponential blowup regex for e-mail address validation // Problematic part is: ([a-zA-Z0-9]+))* - new Regex("^([a-zA-Z0-9])(([\\-.]|[_]+)?([a-zA-Z0-9]+))*(@){1}[a-z0-9]+[.]{1}(([a-z]{2,3})|([a-z]{2,3}[.]{1}[a-z]{2,3}))$").Match(userInput); + new Regex("^([a-zA-Z0-9])(([\\-.]|[_]+)?([a-zA-Z0-9]+))*(@){1}[a-z0-9]+[.]{1}(([a-z]{2,3})|([a-z]{2,3}[.]{1}[a-z]{2,3}))$").Match(userInput); // $ Alert[cs/redos]=r3 // Known exponential blowup regex for Java class name validation // Problematic part is: (([a-z])+.)+ - new Regex(JAVA_CLASS_REGEX).Match(userInput); + new Regex(JAVA_CLASS_REGEX).Match(userInput); // $ Alert[cs/redos]=r4 // Static use - Regex.Match(userInput, JAVA_CLASS_REGEX); + Regex.Match(userInput, JAVA_CLASS_REGEX); // $ Alert[cs/redos]=r5 // GOOD: new Regex("^(([a-b]+[c-z]+)+$").Match(userInput); new Regex("^([a-z]+)+$", RegexOptions.IgnoreCase, TimeSpan.FromSeconds(1)).Match(userInput); diff --git a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ReDoS.qlref b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ReDoS.qlref index de8c70102e05..e3f22da0ebeb 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ReDoS.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ReDoS.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-730/ReDoS.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoSGlobalTimeout/ReDoS.qlref b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoSGlobalTimeout/ReDoS.qlref index de8c70102e05..e3f22da0ebeb 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoSGlobalTimeout/ReDoS.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoSGlobalTimeout/ReDoS.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-730/ReDoS.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.cs b/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.cs index d5f802a02687..877a029de660 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.cs @@ -7,11 +7,11 @@ public class RegexInjectionHandler : IHttpHandler public void ProcessRequest(HttpContext ctx) { - string regex = ctx.Request.QueryString["regex"]; + string regex = ctx.Request.QueryString["regex"]; // $ Source[cs/regex-injection]=r1 string userInput = ctx.Request.QueryString["userInput"]; // BAD: User input used as regex - new Regex(regex).Match(userInput); + new Regex(regex).Match(userInput); // $ Alert[cs/regex-injection]=r1 // GOOD: User input escaped before being used as regex new Regex(Regex.Escape(regex)).Match(userInput); } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.qlref b/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.qlref index bec7fbac79a5..82cad8aeb6bd 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-730/RegexInjection.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-798/HardcodedConnectionString.qlref b/csharp/ql/test/query-tests/Security Features/CWE-798/HardcodedConnectionString.qlref index d240503b7731..da05cee17d43 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-798/HardcodedConnectionString.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-798/HardcodedConnectionString.qlref @@ -1 +1,2 @@ -Security Features/CWE-798/HardcodedConnectionString.ql \ No newline at end of file +query: Security Features/CWE-798/HardcodedConnectionString.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-798/HardcodedCredentials.cs b/csharp/ql/test/query-tests/Security Features/CWE-798/HardcodedCredentials.cs index 840d65b19653..4a9bada259b2 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-798/HardcodedCredentials.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-798/HardcodedCredentials.cs @@ -13,7 +13,7 @@ public void ProcessRequest(HttpContext ctx) string password = ctx.Request.QueryString["password"]; // BAD: Inbound authentication made by comparison to string literal - if (password == "myPa55word") + if (password == "myPa55word") // $ Alert[cs/hardcoded-credentials] { ctx.Response.Redirect("login"); } @@ -29,7 +29,7 @@ public void ProcessRequest(HttpContext ctx) // BAD: Create a membership user with hardcoded username MembershipUser user = new MembershipUser( providerName: "provider", - name: "username", + name: "username", // $ Alert[cs/hardcoded-credentials] providerUserKey: "username", email: "foo@bar.com", passwordQuestion: "Hardcoded question.", @@ -43,18 +43,18 @@ public void ProcessRequest(HttpContext ctx) lastLockoutDate: DateTime.Now ); // BAD: Set the password to a hardcoded string literal - user.ChangePassword(password, "myNewPa55word"); + user.ChangePassword(password, "myNewPa55word"); // $ Alert[cs/hardcoded-credentials] - byte[] rawCertData = new byte[] { 0x20, 0x20, 0x20 }; + byte[] rawCertData = new byte[] { 0x20, 0x20, 0x20 }; // $ Alert[cs/hardcoded-credentials] // BAD: Passing a literal certificate and password to an X509 certificate constructor X509Certificate2 cert = new X509Certificate2( - rawCertData, - "myPa55word"); + rawCertData, // $ Sink[cs/hardcoded-credentials] + "myPa55word"); // $ Alert[cs/hardcoded-credentials] // BAD: Passing literal Password to connection string - SqlConnection conn = new SqlConnection("Password=12345"); + SqlConnection conn = new SqlConnection("Password=12345"); // $ Alert[cs/hardcoded-connection-string-credentials] // BAD: Passing literal User Id to connection string - SqlConnection conn2 = new SqlConnection("User Id=12345"); + SqlConnection conn2 = new SqlConnection("User Id=12345"); // $ Alert[cs/hardcoded-connection-string-credentials] // GOOD: Password is not specified literally SqlConnection conn3 = new SqlConnection("Password=" + LoadPasswordFromSecretConfig() + ";"); @@ -72,7 +72,7 @@ public void ProcessRequest(HttpContext ctx) conn = new SqlConnection($"Password={LoadPasswordFromSecretConfig()}"); // BAD: Hard-coded user - Membership.CreateUser("myusername", "mypassword"); + Membership.CreateUser("myusername", "mypassword"); // $ Alert[cs/hardcoded-credentials] var identityOptions = new IdentityOptions { diff --git a/csharp/ql/test/query-tests/Security Features/CWE-798/HardcodedCredentials.qlref b/csharp/ql/test/query-tests/Security Features/CWE-798/HardcodedCredentials.qlref index ce8fa7f9b286..d4792bd2fa24 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-798/HardcodedCredentials.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-798/HardcodedCredentials.qlref @@ -1 +1,2 @@ -Security Features/CWE-798/HardcodedCredentials.ql \ No newline at end of file +query: Security Features/CWE-798/HardcodedCredentials.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-798/TestHardcodedCredentials.cs b/csharp/ql/test/query-tests/Security Features/CWE-798/TestHardcodedCredentials.cs index fa6d6f2b98af..997c1b7db795 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-798/TestHardcodedCredentials.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-798/TestHardcodedCredentials.cs @@ -23,7 +23,7 @@ public void TestUnsafe() // BAD: Create a membership user with hardcoded username MembershipUser user = new MembershipUser( providerName: "provider", - name: "username", + name: "username", // $ Alert[cs/hardcoded-credentials] providerUserKey: "username", email: "foo@bar.com", passwordQuestion: "Hardcoded question.", diff --git a/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.cs b/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.cs index 7ab297fbb686..40b3806f71f2 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.cs @@ -9,22 +9,22 @@ public void ProcessRequest(HttpContext ctx) { string user = ctx.Request.QueryString["user"]; string password = ctx.Request.QueryString["password"]; - string isAdmin = ctx.Request.QueryString["isAdmin"]; + string isAdmin = ctx.Request.QueryString["isAdmin"]; // $ Source[cs/user-controlled-bypass]=r1 // BAD: login is only executed if isAdmin is false, but isAdmin // is controlled by the user - if (isAdmin == "false") + if (isAdmin == "false") // $ Alert[cs/user-controlled-bypass]=r1 login(user, password); - HttpCookie adminCookie = ctx.Request.Cookies["adminCookie"]; + HttpCookie adminCookie = ctx.Request.Cookies["adminCookie"]; // $ Source[cs/user-controlled-bypass]=r2 $ Source[cs/user-controlled-bypass]=r3 $ Source[cs/user-controlled-bypass]=r4 // BAD: login is only executed if the cookie value is false, but the cookie // is controlled by the user - if (adminCookie.Value.Equals("false")) + if (adminCookie.Value.Equals("false")) // $ Alert[cs/user-controlled-bypass]=r2 login(user, password); // FALSE POSITIVES: both methods are conditionally executed, but they probably // both perform the security-critical action - if (adminCookie.Value == "false") + if (adminCookie.Value == "false") // $ Alert[cs/user-controlled-bypass]=r3 $ Alert[cs/user-controlled-bypass]=r4 { login(user, password); } @@ -39,14 +39,14 @@ public void ProcessRequest(HttpContext ctx) // BAD: DNS may be controlled by the user IPAddress hostIPAddress = IPAddress.Parse("1.2.3.4"); - IPHostEntry hostInfo = Dns.GetHostByAddress(hostIPAddress); + IPHostEntry hostInfo = Dns.GetHostByAddress(hostIPAddress); // $ Source[cs/user-controlled-bypass]=r5 $ Source[cs/user-controlled-bypass]=r6 // Exact comparison - if (hostInfo.HostName == "trustme.com") + if (hostInfo.HostName == "trustme.com") // $ Alert[cs/user-controlled-bypass]=r5 { login(user, password); } // Substring comparison - if (hostInfo.HostName.EndsWith("trustme.com")) + if (hostInfo.HostName.EndsWith("trustme.com")) // $ Alert[cs/user-controlled-bypass]=r6 { login(user, password); } @@ -67,9 +67,9 @@ public static void Test(HttpContext ctx, String user, String password) public static void Test2(HttpContext ctx, String user, String password) { - HttpCookie adminCookie = ctx.Request.Cookies["adminCookie"]; + HttpCookie adminCookie = ctx.Request.Cookies["adminCookie"]; // $ Source[cs/user-controlled-bypass]=r7 // BAD: login may happen once or twice - if (adminCookie.Value == "false") + if (adminCookie.Value == "false") // $ Alert[cs/user-controlled-bypass]=r7 login(user, password); else { @@ -80,8 +80,8 @@ public static void Test2(HttpContext ctx, String user, String password) public static void Test3(HttpContext ctx, String user, String password) { - HttpCookie adminCookie = ctx.Request.Cookies["adminCookie"]; - if (adminCookie.Value == "false") + HttpCookie adminCookie = ctx.Request.Cookies["adminCookie"]; // $ Source[cs/user-controlled-bypass]=r8 + if (adminCookie.Value == "false") // $ Alert[cs/user-controlled-bypass]=r8 login(user, password); else { diff --git a/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.qlref b/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.qlref index b0c208da3481..fe01c7557afa 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-807/ConditionalBypass.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-838/HtmlEncode.cs b/csharp/ql/test/query-tests/Security Features/CWE-838/HtmlEncode.cs index 8a5e378c8d13..66ad8fb4c1a4 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-838/HtmlEncode.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-838/HtmlEncode.cs @@ -7,7 +7,7 @@ public class HtmlEncode public static void Bad(HttpContext ctx) { var user = WebUtility.UrlDecode(ctx.Request.QueryString["user"]); - ctx.Response.Write("Hello, " + WebUtility.UrlEncode(user)); + ctx.Response.Write("Hello, " + WebUtility.UrlEncode(user)); // $ Alert[cs/inappropriate-encoding]=r1 $ Alert[cs/inappropriate-encoding]=r1 } public static void Good(HttpContext ctx) diff --git a/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.cs b/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.cs index 637988ddc84d..5a9bfd554965 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.cs @@ -10,12 +10,12 @@ public class InappropriateEncoding { public void Sql(string value) { - var encodedValue = Encode(value); + var encodedValue = Encode(value); // $ Source[cs/inappropriate-encoding]=r2 using (var connection = new SqlConnection("")) { var query1 = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + encodedValue + "' ORDER BY PRICE"; // BAD - var adapter = new SqlDataAdapter(query1, connection); + var adapter = new SqlDataAdapter(query1, connection); // $ Alert[cs/inappropriate-encoding]=r2 $ Alert[cs/inappropriate-encoding]=r3 var query2 = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=@category ORDER BY PRICE"; // GOOD @@ -28,13 +28,13 @@ public void Sql(string value) public void Html(string value, Label label, System.Windows.Forms.HtmlElement html) { // BAD - label.Text = Encode(value); - label.Text = HttpUtility.UrlEncode(value); - label.Text = HttpUtility.UrlEncode(HttpUtility.HtmlEncode(value)); - var encodedValue = HttpUtility.UrlEncode(value); - html.SetAttribute("a", encodedValue); - label.Text = ""; - label.Text = string.Format("", encodedValue); + label.Text = Encode(value); // $ Alert[cs/inappropriate-encoding]=r4 $ Alert[cs/inappropriate-encoding]=r4 + label.Text = HttpUtility.UrlEncode(value); // $ Alert[cs/inappropriate-encoding]=r5 $ Alert[cs/inappropriate-encoding]=r5 + label.Text = HttpUtility.UrlEncode(HttpUtility.HtmlEncode(value)); // $ Alert[cs/inappropriate-encoding]=r6 $ Alert[cs/inappropriate-encoding]=r6 + var encodedValue = HttpUtility.UrlEncode(value); // $ Source[cs/inappropriate-encoding]=r7 $ Source[cs/inappropriate-encoding]=r8 $ Source[cs/inappropriate-encoding]=r9 + html.SetAttribute("a", encodedValue); // $ Alert[cs/inappropriate-encoding]=r7 + label.Text = ""; // $ Alert[cs/inappropriate-encoding]=r8 + label.Text = string.Format("", encodedValue); // $ Alert[cs/inappropriate-encoding]=r9 // GOOD label.Text = HttpUtility.HtmlEncode(value); @@ -52,8 +52,8 @@ public void Html(string value, Label label, System.Windows.Forms.HtmlElement htm public void Url(string value, HttpServerUtility util, HttpContext ctx) { // BAD - var encodedValue = HttpUtility.HtmlEncode(value); - ctx.Response.Redirect(encodedValue); + var encodedValue = HttpUtility.HtmlEncode(value); // $ Source[cs/inappropriate-encoding]=r10 + ctx.Response.Redirect(encodedValue); // $ Alert[cs/inappropriate-encoding]=r10 // GOOD ctx.Response.Redirect(HttpUtility.UrlEncode(encodedValue)); @@ -63,6 +63,6 @@ public void Url(string value, HttpServerUtility util, HttpContext ctx) static string Encode(string value) { - return value.Replace("\"", "\\\""); + return value.Replace("\"", "\\\""); // $ Source[cs/inappropriate-encoding]=r3 } } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.qlref b/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.qlref index d70d82f47195..99348351479a 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-838/InappropriateEncoding.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-838/SqlEncode.cs b/csharp/ql/test/query-tests/Security Features/CWE-838/SqlEncode.cs index dd3731cb1613..1e55ade7a9de 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-838/SqlEncode.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-838/SqlEncode.cs @@ -11,8 +11,8 @@ public static DataSet Bad(HttpContext ctx) var user = WebUtility.UrlDecode(ctx.Request.QueryString["user"]); using (var connection = new SqlConnection("")) { - var query = "select * from Users where Name='" + user.Replace("\"", "\"\"") + "'"; - var adapter = new SqlDataAdapter(query, connection); + var query = "select * from Users where Name='" + user.Replace("\"", "\"\"") + "'"; // $ Source[cs/inappropriate-encoding]=r11 + var adapter = new SqlDataAdapter(query, connection); // $ Alert[cs/inappropriate-encoding]=r11 var result = new DataSet(); adapter.Fill(result); return result; diff --git a/csharp/ql/test/query-tests/Security Features/CWE-838/UrlEncode.cs b/csharp/ql/test/query-tests/Security Features/CWE-838/UrlEncode.cs index c43ec2b675a8..303a807a577d 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-838/UrlEncode.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-838/UrlEncode.cs @@ -7,7 +7,7 @@ public class UrlEncode public static void Bad(string value, HttpContext ctx) { var user = WebUtility.UrlDecode(ctx.Request.QueryString["user"]); - ctx.Response.Redirect("?param=" + WebUtility.HtmlEncode(user)); + ctx.Response.Redirect("?param=" + WebUtility.HtmlEncode(user)); // $ Alert[cs/inappropriate-encoding]=r12 $ Alert[cs/inappropriate-encoding]=r12 } public static void Good(string value, HttpContext ctx) diff --git a/csharp/ql/test/query-tests/Telemetry/LibraryUsage/ExternalLibraryUsage.qlref b/csharp/ql/test/query-tests/Telemetry/LibraryUsage/ExternalLibraryUsage.qlref index 98a6202f3eb5..918fe540c3bc 100644 --- a/csharp/ql/test/query-tests/Telemetry/LibraryUsage/ExternalLibraryUsage.qlref +++ b/csharp/ql/test/query-tests/Telemetry/LibraryUsage/ExternalLibraryUsage.qlref @@ -1 +1 @@ -Telemetry/ExternalLibraryUsage.ql +query: Telemetry/ExternalLibraryUsage.ql diff --git a/csharp/ql/test/query-tests/Telemetry/LibraryUsage/SupportedExternalTaint.qlref b/csharp/ql/test/query-tests/Telemetry/LibraryUsage/SupportedExternalTaint.qlref index ef9ddfadc00d..a8f8f4965efe 100644 --- a/csharp/ql/test/query-tests/Telemetry/LibraryUsage/SupportedExternalTaint.qlref +++ b/csharp/ql/test/query-tests/Telemetry/LibraryUsage/SupportedExternalTaint.qlref @@ -1 +1 @@ -Telemetry/SupportedExternalTaint.ql +query: Telemetry/SupportedExternalTaint.ql diff --git a/csharp/ql/test/query-tests/Telemetry/LibraryUsage/UnsupportedExternalAPIs.qlref b/csharp/ql/test/query-tests/Telemetry/LibraryUsage/UnsupportedExternalAPIs.qlref index b89f0a48e2e6..da704d4cbbe9 100644 --- a/csharp/ql/test/query-tests/Telemetry/LibraryUsage/UnsupportedExternalAPIs.qlref +++ b/csharp/ql/test/query-tests/Telemetry/LibraryUsage/UnsupportedExternalAPIs.qlref @@ -1 +1 @@ -Telemetry/UnsupportedExternalAPIs.ql +query: Telemetry/UnsupportedExternalAPIs.ql diff --git a/csharp/ql/test/query-tests/Telemetry/SupportedExternalApis/SupportedExternalApis.qlref b/csharp/ql/test/query-tests/Telemetry/SupportedExternalApis/SupportedExternalApis.qlref index 2e12499cf62b..f3e231b8a7aa 100644 --- a/csharp/ql/test/query-tests/Telemetry/SupportedExternalApis/SupportedExternalApis.qlref +++ b/csharp/ql/test/query-tests/Telemetry/SupportedExternalApis/SupportedExternalApis.qlref @@ -1 +1 @@ -Telemetry/SupportedExternalApis.ql +query: Telemetry/SupportedExternalApis.ql diff --git a/csharp/ql/test/query-tests/Telemetry/SupportedExternalSinks/SupportedExternalSinks.qlref b/csharp/ql/test/query-tests/Telemetry/SupportedExternalSinks/SupportedExternalSinks.qlref index e8bd57fad506..d454ef226b9d 100644 --- a/csharp/ql/test/query-tests/Telemetry/SupportedExternalSinks/SupportedExternalSinks.qlref +++ b/csharp/ql/test/query-tests/Telemetry/SupportedExternalSinks/SupportedExternalSinks.qlref @@ -1 +1 @@ -Telemetry/SupportedExternalSinks.ql \ No newline at end of file +query: Telemetry/SupportedExternalSinks.ql diff --git a/csharp/ql/test/query-tests/Telemetry/SupportedExternalSources/SupportedExternalSources.qlref b/csharp/ql/test/query-tests/Telemetry/SupportedExternalSources/SupportedExternalSources.qlref index c6819c7775f4..f6f3f1b972d1 100644 --- a/csharp/ql/test/query-tests/Telemetry/SupportedExternalSources/SupportedExternalSources.qlref +++ b/csharp/ql/test/query-tests/Telemetry/SupportedExternalSources/SupportedExternalSources.qlref @@ -1 +1 @@ -Telemetry/SupportedExternalSources.ql +query: Telemetry/SupportedExternalSources.ql diff --git a/csharp/ql/test/query-tests/UnusedPropertyValue/UnusedPropertyValue.cs b/csharp/ql/test/query-tests/UnusedPropertyValue/UnusedPropertyValue.cs index aabe43f2258d..36c79a9a1edc 100644 --- a/csharp/ql/test/query-tests/UnusedPropertyValue/UnusedPropertyValue.cs +++ b/csharp/ql/test/query-tests/UnusedPropertyValue/UnusedPropertyValue.cs @@ -6,12 +6,12 @@ class Program bool Prop1 { - set { x = true; } // BAD + set { x = true; } // $ Alert // BAD } bool Prop2 { - set { } // BAD + set { } // $ Alert // BAD } bool Prop3 @@ -55,7 +55,7 @@ class C3 : C2 { public bool Prop1 { - set { } // BAD: not override + set { } // $ Alert // BAD: not override } public override bool Prop2 diff --git a/csharp/ql/test/query-tests/UnusedPropertyValue/UnusedPropertyValue.qlref b/csharp/ql/test/query-tests/UnusedPropertyValue/UnusedPropertyValue.qlref index 199133fb534c..ca84e54c8278 100644 --- a/csharp/ql/test/query-tests/UnusedPropertyValue/UnusedPropertyValue.qlref +++ b/csharp/ql/test/query-tests/UnusedPropertyValue/UnusedPropertyValue.qlref @@ -1 +1,2 @@ -Language Abuse/UnusedPropertyValue.ql \ No newline at end of file +query: Language Abuse/UnusedPropertyValue.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/UseBraces/UseBraces.cs b/csharp/ql/test/query-tests/UseBraces/UseBraces.cs index c6036255062d..99d7c1b5ae6d 100644 --- a/csharp/ql/test/query-tests/UseBraces/UseBraces.cs +++ b/csharp/ql/test/query-tests/UseBraces/UseBraces.cs @@ -29,7 +29,7 @@ static void Main(string[] args) g(); // BAD if (1 == 1) - f(); g(); // BAD + f(); g(); // $ Alert // BAD // If-then-else statement @@ -63,7 +63,7 @@ static void Main(string[] args) f(); } else - f(); g(); // BAD + f(); g(); // $ Alert // BAD // While statement @@ -83,7 +83,7 @@ static void Main(string[] args) g(); // GOOD while (x > 1) - f(); g(); // BAD + f(); g(); // $ Alert // BAD while (x > 1) if (x != null) x = 1; @@ -111,7 +111,7 @@ static void Main(string[] args) g(); // BAD for (int i = 0; i < 10; ++i) - f(); g(); // BAD + f(); g(); // $ Alert // BAD // Foreach statement @@ -130,7 +130,7 @@ static void Main(string[] args) g(); // BAD foreach (var b in branches) - f(); g(); // BAD + f(); g(); // $ Alert // BAD // Nested ifs if (x > 1) diff --git a/csharp/ql/test/query-tests/UseBraces/UseBraces.qlref b/csharp/ql/test/query-tests/UseBraces/UseBraces.qlref index 5d1d4a063882..e89389461d72 100644 --- a/csharp/ql/test/query-tests/UseBraces/UseBraces.qlref +++ b/csharp/ql/test/query-tests/UseBraces/UseBraces.qlref @@ -1 +1,2 @@ -Likely Bugs/Statements/UseBraces.ql +query: Likely Bugs/Statements/UseBraces.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Useless Code/PointlessForwardingMethod/PointlessForwardingMethod.cs b/csharp/ql/test/query-tests/Useless Code/PointlessForwardingMethod/PointlessForwardingMethod.cs index 096372e40985..04a2b3b68cad 100644 --- a/csharp/ql/test/query-tests/Useless Code/PointlessForwardingMethod/PointlessForwardingMethod.cs +++ b/csharp/ql/test/query-tests/Useless Code/PointlessForwardingMethod/PointlessForwardingMethod.cs @@ -8,7 +8,7 @@ class C : I public void f(int x) { } // BAD: This method is a forwarder - public void f() + public void f() // $ Alert { f(1); } @@ -38,7 +38,7 @@ void h() { } void i() { } // BAD: Forwarding method - void i(int a) + void i(int a) // $ Alert { i(); } diff --git a/csharp/ql/test/query-tests/Useless Code/PointlessForwardingMethod/PointlessForwardingMethod.qlref b/csharp/ql/test/query-tests/Useless Code/PointlessForwardingMethod/PointlessForwardingMethod.qlref index 2e42cbc75022..435314fa3738 100644 --- a/csharp/ql/test/query-tests/Useless Code/PointlessForwardingMethod/PointlessForwardingMethod.qlref +++ b/csharp/ql/test/query-tests/Useless Code/PointlessForwardingMethod/PointlessForwardingMethod.qlref @@ -1 +1,2 @@ -Useless code/PointlessForwardingMethod.ql +query: Useless code/PointlessForwardingMethod.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/WriteOnlyContainer/WriteOnlyContainer.cs b/csharp/ql/test/query-tests/WriteOnlyContainer/WriteOnlyContainer.cs index 6d870cad08bf..81360515922f 100644 --- a/csharp/ql/test/query-tests/WriteOnlyContainer/WriteOnlyContainer.cs +++ b/csharp/ql/test/query-tests/WriteOnlyContainer/WriteOnlyContainer.cs @@ -7,7 +7,7 @@ public class ContainerTest // Test 1: Variable scopes // Test 1a: Private field - private IList c1a = new List { 1, 2 }; // BAD: private + private IList c1a = new List { 1, 2 }; // $ Alert // BAD: private // Test 1b: protected field protected IList c1b = new List { 1, 2 }; // GOOD: protected @@ -16,7 +16,7 @@ public class ContainerTest public IList c1c = new List { 1, 2 }; // GOOD: public // Test 1d: internal field - internal IList c1d = new List { 1, 2 }; // BAD: internal + internal IList c1d = new List { 1, 2 }; // $ Alert // BAD: internal void TestScopes() { @@ -26,7 +26,7 @@ void TestScopes() c1d.Add(4); // Test 1e: Local variable - IList c1e = new List { 1, 2 }; // BAD: local + IList c1e = new List { 1, 2 }; // $ Alert // BAD: local c1e.Add(5); } @@ -35,7 +35,7 @@ void TestScopes() void TestMethodNames() { // Test 2a: Writeonly method names - IList c2a = new List { 1, 2 }; // BAD: writeonly methods + IList c2a = new List { 1, 2 }; // $ Alert // BAD: writeonly methods c2a.Add(1); c2a.Clear(); c2a.Insert(1, 2); @@ -47,14 +47,14 @@ void TestMethodNames() bool b = c2b.Contains(1); // Test 2c: Other method names - var c2c = new Stack(); // BAD + var c2c = new Stack(); // $ Alert // BAD c2c.Push(1); - var c2d = new BitArray(10); // BAD + var c2d = new BitArray(10); // $ Alert // BAD c2d.Set(1, true); c2d.SetAll(false); - var c2j = new LinkedList(); // BAD + var c2j = new LinkedList(); // $ Alert // BAD c2j.AddFirst(1); c2j.AddLast(2); c2j.RemoveFirst(); @@ -100,7 +100,7 @@ IList this[int i] void TestAccessTypes() { // 3a: Unused - IList c3a = new List { 4, 5 }; // BAD + IList c3a = new List { 4, 5 }; // $ Alert // BAD // 3b: Pass to function IList c3b = new List { }; // GOOD: used @@ -115,7 +115,7 @@ void TestAccessTypes() // Test 4: Initialization type - private IList c4a; // BAD: even though uninitialized + private IList c4a; // $ Alert // BAD: even though uninitialized void TestInitializationTypes() { @@ -123,11 +123,11 @@ void TestInitializationTypes() c4a.Add(1); // Test 4b: Constructed from new - var c4b = new List(); // BAD + var c4b = new List(); // $ Alert // BAD c4b.Add(1); // Test 4c: List initialized - var c4c = new List { 2, 3, 4 }; // BAD + var c4c = new List { 2, 3, 4 }; // $ Alert // BAD c4c.Add(1); // Test 4d: Constructed from other expression @@ -147,7 +147,7 @@ void TestInitializationTypes() void TestAssignment() { // Assigned from new container - IList c5a; // BAD + IList c5a; // $ Alert // BAD c5a = new List(); c5a.Add(1); @@ -162,7 +162,7 @@ void TestAssignment() c5d = c5c; // Assigned in an expression somewhere - IList c5e = new List(); // BAD: assigned in expr + IList c5e = new List(); // $ Alert // BAD: assigned in expr for (int i = 0; i < 10; c5e = new List(), ++i) c5e.Add(1); @@ -183,67 +183,67 @@ void TestCollections() var c6a = new NonCollection(); // GOOD: not a collection c6a.Add(1); - var c6b = new ArrayList(); // BAD + var c6b = new ArrayList(); // $ Alert // BAD c6b.Add(1); - var c6c = new BitArray(32); // BAD + var c6c = new BitArray(32); // $ Alert // BAD c6c.SetAll(true); - var c6d = new Hashtable(); // BAD + var c6d = new Hashtable(); // $ Alert // BAD c6d.Add(1, 2); - var c6e = new Queue(); // BAD + var c6e = new Queue(); // $ Alert // BAD c6e.Enqueue(1); - var c6f = new SortedList(); // BAD + var c6f = new SortedList(); // $ Alert // BAD c6f.Add(1, 2); - var c6g = new Stack(); // BAD + var c6g = new Stack(); // $ Alert // BAD c6g.Push(1); - var c6h = new Dictionary(); // BAD + var c6h = new Dictionary(); // $ Alert // BAD c6h.Add(1, 2); - var c6i = new HashSet(); // BAD + var c6i = new HashSet(); // $ Alert // BAD c6i.Add(1); - var c6j = new LinkedList(); // BAD + var c6j = new LinkedList(); // $ Alert // BAD c6j.AddFirst(1); - var c6k = new List(); // BAD + var c6k = new List(); // $ Alert // BAD c6k.Add(1); - var c6l = new Queue(); // BAD + var c6l = new Queue(); // $ Alert // BAD c6l.Enqueue(1); - var c6m = new SortedDictionary(); // BAD + var c6m = new SortedDictionary(); // $ Alert // BAD c6m.Add(1, 2); - var c6n = new SortedList(); // BAD + var c6n = new SortedList(); // $ Alert // BAD c6n.Add(1, 2); - var c6o = new SortedDictionary(); // BAD + var c6o = new SortedDictionary(); // $ Alert // BAD c6o.Add(1, 2); - var c6p = new SortedSet(); // BAD + var c6p = new SortedSet(); // $ Alert // BAD c6p.Add(1); - var c6q = new Stack(); // BAD + var c6q = new Stack(); // $ Alert // BAD c6q.Push(1); - ICollection c6u = new List(); // BAD + ICollection c6u = new List(); // $ Alert // BAD c6u.Add(1); - IDictionary c6v = new Dictionary(); // BAD + IDictionary c6v = new Dictionary(); // $ Alert // BAD c6v.Add(1, 2); IEnumerable c6w = new List(); // GOOD c6w.GetEnumerator(); - IList c6x = new List(); // BAD + IList c6x = new List(); // $ Alert // BAD c6x.Add(12); - ISet c6y = new HashSet(); // BAD + ISet c6y = new HashSet(); // $ Alert // BAD c6y.Add(1); } @@ -264,7 +264,7 @@ void TestDynamicAccess() t.InvokeMember("Add", System.Reflection.BindingFlags.InvokeMethod, null, c7c, new Object[] { 1 }); } - IList c8a = new List(); // BAD: no attribute + IList c8a = new List(); // $ Alert // BAD: no attribute [Obsolete()] IList c8b = new List(); // GOOD: has attribute diff --git a/csharp/ql/test/query-tests/WriteOnlyContainer/WriteOnlyContainer.qlref b/csharp/ql/test/query-tests/WriteOnlyContainer/WriteOnlyContainer.qlref index ddd3e9fb1cb8..9d2057a3d375 100644 --- a/csharp/ql/test/query-tests/WriteOnlyContainer/WriteOnlyContainer.qlref +++ b/csharp/ql/test/query-tests/WriteOnlyContainer/WriteOnlyContainer.qlref @@ -1 +1,2 @@ -Likely Bugs/Collections/WriteOnlyContainer.ql +query: Likely Bugs/Collections/WriteOnlyContainer.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/standalone/Likely Bugs/IncomparableEquals/IncomparableEquals.cs b/csharp/ql/test/query-tests/standalone/Likely Bugs/IncomparableEquals/IncomparableEquals.cs index 1b550cacf8ac..a4541e2ba24d 100644 --- a/csharp/ql/test/query-tests/standalone/Likely Bugs/IncomparableEquals/IncomparableEquals.cs +++ b/csharp/ql/test/query-tests/standalone/Likely Bugs/IncomparableEquals/IncomparableEquals.cs @@ -3,9 +3,9 @@ class Test static void Main(string[] args) { // BAD - c3.Equals(c4); - c2.Equals(c3); - c7.Equals(c6); + c3.Equals(c4); // $ Alert + c2.Equals(c3); // $ Alert + c7.Equals(c6); // $ Alert // GOOD c1.Equals(c2); diff --git a/csharp/ql/test/query-tests/standalone/Likely Bugs/IncomparableEquals/IncomparableEquals.qlref b/csharp/ql/test/query-tests/standalone/Likely Bugs/IncomparableEquals/IncomparableEquals.qlref index 96eae4e2eac5..91b47c6ddd94 100644 --- a/csharp/ql/test/query-tests/standalone/Likely Bugs/IncomparableEquals/IncomparableEquals.qlref +++ b/csharp/ql/test/query-tests/standalone/Likely Bugs/IncomparableEquals/IncomparableEquals.qlref @@ -1 +1,2 @@ -Likely Bugs/IncomparableEquals.ql \ No newline at end of file +query: Likely Bugs/IncomparableEquals.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/standalone/Likely Bugs/ObjectComparison/ObjectComparison.cs b/csharp/ql/test/query-tests/standalone/Likely Bugs/ObjectComparison/ObjectComparison.cs index f717fe662c6b..756b667a055d 100644 --- a/csharp/ql/test/query-tests/standalone/Likely Bugs/ObjectComparison/ObjectComparison.cs +++ b/csharp/ql/test/query-tests/standalone/Likely Bugs/ObjectComparison/ObjectComparison.cs @@ -14,9 +14,9 @@ void test() result = (object)unknownValue = someValue; // BAD: Explicit cast - result = (object)unknownValue == (object)someValue; + result = (object)unknownValue == (object)someValue; // $ Alert // BAD: Type information known - result = this == (object)this; + result = this == (object)this; // $ Alert } } diff --git a/csharp/ql/test/query-tests/standalone/Likely Bugs/ObjectComparison/ObjectComparison.qlref b/csharp/ql/test/query-tests/standalone/Likely Bugs/ObjectComparison/ObjectComparison.qlref index 6f834d6d6548..e47228487204 100644 --- a/csharp/ql/test/query-tests/standalone/Likely Bugs/ObjectComparison/ObjectComparison.qlref +++ b/csharp/ql/test/query-tests/standalone/Likely Bugs/ObjectComparison/ObjectComparison.qlref @@ -1 +1,2 @@ -Likely Bugs/ObjectComparison.ql \ No newline at end of file +query: Likely Bugs/ObjectComparison.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/utils/modeleditor/ApplicationModeEndpoints.qlref b/csharp/ql/test/utils/modeleditor/ApplicationModeEndpoints.qlref index 4787fa5d4b2e..1255164237c6 100644 --- a/csharp/ql/test/utils/modeleditor/ApplicationModeEndpoints.qlref +++ b/csharp/ql/test/utils/modeleditor/ApplicationModeEndpoints.qlref @@ -1 +1 @@ -utils/modeleditor/ApplicationModeEndpoints.ql \ No newline at end of file +query: utils/modeleditor/ApplicationModeEndpoints.ql diff --git a/csharp/ql/test/utils/modeleditor/FrameworkModeEndpoints.qlref b/csharp/ql/test/utils/modeleditor/FrameworkModeEndpoints.qlref index 5ae87455edd6..ec216021687b 100644 --- a/csharp/ql/test/utils/modeleditor/FrameworkModeEndpoints.qlref +++ b/csharp/ql/test/utils/modeleditor/FrameworkModeEndpoints.qlref @@ -1 +1 @@ -utils/modeleditor/FrameworkModeEndpoints.ql \ No newline at end of file +query: utils/modeleditor/FrameworkModeEndpoints.ql From 34fade8cd09d8a6336d60572c848a16899099ded Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Sun, 5 Jul 2026 14:07:50 +0100 Subject: [PATCH 2/4] Fixes --- .../experimental/CWE-918/RequestForgery.cs | 4 ++-- .../JsonWebTokenHandler/delegation-test.cs | 4 ++-- .../Security Features/Serialization/test0.cs | 13 ++---------- .../Security Features/backdoor/test.cs | 6 +++--- .../BlockCodeResponseWrite.qlref | 3 +-- .../ComplexInlineCode/ComplexInlineCode.qlref | 3 +-- .../NonInternationalizedText.qlref | 3 +-- .../SplitControlStructure.qlref | 3 +-- .../CommentedOutCode/CommentedOutCode.cs | 2 +- .../CommentedOutCode/CommentedOutCode.qlref | 3 +-- .../Comments/TodoComments/TodoComments.cs | 4 ++-- .../Comments/TodoComments/TodoComments.qlref | 3 +-- .../Comments/TodoComments/TodoCommentsBad.cs | 2 +- .../EmptyPasswordInConfigurationFile.qlref | 3 +-- .../CWE-011/ASPNetDebug.qlref | 3 +-- .../CWE-020/RuntimeChecksBypass.cs | 6 +++--- .../CWE-020/RuntimeChecksBypassBad.cs | 2 +- .../CWE-022/TaintedPath/TaintedPath.cs | 14 ++++++------- .../CWE-022/ZipSlip/ZipSlip.cs | 14 ++++++------- .../CWE-078/CommandInjection.cs | 10 +++++----- .../CWE-090/LDAPInjection.cs | 12 +++++------ .../CWE-094/CodeInjection.cs | 4 ++-- .../CWE-099/ResourceInjection.cs | 4 ++-- .../CWE-112/MissingXMLValidation.cs | 10 +++++----- .../ExposureInTransmittedData.cs | 18 ++++++++--------- .../MissingASPNETGlobalErrorHandler.qlref | 3 +-- .../HardcodedSymmetricEncryptionKey.cs | 16 +++++++-------- .../NoHeader/MissingXFrameOptions.qlref | 3 +-- .../CWE-548/ASPNetDirectoryListing.qlref | 3 +-- .../CWE-601/UrlRedirect/UrlRedirect.cs | 8 ++++---- .../CWE-601/UrlRedirect/UrlRedirectCore.cs | 20 +++++++++---------- .../HttpCookiesCorrect/RequireSSL.qlref | 3 +-- .../RequireSSLMissing/RequireSSL.qlref | 3 +-- .../CWE-643/XPathInjection.cs | 18 ++++++++--------- .../CWE-730/ReDoS/ExponentialRegex.cs | 10 +++++----- .../CWE-807/ConditionalBypass.cs | 8 ++++---- .../CWE-838/InappropriateEncoding.cs | 6 +++--- 37 files changed, 116 insertions(+), 138 deletions(-) diff --git a/csharp/ql/test/experimental/CWE-918/RequestForgery.cs b/csharp/ql/test/experimental/CWE-918/RequestForgery.cs index 02e851d8df10..40a25c33ca53 100644 --- a/csharp/ql/test/experimental/CWE-918/RequestForgery.cs +++ b/csharp/ql/test/experimental/CWE-918/RequestForgery.cs @@ -9,9 +9,9 @@ public class SSRFController : Controller { [HttpPost] [ValidateAntiForgeryToken] - public async Task Bad(string url) + public async Task Bad(string url) // $ Source[cs/request-forgery]=r1 { - var request = new HttpRequestMessage(HttpMethod.Get, url); + var request = new HttpRequestMessage(HttpMethod.Get, url); // $ Alert[cs/request-forgery]=r1 var client = new HttpClient(); await client.SendAsync(request); diff --git a/csharp/ql/test/experimental/Security Features/JsonWebTokenHandler/delegation-test.cs b/csharp/ql/test/experimental/Security Features/JsonWebTokenHandler/delegation-test.cs index 6fb922f5badd..95118a986d3c 100644 --- a/csharp/ql/test/experimental/Security Features/JsonWebTokenHandler/delegation-test.cs +++ b/csharp/ql/test/experimental/Security Features/JsonWebTokenHandler/delegation-test.cs @@ -115,8 +115,8 @@ public void TestCase01() tokenValidationParamsBaseline.AudienceValidator = (IEnumerable audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => { return true; }; // $ Alert[cs/json-webtoken-handler/delegated-security-validations-always-return-true] // BUG tokenValidationParamsBaseline.AudienceValidator = (IEnumerable audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => !false ; // $ Alert[cs/json-webtoken-handler/delegated-security-validations-always-return-true] // BUG tokenValidationParamsBaseline.AudienceValidator = (IEnumerable audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => { return securityToken is null?true:true; }; // $ Alert[cs/json-webtoken-handler/delegated-security-validations-always-return-true] // BUG - tokenValidationParamsBaseline.AudienceValidator = (IEnumerable audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => { return ValidateLifetimeAlwaysTrue(securityToken, validationParameters);}; //BUG // $ Alert[cs/json-webtoken-handler/delegated-security-validations-always-return-true] - tokenValidationParamsBaseline.AudienceValidator = (audiences, securityToken, validationParameters) => ValidateLifetimeAlwaysTrue(securityToken, validationParameters); //BUG // $ Alert[cs/json-webtoken-handler/delegated-security-validations-always-return-true] + tokenValidationParamsBaseline.AudienceValidator = (IEnumerable audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => { return ValidateLifetimeAlwaysTrue(securityToken, validationParameters);}; // $ Alert[cs/json-webtoken-handler/delegated-security-validations-always-return-true] //BUG + tokenValidationParamsBaseline.AudienceValidator = (audiences, securityToken, validationParameters) => ValidateLifetimeAlwaysTrue(securityToken, validationParameters); // $ Alert[cs/json-webtoken-handler/delegated-security-validations-always-return-true] //BUG } diff --git a/csharp/ql/test/experimental/Security Features/Serialization/test0.cs b/csharp/ql/test/experimental/Security Features/Serialization/test0.cs index 7f16b7132f3c..9ad867d96102 100644 --- a/csharp/ql/test/experimental/Security Features/Serialization/test0.cs +++ b/csharp/ql/test/experimental/Security Features/Serialization/test0.cs @@ -83,17 +83,8 @@ static void datatable_readxmlschema_01(string fileName) { DataTable newTable = new DataTable(); System.Xml.XmlTextReader reader = new System.Xml.XmlTextReader(fs); - newTable.ReadXmlSchema(reader); //bug:XmlDeserializationWithDataSet.ql // $ Alert[cs/dataset-serialization/xml-deserialization-with-dataset] + newTable.ReadXmlSchema(reader); // $ Aleryjht[cs/dataset-serialization/xml-deserialization-with-dataset] //bug:XmlDeserializationWithDataSet.ql } - } - - static void Main(string[] args) - { - - XmlSerializer x = new XmlSerializer(typeof(DataSet)); // $ Alert[cs/dataset-serialization/unsafe-type-used-data-contract-serializer] // bug:UnsafeTypeUsedDataContractSerializer.ql - XmlSerializer y = new XmlSerializer(typeof(AttributeSerializer01)); //bug:UnsafeTypeUsedDataContractSerializer.ql // $ Alert[cs/dataset-serialization/unsafe-type-used-data-contract-serializer] - - Console.WriteLine("Hello World!"); - } + }h6dy } } diff --git a/csharp/ql/test/experimental/Security Features/backdoor/test.cs b/csharp/ql/test/experimental/Security Features/backdoor/test.cs index 87bd78f362d5..c582f5e49269 100644 --- a/csharp/ql/test/experimental/Security Features/backdoor/test.cs +++ b/csharp/ql/test/experimental/Security Features/backdoor/test.cs @@ -66,12 +66,12 @@ void TestProcessNameToHashTaintFlow() void TestTimeBomb() { - DateTime lastWriteTime = System.IO.File.GetLastWriteTime("someFile"); + DateTime lastWriteTime = System.IO.File.GetLastWriteTime("someFile"); // $ Source[cs/backdoor/potential-time-bomb] int num = new Random().Next(288, 336); - if (DateTime.Now.CompareTo(lastWriteTime.AddHours((double)num)) >= 0) // BUG : Potential time bomb, currently not detected + if (DateTime.Now.CompareTo(lastWriteTime.AddHours((double)num)) >= 0) // $ Sink[cs/backdoor/potential-time-bomb] // BUG : Potential time bomb, currently not detected { // Some code here - } + } // $ Alert[cs/backdoor/potential-time-bomb] } } diff --git a/csharp/ql/test/query-tests/ASP/BlockCodeResponseWrite/BlockCodeResponseWrite.qlref b/csharp/ql/test/query-tests/ASP/BlockCodeResponseWrite/BlockCodeResponseWrite.qlref index 35d5389b7189..40da4c8a2d57 100644 --- a/csharp/ql/test/query-tests/ASP/BlockCodeResponseWrite/BlockCodeResponseWrite.qlref +++ b/csharp/ql/test/query-tests/ASP/BlockCodeResponseWrite/BlockCodeResponseWrite.qlref @@ -1,2 +1 @@ -query: ASP/BlockCodeResponseWrite.ql -postprocess: utils/test/InlineExpectationsTestQuery.ql +ASP/BlockCodeResponseWrite.ql diff --git a/csharp/ql/test/query-tests/ASP/ComplexInlineCode/ComplexInlineCode.qlref b/csharp/ql/test/query-tests/ASP/ComplexInlineCode/ComplexInlineCode.qlref index 9a5bdd6c37e6..85395099ce9a 100644 --- a/csharp/ql/test/query-tests/ASP/ComplexInlineCode/ComplexInlineCode.qlref +++ b/csharp/ql/test/query-tests/ASP/ComplexInlineCode/ComplexInlineCode.qlref @@ -1,2 +1 @@ -query: ASP/ComplexInlineCode.ql -postprocess: utils/test/InlineExpectationsTestQuery.ql +ASP/ComplexInlineCode.ql diff --git a/csharp/ql/test/query-tests/ASP/NonInternationalizedText/NonInternationalizedText.qlref b/csharp/ql/test/query-tests/ASP/NonInternationalizedText/NonInternationalizedText.qlref index 0ca3c026d73e..16700623f76e 100644 --- a/csharp/ql/test/query-tests/ASP/NonInternationalizedText/NonInternationalizedText.qlref +++ b/csharp/ql/test/query-tests/ASP/NonInternationalizedText/NonInternationalizedText.qlref @@ -1,2 +1 @@ -query: ASP/NonInternationalizedText.ql -postprocess: utils/test/InlineExpectationsTestQuery.ql +ASP/NonInternationalizedText.ql diff --git a/csharp/ql/test/query-tests/ASP/SplitControlStructure/SplitControlStructure.qlref b/csharp/ql/test/query-tests/ASP/SplitControlStructure/SplitControlStructure.qlref index 57c16f0abe63..4e98f2ecbaa5 100644 --- a/csharp/ql/test/query-tests/ASP/SplitControlStructure/SplitControlStructure.qlref +++ b/csharp/ql/test/query-tests/ASP/SplitControlStructure/SplitControlStructure.qlref @@ -1,2 +1 @@ -query: ASP/SplitControlStructure.ql -postprocess: utils/test/InlineExpectationsTestQuery.ql +ASP/SplitControlStructure.ql diff --git a/csharp/ql/test/query-tests/Bad Practices/Comments/CommentedOutCode/CommentedOutCode.cs b/csharp/ql/test/query-tests/Bad Practices/Comments/CommentedOutCode/CommentedOutCode.cs index 117edca06aae..93575ea6d8b2 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Comments/CommentedOutCode/CommentedOutCode.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Comments/CommentedOutCode/CommentedOutCode.cs @@ -23,5 +23,5 @@ class Class // int y=3; // Comment // int z=4; // Comment // - // $ Alert // end of example + // end of example } diff --git a/csharp/ql/test/query-tests/Bad Practices/Comments/CommentedOutCode/CommentedOutCode.qlref b/csharp/ql/test/query-tests/Bad Practices/Comments/CommentedOutCode/CommentedOutCode.qlref index 59b1ba27b8e2..99318fe478e5 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Comments/CommentedOutCode/CommentedOutCode.qlref +++ b/csharp/ql/test/query-tests/Bad Practices/Comments/CommentedOutCode/CommentedOutCode.qlref @@ -1,2 +1 @@ -query: Bad Practices/Comments/CommentedOutCode.ql -postprocess: utils/test/InlineExpectationsTestQuery.ql +Bad Practices/Comments/CommentedOutCode.ql diff --git a/csharp/ql/test/query-tests/Bad Practices/Comments/TodoComments/TodoComments.cs b/csharp/ql/test/query-tests/Bad Practices/Comments/TodoComments/TodoComments.cs index a78b3ae13e9f..e4f13bb4c64c 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Comments/TodoComments/TodoComments.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Comments/TodoComments/TodoComments.cs @@ -1,8 +1,8 @@ class C { - // $ Alert // BAD: A TODO comment - // $ Alert // BAD: A FIXME comment + // BAD: A TODO comment + // BAD: A FIXME comment // GOOD: A normal comment // GOOD: Lowercase todo fixme } diff --git a/csharp/ql/test/query-tests/Bad Practices/Comments/TodoComments/TodoComments.qlref b/csharp/ql/test/query-tests/Bad Practices/Comments/TodoComments/TodoComments.qlref index 6cdc7b06d6e3..b9114382c5b6 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Comments/TodoComments/TodoComments.qlref +++ b/csharp/ql/test/query-tests/Bad Practices/Comments/TodoComments/TodoComments.qlref @@ -1,2 +1 @@ -query: Bad Practices/Comments/TodoComments.ql -postprocess: utils/test/InlineExpectationsTestQuery.ql +Bad Practices/Comments/TodoComments.ql diff --git a/csharp/ql/test/query-tests/Bad Practices/Comments/TodoComments/TodoCommentsBad.cs b/csharp/ql/test/query-tests/Bad Practices/Comments/TodoComments/TodoCommentsBad.cs index d3d482f726f1..172305a3bc73 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Comments/TodoComments/TodoCommentsBad.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Comments/TodoComments/TodoCommentsBad.cs @@ -4,7 +4,7 @@ class Bad { public static double SolveQuadratic(double a, double b, double c) { - // $ Alert // TODO: handle case where a == 0 + // TODO: handle case where a == 0 return (-b + Math.Sqrt(b * b - 4 * a * c)) / (2 * a); } } diff --git a/csharp/ql/test/query-tests/Configuration/PasswordInConfigurationFile/EmptyPasswordInConfigurationFile.qlref b/csharp/ql/test/query-tests/Configuration/PasswordInConfigurationFile/EmptyPasswordInConfigurationFile.qlref index 75899b3d5f2e..9dae41964f3f 100644 --- a/csharp/ql/test/query-tests/Configuration/PasswordInConfigurationFile/EmptyPasswordInConfigurationFile.qlref +++ b/csharp/ql/test/query-tests/Configuration/PasswordInConfigurationFile/EmptyPasswordInConfigurationFile.qlref @@ -1,2 +1 @@ -query: Configuration/EmptyPasswordInConfigurationFile.ql -postprocess: utils/test/InlineExpectationsTestQuery.ql +Configuration/EmptyPasswordInConfigurationFile.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-011/ASPNetDebug.qlref b/csharp/ql/test/query-tests/Security Features/CWE-011/ASPNetDebug.qlref index f197b183e75e..d2677cdbe3d8 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-011/ASPNetDebug.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-011/ASPNetDebug.qlref @@ -1,2 +1 @@ -query: Security Features/CWE-011/ASPNetDebug.ql -postprocess: utils/test/InlineExpectationsTestQuery.ql +Security Features/CWE-011/ASPNetDebug.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-020/RuntimeChecksBypass.cs b/csharp/ql/test/query-tests/Security Features/CWE-020/RuntimeChecksBypass.cs index c43a6a4777f4..4be65381f5a0 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-020/RuntimeChecksBypass.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-020/RuntimeChecksBypass.cs @@ -17,7 +17,7 @@ public Test1(string v) [OnDeserializing] public void Deserialize() { - f = GetString(); // $ Alert // BAD, non-constant and non-object creation expr + f = GetString(); // $ Alert[cs/serialization-check-bypass] // BAD, non-constant and non-object creation expr } string GetString() { throw null; } @@ -123,7 +123,7 @@ public Test5(int age) [OnDeserializing] void ISerializable.GetObjectData(SerializationInfo info, StreamingContext context) { - Age = info.GetInt32("age"); // $ Alert // BAD + Age = info.GetInt32("age"); // $ Alert[cs/serialization-check-bypass] // BAD } } @@ -167,7 +167,7 @@ void ISerializable.GetObjectData(SerializationInfo info, StreamingContext contex int age = info.GetInt32("age"); if (false) throw new SerializationException("age"); - Age = age; // $ Alert // BAD + Age = age; // $ Alert[cs/serialization-check-bypass] // BAD } } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-020/RuntimeChecksBypassBad.cs b/csharp/ql/test/query-tests/Security Features/CWE-020/RuntimeChecksBypassBad.cs index 8777e35874a2..c41bbf776b10 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-020/RuntimeChecksBypassBad.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-020/RuntimeChecksBypassBad.cs @@ -16,6 +16,6 @@ public PersonBad(int age) [OnDeserializing] void ISerializable.GetObjectData(SerializationInfo info, StreamingContext context) { - Age = info.GetInt32("age"); // $ Alert // BAD - write is unsafe + Age = info.GetInt32("age"); // $ Alert[cs/serialization-check-bypass] // BAD - write is unsafe } } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.cs b/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.cs index a22efa5e25fa..2eec3f017685 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.cs @@ -9,12 +9,12 @@ public void ProcessRequest(HttpContext ctx) { String path = ctx.Request.QueryString["page"]; // $ Source[cs/path-injection]=r1 $ Source[cs/path-injection]=r2 $ Source[cs/path-injection]=r3 $ Source[cs/path-injection]=r4 $ Source[cs/path-injection]=r5 $ Source[cs/path-injection]=r6 $ Source[cs/path-injection]=r7 // BAD: Used via a File.Create... call. - using (StreamWriter sw = File.CreateText(path)) // $ Alert[cs/path-injection]=r1 + using (StreamWriter sw = File.CreateText(path)) // $ Alert[cs/path-injection]=r1 $ Alert[cs/path-injection]=r2 $ Alert[cs/path-injection]=r3 $ Alert[cs/path-injection]=r4 $ Alert[cs/path-injection]=r5 $ Alert[cs/path-injection]=r6 $ Alert[cs/path-injection]=r7 { sw.WriteLine("Hello"); } // BAD: Used via StreamWriter constructor - using (StreamWriter sw = new StreamWriter(path)) // $ Alert[cs/path-injection]=r2 + using (StreamWriter sw = new StreamWriter(path)) // $ Alert[cs/path-injection]=r1 $ Alert[cs/path-injection]=r2 $ Alert[cs/path-injection]=r3 $ Alert[cs/path-injection]=r4 $ Alert[cs/path-injection]=r5 $ Alert[cs/path-injection]=r6 $ Alert[cs/path-injection]=r7 { sw.WriteLine("Hello"); } @@ -22,20 +22,20 @@ public void ProcessRequest(HttpContext ctx) // BAD: Check is insufficient, text is read. if (!path.StartsWith("../")) { - File.ReadAllText(path); // $ Alert[cs/path-injection]=r3 + File.ReadAllText(path); // $ Alert[cs/path-injection]=r1 $ Alert[cs/path-injection]=r2 $ Alert[cs/path-injection]=r3 $ Alert[cs/path-injection]=r4 $ Alert[cs/path-injection]=r5 $ Alert[cs/path-injection]=r6 $ Alert[cs/path-injection]=r7 } // BAD: Check is insufficient, text is read. if (!string.IsNullOrEmpty(path)) { - File.ReadAllText(path); // $ Alert[cs/path-injection]=r4 + File.ReadAllText(path); // $ Alert[cs/path-injection]=r1 $ Alert[cs/path-injection]=r2 $ Alert[cs/path-injection]=r3 $ Alert[cs/path-injection]=r4 $ Alert[cs/path-injection]=r5 $ Alert[cs/path-injection]=r6 $ Alert[cs/path-injection]=r7 } // BAD: Check is insufficient, text is read. string badPath = "/home/user/" + path; - if (File.Exists(badPath)) // $ Alert[cs/path-injection]=r5 + if (File.Exists(badPath)) // $ Alert[cs/path-injection]=r1 $ Alert[cs/path-injection]=r2 $ Alert[cs/path-injection]=r3 $ Alert[cs/path-injection]=r4 $ Alert[cs/path-injection]=r5 $ Alert[cs/path-injection]=r6 $ Alert[cs/path-injection]=r7 { - ctx.Response.Write(File.ReadAllText(badPath)); // $ Alert[cs/path-injection]=r6 + ctx.Response.Write(File.ReadAllText(badPath)); // $ Alert[cs/path-injection]=r1 $ Alert[cs/path-injection]=r2 $ Alert[cs/path-injection]=r3 $ Alert[cs/path-injection]=r4 $ Alert[cs/path-injection]=r5 $ Alert[cs/path-injection]=r6 $ Alert[cs/path-injection]=r7 } // GOOD: Tainted path is passed through MapPath @@ -48,7 +48,7 @@ public void ProcessRequest(HttpContext ctx) File.ReadAllText(path); } - Directory.Exists(path); // $ Alert[cs/path-injection]=r7 + Directory.Exists(path); // $ Alert[cs/path-injection]=r1 $ Alert[cs/path-injection]=r2 $ Alert[cs/path-injection]=r3 $ Alert[cs/path-injection]=r4 $ Alert[cs/path-injection]=r5 $ Alert[cs/path-injection]=r6 $ Alert[cs/path-injection]=r7 // GOOD: A Guid. File.ReadAllText(new Guid(path).ToString()); diff --git a/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.cs b/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.cs index 189fb1a6eb6e..101917a6a3b3 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.cs @@ -28,15 +28,15 @@ public static void UnzipFileByFile(ZipArchive archive, // BAD string destFilePath = Path.Combine(destDirectory, fullPath); - entry.ExtractToFile(destFilePath, true); // $ Sink[cs/zipslip]=r1 + entry.ExtractToFile(destFilePath, true); // $ Sink[cs/zipslip]=r1 $ Sink[cs/zipslip]=r2 $ Sink[cs/zipslip]=r3 // BAD: destFilePath isn't fully resolved, so may still contain .. if (destFilePath.StartsWith(destDirectory)) - entry.ExtractToFile(destFilePath, true); // $ Sink[cs/zipslip]=r2 + entry.ExtractToFile(destFilePath, true); // $ Sink[cs/zipslip]=r2 $ Sink=r1 $ Sink=r3 // BAD destFilePath = Path.GetFullPath(Path.Combine(destDirectory, fullPath)); - entry.ExtractToFile(destFilePath, true); // $ Sink[cs/zipslip]=r3 + entry.ExtractToFile(destFilePath, true); // $ Sink[cs/zipslip]=r3 $ Sink=r1 $ Sink=r2 // GOOD: a check for StartsWith against a fully resolved path if (destFilePath.StartsWith(destDirectory)) @@ -65,21 +65,21 @@ private static int UnzipToStream(Stream zipStream, string installDir) using (Stream archiveFileStream = entry.Open()) { // BAD: writing to file stream - using (Stream tfsFileStream = new FileStream(destFilePath, FileMode.CreateNew, FileAccess.ReadWrite, FileShare.None)) // $ Sink[cs/zipslip]=r5 + using (Stream tfsFileStream = new FileStream(destFilePath, FileMode.CreateNew, FileAccess.ReadWrite, FileShare.None)) // $ Sink[cs/zipslip]=r5 $ Sink=r6 $ Sink=r7 $ Sink=r8 { Console.WriteLine(@"Writing ""{0}""", destFilePath); archiveFileStream.CopyTo(tfsFileStream); } // BAD: can do it this way too - using (Stream tfsFileStream = File.Create(destFilePath)) // $ Sink[cs/zipslip]=r6 + using (Stream tfsFileStream = File.Create(destFilePath)) // $ Sink[cs/zipslip]=r6 $ Sink=r5 $ Sink=r7 $ Sink=r8 { Console.WriteLine(@"Writing ""{0}""", destFilePath); archiveFileStream.CopyTo(tfsFileStream); } // BAD: creating stream using fileInfo - var fileInfo = new FileInfo(destFilePath); // $ Sink[cs/zipslip]=r7 + var fileInfo = new FileInfo(destFilePath); // $ Sink[cs/zipslip]=r7 $ Sink=r5 $ Sink=r6 $ Sink=r8 using (FileStream fs = fileInfo.OpenWrite()) { Console.WriteLine(@"Writing ""{0}""", destFilePath); @@ -87,7 +87,7 @@ private static int UnzipToStream(Stream zipStream, string installDir) } // BAD: creating stream using fileInfo - var fileInfo1 = new FileInfo(destFilePath); // $ Sink[cs/zipslip]=r8 + var fileInfo1 = new FileInfo(destFilePath); // $ Sink[cs/zipslip]=r8 $ Sink=r5 $ Sink=r6 $ Sink=r7 using (FileStream fs = fileInfo1.Open(FileMode.Create)) { Console.WriteLine(@"Writing ""{0}""", destFilePath); diff --git a/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.cs b/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.cs index 36ece73221e3..c240d4b5373f 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.cs @@ -25,15 +25,15 @@ public void WebCommandInjection() { // BAD: Reading from textbox, then using that in the arguments and file name string userInput = categoryTextBox.Text; // $ Source[cs/command-line-injection]=r1 $ Source[cs/command-line-injection]=r2 $ Source[cs/command-line-injection]=r3 $ Source[cs/command-line-injection]=r4 $ Source[cs/command-line-injection]=r5 $ Source[cs/command-line-injection]=r6 $ Source[cs/command-line-injection]=r7 - Process.Start("foo.exe" + userInput, "/c " + userInput); // $ Alert[cs/command-line-injection]=r1 $ Alert[cs/command-line-injection]=r2 + Process.Start("foo.exe" + userInput, "/c " + userInput); // $ Alert[cs/command-line-injection]=r1 $ Alert[cs/command-line-injection]=r2 $ Alert[cs/command-line-injection]=r3 $ Alert[cs/command-line-injection]=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7 - ProcessStartInfo startInfo = new ProcessStartInfo(userInput, userInput); // $ Alert[cs/command-line-injection]=r3 $ Alert[cs/command-line-injection]=r4 + ProcessStartInfo startInfo = new ProcessStartInfo(userInput, userInput); // $ Alert[cs/command-line-injection]=r3 $ Alert[cs/command-line-injection]=r4 $ Alert=r1 $ Alert=r2 $ Alert=r5 $ Alert=r6 $ Alert=r7 Process.Start(startInfo); ProcessStartInfo startInfoProps = new ProcessStartInfo(); - startInfoProps.FileName = userInput; // $ Alert[cs/command-line-injection]=r5 - startInfoProps.Arguments = userInput; // $ Alert[cs/command-line-injection]=r6 - startInfoProps.WorkingDirectory = userInput; // $ Alert[cs/command-line-injection]=r7 + startInfoProps.FileName = userInput; // $ Alert[cs/command-line-injection]=r5 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r6 $ Alert=r7 + startInfoProps.Arguments = userInput; // $ Alert[cs/command-line-injection]=r6 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r7 + startInfoProps.WorkingDirectory = userInput; // $ Alert[cs/command-line-injection]=r7 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 Process.Start(startInfoProps); } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.cs b/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.cs index 725d5bbe93c0..a28a79b1ea3a 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.cs @@ -12,22 +12,22 @@ public void ProcessRequest(HttpContext ctx) string userName = ctx.Request.QueryString["username"]; // $ Source[cs/ldap-injection]=r1 $ Source[cs/ldap-injection]=r2 $ Source[cs/ldap-injection]=r3 $ Source[cs/ldap-injection]=r4 $ Source[cs/ldap-injection]=r5 $ Source[cs/ldap-injection]=r6 // BAD: Filter includes user input without encoding - DirectorySearcher ds = new DirectorySearcher("accountname=" + userName); // $ Alert[cs/ldap-injection]=r1 + DirectorySearcher ds = new DirectorySearcher("accountname=" + userName); // $ Alert[cs/ldap-injection]=r1 $ Alert[cs/ldap-injection]=r2 $ Alert[cs/ldap-injection]=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 DirectorySearcher ds2 = new DirectorySearcher(); - ds.Filter = "accountname=" + userName; // $ Alert[cs/ldap-injection]=r2 + ds.Filter = "accountname=" + userName; // $ Alert[cs/ldap-injection]=r2 $ Alert=r1 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 // GOOD: Filter includes user input with encoding DirectorySearcher ds3 = new DirectorySearcher("accountname=" + LDAPEncode(userName)); // BAD: SearchRequest Filter includes user input without encoding SearchRequest sr = new SearchRequest(); - sr.Filter = "accountname=" + userName; // $ Alert[cs/ldap-injection]=r3 - SearchRequest sr2 = new SearchRequest(null, "accountname=" + userName, System.DirectoryServices.Protocols.SearchScope.Base, null); // $ Alert[cs/ldap-injection]=r4 + sr.Filter = "accountname=" + userName; // $ Alert[cs/ldap-injection]=r3 $ Alert=r1 $ Alert=r2 $ Alert=r4 $ Alert=r5 $ Alert=r6 + SearchRequest sr2 = new SearchRequest(null, "accountname=" + userName, System.DirectoryServices.Protocols.SearchScope.Base, null); // $ Alert[cs/ldap-injection]=r4 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r5 $ Alert=r6 // BAD: Distinguished Name includes user input without encoding - DirectoryEntry de = new DirectoryEntry("LDAP://Cn=" + userName); // $ Alert[cs/ldap-injection]=r5 + DirectoryEntry de = new DirectoryEntry("LDAP://Cn=" + userName); // $ Alert[cs/ldap-injection]=r5 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r6 DirectoryEntry de2 = new DirectoryEntry(); - de2.Path = "LDAP://Cn=" + userName; // $ Alert[cs/ldap-injection]=r6 + de2.Path = "LDAP://Cn=" + userName; // $ Alert[cs/ldap-injection]=r6 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 using (SqlConnection connection = new SqlConnection("")) { diff --git a/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.cs b/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.cs index a557ebf4c724..62f4a4fc9eca 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.cs @@ -26,7 +26,7 @@ public void ProcessRequest(HttpContext ctx) CompilerParameters cp = new CompilerParameters(); // BAD: Compiling unvalidated code from the user - CompilerResults cr = icc.CompileAssemblyFromSource(cp, code); // $ Alert[cs/code-injection]=r1 + CompilerResults cr = icc.CompileAssemblyFromSource(cp, code); // $ Alert[cs/code-injection]=r1 $ Alert[cs/code-injection]=r2 System.Reflection.Assembly a = cr.CompiledAssembly; object o = a.CreateInstance("MyNamespace.MyClass"); @@ -37,7 +37,7 @@ public void ProcessRequest(HttpContext ctx) object s = mi.Invoke(o, null); // BAD: Use the Roslyn APIs to dynamically evaluate C# - CSharpScript.EvaluateAsync(code); // $ Alert[cs/code-injection]=r2 + CSharpScript.EvaluateAsync(code); // $ Alert[cs/code-injection]=r1 $ Alert[cs/code-injection]=r2 } public bool IsReusable diff --git a/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.cs b/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.cs index dc7666744383..625716612bf9 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.cs @@ -8,9 +8,9 @@ public void ProcessRequest(HttpContext ctx) string userName = ctx.Request.QueryString["userName"]; // $ Source[cs/resource-injection]=r1 $ Source[cs/resource-injection]=r2 string connectionString = "server=(local);user id=" + userName + ";password= pass;"; // BAD: Direct use of user input in a connection string for the constructor - SqlConnection sqlConnection = new SqlConnection(connectionString); // $ Alert[cs/resource-injection]=r1 + SqlConnection sqlConnection = new SqlConnection(connectionString); // $ Alert[cs/resource-injection]=r1 $ Alert[cs/resource-injection]=r2 // BAD: Direct use of user input assigned to a connection string property - sqlConnection.ConnectionString = connectionString; // $ Alert[cs/resource-injection]=r2 + sqlConnection.ConnectionString = connectionString; // $ Alert[cs/resource-injection]=r1 $ Alert[cs/resource-injection]=r2 // GOOD: Use SqlConnectionStringBuilder SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder(); builder["Data Source"] = "(local)"; diff --git a/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.cs b/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.cs index 869b0731351f..2d603d0dd1eb 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.cs @@ -9,22 +9,22 @@ public class MissingXMLValidationHandler : IHttpHandler public void ProcessRequest(HttpContext ctx) { - String userProvidedXml = ctx.Request.QueryString["userProvidedXml"]; // $ Source[cs/xml/missing-validation]=r1 $ Source[cs/xml/missing-validation]=r2 $ Source[cs/xml/missing-validation]=r3 $ Source[cs/xml/missing-validation]=r4 $ Source[cs/xml/missing-validation]=r5 + String userProvidedXml = ctx.Request.QueryString["userProvidedXml"]; // $ Source=r1 $ Source=r2 $ Source=r3 $ Source=r4 $ Source=r5 // BAD: User provided XML is processed without any validation, // because there is no settings instance configured. - XmlReader.Create(new StringReader(userProvidedXml)); // $ Alert[cs/xml/missing-validation]=r1 + XmlReader.Create(new StringReader(userProvidedXml)); // $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 // BAD: User provided XML is processed without any validation, // because the settings instance does not specify the ValidationType XmlReaderSettings badSettings1 = new XmlReaderSettings(); - XmlReader.Create(new StringReader(userProvidedXml), badSettings1); // $ Alert[cs/xml/missing-validation]=r2 + XmlReader.Create(new StringReader(userProvidedXml), badSettings1); // $ Alert=r2 $ Alert=r1 $ Alert=r3 $ Alert=r4 $ Alert=r5 // BAD: User provided XML is processed without any validation, // because the settings instance specifies DTD as the ValidationType XmlReaderSettings badSettings2 = new XmlReaderSettings(); badSettings2.ValidationType = ValidationType.DTD; - XmlReader.Create(new StringReader(userProvidedXml), badSettings2); // $ Alert[cs/xml/missing-validation]=r3 + XmlReader.Create(new StringReader(userProvidedXml), badSettings2); // $ Alert=r3 $ Alert=r1 $ Alert=r2 $ Alert=r4 $ Alert=r5 // GOOD: User provided XML is processed with validation XmlReaderSettings goodSettings = new XmlReaderSettings(); @@ -42,7 +42,7 @@ public void ProcessRequest(HttpContext ctx) XmlSchemaSet sc2 = new XmlSchemaSet(); sc2.Add("urn:my-schema", "my.xsd"); goodSettings.Schemas = sc2; - XmlReader.Create(new StringReader(userProvidedXml), badSettings3); // $ Alert[cs/xml/missing-validation]=r4 $ Alert[cs/xml/missing-validation]=r5 + XmlReader.Create(new StringReader(userProvidedXml), badSettings3); // $ Alert=r4 $ Alert=r5 $ Alert=r1 $ Alert=r2 $ Alert=r3 } public bool IsReusable diff --git a/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.cs b/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.cs index 7173ab82f892..ed3946601325 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.cs @@ -11,26 +11,26 @@ public void ProcessRequest(HttpContext ctx) try { var password = "123456"; - ctx.Response.Write(password); // $ Alert[cs/sensitive-data-transmission]=r1 $ Alert[cs/sensitive-data-transmission]=r1 // BAD + ctx.Response.Write(password); // $ Alert=r1 $ Alert=r1 // BAD } catch (System.Data.SqlClient.SqlException ex) { - ctx.Response.Write(ex.ToString()); // $ Alert[cs/sensitive-data-transmission]=r2 $ Alert[cs/sensitive-data-transmission]=r2 // BAD + ctx.Response.Write(ex.ToString()); // $ Alert=r2 $ Alert=r2 // BAD } catch (DbException ex) { - ctx.Response.Write(ex.Message); // $ Alert[cs/sensitive-data-transmission]=r3 $ Alert[cs/sensitive-data-transmission]=r3 // BAD - ctx.Response.Write(ex.ToString()); // $ Alert[cs/sensitive-data-transmission]=r4 $ Alert[cs/sensitive-data-transmission]=r4 // BAD - ctx.Response.Write(ex.Data["password"]); // $ Alert[cs/sensitive-data-transmission]=r5 $ Alert[cs/sensitive-data-transmission]=r5 // BAD + ctx.Response.Write(ex.Message); // $ Alert=r3 $ Alert=r3 // BAD + ctx.Response.Write(ex.ToString()); // $ Alert=r4 $ Alert=r4 // BAD + ctx.Response.Write(ex.Data["password"]); // $ Alert=r5 $ Alert=r5 // BAD } } void SendPasswordToEmail() { - var p = GetField("password"); // p is now tainted // $ Source[cs/sensitive-data-transmission]=r6 $ Source[cs/sensitive-data-transmission]=r7 $ Source[cs/sensitive-data-transmission]=r8 $ Source[cs/sensitive-data-transmission]=r9 - var message = new MailMessage("from", "to", p, p); // $ Alert[cs/sensitive-data-transmission]=r6 $ Alert[cs/sensitive-data-transmission]=r7 // BAD - message.Body = "This is your password: " + p; // $ Alert[cs/sensitive-data-transmission]=r8 // BAD - message.Subject = p; // $ Alert[cs/sensitive-data-transmission]=r9 // BAD + var p = GetField("password"); // $ Source=r6 $ Source=r7 $ Source=r8 $ Source=r9 // p is now tainted + var message = new MailMessage("from", "to", p, p); // $ Alert=r6 $ Alert=r7 $ Alert=r8 $ Alert=r9 // BAD + message.Body = "This is your password: " + p; // $ Alert=r6 $ Alert=r7 $ Alert=r8 $ Alert=r9 // BAD + message.Subject = p; // $ Alert=r6 $ Alert=r7 $ Alert=r8 $ Alert=r9 // BAD } string GetField(string field) diff --git a/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOff/MissingASPNETGlobalErrorHandler.qlref b/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOff/MissingASPNETGlobalErrorHandler.qlref index 521ec9079e0e..97a2476b6825 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOff/MissingASPNETGlobalErrorHandler.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOff/MissingASPNETGlobalErrorHandler.qlref @@ -1,2 +1 @@ -query: Security Features/CWE-248/MissingASPNETGlobalErrorHandler.ql -postprocess: utils/test/InlineExpectationsTestQuery.ql +Security Features/CWE-248/MissingASPNETGlobalErrorHandler.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.cs b/csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.cs index ff8600b85a81..b915be65b9ab 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.cs @@ -14,21 +14,21 @@ static void Main(string[] args) var a = new AesCryptoServiceProvider(); // BAD: explicit key assignment, hard-coded value - a.Key = new byte[] { 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00 }; // $ Alert[cs/hardcoded-key]=r1 $ Alert[cs/hardcoded-key]=r1 + a.Key = new byte[] { 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00 }; // $ Alert=r1 $ Alert=r1 var b = new AesCryptoServiceProvider() { // BAD: explicit key assignment, hard-coded value - Key = new byte[] { 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00 } // $ Alert[cs/hardcoded-key]=r2 $ Alert[cs/hardcoded-key]=r2 + Key = new byte[] { 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00 } // $ Alert=r2 $ Alert=r2 }; - var c = new byte[] { 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00 }; // $ Source[cs/hardcoded-key]=r3 $ Source[cs/hardcoded-key]=r4 $ Source[cs/hardcoded-key]=r5 $ Source[cs/hardcoded-key]=r6 + var c = new byte[] { 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00 }; // $ Source=r3 $ Source=r4 $ Source=r5 $ Source=r6 var d = c; - var byteArrayFromString = Encoding.UTF8.GetBytes("Hello, world: here is a very bad way to create a key"); // $ Source[cs/hardcoded-key]=r7 + var byteArrayFromString = Encoding.UTF8.GetBytes("Hello, world: here is a very bad way to create a key"); // $ Source=r7 // BAD: key assignment via variable, from hard-coded value - a.Key = d; // $ Alert[cs/hardcoded-key]=r3 + a.Key = d; // $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 // GOOD (not really, but better than hard coding) a.Key = File.ReadAllBytes("secret.key"); @@ -65,7 +65,7 @@ public static string Decrypt(byte[] cipherText, byte[] password, byte[] IV) { using (MemoryStream ms = new MemoryStream()) { - using (CryptoStream cs = new CryptoStream(ms, aes.CreateDecryptor(password, IV), CryptoStreamMode.Write)) // $ Alert[cs/hardcoded-key]=r4 + using (CryptoStream cs = new CryptoStream(ms, aes.CreateDecryptor(password, IV), CryptoStreamMode.Write)) // $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 { cs.Write(cipherText, 0, cipherText.Length); } @@ -105,7 +105,7 @@ static SymmetricAlgorithm CreateProvider(byte[] key) return new AesManaged() { // BAD: assignment from parameter - Key = key // $ Alert[cs/hardcoded-key]=r5 + Key = key // $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 }; } @@ -118,7 +118,7 @@ public static byte[] Encrypt(string plaintext, byte[] key, byte[] IV) using (MemoryStream ms = new MemoryStream()) { // BAD: flow of hardcoded key to CreateEncryptor constructor - using (CryptoStream cs = new CryptoStream(ms, aes.CreateEncryptor(key, IV), CryptoStreamMode.Write)) // $ Alert[cs/hardcoded-key]=r6 $ Alert[cs/hardcoded-key]=r7 + using (CryptoStream cs = new CryptoStream(ms, aes.CreateEncryptor(key, IV), CryptoStreamMode.Write)) // $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7 { cs.Write(rawPlaintext, 0, rawPlaintext.Length); } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/NoHeader/MissingXFrameOptions.qlref b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/NoHeader/MissingXFrameOptions.qlref index d0d38c4b0117..b8a963200e57 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/NoHeader/MissingXFrameOptions.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/NoHeader/MissingXFrameOptions.qlref @@ -1,2 +1 @@ -query: Security Features/CWE-451/MissingXFrameOptions.ql -postprocess: utils/test/InlineExpectationsTestQuery.ql +Security Features/CWE-451/MissingXFrameOptions.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-548/ASPNetDirectoryListing.qlref b/csharp/ql/test/query-tests/Security Features/CWE-548/ASPNetDirectoryListing.qlref index c792e1fcbe42..a2a7dbb9fbc9 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-548/ASPNetDirectoryListing.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-548/ASPNetDirectoryListing.qlref @@ -1,2 +1 @@ -query: Security Features/CWE-548/ASPNetDirectoryListing.ql -postprocess: utils/test/InlineExpectationsTestQuery.ql +Security Features/CWE-548/ASPNetDirectoryListing.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.cs b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.cs index 673502b960e1..e92b0379f4a2 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.cs @@ -45,7 +45,7 @@ public void ProcessRequest(HttpContext ctx) ctx.Response.Redirect("foo.asp?param=" + url); // BAD: Using Transfer with unvalidated user input - ctx.Server.Transfer(url); // $ Alert[cs/web/unvalidated-url-redirection]=r5 + ctx.Server.Transfer(url); // $ Alert[cs/web/unvalidated-url-redirection]=r5 $ Alert[cs/web/unvalidated-url-redirection]=r6 $ Alert[cs/web/unvalidated-url-redirection]=r7 $ Alert=r8 // GOOD: request parameter is URL encoded ctx.Response.Redirect(HttpUtility.UrlEncode(ctx.Request.QueryString["page"])); @@ -61,19 +61,19 @@ public void ProcessRequest(HttpContext ctx) ctx.Response.Redirect($"foo.asp?param={url}"); // BAD: The attacker can control the location - ctx.Response.Redirect($"{url}.asp?param=foo"); // $ Alert[cs/web/unvalidated-url-redirection]=r6 + ctx.Response.Redirect($"{url}.asp?param=foo"); // $ Alert[cs/web/unvalidated-url-redirection]=r6 $ Alert=r5 $ Alert=r7 $ Alert=r8 // GOOD: The attacker can only control the parameters, not the location ctx.Response.Redirect(string.Format("foo.asp?param={0}", url)); // BAD: The attacker can control the location - ctx.Response.Redirect(string.Format("{0}.asp?param=foo", url)); // $ Alert[cs/web/unvalidated-url-redirection]=r7 + ctx.Response.Redirect(string.Format("{0}.asp?param=foo", url)); // $ Alert[cs/web/unvalidated-url-redirection]=r7 $ Alert=r5 $ Alert=r6 $ Alert=r8 // GOOD: The attacker can only control the parameters, not the location ctx.Response.Redirect(string.Format("foo.asp?{1}param={0}", url, url)); // BAD: The attacker can control the location - ctx.Response.Redirect(string.Format("{1}.asp?{0}param=foo", url, url)); // $ Alert[cs/web/unvalidated-url-redirection]=r8 + ctx.Response.Redirect(string.Format("{1}.asp?{0}param=foo", url, url)); // $ Alert[cs/web/unvalidated-url-redirection]=r8 $ Alert=r5 $ Alert=r6 $ Alert=r7 } // Implementation as recommended by Microsoft. diff --git a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirectCore.cs b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirectCore.cs index b147be0fe32a..8d1344bad618 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirectCore.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirectCore.cs @@ -13,31 +13,31 @@ public class SomeController : ControllerBase public void Post([FromBody] string value) // $ Source[cs/web/unvalidated-url-redirection]=r9 $ Source[cs/web/unvalidated-url-redirection]=r10 $ Source[cs/web/unvalidated-url-redirection]=r11 $ Source[cs/web/unvalidated-url-redirection]=r12 $ Source[cs/web/unvalidated-url-redirection]=r13 $ Source[cs/web/unvalidated-url-redirection]=r14 $ Source[cs/web/unvalidated-url-redirection]=r15 { // BAD: straight up controller redirect - Redirect(value); // $ Alert[cs/web/unvalidated-url-redirection]=r9 + Redirect(value); // $ Alert[cs/web/unvalidated-url-redirection]=r9 $ Alert=r10 $ Alert=r11 $ Alert=r12 $ Alert=r13 $ Alert=r14 $ Alert=r15 // BAD: Setting response headers collection, location = redirect - Response.Headers["location"] = value; // $ Alert[cs/web/unvalidated-url-redirection]=r10 + Response.Headers["location"] = value; // $ Alert[cs/web/unvalidated-url-redirection]=r10 $ Alert=r11 $ Alert=r12 $ Alert=r13 $ Alert=r14 $ Alert=r15 $ Alert=r9 // GOOD: Setting response header to a constant value Response.Headers["location"] = SomeValue; // BAD: Setting response headers collection, location = redirect via add method - Response.Headers.Add("location", value); // $ Alert[cs/web/unvalidated-url-redirection]=r11 + Response.Headers.Add("location", value); // $ Alert[cs/web/unvalidated-url-redirection]=r11 $ Alert=r10 $ Alert=r12 $ Alert=r13 $ Alert=r14 $ Alert=r15 $ Alert=r9 // GOOD: Setting response header to a constant value Response.Headers.Add("location", "foo"); // BAD: redirect via location - Response.Headers.SetCommaSeparatedValues("location", value); // $ Alert[cs/web/unvalidated-url-redirection]=r12 + Response.Headers.SetCommaSeparatedValues("location", value); // $ Alert[cs/web/unvalidated-url-redirection]=r12 $ Alert=r10 $ Alert=r11 $ Alert=r13 $ Alert=r14 $ Alert=r15 $ Alert=r9 // BAD = redirect via setting location value from tainted source - Response.Headers.Append("location", value); // $ Alert[cs/web/unvalidated-url-redirection]=r13 + Response.Headers.Append("location", value); // $ Alert[cs/web/unvalidated-url-redirection]=r13 $ Alert=r10 $ Alert=r11 $ Alert=r12 $ Alert=r14 $ Alert=r15 $ Alert=r9 // BAD: redirect via setting location header from comma-separated values - Response.Headers.AppendCommaSeparatedValues("location", value); // $ Alert[cs/web/unvalidated-url-redirection]=r14 + Response.Headers.AppendCommaSeparatedValues("location", value); // $ Alert[cs/web/unvalidated-url-redirection]=r14 $ Alert=r10 $ Alert=r11 $ Alert=r12 $ Alert=r13 $ Alert=r15 $ Alert=r9 // BAD: tainted redirect to Action - RedirectToActionPermanent("Error" + value); // $ Alert[cs/web/unvalidated-url-redirection]=r15 + RedirectToActionPermanent("Error" + value); // $ Alert[cs/web/unvalidated-url-redirection]=r15 $ Alert=r10 $ Alert=r11 $ Alert=r12 $ Alert=r13 $ Alert=r14 $ Alert=r9 } // PUT: api/Some/5 @@ -45,15 +45,15 @@ public void Post([FromBody] string value) // $ Source[cs/web/unvalidated-url-red public void Put(int id, [FromBody] string value) // $ Source[cs/web/unvalidated-url-redirection]=r16 $ Source[cs/web/unvalidated-url-redirection]=r17 $ Source[cs/web/unvalidated-url-redirection]=r18 { - RedirectToPage(value); // $ Alert[cs/web/unvalidated-url-redirection]=r16 + RedirectToPage(value); // $ Alert[cs/web/unvalidated-url-redirection]=r16 $ Alert=r17 $ Alert=r18 var headers = new ResponseHeaders(Response.Headers); // BAD: redirect via header helper class - headers.Location = new Uri(value); // $ Alert[cs/web/unvalidated-url-redirection]=r17 + headers.Location = new Uri(value); // $ Alert[cs/web/unvalidated-url-redirection]=r17 $ Alert=r16 $ Alert=r18 // BAD: response redirect - Response.Redirect(value); // $ Alert[cs/web/unvalidated-url-redirection]=r18 + Response.Redirect(value); // $ Alert[cs/web/unvalidated-url-redirection]=r18 $ Alert=r16 $ Alert=r17 // GOOD: whitelisted redirect if(Url.IsLocalUrl(value)) diff --git a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/HttpCookiesCorrect/RequireSSL.qlref b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/HttpCookiesCorrect/RequireSSL.qlref index 1a762e07498e..d7b72732abca 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/HttpCookiesCorrect/RequireSSL.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/HttpCookiesCorrect/RequireSSL.qlref @@ -1,2 +1 @@ -query: Security Features/CWE-614/RequireSSL.ql -postprocess: utils/test/InlineExpectationsTestQuery.ql +Security Features/CWE-614/RequireSSL.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/RequireSSLMissing/RequireSSL.qlref b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/RequireSSLMissing/RequireSSL.qlref index 1a762e07498e..d7b72732abca 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/RequireSSLMissing/RequireSSL.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/RequireSSLMissing/RequireSSL.qlref @@ -1,2 +1 @@ -query: Security Features/CWE-614/RequireSSL.ql -postprocess: utils/test/InlineExpectationsTestQuery.ql +Security Features/CWE-614/RequireSSL.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.cs b/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.cs index 4ce6e1268a72..e93d847211a8 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.cs @@ -14,10 +14,10 @@ public void ProcessRequest(HttpContext ctx) var s = "//users/user[login/text()='" + userName + "' and password/text() = '" + password + "']/home_dir/text()"; // BAD: User input used directly in an XPath expression - XPathExpression.Compile(s); // $ Alert[cs/xml/xpath-injection]=r1 $ Alert[cs/xml/xpath-injection]=r2 + XPathExpression.Compile(s); // $ Alert[cs/xml/xpath-injection]=r1 $ Alert[cs/xml/xpath-injection]=r2 $ Alert[cs/xml/xpath-injection]=r3 $ Alert[cs/xml/xpath-injection]=r4 $ Alert[cs/xml/xpath-injection]=r5 $ Alert[cs/xml/xpath-injection]=r6 $ Alert[cs/xml/xpath-injection]=r7 $ Alert[cs/xml/xpath-injection]=r8 $ Alert[cs/xml/xpath-injection]=r9 $ Alert[cs/xml/xpath-injection]=r10 $ Alert[cs/xml/xpath-injection]=r11 $ Alert[cs/xml/xpath-injection]=r12 $ Alert[cs/xml/xpath-injection]=r13 $ Alert[cs/xml/xpath-injection]=r14 XmlNode xmlNode = null; // BAD: User input used directly in an XPath expression to SelectNodes - xmlNode.SelectNodes(s); // $ Alert[cs/xml/xpath-injection]=r3 $ Alert[cs/xml/xpath-injection]=r4 + xmlNode.SelectNodes(s); // $ Alert[cs/xml/xpath-injection]=r1 $ Alert[cs/xml/xpath-injection]=r2 $ Alert[cs/xml/xpath-injection]=r3 $ Alert[cs/xml/xpath-injection]=r4 $ Alert[cs/xml/xpath-injection]=r5 $ Alert[cs/xml/xpath-injection]=r6 $ Alert[cs/xml/xpath-injection]=r7 $ Alert[cs/xml/xpath-injection]=r8 $ Alert[cs/xml/xpath-injection]=r9 $ Alert[cs/xml/xpath-injection]=r10 $ Alert[cs/xml/xpath-injection]=r11 $ Alert[cs/xml/xpath-injection]=r12 $ Alert[cs/xml/xpath-injection]=r13 $ Alert[cs/xml/xpath-injection]=r14 // GOOD: Uses parameters to avoid including user input directly in XPath expression var expr = XPathExpression.Compile("//users/user[login/text()=$username]/home_dir/text()"); @@ -26,31 +26,31 @@ public void ProcessRequest(HttpContext ctx) var nav = doc.CreateNavigator(); // BAD - nav.Select(s); // $ Alert[cs/xml/xpath-injection]=r5 $ Alert[cs/xml/xpath-injection]=r6 + nav.Select(s); // $ Alert[cs/xml/xpath-injection]=r1 $ Alert[cs/xml/xpath-injection]=r2 $ Alert[cs/xml/xpath-injection]=r3 $ Alert[cs/xml/xpath-injection]=r4 $ Alert[cs/xml/xpath-injection]=r5 $ Alert[cs/xml/xpath-injection]=r6 $ Alert[cs/xml/xpath-injection]=r7 $ Alert[cs/xml/xpath-injection]=r8 $ Alert[cs/xml/xpath-injection]=r9 $ Alert[cs/xml/xpath-injection]=r10 $ Alert[cs/xml/xpath-injection]=r11 $ Alert[cs/xml/xpath-injection]=r12 $ Alert[cs/xml/xpath-injection]=r13 $ Alert[cs/xml/xpath-injection]=r14 // GOOD nav.Select(expr); // BAD - nav.SelectSingleNode(s); // $ Alert[cs/xml/xpath-injection]=r7 $ Alert[cs/xml/xpath-injection]=r8 + nav.SelectSingleNode(s); // $ Alert[cs/xml/xpath-injection]=r1 $ Alert[cs/xml/xpath-injection]=r2 $ Alert[cs/xml/xpath-injection]=r3 $ Alert[cs/xml/xpath-injection]=r4 $ Alert[cs/xml/xpath-injection]=r5 $ Alert[cs/xml/xpath-injection]=r6 $ Alert[cs/xml/xpath-injection]=r7 $ Alert[cs/xml/xpath-injection]=r8 $ Alert[cs/xml/xpath-injection]=r9 $ Alert[cs/xml/xpath-injection]=r10 $ Alert[cs/xml/xpath-injection]=r11 $ Alert[cs/xml/xpath-injection]=r12 $ Alert[cs/xml/xpath-injection]=r13 $ Alert[cs/xml/xpath-injection]=r14 // GOOD nav.SelectSingleNode(expr); // BAD - nav.Compile(s); // $ Alert[cs/xml/xpath-injection]=r9 $ Alert[cs/xml/xpath-injection]=r10 + nav.Compile(s); // $ Alert[cs/xml/xpath-injection]=r1 $ Alert[cs/xml/xpath-injection]=r2 $ Alert[cs/xml/xpath-injection]=r3 $ Alert[cs/xml/xpath-injection]=r4 $ Alert[cs/xml/xpath-injection]=r5 $ Alert[cs/xml/xpath-injection]=r6 $ Alert[cs/xml/xpath-injection]=r7 $ Alert[cs/xml/xpath-injection]=r8 $ Alert[cs/xml/xpath-injection]=r9 $ Alert[cs/xml/xpath-injection]=r10 $ Alert[cs/xml/xpath-injection]=r11 $ Alert[cs/xml/xpath-injection]=r12 $ Alert[cs/xml/xpath-injection]=r13 $ Alert[cs/xml/xpath-injection]=r14 // GOOD nav.Compile("//users/user[login/text()=$username]/home_dir/text()"); // BAD - nav.Evaluate(s); // $ Alert[cs/xml/xpath-injection]=r11 $ Alert[cs/xml/xpath-injection]=r12 + nav.Evaluate(s); // $ Alert[cs/xml/xpath-injection]=r1 $ Alert[cs/xml/xpath-injection]=r2 $ Alert[cs/xml/xpath-injection]=r3 $ Alert[cs/xml/xpath-injection]=r4 $ Alert[cs/xml/xpath-injection]=r5 $ Alert[cs/xml/xpath-injection]=r6 $ Alert[cs/xml/xpath-injection]=r7 $ Alert[cs/xml/xpath-injection]=r8 $ Alert[cs/xml/xpath-injection]=r9 $ Alert[cs/xml/xpath-injection]=r10 $ Alert[cs/xml/xpath-injection]=r11 $ Alert[cs/xml/xpath-injection]=r12 $ Alert[cs/xml/xpath-injection]=r13 $ Alert[cs/xml/xpath-injection]=r14 // Good nav.Evaluate(expr); // BAD - nav.Matches(s); // $ Alert[cs/xml/xpath-injection]=r13 $ Alert[cs/xml/xpath-injection]=r14 + nav.Matches(s); // $ Alert[cs/xml/xpath-injection]=r1 $ Alert[cs/xml/xpath-injection]=r2 $ Alert[cs/xml/xpath-injection]=r3 $ Alert[cs/xml/xpath-injection]=r4 $ Alert[cs/xml/xpath-injection]=r5 $ Alert[cs/xml/xpath-injection]=r6 $ Alert[cs/xml/xpath-injection]=r7 $ Alert[cs/xml/xpath-injection]=r8 $ Alert[cs/xml/xpath-injection]=r9 $ Alert[cs/xml/xpath-injection]=r10 $ Alert[cs/xml/xpath-injection]=r11 $ Alert[cs/xml/xpath-injection]=r12 $ Alert[cs/xml/xpath-injection]=r13 $ Alert[cs/xml/xpath-injection]=r14 // GOOD nav.Matches(expr); @@ -78,10 +78,10 @@ public void ProcessStoredRequest() string userName = customerReader.GetString(1); string password = customerReader.GetString(2); // BAD: User input used directly in an XPath expression - XPathExpression.Compile("//users/user[login/text()='" + userName + "' and password/text() = '" + password + "']/home_dir/text()"); // $ Alert[cs/xml/xpath-injection]=r15 + XPathExpression.Compile("//users/user[login/text()='" + userName + "' and password/text() = '" + password + "']/home_dir/text()"); // $ Alert[cs/xml/xpath-injection]=r15 $ Alert=r16 XmlNode xmlNode = null; // BAD: User input used directly in an XPath expression to SelectNodes - xmlNode.SelectNodes("//users/user[login/text()='" + userName + "' and password/text() = '" + password + "']/home_dir/text()"); // $ Alert[cs/xml/xpath-injection]=r16 + xmlNode.SelectNodes("//users/user[login/text()='" + userName + "' and password/text() = '" + password + "']/home_dir/text()"); // $ Alert[cs/xml/xpath-injection]=r16 $ Alert=r15 // GOOD: Uses parameters to avoid including user input directly in XPath expression XPathExpression.Compile("//users/user[login/text()=$username]/home_dir/text()"); diff --git a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ExponentialRegex.cs b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ExponentialRegex.cs index 30d706fb7f17..dd021a8da7a2 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ExponentialRegex.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ExponentialRegex.cs @@ -12,16 +12,16 @@ public void ProcessRequest(HttpContext ctx) // BAD: // Artificial regexes - new Regex("^([a-z]+)+$").Match(userInput); // $ Alert[cs/redos]=r1 - new Regex("^([a-z]*)*$").Replace(userInput, ""); // $ Alert[cs/redos]=r2 + new Regex("^([a-z]+)+$").Match(userInput); // $ Alert[cs/redos]=r1 $ Alert[cs/redos]=r2 $ Alert[cs/redos]=r3 $ Alert=r4 $ Alert=r5 + new Regex("^([a-z]*)*$").Replace(userInput, ""); // $ Alert[cs/redos]=r2 $ Alert=r1 $ Alert=r3 $ Alert=r4 $ Alert=r5 // Known exponential blowup regex for e-mail address validation // Problematic part is: ([a-zA-Z0-9]+))* - new Regex("^([a-zA-Z0-9])(([\\-.]|[_]+)?([a-zA-Z0-9]+))*(@){1}[a-z0-9]+[.]{1}(([a-z]{2,3})|([a-z]{2,3}[.]{1}[a-z]{2,3}))$").Match(userInput); // $ Alert[cs/redos]=r3 + new Regex("^([a-zA-Z0-9])(([\\-.]|[_]+)?([a-zA-Z0-9]+))*(@){1}[a-z0-9]+[.]{1}(([a-z]{2,3})|([a-z]{2,3}[.]{1}[a-z]{2,3}))$").Match(userInput); // $ Alert[cs/redos]=r3 $ Alert=r1 $ Alert=r2 $ Alert=r4 $ Alert=r5 // Known exponential blowup regex for Java class name validation // Problematic part is: (([a-z])+.)+ - new Regex(JAVA_CLASS_REGEX).Match(userInput); // $ Alert[cs/redos]=r4 + new Regex(JAVA_CLASS_REGEX).Match(userInput); // $ Alert[cs/redos]=r4 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r5 // Static use - Regex.Match(userInput, JAVA_CLASS_REGEX); // $ Alert[cs/redos]=r5 + Regex.Match(userInput, JAVA_CLASS_REGEX); // $ Alert[cs/redos]=r5 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 // GOOD: new Regex("^(([a-b]+[c-z]+)+$").Match(userInput); new Regex("^([a-z]+)+$", RegexOptions.IgnoreCase, TimeSpan.FromSeconds(1)).Match(userInput); diff --git a/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.cs b/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.cs index 40b3806f71f2..37ba383da09a 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.cs @@ -19,12 +19,12 @@ public void ProcessRequest(HttpContext ctx) HttpCookie adminCookie = ctx.Request.Cookies["adminCookie"]; // $ Source[cs/user-controlled-bypass]=r2 $ Source[cs/user-controlled-bypass]=r3 $ Source[cs/user-controlled-bypass]=r4 // BAD: login is only executed if the cookie value is false, but the cookie // is controlled by the user - if (adminCookie.Value.Equals("false")) // $ Alert[cs/user-controlled-bypass]=r2 + if (adminCookie.Value.Equals("false")) // $ Alert[cs/user-controlled-bypass]=r2 $ Alert[cs/user-controlled-bypass]=r3 $ Alert[cs/user-controlled-bypass]=r4 login(user, password); // FALSE POSITIVES: both methods are conditionally executed, but they probably // both perform the security-critical action - if (adminCookie.Value == "false") // $ Alert[cs/user-controlled-bypass]=r3 $ Alert[cs/user-controlled-bypass]=r4 + if (adminCookie.Value == "false") // $ Alert[cs/user-controlled-bypass]=r3 $ Alert[cs/user-controlled-bypass]=r4 $ Alert=r2 { login(user, password); } @@ -41,12 +41,12 @@ public void ProcessRequest(HttpContext ctx) IPAddress hostIPAddress = IPAddress.Parse("1.2.3.4"); IPHostEntry hostInfo = Dns.GetHostByAddress(hostIPAddress); // $ Source[cs/user-controlled-bypass]=r5 $ Source[cs/user-controlled-bypass]=r6 // Exact comparison - if (hostInfo.HostName == "trustme.com") // $ Alert[cs/user-controlled-bypass]=r5 + if (hostInfo.HostName == "trustme.com") // $ Alert[cs/user-controlled-bypass]=r5 $ Alert=r6 { login(user, password); } // Substring comparison - if (hostInfo.HostName.EndsWith("trustme.com")) // $ Alert[cs/user-controlled-bypass]=r6 + if (hostInfo.HostName.EndsWith("trustme.com")) // $ Alert[cs/user-controlled-bypass]=r6 $ Alert=r5 { login(user, password); } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.cs b/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.cs index 5a9bfd554965..1b432e41c112 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.cs @@ -32,9 +32,9 @@ public void Html(string value, Label label, System.Windows.Forms.HtmlElement htm label.Text = HttpUtility.UrlEncode(value); // $ Alert[cs/inappropriate-encoding]=r5 $ Alert[cs/inappropriate-encoding]=r5 label.Text = HttpUtility.UrlEncode(HttpUtility.HtmlEncode(value)); // $ Alert[cs/inappropriate-encoding]=r6 $ Alert[cs/inappropriate-encoding]=r6 var encodedValue = HttpUtility.UrlEncode(value); // $ Source[cs/inappropriate-encoding]=r7 $ Source[cs/inappropriate-encoding]=r8 $ Source[cs/inappropriate-encoding]=r9 - html.SetAttribute("a", encodedValue); // $ Alert[cs/inappropriate-encoding]=r7 - label.Text = ""; // $ Alert[cs/inappropriate-encoding]=r8 - label.Text = string.Format("", encodedValue); // $ Alert[cs/inappropriate-encoding]=r9 + html.SetAttribute("a", encodedValue); // $ Alert[cs/inappropriate-encoding]=r7 $ Alert[cs/inappropriate-encoding]=r8 $ Alert[cs/inappropriate-encoding]=r9 + label.Text = ""; // $ Alert[cs/inappropriate-encoding]=r8 $ Alert=r7 $ Alert=r9 + label.Text = string.Format("", encodedValue); // $ Alert[cs/inappropriate-encoding]=r9 $ Alert=r7 $ Alert=r8 // GOOD label.Text = HttpUtility.HtmlEncode(value); From 7f96e410def301bee9818a016d2b18870d94a470 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Sun, 5 Jul 2026 14:08:37 +0100 Subject: [PATCH 3/4] Maybe revert? --- .../ASPNetMaxRequestLength.expected | 3 + .../ASPNetPagesValidateRequest.expected | 3 + .../ASPNetRequestValidationMode.expected | 3 + .../CWE-079/XSSAsp/AspInline.expected | 4 +- .../Security Features/CWE-079/XSSAsp/XSS.cs | 10 +-- .../CWE-079/XSSAsp/XSS.expected | 16 ++-- .../CWE-079/XSSAsp/script.aspx | 9 +- .../CWE-079/XSSRazorPages/XSS.expected | 83 ++++++++++++++----- git_status | 48 +++++++++++ 9 files changed, 142 insertions(+), 37 deletions(-) create mode 100644 git_status diff --git a/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetMaxRequestLength/ASPNetMaxRequestLength.expected b/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetMaxRequestLength/ASPNetMaxRequestLength.expected index 1feab65d0eef..b4f7337ef00d 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetMaxRequestLength/ASPNetMaxRequestLength.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetMaxRequestLength/ASPNetMaxRequestLength.expected @@ -1 +1,4 @@ +#select | bad/Web.config:4:5:4:46 | maxRequestLength=262144 | Large 'maxRequestLength' value (262144 KB). | +testFailures +| bad/Web.config:4:5:4:46 | Large 'maxRequestLength' value (262144 KB). | Unexpected result: Alert | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetPagesValidateRequest/ASPNetPagesValidateRequest.expected b/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetPagesValidateRequest/ASPNetPagesValidateRequest.expected index f885b13009ae..1e94c4a21ee1 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetPagesValidateRequest/ASPNetPagesValidateRequest.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetPagesValidateRequest/ASPNetPagesValidateRequest.expected @@ -1 +1,4 @@ +#select | ASPNetPagesValidateRequestBad.config:3:5:3:38 | validateRequest=false | The 'validateRequest' attribute is set to 'false'. | +testFailures +| ASPNetPagesValidateRequestBad.config:3:5:3:38 | The 'validateRequest' attribute is set to 'false'. | Unexpected result: Alert | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetRequestValidationMode/ASPNetRequestValidationMode.expected b/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetRequestValidationMode/ASPNetRequestValidationMode.expected index 3309db50b8d0..dda1768eafcf 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetRequestValidationMode/ASPNetRequestValidationMode.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetRequestValidationMode/ASPNetRequestValidationMode.expected @@ -1 +1,4 @@ +#select | ASPNetRequestValidationModeBad.config:3:5:3:47 | requestValidationMode=4.0 | Insecure value for requestValidationMode (4.0). | +testFailures +| ASPNetRequestValidationModeBad.config:3:5:3:47 | Insecure value for requestValidationMode (4.0). | Unexpected result: Alert | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/AspInline.expected b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/AspInline.expected index 08f9aded5531..9a6392197c56 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/AspInline.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/AspInline.expected @@ -1,5 +1,5 @@ | script.aspx:4:1:4:23 | <%= ... %> | XSS.cs:120:16:120:29 | someJavascript | | script.aspx:8:1:8:12 | <%= ... %> | XSS.cs:127:24:127:28 | Field | | script.aspx:12:1:12:14 | <%= ... %> | | Request | -| script.aspx:16:1:16:34 | <%= ... %> | | QueryString | -| script.aspx:20:1:20:41 | <%= ... %> | | QueryString | +| script.aspx:17:1:17:34 | <%= ... %> | | QueryString | +| script.aspx:22:1:22:41 | <%= ... %> | | QueryString | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.cs b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.cs index 6db6b4fc4b68..7e25c7306ebd 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.cs @@ -24,9 +24,9 @@ public void WebUIXSS() // BAD: Reading from textbox, then writing an amended value to a control that does not HTML encode StringBuilder userInput = new StringBuilder(); userInput.AppendFormat("{0} test", categoryTextBox.Text); // $ Source[cs/web/xss]=r1 $ Source[cs/web/xss]=r2 $ Source[cs/web/xss]=r3 - calendar.Caption = userInput.ToString(); // $ Alert[cs/web/xss]=r1 - table.Caption = userInput.ToString(); // $ Alert[cs/web/xss]=r2 - label.Text = userInput.ToString(); // $ Alert[cs/web/xss]=r3 + calendar.Caption = userInput.ToString(); // $ Alert[cs/web/xss]=r1 $ Alert[cs/web/xss]=r2 $ Alert[cs/web/xss]=r3 + table.Caption = userInput.ToString(); // $ Alert[cs/web/xss]=r2 $ Alert=r1 $ Alert=r3 + label.Text = userInput.ToString(); // $ Alert[cs/web/xss]=r3 $ Alert=r1 $ Alert=r2 // GOOD: Reading from textbox, then writing an amended value to a control that does HTML encode categoryTextBox.Text = userInput.ToString(); @@ -84,8 +84,8 @@ public void htmlStrings(HttpContextBase context) { // BAD: Writing user input into a HtmlString without encoding string name = context.Request.QueryString["name"]; // $ Source[cs/web/xss]=r8 $ Source[cs/web/xss]=r9 - new HtmlString(name); // $ Alert[cs/web/xss]=r8 - new MvcHtmlString(name); // $ Alert[cs/web/xss]=r9 + new HtmlString(name); // $ Alert[cs/web/xss]=r8 $ Alert=r9 + new MvcHtmlString(name); // $ Alert[cs/web/xss]=r9 $ Alert=r8 new MyHtmlString(context.Request); } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected index b89708b8f034..a4b04936a603 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected @@ -11,8 +11,8 @@ | XSS.cs:96:31:96:34 | access to local variable name | XSS.cs:95:27:95:53 | access to property QueryString : NameValueCollection | XSS.cs:96:31:96:34 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:95:27:95:53 | access to property QueryString : NameValueCollection | User-provided value | | XSS.cs:140:20:140:33 | access to property RawUrl | XSS.cs:140:20:140:33 | access to property RawUrl | XSS.cs:140:20:140:33 | access to property RawUrl | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:140:20:140:33 | access to property RawUrl | User-provided value | | script.aspx:12:1:12:14 | <%= ... %> | script.aspx:12:1:12:14 | <%= ... %> | script.aspx:12:1:12:14 | <%= ... %> | $@ flows to here and is a remote source accessed inline in an ASPX page. | script.aspx:12:1:12:14 | <%= ... %> | User-provided value | -| script.aspx:16:1:16:34 | <%= ... %> | script.aspx:16:1:16:34 | <%= ... %> | script.aspx:16:1:16:34 | <%= ... %> | $@ flows to here and is a remote source accessed inline in an ASPX page. | script.aspx:16:1:16:34 | <%= ... %> | User-provided value | -| script.aspx:20:1:20:41 | <%= ... %> | script.aspx:20:1:20:41 | <%= ... %> | script.aspx:20:1:20:41 | <%= ... %> | $@ flows to here and is a remote source accessed inline in an ASPX page. | script.aspx:20:1:20:41 | <%= ... %> | User-provided value | +| script.aspx:17:1:17:34 | <%= ... %> | script.aspx:17:1:17:34 | <%= ... %> | script.aspx:17:1:17:34 | <%= ... %> | $@ flows to here and is a remote source accessed inline in an ASPX page. | script.aspx:17:1:17:34 | <%= ... %> | User-provided value | +| script.aspx:22:1:22:41 | <%= ... %> | script.aspx:22:1:22:41 | <%= ... %> | script.aspx:22:1:22:41 | <%= ... %> | $@ flows to here and is a remote source accessed inline in an ASPX page. | script.aspx:22:1:22:41 | <%= ... %> | User-provided value | edges | XSS.cs:26:13:26:21 | [post] access to local variable userInput : StringBuilder | XSS.cs:27:32:27:40 | access to local variable userInput : StringBuilder | provenance | | | XSS.cs:26:13:26:21 | [post] access to local variable userInput : StringBuilder | XSS.cs:28:29:28:37 | access to local variable userInput : StringBuilder | provenance | | @@ -46,8 +46,8 @@ edges | XSS.cs:95:27:95:53 | access to property QueryString : NameValueCollection | XSS.cs:95:27:95:61 | access to indexer : String | provenance | MaD:3 | | XSS.cs:95:27:95:61 | access to indexer : String | XSS.cs:95:20:95:23 | access to local variable name : String | provenance | | | script.aspx:12:1:12:14 | <%= ... %> | script.aspx:12:1:12:14 | <%= ... %> | provenance | | -| script.aspx:16:1:16:34 | <%= ... %> | script.aspx:16:1:16:34 | <%= ... %> | provenance | | -| script.aspx:20:1:20:41 | <%= ... %> | script.aspx:20:1:20:41 | <%= ... %> | provenance | | +| script.aspx:17:1:17:34 | <%= ... %> | script.aspx:17:1:17:34 | <%= ... %> | provenance | | +| script.aspx:22:1:22:41 | <%= ... %> | script.aspx:22:1:22:41 | <%= ... %> | provenance | | models | 1 | Sink: System.Net.Http; StringContent; false; StringContent; ; ; Argument[0]; js-injection; manual | | 2 | Sink: System.Web; HttpResponse; false; Write; ; ; Argument[0]; html-injection; manual | @@ -91,6 +91,10 @@ nodes | XSS.cs:96:31:96:34 | access to local variable name | semmle.label | access to local variable name | | XSS.cs:140:20:140:33 | access to property RawUrl | semmle.label | access to property RawUrl | | script.aspx:12:1:12:14 | <%= ... %> | semmle.label | <%= ... %> | -| script.aspx:16:1:16:34 | <%= ... %> | semmle.label | <%= ... %> | -| script.aspx:20:1:20:41 | <%= ... %> | semmle.label | <%= ... %> | +| script.aspx:17:1:17:34 | <%= ... %> | semmle.label | <%= ... %> | +| script.aspx:22:1:22:41 | <%= ... %> | semmle.label | <%= ... %> | subpaths +testFailures +| script.aspx:12:1:12:14 | <%= ... %> | Unexpected result: Alert | +| script.aspx:17:1:17:34 | <%= ... %> | Unexpected result: Alert | +| script.aspx:22:1:22:41 | <%= ... %> | Unexpected result: Alert | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/script.aspx b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/script.aspx index 7581e301c02f..8f382bb20dfe 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/script.aspx +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/script.aspx @@ -9,13 +9,16 @@ diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSRazorPages/XSS.expected b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSRazorPages/XSS.expected index 70c8dcfbd111..805ce97a1410 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSRazorPages/XSS.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSRazorPages/XSS.expected @@ -1,3 +1,24 @@ +#select +| Areas/TestArea/Views/Shared/Test18.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:124:42:124:50 | tainted18 : UserData | Areas/TestArea/Views/Shared/Test18.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:124:42:124:50 | tainted18 : UserData | User-provided value | +| Areas/TestArea/Views/Test4/Test17.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:119:42:119:50 | tainted17 : UserData | Areas/TestArea/Views/Test4/Test17.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:119:42:119:50 | tainted17 : UserData | User-provided value | +| Pages/Shared/Test21.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:139:42:139:50 | tainted21 : UserData | Pages/Shared/Test21.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:139:42:139:50 | tainted21 : UserData | User-provided value | +| Views/Custom2/Test16.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:111:42:111:50 | tainted16 : UserData | Views/Custom2/Test16.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:111:42:111:50 | tainted16 : UserData | User-provided value | +| Views/Custom/Test3/Test15.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:106:42:106:50 | tainted15 : UserData | Views/Custom/Test3/Test15.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:106:42:106:50 | tainted15 : UserData | User-provided value | +| Views/Other/Test5.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:33:41:33:48 | tainted5 : UserData | Views/Other/Test5.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:33:41:33:48 | tainted5 : UserData | User-provided value | +| Views/Other/Test6.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:38:41:38:48 | tainted6 : UserData | Views/Other/Test6.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:38:41:38:48 | tainted6 : UserData | User-provided value | +| Views/Other/Test8.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:48:41:48:48 | tainted8 : UserData | Views/Other/Test8.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:48:41:48:48 | tainted8 : UserData | User-provided value | +| Views/Other/Test9.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:53:41:53:48 | tainted9 : UserData | Views/Other/Test9.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:53:41:53:48 | tainted9 : UserData | User-provided value | +| Views/Other/Test13.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:81:42:81:50 | tainted13 : UserData | Views/Other/Test13.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:81:42:81:50 | tainted13 : UserData | User-provided value | +| Views/Shared/Test2.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:18:41:18:48 | tainted2 : UserData | Views/Shared/Test2.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:18:41:18:48 | tainted2 : UserData | User-provided value | +| Views/Shared/Test14.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:86:42:86:50 | tainted14 : UserData | Views/Shared/Test14.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:86:42:86:50 | tainted14 : UserData | User-provided value | +| Views/Shared/Test19.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:129:42:129:50 | tainted19 : UserData | Views/Shared/Test19.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:129:42:129:50 | tainted19 : UserData | User-provided value | +| Views/Shared/Test23.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:149:40:149:48 | tainted23 : String | Views/Shared/Test23.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:149:40:149:48 | tainted23 : String | User-provided value | +| Views/Test2/Test10.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:60:42:60:50 | tainted10 : UserData | Views/Test2/Test10.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:60:42:60:50 | tainted10 : UserData | User-provided value | +| Views/Test2/Test11.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:65:42:65:50 | tainted11 : UserData | Views/Test2/Test11.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:65:42:65:50 | tainted11 : UserData | User-provided value | +| Views/Test/Test1.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:13:41:13:48 | tainted1 : UserData | Views/Test/Test1.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:13:41:13:48 | tainted1 : UserData | User-provided value | +| Views/Test/Test3.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:23:41:23:48 | tainted3 : UserData | Views/Test/Test3.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:23:41:23:48 | tainted3 : UserData | User-provided value | +| Views/Test/Test4.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:28:41:28:48 | tainted4 : UserData | Views/Test/Test4.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:28:41:28:48 | tainted4 : UserData | User-provided value | +| Views/Test/Test7.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:43:41:43:48 | tainted7 : UserData | Views/Test/Test7.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:43:41:43:48 | tainted7 : UserData | User-provided value | edges | Areas/TestArea/Views/Shared/Test18.cshtml:8:16:8:20 | access to property Model : UserData | Areas/TestArea/Views/Shared/Test18.cshtml:8:16:8:25 | access to property Name | provenance | | | Areas/TestArea/Views/Test4/Test17.cshtml:8:16:8:20 | access to property Model : UserData | Areas/TestArea/Views/Test4/Test17.cshtml:8:16:8:25 | access to property Name | provenance | | @@ -157,24 +178,44 @@ nodes | Views/Test/Test7.cshtml:8:16:8:20 | access to property Model : UserData | semmle.label | access to property Model : UserData | | Views/Test/Test7.cshtml:8:16:8:25 | access to property Name | semmle.label | access to property Name | subpaths -#select -| Areas/TestArea/Views/Shared/Test18.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:124:42:124:50 | tainted18 : UserData | Areas/TestArea/Views/Shared/Test18.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:124:42:124:50 | tainted18 : UserData | User-provided value | -| Areas/TestArea/Views/Test4/Test17.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:119:42:119:50 | tainted17 : UserData | Areas/TestArea/Views/Test4/Test17.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:119:42:119:50 | tainted17 : UserData | User-provided value | -| Pages/Shared/Test21.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:139:42:139:50 | tainted21 : UserData | Pages/Shared/Test21.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:139:42:139:50 | tainted21 : UserData | User-provided value | -| Views/Custom2/Test16.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:111:42:111:50 | tainted16 : UserData | Views/Custom2/Test16.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:111:42:111:50 | tainted16 : UserData | User-provided value | -| Views/Custom/Test3/Test15.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:106:42:106:50 | tainted15 : UserData | Views/Custom/Test3/Test15.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:106:42:106:50 | tainted15 : UserData | User-provided value | -| Views/Other/Test5.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:33:41:33:48 | tainted5 : UserData | Views/Other/Test5.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:33:41:33:48 | tainted5 : UserData | User-provided value | -| Views/Other/Test6.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:38:41:38:48 | tainted6 : UserData | Views/Other/Test6.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:38:41:38:48 | tainted6 : UserData | User-provided value | -| Views/Other/Test8.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:48:41:48:48 | tainted8 : UserData | Views/Other/Test8.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:48:41:48:48 | tainted8 : UserData | User-provided value | -| Views/Other/Test9.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:53:41:53:48 | tainted9 : UserData | Views/Other/Test9.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:53:41:53:48 | tainted9 : UserData | User-provided value | -| Views/Other/Test13.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:81:42:81:50 | tainted13 : UserData | Views/Other/Test13.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:81:42:81:50 | tainted13 : UserData | User-provided value | -| Views/Shared/Test2.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:18:41:18:48 | tainted2 : UserData | Views/Shared/Test2.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:18:41:18:48 | tainted2 : UserData | User-provided value | -| Views/Shared/Test14.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:86:42:86:50 | tainted14 : UserData | Views/Shared/Test14.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:86:42:86:50 | tainted14 : UserData | User-provided value | -| Views/Shared/Test19.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:129:42:129:50 | tainted19 : UserData | Views/Shared/Test19.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:129:42:129:50 | tainted19 : UserData | User-provided value | -| Views/Shared/Test23.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:149:40:149:48 | tainted23 : String | Views/Shared/Test23.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:149:40:149:48 | tainted23 : String | User-provided value | -| Views/Test2/Test10.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:60:42:60:50 | tainted10 : UserData | Views/Test2/Test10.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:60:42:60:50 | tainted10 : UserData | User-provided value | -| Views/Test2/Test11.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:65:42:65:50 | tainted11 : UserData | Views/Test2/Test11.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:65:42:65:50 | tainted11 : UserData | User-provided value | -| Views/Test/Test1.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:13:41:13:48 | tainted1 : UserData | Views/Test/Test1.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:13:41:13:48 | tainted1 : UserData | User-provided value | -| Views/Test/Test3.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:23:41:23:48 | tainted3 : UserData | Views/Test/Test3.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:23:41:23:48 | tainted3 : UserData | User-provided value | -| Views/Test/Test4.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:28:41:28:48 | tainted4 : UserData | Views/Test/Test4.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:28:41:28:48 | tainted4 : UserData | User-provided value | -| Views/Test/Test7.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:43:41:43:48 | tainted7 : UserData | Views/Test/Test7.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:43:41:43:48 | tainted7 : UserData | User-provided value | +testFailures +| Areas/TestArea/Views/Shared/Test18.cshtml:8:16:8:25 | access to property Name | Unexpected result: Alert | +| Areas/TestArea/Views/Test4/Test17.cshtml:8:16:8:25 | access to property Name | Unexpected result: Alert | +| Controllers/TestController.cs:13:41:13:48 | tainted1 : UserData | Unexpected result: Source | +| Controllers/TestController.cs:18:41:18:48 | tainted2 : UserData | Unexpected result: Source | +| Controllers/TestController.cs:23:41:23:48 | tainted3 : UserData | Unexpected result: Source | +| Controllers/TestController.cs:28:41:28:48 | tainted4 : UserData | Unexpected result: Source | +| Controllers/TestController.cs:33:41:33:48 | tainted5 : UserData | Unexpected result: Source | +| Controllers/TestController.cs:38:41:38:48 | tainted6 : UserData | Unexpected result: Source | +| Controllers/TestController.cs:43:41:43:48 | tainted7 : UserData | Unexpected result: Source | +| Controllers/TestController.cs:48:41:48:48 | tainted8 : UserData | Unexpected result: Source | +| Controllers/TestController.cs:53:41:53:48 | tainted9 : UserData | Unexpected result: Source | +| Controllers/TestController.cs:60:42:60:50 | tainted10 : UserData | Unexpected result: Source | +| Controllers/TestController.cs:65:42:65:50 | tainted11 : UserData | Unexpected result: Source | +| Controllers/TestController.cs:81:42:81:50 | tainted13 : UserData | Unexpected result: Source | +| Controllers/TestController.cs:86:42:86:50 | tainted14 : UserData | Unexpected result: Source | +| Controllers/TestController.cs:106:42:106:50 | tainted15 : UserData | Unexpected result: Source | +| Controllers/TestController.cs:111:42:111:50 | tainted16 : UserData | Unexpected result: Source | +| Controllers/TestController.cs:119:42:119:50 | tainted17 : UserData | Unexpected result: Source | +| Controllers/TestController.cs:124:42:124:50 | tainted18 : UserData | Unexpected result: Source | +| Controllers/TestController.cs:129:42:129:50 | tainted19 : UserData | Unexpected result: Source | +| Controllers/TestController.cs:139:42:139:50 | tainted21 : UserData | Unexpected result: Source | +| Controllers/TestController.cs:149:40:149:48 | tainted23 : String | Unexpected result: Source | +| Pages/Shared/Test21.cshtml:8:16:8:25 | access to property Name | Unexpected result: Alert | +| Views/Custom/Test3/Test15.cshtml:8:16:8:25 | access to property Name | Unexpected result: Alert | +| Views/Custom2/Test16.cshtml:8:16:8:25 | access to property Name | Unexpected result: Alert | +| Views/Other/Test13.cshtml:8:16:8:25 | access to property Name | Unexpected result: Alert | +| Views/Other/Test5.cshtml:8:16:8:25 | access to property Name | Unexpected result: Alert | +| Views/Other/Test6.cshtml:8:16:8:25 | access to property Name | Unexpected result: Alert | +| Views/Other/Test8.cshtml:8:16:8:25 | access to property Name | Unexpected result: Alert | +| Views/Other/Test9.cshtml:8:16:8:25 | access to property Name | Unexpected result: Alert | +| Views/Shared/Test14.cshtml:8:16:8:25 | access to property Name | Unexpected result: Alert | +| Views/Shared/Test19.cshtml:8:16:8:25 | access to property Name | Unexpected result: Alert | +| Views/Shared/Test2.cshtml:8:16:8:25 | access to property Name | Unexpected result: Alert | +| Views/Shared/Test23.cshtml:8:16:8:25 | access to property Name | Unexpected result: Alert | +| Views/Test/Test1.cshtml:8:16:8:25 | access to property Name | Unexpected result: Alert | +| Views/Test/Test3.cshtml:8:16:8:25 | access to property Name | Unexpected result: Alert | +| Views/Test/Test4.cshtml:8:16:8:25 | access to property Name | Unexpected result: Alert | +| Views/Test/Test7.cshtml:8:16:8:25 | access to property Name | Unexpected result: Alert | +| Views/Test2/Test10.cshtml:8:16:8:25 | access to property Name | Unexpected result: Alert | +| Views/Test2/Test11.cshtml:8:16:8:25 | access to property Name | Unexpected result: Alert | diff --git a/git_status b/git_status new file mode 100644 index 000000000000..757cc1d9bed5 --- /dev/null +++ b/git_status @@ -0,0 +1,48 @@ +On branch csharp/convert-qlref-tests-to-inline-expectations +Your branch is up to date with 'origin/csharp/convert-qlref-tests-to-inline-expectations'. + +Changes to be committed: + (use "git restore --staged ..." to unstage) + modified: csharp/ql/test/experimental/CWE-918/RequestForgery.expected + modified: csharp/ql/test/experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.expected + modified: csharp/ql/test/experimental/Security Features/Serialization/UnsafeTypeUsedDataContractSerializer.expected + modified: csharp/ql/test/experimental/Security Features/Serialization/XmlDeserializationWithDataSet.expected + modified: csharp/ql/test/experimental/Security Features/backdoor/PotentialTimeBomb.expected + modified: csharp/ql/test/query-tests/ASP/BlockCodeResponseWrite/BlockCodeResponseWrite.expected + modified: csharp/ql/test/query-tests/ASP/ComplexInlineCode/ComplexInlineCode.expected + modified: csharp/ql/test/query-tests/ASP/NonInternationalizedText/NonInternationalizedText.expected + modified: csharp/ql/test/query-tests/ASP/SplitControlStructure/SplitControlStructure.expected + modified: csharp/ql/test/query-tests/Bad Practices/Comments/CommentedOutCode/CommentedOutCode.expected + modified: csharp/ql/test/query-tests/Bad Practices/Comments/TodoComments/TodoComments.expected + modified: csharp/ql/test/query-tests/Configuration/PasswordInConfigurationFile/EmptyPasswordInConfigurationFile.expected + modified: csharp/ql/test/query-tests/Security Features/CWE-011/ASPNetDebug.expected + modified: csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetMaxRequestLength/ASPNetMaxRequestLength.expected + modified: csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetPagesValidateRequest/ASPNetPagesValidateRequest.expected + modified: csharp/ql/test/query-tests/Security Features/CWE-016/ASPNetRequestValidationMode/ASPNetRequestValidationMode.expected + modified: csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedDataToExternalAPI.expected + modified: csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.expected + modified: csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.expected + modified: csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.expected + modified: csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected + modified: csharp/ql/test/query-tests/Security Features/CWE-079/XSSRazorPages/XSS.expected + modified: csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.expected + modified: csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.expected + modified: csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.expected + modified: csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.expected + modified: csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.expected + modified: csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOff/MissingASPNETGlobalErrorHandler.expected + modified: csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.expected + modified: csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/NoHeader/MissingXFrameOptions.expected + modified: csharp/ql/test/query-tests/Security Features/CWE-548/ASPNetDirectoryListing.expected + modified: csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.expected + modified: csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/HttpCookiesCorrect/RequireSSL.expected + modified: csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/RequireSSLMissing/RequireSSL.expected + modified: csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.expected + modified: csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ReDoS.expected + modified: csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.expected + modified: csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.expected + +Untracked files: + (use "git add ..." to include in what will be committed) + git_status + From 8579a937cfc0aed5a910d4929bb84da9cbde53ee Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Sun, 5 Jul 2026 14:12:48 +0100 Subject: [PATCH 4/4] Remove unneeded query ids --- .../experimental/CWE-918/RequestForgery.cs | 4 +-- .../Components_Pages_TestPage_razor.g.cs | 4 +-- .../microsoft/aspnetcore/blazor/Name.cs | 2 +- .../microsoft/aspnetcore/blazor/NameList.cs | 2 +- .../microsoft/aspnetcore/blazor/NameList2.cs | 2 +- .../CWE-022/TaintedPath/TaintedPath.cs | 16 ++++----- .../CWE-022/ZipSlip/ZipSlip.cs | 22 ++++++------ .../CWE-022/ZipSlip/ZipSlipBad.cs | 4 +-- .../CWE-078/CommandInjection.cs | 16 ++++----- .../CWE-079/StoredXSS/StoredXSS.cs | 4 +-- .../Security Features/CWE-079/XSSAsp/XSS.cs | 36 +++++++++---------- .../CWE-090/LDAPInjection.cs | 18 +++++----- .../CWE-091/XMLInjection/Test.cs | 4 +-- .../CWE-094/CodeInjection.cs | 8 ++--- .../CWE-099/ResourceInjection.cs | 6 ++-- .../CWE-114/AssemblyPathInjection/Test.cs | 4 +-- .../CWE-209/ExceptionInformationExposure.cs | 14 ++++---- .../CWE-338/InsecureRandomness.cs | 14 ++++---- .../MissingAntiForgeryTokenValidation.cs | 4 +-- .../CWE-601/UrlRedirect/UrlRedirect.cs | 16 ++++----- .../CWE-601/UrlRedirect/UrlRedirect2.cs | 2 +- .../CWE-601/UrlRedirect/UrlRedirectCore.cs | 24 ++++++------- .../CWE-643/XPathInjection.cs | 24 ++++++------- .../CWE-730/ReDoS/ExponentialRegex.cs | 12 +++---- .../CWE-730/RegexInjection/RegexInjection.cs | 4 +-- .../CWE-807/ConditionalBypass.cs | 24 ++++++------- .../Security Features/CWE-838/HtmlEncode.cs | 2 +- .../CWE-838/InappropriateEncoding.cs | 24 ++++++------- .../Security Features/CWE-838/SqlEncode.cs | 4 +-- .../Security Features/CWE-838/UrlEncode.cs | 2 +- 30 files changed, 161 insertions(+), 161 deletions(-) diff --git a/csharp/ql/test/experimental/CWE-918/RequestForgery.cs b/csharp/ql/test/experimental/CWE-918/RequestForgery.cs index 40a25c33ca53..2c548337ed91 100644 --- a/csharp/ql/test/experimental/CWE-918/RequestForgery.cs +++ b/csharp/ql/test/experimental/CWE-918/RequestForgery.cs @@ -9,9 +9,9 @@ public class SSRFController : Controller { [HttpPost] [ValidateAntiForgeryToken] - public async Task Bad(string url) // $ Source[cs/request-forgery]=r1 + public async Task Bad(string url) // $ Source=r1 { - var request = new HttpRequestMessage(HttpMethod.Get, url); // $ Alert[cs/request-forgery]=r1 + var request = new HttpRequestMessage(HttpMethod.Get, url); // $ Alert=r1 var client = new HttpClient(); await client.SendAsync(request); diff --git a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Components_Pages_TestPage_razor.g.cs b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Components_Pages_TestPage_razor.g.cs index 372ee49242fd..4dcde99a22f1 100644 --- a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Components_Pages_TestPage_razor.g.cs +++ b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Components_Pages_TestPage_razor.g.cs @@ -135,7 +135,7 @@ protected override void BuildRenderTree(global::Microsoft.AspNetCore.Components. __builder.AddContent(18, "Raw parameter from URL: "); __builder.AddContent(19, #nullable restore -(MarkupString)UrlParam // $ Alert[cs/web/xss]=r1 $ Alert[cs/web/xss]=r1 +(MarkupString)UrlParam // $ Alert=r1 $ Alert=r1 #line default #line hidden @@ -185,7 +185,7 @@ protected override void BuildRenderTree(global::Microsoft.AspNetCore.Components. __builder.AddContent(35, "Raw parameter from query string: "); __builder.AddContent(36, #nullable restore -new MarkupString(QueryParam) // $ Alert[cs/web/xss]=r2 $ Alert[cs/web/xss]=r2 +new MarkupString(QueryParam) // $ Alert=r2 $ Alert=r2 #line default #line hidden diff --git a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Name.cs b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Name.cs index 344f5cbf6ac3..d83db4eb0711 100644 --- a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Name.cs +++ b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Name.cs @@ -10,7 +10,7 @@ protected override void BuildRenderTree(Microsoft.AspNetCore.Components.Renderin { builder.OpenElement(0, "div"); builder.OpenElement(1, "p"); - builder.AddContent(2, (MarkupString)TheName); // $ Alert[cs/web/xss]=r3 $ Alert[cs/web/xss]=r4 + builder.AddContent(2, (MarkupString)TheName); // $ Alert=r3 $ Alert=r4 builder.CloseElement(); builder.CloseElement(); } diff --git a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList.cs b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList.cs index 31126310dff1..6b6b82014d3d 100644 --- a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList.cs +++ b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList.cs @@ -28,7 +28,7 @@ protected override void BuildRenderTree(Microsoft.AspNetCore.Components.Renderin builder.OpenElement(6, "p"); builder.AddContent(7, "Name: "); builder.OpenComponent(8); - builder.AddComponentParameter(9, nameof(VulnerableBlazorApp.Components.Name.TheName), Name); // $ Source[cs/web/xss]=r4 + builder.AddComponentParameter(9, nameof(VulnerableBlazorApp.Components.Name.TheName), Name); // $ Source=r4 builder.CloseComponent(); builder.CloseElement(); } diff --git a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList2.cs b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList2.cs index fc6298943d3a..4e06a14e8247 100644 --- a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList2.cs +++ b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList2.cs @@ -28,7 +28,7 @@ protected override void BuildRenderTree(Microsoft.AspNetCore.Components.Renderin builder.OpenElement(6, "p"); builder.AddContent(7, "Name: "); builder.OpenComponent(8); - builder.AddComponentParameter(9, "TheName", Name); // $ Source[cs/web/xss]=r3 + builder.AddComponentParameter(9, "TheName", Name); // $ Source=r3 builder.CloseComponent(); builder.CloseElement(); } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.cs b/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.cs index 2eec3f017685..d9aac6607d09 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.cs @@ -7,14 +7,14 @@ public class TaintedPathHandler : IHttpHandler public void ProcessRequest(HttpContext ctx) { - String path = ctx.Request.QueryString["page"]; // $ Source[cs/path-injection]=r1 $ Source[cs/path-injection]=r2 $ Source[cs/path-injection]=r3 $ Source[cs/path-injection]=r4 $ Source[cs/path-injection]=r5 $ Source[cs/path-injection]=r6 $ Source[cs/path-injection]=r7 + String path = ctx.Request.QueryString["page"]; // $ Source=r1 $ Source=r2 $ Source=r3 $ Source=r4 $ Source=r5 $ Source=r6 $ Source=r7 // BAD: Used via a File.Create... call. - using (StreamWriter sw = File.CreateText(path)) // $ Alert[cs/path-injection]=r1 $ Alert[cs/path-injection]=r2 $ Alert[cs/path-injection]=r3 $ Alert[cs/path-injection]=r4 $ Alert[cs/path-injection]=r5 $ Alert[cs/path-injection]=r6 $ Alert[cs/path-injection]=r7 + using (StreamWriter sw = File.CreateText(path)) // $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7 { sw.WriteLine("Hello"); } // BAD: Used via StreamWriter constructor - using (StreamWriter sw = new StreamWriter(path)) // $ Alert[cs/path-injection]=r1 $ Alert[cs/path-injection]=r2 $ Alert[cs/path-injection]=r3 $ Alert[cs/path-injection]=r4 $ Alert[cs/path-injection]=r5 $ Alert[cs/path-injection]=r6 $ Alert[cs/path-injection]=r7 + using (StreamWriter sw = new StreamWriter(path)) // $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7 { sw.WriteLine("Hello"); } @@ -22,20 +22,20 @@ public void ProcessRequest(HttpContext ctx) // BAD: Check is insufficient, text is read. if (!path.StartsWith("../")) { - File.ReadAllText(path); // $ Alert[cs/path-injection]=r1 $ Alert[cs/path-injection]=r2 $ Alert[cs/path-injection]=r3 $ Alert[cs/path-injection]=r4 $ Alert[cs/path-injection]=r5 $ Alert[cs/path-injection]=r6 $ Alert[cs/path-injection]=r7 + File.ReadAllText(path); // $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7 } // BAD: Check is insufficient, text is read. if (!string.IsNullOrEmpty(path)) { - File.ReadAllText(path); // $ Alert[cs/path-injection]=r1 $ Alert[cs/path-injection]=r2 $ Alert[cs/path-injection]=r3 $ Alert[cs/path-injection]=r4 $ Alert[cs/path-injection]=r5 $ Alert[cs/path-injection]=r6 $ Alert[cs/path-injection]=r7 + File.ReadAllText(path); // $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7 } // BAD: Check is insufficient, text is read. string badPath = "/home/user/" + path; - if (File.Exists(badPath)) // $ Alert[cs/path-injection]=r1 $ Alert[cs/path-injection]=r2 $ Alert[cs/path-injection]=r3 $ Alert[cs/path-injection]=r4 $ Alert[cs/path-injection]=r5 $ Alert[cs/path-injection]=r6 $ Alert[cs/path-injection]=r7 + if (File.Exists(badPath)) // $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7 { - ctx.Response.Write(File.ReadAllText(badPath)); // $ Alert[cs/path-injection]=r1 $ Alert[cs/path-injection]=r2 $ Alert[cs/path-injection]=r3 $ Alert[cs/path-injection]=r4 $ Alert[cs/path-injection]=r5 $ Alert[cs/path-injection]=r6 $ Alert[cs/path-injection]=r7 + ctx.Response.Write(File.ReadAllText(badPath)); // $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7 } // GOOD: Tainted path is passed through MapPath @@ -48,7 +48,7 @@ public void ProcessRequest(HttpContext ctx) File.ReadAllText(path); } - Directory.Exists(path); // $ Alert[cs/path-injection]=r1 $ Alert[cs/path-injection]=r2 $ Alert[cs/path-injection]=r3 $ Alert[cs/path-injection]=r4 $ Alert[cs/path-injection]=r5 $ Alert[cs/path-injection]=r6 $ Alert[cs/path-injection]=r7 + Directory.Exists(path); // $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7 // GOOD: A Guid. File.ReadAllText(new Guid(path).ToString()); diff --git a/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.cs b/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.cs index 101917a6a3b3..85fd247a5aea 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.cs @@ -12,15 +12,15 @@ public static void UnzipFileByFile(ZipArchive archive, { foreach (var entry in archive.Entries) { - string fullPath = Path.GetFullPath(entry.FullName); // $ Alert[cs/zipslip]=r1 $ Alert[cs/zipslip]=r2 $ Alert[cs/zipslip]=r3 + string fullPath = Path.GetFullPath(entry.FullName); // $ Alert=r1 $ Alert=r2 $ Alert=r3 string fileName = Path.GetFileName(entry.FullName); string filename = entry.Name; - string file = entry.FullName; // $ Alert[cs/zipslip]=r4 + string file = entry.FullName; // $ Alert=r4 if (!string.IsNullOrEmpty(file)) { // BAD string destFileName = Path.Combine(destDirectory, file); - entry.ExtractToFile(destFileName, true); // $ Sink[cs/zipslip]=r4 + entry.ExtractToFile(destFileName, true); // $ Sink=r4 // GOOD string sanitizedFileName = Path.Combine(destDirectory, fileName); @@ -28,15 +28,15 @@ public static void UnzipFileByFile(ZipArchive archive, // BAD string destFilePath = Path.Combine(destDirectory, fullPath); - entry.ExtractToFile(destFilePath, true); // $ Sink[cs/zipslip]=r1 $ Sink[cs/zipslip]=r2 $ Sink[cs/zipslip]=r3 + entry.ExtractToFile(destFilePath, true); // $ Sink=r1 $ Sink=r2 $ Sink=r3 // BAD: destFilePath isn't fully resolved, so may still contain .. if (destFilePath.StartsWith(destDirectory)) - entry.ExtractToFile(destFilePath, true); // $ Sink[cs/zipslip]=r2 $ Sink=r1 $ Sink=r3 + entry.ExtractToFile(destFilePath, true); // $ Sink=r2 $ Sink=r1 $ Sink=r3 // BAD destFilePath = Path.GetFullPath(Path.Combine(destDirectory, fullPath)); - entry.ExtractToFile(destFilePath, true); // $ Sink[cs/zipslip]=r3 $ Sink=r1 $ Sink=r2 + entry.ExtractToFile(destFilePath, true); // $ Sink=r3 $ Sink=r1 $ Sink=r2 // GOOD: a check for StartsWith against a fully resolved path if (destFilePath.StartsWith(destDirectory)) @@ -58,28 +58,28 @@ private static int UnzipToStream(Stream zipStream, string installDir) foreach (ZipArchiveEntry entry in archive.Entries) { // figure out where we are putting the file - String destFilePath = Path.Combine(InstallDir, entry.FullName); // $ Alert[cs/zipslip]=r5 $ Alert[cs/zipslip]=r6 $ Alert[cs/zipslip]=r7 $ Alert[cs/zipslip]=r8 + String destFilePath = Path.Combine(InstallDir, entry.FullName); // $ Alert=r5 $ Alert=r6 $ Alert=r7 $ Alert=r8 Directory.CreateDirectory(Path.GetDirectoryName(destFilePath)); using (Stream archiveFileStream = entry.Open()) { // BAD: writing to file stream - using (Stream tfsFileStream = new FileStream(destFilePath, FileMode.CreateNew, FileAccess.ReadWrite, FileShare.None)) // $ Sink[cs/zipslip]=r5 $ Sink=r6 $ Sink=r7 $ Sink=r8 + using (Stream tfsFileStream = new FileStream(destFilePath, FileMode.CreateNew, FileAccess.ReadWrite, FileShare.None)) // $ Sink=r5 $ Sink=r6 $ Sink=r7 $ Sink=r8 { Console.WriteLine(@"Writing ""{0}""", destFilePath); archiveFileStream.CopyTo(tfsFileStream); } // BAD: can do it this way too - using (Stream tfsFileStream = File.Create(destFilePath)) // $ Sink[cs/zipslip]=r6 $ Sink=r5 $ Sink=r7 $ Sink=r8 + using (Stream tfsFileStream = File.Create(destFilePath)) // $ Sink=r6 $ Sink=r5 $ Sink=r7 $ Sink=r8 { Console.WriteLine(@"Writing ""{0}""", destFilePath); archiveFileStream.CopyTo(tfsFileStream); } // BAD: creating stream using fileInfo - var fileInfo = new FileInfo(destFilePath); // $ Sink[cs/zipslip]=r7 $ Sink=r5 $ Sink=r6 $ Sink=r8 + var fileInfo = new FileInfo(destFilePath); // $ Sink=r7 $ Sink=r5 $ Sink=r6 $ Sink=r8 using (FileStream fs = fileInfo.OpenWrite()) { Console.WriteLine(@"Writing ""{0}""", destFilePath); @@ -87,7 +87,7 @@ private static int UnzipToStream(Stream zipStream, string installDir) } // BAD: creating stream using fileInfo - var fileInfo1 = new FileInfo(destFilePath); // $ Sink[cs/zipslip]=r8 $ Sink=r5 $ Sink=r6 $ Sink=r7 + var fileInfo1 = new FileInfo(destFilePath); // $ Sink=r8 $ Sink=r5 $ Sink=r6 $ Sink=r7 using (FileStream fs = fileInfo1.Open(FileMode.Create)) { Console.WriteLine(@"Writing ""{0}""", destFilePath); diff --git a/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlipBad.cs b/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlipBad.cs index 5a996edbad86..eb5e84fd291e 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlipBad.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlipBad.cs @@ -6,7 +6,7 @@ class Bad public static void WriteToDirectory(ZipArchiveEntry entry, string destDirectory) { - string destFileName = Path.Combine(destDirectory, entry.FullName); // $ Alert[cs/zipslip]=r9 - entry.ExtractToFile(destFileName); // $ Sink[cs/zipslip]=r9 + string destFileName = Path.Combine(destDirectory, entry.FullName); // $ Alert=r9 + entry.ExtractToFile(destFileName); // $ Sink=r9 } } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.cs b/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.cs index c240d4b5373f..e4d8b0192d85 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.cs @@ -24,16 +24,16 @@ class CommandInjection public void WebCommandInjection() { // BAD: Reading from textbox, then using that in the arguments and file name - string userInput = categoryTextBox.Text; // $ Source[cs/command-line-injection]=r1 $ Source[cs/command-line-injection]=r2 $ Source[cs/command-line-injection]=r3 $ Source[cs/command-line-injection]=r4 $ Source[cs/command-line-injection]=r5 $ Source[cs/command-line-injection]=r6 $ Source[cs/command-line-injection]=r7 - Process.Start("foo.exe" + userInput, "/c " + userInput); // $ Alert[cs/command-line-injection]=r1 $ Alert[cs/command-line-injection]=r2 $ Alert[cs/command-line-injection]=r3 $ Alert[cs/command-line-injection]=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7 + string userInput = categoryTextBox.Text; // $ Source=r1 $ Source=r2 $ Source=r3 $ Source=r4 $ Source=r5 $ Source=r6 $ Source=r7 + Process.Start("foo.exe" + userInput, "/c " + userInput); // $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7 - ProcessStartInfo startInfo = new ProcessStartInfo(userInput, userInput); // $ Alert[cs/command-line-injection]=r3 $ Alert[cs/command-line-injection]=r4 $ Alert=r1 $ Alert=r2 $ Alert=r5 $ Alert=r6 $ Alert=r7 + ProcessStartInfo startInfo = new ProcessStartInfo(userInput, userInput); // $ Alert=r3 $ Alert=r4 $ Alert=r1 $ Alert=r2 $ Alert=r5 $ Alert=r6 $ Alert=r7 Process.Start(startInfo); ProcessStartInfo startInfoProps = new ProcessStartInfo(); - startInfoProps.FileName = userInput; // $ Alert[cs/command-line-injection]=r5 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r6 $ Alert=r7 - startInfoProps.Arguments = userInput; // $ Alert[cs/command-line-injection]=r6 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r7 - startInfoProps.WorkingDirectory = userInput; // $ Alert[cs/command-line-injection]=r7 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 + startInfoProps.FileName = userInput; // $ Alert=r5 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r6 $ Alert=r7 + startInfoProps.Arguments = userInput; // $ Alert=r6 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r7 + startInfoProps.WorkingDirectory = userInput; // $ Alert=r7 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 Process.Start(startInfoProps); } @@ -43,12 +43,12 @@ public void StoredCommandInjection() { connection.Open(); SqlCommand customerCommand = new SqlCommand("SELECT * FROM customers", connection); - SqlDataReader customerReader = customerCommand.ExecuteReader(); // $ Source[cs/command-line-injection]=r8 + SqlDataReader customerReader = customerCommand.ExecuteReader(); // $ Source=r8 while (customerReader.Read()) { // BAD: Read from database, and use it to directly execute a command - Process.Start("foo.exe", "/c " + customerReader.GetString(1)); // $ Alert[cs/command-line-injection]=r8 + Process.Start("foo.exe", "/c " + customerReader.GetString(1)); // $ Alert=r8 } customerReader.Close(); } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.cs b/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.cs index 1e30735d3265..65c6d44ee676 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.cs @@ -14,12 +14,12 @@ public void processRequest(HttpContext context) { connection.Open(); SqlCommand customerCommand = new SqlCommand("SELECT * FROM customers", connection); - SqlDataReader customerReader = customerCommand.ExecuteReader(); // $ Source[cs/web/xss]=r1 + SqlDataReader customerReader = customerCommand.ExecuteReader(); // $ Source=r1 while (customerReader.Read()) { // BAD: Read from database, write it straight to a response - context.Response.Write("Orders for " + customerReader.GetString(1)); // $ Alert[cs/web/xss]=r1 + context.Response.Write("Orders for " + customerReader.GetString(1)); // $ Alert=r1 } customerReader.Close(); } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.cs b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.cs index 7e25c7306ebd..7c67ad8f965f 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.cs @@ -23,10 +23,10 @@ public void WebUIXSS() { // BAD: Reading from textbox, then writing an amended value to a control that does not HTML encode StringBuilder userInput = new StringBuilder(); - userInput.AppendFormat("{0} test", categoryTextBox.Text); // $ Source[cs/web/xss]=r1 $ Source[cs/web/xss]=r2 $ Source[cs/web/xss]=r3 - calendar.Caption = userInput.ToString(); // $ Alert[cs/web/xss]=r1 $ Alert[cs/web/xss]=r2 $ Alert[cs/web/xss]=r3 - table.Caption = userInput.ToString(); // $ Alert[cs/web/xss]=r2 $ Alert=r1 $ Alert=r3 - label.Text = userInput.ToString(); // $ Alert[cs/web/xss]=r3 $ Alert=r1 $ Alert=r2 + userInput.AppendFormat("{0} test", categoryTextBox.Text); // $ Source=r1 $ Source=r2 $ Source=r3 + calendar.Caption = userInput.ToString(); // $ Alert=r1 $ Alert=r2 $ Alert=r3 + table.Caption = userInput.ToString(); // $ Alert=r2 $ Alert=r1 $ Alert=r3 + label.Text = userInput.ToString(); // $ Alert=r3 $ Alert=r1 $ Alert=r2 // GOOD: Reading from textbox, then writing an amended value to a control that does HTML encode categoryTextBox.Text = userInput.ToString(); @@ -35,8 +35,8 @@ public void WebUIXSS() public void processRequest(HttpContext context) { // BAD: Read user input from a request, write it straight to a response - string name = context.Request.QueryString["name"]; // $ Source[cs/web/xss]=r4 - context.Response.Write(name); // $ Alert[cs/web/xss]=r4 + string name = context.Request.QueryString["name"]; // $ Source=r4 + context.Response.Write(name); // $ Alert=r4 // GOOD: Read user input from a request, but encode it before writing to the response string name2 = context.Request.QueryString["name"]; @@ -55,9 +55,9 @@ public void processNumber(HttpContext context) public void mvcProcess(HttpContext context) { // BAD: Mimic what happens in cshtml pages - string name = context.Request.Unvalidated.QueryString["name"]; // $ Source[cs/web/xss]=r5 + string name = context.Request.Unvalidated.QueryString["name"]; // $ Source=r5 HtmlHelper html = new HtmlHelper(null, null); - html.Raw(name); // $ Alert[cs/web/xss]=r5 + html.Raw(name); // $ Alert=r5 } public void listener(HttpContext context) @@ -73,27 +73,27 @@ public void listener(HttpContext context) public void contextBase(HttpContextBase context) { // BAD: Writing user input directly to a HttpListenerResponse - string name = context.Request.QueryString["name"]; // $ Source[cs/web/xss]=r6 - context.Response.Write(name); // $ Alert[cs/web/xss]=r6 + string name = context.Request.QueryString["name"]; // $ Source=r6 + context.Response.Write(name); // $ Alert=r6 // BAD: Writing user input directly to a HttpListenerResponse - string name2 = context.Request["name"]; // $ Source[cs/web/xss]=r7 - context.Response.Write(name2); // $ Alert[cs/web/xss]=r7 + string name2 = context.Request["name"]; // $ Source=r7 + context.Response.Write(name2); // $ Alert=r7 } public void htmlStrings(HttpContextBase context) { // BAD: Writing user input into a HtmlString without encoding - string name = context.Request.QueryString["name"]; // $ Source[cs/web/xss]=r8 $ Source[cs/web/xss]=r9 - new HtmlString(name); // $ Alert[cs/web/xss]=r8 $ Alert=r9 - new MvcHtmlString(name); // $ Alert[cs/web/xss]=r9 $ Alert=r8 + string name = context.Request.QueryString["name"]; // $ Source=r8 $ Source=r9 + new HtmlString(name); // $ Alert=r8 $ Alert=r9 + new MvcHtmlString(name); // $ Alert=r9 $ Alert=r8 new MyHtmlString(context.Request); } public void WebContent(HttpContextBase context) { // BAD: Writing user input into a StringContent without encoding - string name = context.Request.QueryString["name"]; // $ Source[cs/web/xss]=r10 - new StringContent(name); // $ Alert[cs/web/xss]=r10 + string name = context.Request.QueryString["name"]; // $ Source=r10 + new StringContent(name); // $ Alert=r10 } public void HtmlEncoded(HttpContextBase context) @@ -137,7 +137,7 @@ public MyHtmlString(HttpRequestBase request) public string ToHtmlString() { - return Request.RawUrl; // $ Alert[cs/web/xss]=r11 $ Alert[cs/web/xss]=r11 + return Request.RawUrl; // $ Alert=r11 $ Alert=r11 } } } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.cs b/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.cs index a28a79b1ea3a..f67e3c482b29 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.cs @@ -9,36 +9,36 @@ public class LDAPInjectionHandler : IHttpHandler { public void ProcessRequest(HttpContext ctx) { - string userName = ctx.Request.QueryString["username"]; // $ Source[cs/ldap-injection]=r1 $ Source[cs/ldap-injection]=r2 $ Source[cs/ldap-injection]=r3 $ Source[cs/ldap-injection]=r4 $ Source[cs/ldap-injection]=r5 $ Source[cs/ldap-injection]=r6 + string userName = ctx.Request.QueryString["username"]; // $ Source=r1 $ Source=r2 $ Source=r3 $ Source=r4 $ Source=r5 $ Source=r6 // BAD: Filter includes user input without encoding - DirectorySearcher ds = new DirectorySearcher("accountname=" + userName); // $ Alert[cs/ldap-injection]=r1 $ Alert[cs/ldap-injection]=r2 $ Alert[cs/ldap-injection]=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 + DirectorySearcher ds = new DirectorySearcher("accountname=" + userName); // $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 DirectorySearcher ds2 = new DirectorySearcher(); - ds.Filter = "accountname=" + userName; // $ Alert[cs/ldap-injection]=r2 $ Alert=r1 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 + ds.Filter = "accountname=" + userName; // $ Alert=r2 $ Alert=r1 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 // GOOD: Filter includes user input with encoding DirectorySearcher ds3 = new DirectorySearcher("accountname=" + LDAPEncode(userName)); // BAD: SearchRequest Filter includes user input without encoding SearchRequest sr = new SearchRequest(); - sr.Filter = "accountname=" + userName; // $ Alert[cs/ldap-injection]=r3 $ Alert=r1 $ Alert=r2 $ Alert=r4 $ Alert=r5 $ Alert=r6 - SearchRequest sr2 = new SearchRequest(null, "accountname=" + userName, System.DirectoryServices.Protocols.SearchScope.Base, null); // $ Alert[cs/ldap-injection]=r4 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r5 $ Alert=r6 + sr.Filter = "accountname=" + userName; // $ Alert=r3 $ Alert=r1 $ Alert=r2 $ Alert=r4 $ Alert=r5 $ Alert=r6 + SearchRequest sr2 = new SearchRequest(null, "accountname=" + userName, System.DirectoryServices.Protocols.SearchScope.Base, null); // $ Alert=r4 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r5 $ Alert=r6 // BAD: Distinguished Name includes user input without encoding - DirectoryEntry de = new DirectoryEntry("LDAP://Cn=" + userName); // $ Alert[cs/ldap-injection]=r5 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r6 + DirectoryEntry de = new DirectoryEntry("LDAP://Cn=" + userName); // $ Alert=r5 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r6 DirectoryEntry de2 = new DirectoryEntry(); - de2.Path = "LDAP://Cn=" + userName; // $ Alert[cs/ldap-injection]=r6 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 + de2.Path = "LDAP://Cn=" + userName; // $ Alert=r6 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 using (SqlConnection connection = new SqlConnection("")) { connection.Open(); SqlCommand customerCommand = new SqlCommand("SELECT * FROM customers", connection); - SqlDataReader customerReader = customerCommand.ExecuteReader(); // $ Source[cs/ldap-injection]=r7 + SqlDataReader customerReader = customerCommand.ExecuteReader(); // $ Source=r7 while (customerReader.Read()) { // BAD: Read from database, write it straight to a response - DirectorySearcher ds4 = new DirectorySearcher("accountname=" + customerReader.GetString(1)); // $ Alert[cs/ldap-injection]=r7 + DirectorySearcher ds4 = new DirectorySearcher("accountname=" + customerReader.GetString(1)); // $ Alert=r7 } customerReader.Close(); } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/Test.cs b/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/Test.cs index c394ed4b8cbb..cf39ad9d397e 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/Test.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/Test.cs @@ -5,14 +5,14 @@ public class XMLInjectionHandler : IHttpHandler { public void ProcessRequest(HttpContext ctx) { - string employeeName = ctx.Request.QueryString["employeeName"]; // $ Source[cs/xml-injection]=r1 + string employeeName = ctx.Request.QueryString["employeeName"]; // $ Source=r1 using (XmlWriter writer = XmlWriter.Create("employees.xml")) { writer.WriteStartDocument(); // BAD: Insert user input directly into XML - writer.WriteRaw("" + employeeName + ""); // $ Alert[cs/xml-injection]=r1 + writer.WriteRaw("" + employeeName + ""); // $ Alert=r1 // GOOD: Escape user input before inserting into string writer.WriteRaw("" + SecurityElement.Escape(employeeName) + ""); diff --git a/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.cs b/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.cs index 62f4a4fc9eca..d578d09744b9 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.cs @@ -20,13 +20,13 @@ public class CommandInjectionHandler : IHttpHandler { public void ProcessRequest(HttpContext ctx) { - string code = ctx.Request.QueryString["code"]; // $ Source[cs/code-injection]=r1 $ Source[cs/code-injection]=r2 + string code = ctx.Request.QueryString["code"]; // $ Source=r1 $ Source=r2 CSharpCodeProvider c = new CSharpCodeProvider(); ICodeCompiler icc = c.CreateCompiler(); CompilerParameters cp = new CompilerParameters(); // BAD: Compiling unvalidated code from the user - CompilerResults cr = icc.CompileAssemblyFromSource(cp, code); // $ Alert[cs/code-injection]=r1 $ Alert[cs/code-injection]=r2 + CompilerResults cr = icc.CompileAssemblyFromSource(cp, code); // $ Alert=r1 $ Alert=r2 System.Reflection.Assembly a = cr.CompiledAssembly; object o = a.CreateInstance("MyNamespace.MyClass"); @@ -37,7 +37,7 @@ public void ProcessRequest(HttpContext ctx) object s = mi.Invoke(o, null); // BAD: Use the Roslyn APIs to dynamically evaluate C# - CSharpScript.EvaluateAsync(code); // $ Alert[cs/code-injection]=r1 $ Alert[cs/code-injection]=r2 + CSharpScript.EvaluateAsync(code); // $ Alert=r1 $ Alert=r2 } public bool IsReusable @@ -53,6 +53,6 @@ public bool IsReusable void OnButtonClicked() { // BAD: Use the Roslyn APIs to dynamically evaluate C# - CSharpScript.EvaluateAsync(box1.Text); // $ Alert[cs/code-injection]=r3 $ Alert[cs/code-injection]=r3 + CSharpScript.EvaluateAsync(box1.Text); // $ Alert=r3 $ Alert=r3 } } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.cs b/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.cs index 625716612bf9..52cb127b6385 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.cs @@ -5,12 +5,12 @@ public class ResourceInjectionHandler : IHttpHandler { public void ProcessRequest(HttpContext ctx) { - string userName = ctx.Request.QueryString["userName"]; // $ Source[cs/resource-injection]=r1 $ Source[cs/resource-injection]=r2 + string userName = ctx.Request.QueryString["userName"]; // $ Source=r1 $ Source=r2 string connectionString = "server=(local);user id=" + userName + ";password= pass;"; // BAD: Direct use of user input in a connection string for the constructor - SqlConnection sqlConnection = new SqlConnection(connectionString); // $ Alert[cs/resource-injection]=r1 $ Alert[cs/resource-injection]=r2 + SqlConnection sqlConnection = new SqlConnection(connectionString); // $ Alert=r1 $ Alert=r2 // BAD: Direct use of user input assigned to a connection string property - sqlConnection.ConnectionString = connectionString; // $ Alert[cs/resource-injection]=r1 $ Alert[cs/resource-injection]=r2 + sqlConnection.ConnectionString = connectionString; // $ Alert=r1 $ Alert=r2 // GOOD: Use SqlConnectionStringBuilder SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder(); builder["Data Source"] = "(local)"; diff --git a/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/Test.cs b/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/Test.cs index 8adba3f0dc84..a1c257cce637 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/Test.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/Test.cs @@ -4,10 +4,10 @@ public class DLLInjectionHandler : IHttpHandler { public void ProcessRequest(HttpContext ctx) { - string libraryName = ctx.Request.QueryString["libraryName"]; // $ Source[cs/assembly-path-injection]=r1 + string libraryName = ctx.Request.QueryString["libraryName"]; // $ Source=r1 // BAD: Load DLL based on user input - var badDLL = Assembly.LoadFile(libraryName); // $ Alert[cs/assembly-path-injection]=r1 + var badDLL = Assembly.LoadFile(libraryName); // $ Alert=r1 // GOOD: Load DLL using fixed string var goodDLL = Assembly.LoadFile(@"C:\visual studio 2012\Projects\ConsoleApplication1\ConsoleApplication1\DLL.dll"); diff --git a/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.cs b/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.cs index 45dd823c1834..e644fb9971a2 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.cs @@ -16,11 +16,11 @@ public void ProcessRequest(HttpContext ctx) catch (Exception ex) { // BAD: printing a stack trace back to the response - ctx.Response.Write(ex.ToString()); // $ Alert[cs/information-exposure-through-exception]=r1 $ Alert[cs/information-exposure-through-exception]=r1 + ctx.Response.Write(ex.ToString()); // $ Alert=r1 $ Alert=r1 // BAD: implicitly printing a stack trace back to the response - ctx.Response.Write(ex); // $ Alert[cs/information-exposure-through-exception]=r2 $ Alert[cs/information-exposure-through-exception]=r2 + ctx.Response.Write(ex); // $ Alert=r2 $ Alert=r2 // BAD: writing StackTrace property to response - ctx.Response.Write(ex.StackTrace); // $ Alert[cs/information-exposure-through-exception]=r3 $ Alert[cs/information-exposure-through-exception]=r3 + ctx.Response.Write(ex.StackTrace); // $ Alert=r3 $ Alert=r3 // GOOD: writing Message property to response ctx.Response.Write(ex.Message); return; @@ -36,15 +36,15 @@ public void ProcessRequest(HttpContext ctx) log("Exception occurred", ex); ctx.Response.Write("Exception occurred"); - textBox.Text = ex.InnerException.StackTrace; // $ Alert[cs/information-exposure-through-exception]=r4 $ Alert[cs/information-exposure-through-exception]=r4 // BAD - textBox.Text = ex.StackTrace; // $ Alert[cs/information-exposure-through-exception]=r5 $ Alert[cs/information-exposure-through-exception]=r5 // BAD - textBox.Text = ex.ToString(); // $ Alert[cs/information-exposure-through-exception]=r6 $ Alert[cs/information-exposure-through-exception]=r6 // BAD + textBox.Text = ex.InnerException.StackTrace; // $ Alert=r4 $ Alert=r4 // BAD + textBox.Text = ex.StackTrace; // $ Alert=r5 $ Alert=r5 // BAD + textBox.Text = ex.ToString(); // $ Alert=r6 $ Alert=r6 // BAD textBox.Text = ex.Message; // GOOD return; } // BAD: printing a stack trace back to the response for a custom exception - ctx.Response.Write(new MyException().ToString()); // $ Alert[cs/information-exposure-through-exception]=r7 $ Alert[cs/information-exposure-through-exception]=r7 + ctx.Response.Write(new MyException().ToString()); // $ Alert=r7 $ Alert=r7 } class MyException : Exception diff --git a/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.cs b/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.cs index 93edb1e318ec..c49f0b81ed95 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.cs @@ -9,9 +9,9 @@ public class InsecureRandomness public void RandomTest() { // BAD: Using insecure RNG to generate password - string password = InsecureRandomString(10); // $ Alert[cs/insecure-randomness]=r1 - password = InsecureRandomStringFromSelection(10); // $ Alert[cs/insecure-randomness]=r2 - password = InsecureRandomStringFromIndexer(10); // $ Alert[cs/insecure-randomness]=r3 + string password = InsecureRandomString(10); // $ Alert=r1 + password = InsecureRandomStringFromSelection(10); // $ Alert=r2 + password = InsecureRandomStringFromIndexer(10); // $ Alert=r3 // IGNORE - do not track further than the first assignment to a tainted variable string passwd = password; // GOOD: Use cryptographically secure RNG @@ -25,7 +25,7 @@ public static string InsecureRandomString(int length) byte[] data = new byte[1]; while (result.Length < length) { - data[0] = (byte)r.Next(97, 122); // $ Source[cs/insecure-randomness]=r1 + data[0] = (byte)r.Next(97, 122); // $ Source=r1 result.Append(new ASCIIEncoding().GetString(data)); } return result.ToString(); @@ -57,7 +57,7 @@ public static string InsecureRandomStringFromSelection(int length) Random r = new Random(); while (result.Length < length) { - result += letters[r.Next(3)]; // $ Source[cs/insecure-randomness]=r2 + result += letters[r.Next(3)]; // $ Source=r2 } return result.ToString(); } @@ -69,7 +69,7 @@ public static string InsecureRandomStringFromIndexer(int length) Random r = new Random(); while (result.Length < length) { - result += letters[r.Next(3)]; // $ Source[cs/insecure-randomness]=r3 + result += letters[r.Next(3)]; // $ Source=r3 } return result; } @@ -77,7 +77,7 @@ public static string InsecureRandomStringFromIndexer(int length) public static string BiasPasswordGeneration() { // BAD: Membership.GeneratePassword generates a password with a bias - string password = System.Web.Security.Membership.GeneratePassword(12, 3); // $ Alert[cs/insecure-randomness]=r4 $ Alert[cs/insecure-randomness]=r4 + string password = System.Web.Security.Membership.GeneratePassword(12, 3); // $ Alert=r4 $ Alert=r4 return password; } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-352/missing-aspnetcore/MissingAntiForgeryTokenValidation.cs b/csharp/ql/test/query-tests/Security Features/CWE-352/missing-aspnetcore/MissingAntiForgeryTokenValidation.cs index 2b9f3974234c..febc12a61255 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-352/missing-aspnetcore/MissingAntiForgeryTokenValidation.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-352/missing-aspnetcore/MissingAntiForgeryTokenValidation.cs @@ -4,7 +4,7 @@ public class HomeController : Controller { // BAD: Anti forgery token has been forgotten [HttpPost] - public ActionResult Login() // $ Alert[cs/web/missing-token-validation] + public ActionResult Login() // $ Alert { return View(); } @@ -55,7 +55,7 @@ public class DerivedUnprotectedController : UnprotectedBaseController { // BAD: No antiforgery validation on this or any base class [HttpPost] - public ActionResult NoInheritedValidation() // $ Alert[cs/web/missing-token-validation] + public ActionResult NoInheritedValidation() // $ Alert { return View(); } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.cs b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.cs index e92b0379f4a2..fbbae845395a 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.cs @@ -10,7 +10,7 @@ public class UrlRedirectHandler : IHttpHandler public void ProcessRequest(HttpContext ctx) { // BAD: a request parameter is incorporated without validation into a URL redirect - ctx.Response.Redirect(ctx.Request.QueryString["page"]); // $ Alert[cs/web/unvalidated-url-redirection]=r2 $ Alert[cs/web/unvalidated-url-redirection]=r2 + ctx.Response.Redirect(ctx.Request.QueryString["page"]); // $ Alert=r2 $ Alert=r2 // GOOD: the request parameter is validated against a known fixed string if (VALID_REDIRECT == ctx.Request.QueryString["page"]) @@ -20,7 +20,7 @@ public void ProcessRequest(HttpContext ctx) // GOOD: We check whether this is a local URL before redirecting, using UrlHelper. // As recommended by https://docs.microsoft.com/en-us/aspnet/mvc/overview/security/preventing-open-redirection-attacks - string url = ctx.Request.QueryString["page"]; // $ Source[cs/web/unvalidated-url-redirection]=r5 $ Source[cs/web/unvalidated-url-redirection]=r6 $ Source[cs/web/unvalidated-url-redirection]=r7 $ Source[cs/web/unvalidated-url-redirection]=r8 + string url = ctx.Request.QueryString["page"]; // $ Source=r5 $ Source=r6 $ Source=r7 $ Source=r8 if (new UrlHelper(null).IsLocalUrl(url)) { ctx.Response.Redirect(url); @@ -35,8 +35,8 @@ public void ProcessRequest(HttpContext ctx) } // BAD: Adding or appending a header - ctx.Response.AddHeader("Location", ctx.Request.QueryString["page"]); // $ Alert[cs/web/unvalidated-url-redirection]=r3 $ Alert[cs/web/unvalidated-url-redirection]=r3 - ctx.Response.AppendHeader("Location", ctx.Request.QueryString["page"]); // $ Alert[cs/web/unvalidated-url-redirection]=r4 $ Alert[cs/web/unvalidated-url-redirection]=r4 + ctx.Response.AddHeader("Location", ctx.Request.QueryString["page"]); // $ Alert=r3 $ Alert=r3 + ctx.Response.AppendHeader("Location", ctx.Request.QueryString["page"]); // $ Alert=r4 $ Alert=r4 // GOOD: Redirecting to the RawUrl only reloads the current Url ctx.Response.Redirect(ctx.Request.RawUrl); @@ -45,7 +45,7 @@ public void ProcessRequest(HttpContext ctx) ctx.Response.Redirect("foo.asp?param=" + url); // BAD: Using Transfer with unvalidated user input - ctx.Server.Transfer(url); // $ Alert[cs/web/unvalidated-url-redirection]=r5 $ Alert[cs/web/unvalidated-url-redirection]=r6 $ Alert[cs/web/unvalidated-url-redirection]=r7 $ Alert=r8 + ctx.Server.Transfer(url); // $ Alert=r5 $ Alert=r6 $ Alert=r7 $ Alert=r8 // GOOD: request parameter is URL encoded ctx.Response.Redirect(HttpUtility.UrlEncode(ctx.Request.QueryString["page"])); @@ -61,19 +61,19 @@ public void ProcessRequest(HttpContext ctx) ctx.Response.Redirect($"foo.asp?param={url}"); // BAD: The attacker can control the location - ctx.Response.Redirect($"{url}.asp?param=foo"); // $ Alert[cs/web/unvalidated-url-redirection]=r6 $ Alert=r5 $ Alert=r7 $ Alert=r8 + ctx.Response.Redirect($"{url}.asp?param=foo"); // $ Alert=r6 $ Alert=r5 $ Alert=r7 $ Alert=r8 // GOOD: The attacker can only control the parameters, not the location ctx.Response.Redirect(string.Format("foo.asp?param={0}", url)); // BAD: The attacker can control the location - ctx.Response.Redirect(string.Format("{0}.asp?param=foo", url)); // $ Alert[cs/web/unvalidated-url-redirection]=r7 $ Alert=r5 $ Alert=r6 $ Alert=r8 + ctx.Response.Redirect(string.Format("{0}.asp?param=foo", url)); // $ Alert=r7 $ Alert=r5 $ Alert=r6 $ Alert=r8 // GOOD: The attacker can only control the parameters, not the location ctx.Response.Redirect(string.Format("foo.asp?{1}param={0}", url, url)); // BAD: The attacker can control the location - ctx.Response.Redirect(string.Format("{1}.asp?{0}param=foo", url, url)); // $ Alert[cs/web/unvalidated-url-redirection]=r8 $ Alert=r5 $ Alert=r6 $ Alert=r7 + ctx.Response.Redirect(string.Format("{1}.asp?{0}param=foo", url, url)); // $ Alert=r8 $ Alert=r5 $ Alert=r6 $ Alert=r7 } // Implementation as recommended by Microsoft. diff --git a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect2.cs b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect2.cs index 6093fbeeb4a7..43c1dcf0b9f6 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect2.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect2.cs @@ -11,7 +11,7 @@ public class UrlRedirectHandler2 : IHttpHandler public void ProcessRequest(HttpContext ctx) { // BAD: a request parameter is incorporated without validation into a URL redirect - ctx.Response.Redirect(ctx.Request.QueryString["page"]); // $ Alert[cs/web/unvalidated-url-redirection]=r1 $ Alert[cs/web/unvalidated-url-redirection]=r1 + ctx.Response.Redirect(ctx.Request.QueryString["page"]); // $ Alert=r1 $ Alert=r1 var redirectUrl = ctx.Request.QueryString["page"]; if (VALID_REDIRECTS.Contains(redirectUrl)) diff --git a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirectCore.cs b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirectCore.cs index 8d1344bad618..687cb39af6c4 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirectCore.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirectCore.cs @@ -10,50 +10,50 @@ public class SomeController : ControllerBase private static string SomeValue = "HeaderValue"; [HttpPost] - public void Post([FromBody] string value) // $ Source[cs/web/unvalidated-url-redirection]=r9 $ Source[cs/web/unvalidated-url-redirection]=r10 $ Source[cs/web/unvalidated-url-redirection]=r11 $ Source[cs/web/unvalidated-url-redirection]=r12 $ Source[cs/web/unvalidated-url-redirection]=r13 $ Source[cs/web/unvalidated-url-redirection]=r14 $ Source[cs/web/unvalidated-url-redirection]=r15 + public void Post([FromBody] string value) // $ Source=r9 $ Source=r10 $ Source=r11 $ Source=r12 $ Source=r13 $ Source=r14 $ Source=r15 { // BAD: straight up controller redirect - Redirect(value); // $ Alert[cs/web/unvalidated-url-redirection]=r9 $ Alert=r10 $ Alert=r11 $ Alert=r12 $ Alert=r13 $ Alert=r14 $ Alert=r15 + Redirect(value); // $ Alert=r9 $ Alert=r10 $ Alert=r11 $ Alert=r12 $ Alert=r13 $ Alert=r14 $ Alert=r15 // BAD: Setting response headers collection, location = redirect - Response.Headers["location"] = value; // $ Alert[cs/web/unvalidated-url-redirection]=r10 $ Alert=r11 $ Alert=r12 $ Alert=r13 $ Alert=r14 $ Alert=r15 $ Alert=r9 + Response.Headers["location"] = value; // $ Alert=r10 $ Alert=r11 $ Alert=r12 $ Alert=r13 $ Alert=r14 $ Alert=r15 $ Alert=r9 // GOOD: Setting response header to a constant value Response.Headers["location"] = SomeValue; // BAD: Setting response headers collection, location = redirect via add method - Response.Headers.Add("location", value); // $ Alert[cs/web/unvalidated-url-redirection]=r11 $ Alert=r10 $ Alert=r12 $ Alert=r13 $ Alert=r14 $ Alert=r15 $ Alert=r9 + Response.Headers.Add("location", value); // $ Alert=r11 $ Alert=r10 $ Alert=r12 $ Alert=r13 $ Alert=r14 $ Alert=r15 $ Alert=r9 // GOOD: Setting response header to a constant value Response.Headers.Add("location", "foo"); // BAD: redirect via location - Response.Headers.SetCommaSeparatedValues("location", value); // $ Alert[cs/web/unvalidated-url-redirection]=r12 $ Alert=r10 $ Alert=r11 $ Alert=r13 $ Alert=r14 $ Alert=r15 $ Alert=r9 + Response.Headers.SetCommaSeparatedValues("location", value); // $ Alert=r12 $ Alert=r10 $ Alert=r11 $ Alert=r13 $ Alert=r14 $ Alert=r15 $ Alert=r9 // BAD = redirect via setting location value from tainted source - Response.Headers.Append("location", value); // $ Alert[cs/web/unvalidated-url-redirection]=r13 $ Alert=r10 $ Alert=r11 $ Alert=r12 $ Alert=r14 $ Alert=r15 $ Alert=r9 + Response.Headers.Append("location", value); // $ Alert=r13 $ Alert=r10 $ Alert=r11 $ Alert=r12 $ Alert=r14 $ Alert=r15 $ Alert=r9 // BAD: redirect via setting location header from comma-separated values - Response.Headers.AppendCommaSeparatedValues("location", value); // $ Alert[cs/web/unvalidated-url-redirection]=r14 $ Alert=r10 $ Alert=r11 $ Alert=r12 $ Alert=r13 $ Alert=r15 $ Alert=r9 + Response.Headers.AppendCommaSeparatedValues("location", value); // $ Alert=r14 $ Alert=r10 $ Alert=r11 $ Alert=r12 $ Alert=r13 $ Alert=r15 $ Alert=r9 // BAD: tainted redirect to Action - RedirectToActionPermanent("Error" + value); // $ Alert[cs/web/unvalidated-url-redirection]=r15 $ Alert=r10 $ Alert=r11 $ Alert=r12 $ Alert=r13 $ Alert=r14 $ Alert=r9 + RedirectToActionPermanent("Error" + value); // $ Alert=r15 $ Alert=r10 $ Alert=r11 $ Alert=r12 $ Alert=r13 $ Alert=r14 $ Alert=r9 } // PUT: api/Some/5 [HttpPut("{id}")] - public void Put(int id, [FromBody] string value) // $ Source[cs/web/unvalidated-url-redirection]=r16 $ Source[cs/web/unvalidated-url-redirection]=r17 $ Source[cs/web/unvalidated-url-redirection]=r18 + public void Put(int id, [FromBody] string value) // $ Source=r16 $ Source=r17 $ Source=r18 { - RedirectToPage(value); // $ Alert[cs/web/unvalidated-url-redirection]=r16 $ Alert=r17 $ Alert=r18 + RedirectToPage(value); // $ Alert=r16 $ Alert=r17 $ Alert=r18 var headers = new ResponseHeaders(Response.Headers); // BAD: redirect via header helper class - headers.Location = new Uri(value); // $ Alert[cs/web/unvalidated-url-redirection]=r17 $ Alert=r16 $ Alert=r18 + headers.Location = new Uri(value); // $ Alert=r17 $ Alert=r16 $ Alert=r18 // BAD: response redirect - Response.Redirect(value); // $ Alert[cs/web/unvalidated-url-redirection]=r18 $ Alert=r16 $ Alert=r17 + Response.Redirect(value); // $ Alert=r18 $ Alert=r16 $ Alert=r17 // GOOD: whitelisted redirect if(Url.IsLocalUrl(value)) diff --git a/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.cs b/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.cs index e93d847211a8..f0933522950c 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.cs @@ -8,16 +8,16 @@ public class XPathInjectionHandler : IHttpHandler { public void ProcessRequest(HttpContext ctx) { - string userName = ctx.Request.QueryString["userName"]; // $ Source[cs/xml/xpath-injection]=r1 $ Source[cs/xml/xpath-injection]=r3 $ Source[cs/xml/xpath-injection]=r5 $ Source[cs/xml/xpath-injection]=r7 $ Source[cs/xml/xpath-injection]=r9 $ Source[cs/xml/xpath-injection]=r11 $ Source[cs/xml/xpath-injection]=r13 - string password = ctx.Request.QueryString["password"]; // $ Source[cs/xml/xpath-injection]=r2 $ Source[cs/xml/xpath-injection]=r4 $ Source[cs/xml/xpath-injection]=r6 $ Source[cs/xml/xpath-injection]=r8 $ Source[cs/xml/xpath-injection]=r10 $ Source[cs/xml/xpath-injection]=r12 $ Source[cs/xml/xpath-injection]=r14 + string userName = ctx.Request.QueryString["userName"]; // $ Source=r1 $ Source=r3 $ Source=r5 $ Source=r7 $ Source=r9 $ Source=r11 $ Source=r13 + string password = ctx.Request.QueryString["password"]; // $ Source=r2 $ Source=r4 $ Source=r6 $ Source=r8 $ Source=r10 $ Source=r12 $ Source=r14 var s = "//users/user[login/text()='" + userName + "' and password/text() = '" + password + "']/home_dir/text()"; // BAD: User input used directly in an XPath expression - XPathExpression.Compile(s); // $ Alert[cs/xml/xpath-injection]=r1 $ Alert[cs/xml/xpath-injection]=r2 $ Alert[cs/xml/xpath-injection]=r3 $ Alert[cs/xml/xpath-injection]=r4 $ Alert[cs/xml/xpath-injection]=r5 $ Alert[cs/xml/xpath-injection]=r6 $ Alert[cs/xml/xpath-injection]=r7 $ Alert[cs/xml/xpath-injection]=r8 $ Alert[cs/xml/xpath-injection]=r9 $ Alert[cs/xml/xpath-injection]=r10 $ Alert[cs/xml/xpath-injection]=r11 $ Alert[cs/xml/xpath-injection]=r12 $ Alert[cs/xml/xpath-injection]=r13 $ Alert[cs/xml/xpath-injection]=r14 + XPathExpression.Compile(s); // $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7 $ Alert=r8 $ Alert=r9 $ Alert=r10 $ Alert=r11 $ Alert=r12 $ Alert=r13 $ Alert=r14 XmlNode xmlNode = null; // BAD: User input used directly in an XPath expression to SelectNodes - xmlNode.SelectNodes(s); // $ Alert[cs/xml/xpath-injection]=r1 $ Alert[cs/xml/xpath-injection]=r2 $ Alert[cs/xml/xpath-injection]=r3 $ Alert[cs/xml/xpath-injection]=r4 $ Alert[cs/xml/xpath-injection]=r5 $ Alert[cs/xml/xpath-injection]=r6 $ Alert[cs/xml/xpath-injection]=r7 $ Alert[cs/xml/xpath-injection]=r8 $ Alert[cs/xml/xpath-injection]=r9 $ Alert[cs/xml/xpath-injection]=r10 $ Alert[cs/xml/xpath-injection]=r11 $ Alert[cs/xml/xpath-injection]=r12 $ Alert[cs/xml/xpath-injection]=r13 $ Alert[cs/xml/xpath-injection]=r14 + xmlNode.SelectNodes(s); // $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7 $ Alert=r8 $ Alert=r9 $ Alert=r10 $ Alert=r11 $ Alert=r12 $ Alert=r13 $ Alert=r14 // GOOD: Uses parameters to avoid including user input directly in XPath expression var expr = XPathExpression.Compile("//users/user[login/text()=$username]/home_dir/text()"); @@ -26,31 +26,31 @@ public void ProcessRequest(HttpContext ctx) var nav = doc.CreateNavigator(); // BAD - nav.Select(s); // $ Alert[cs/xml/xpath-injection]=r1 $ Alert[cs/xml/xpath-injection]=r2 $ Alert[cs/xml/xpath-injection]=r3 $ Alert[cs/xml/xpath-injection]=r4 $ Alert[cs/xml/xpath-injection]=r5 $ Alert[cs/xml/xpath-injection]=r6 $ Alert[cs/xml/xpath-injection]=r7 $ Alert[cs/xml/xpath-injection]=r8 $ Alert[cs/xml/xpath-injection]=r9 $ Alert[cs/xml/xpath-injection]=r10 $ Alert[cs/xml/xpath-injection]=r11 $ Alert[cs/xml/xpath-injection]=r12 $ Alert[cs/xml/xpath-injection]=r13 $ Alert[cs/xml/xpath-injection]=r14 + nav.Select(s); // $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7 $ Alert=r8 $ Alert=r9 $ Alert=r10 $ Alert=r11 $ Alert=r12 $ Alert=r13 $ Alert=r14 // GOOD nav.Select(expr); // BAD - nav.SelectSingleNode(s); // $ Alert[cs/xml/xpath-injection]=r1 $ Alert[cs/xml/xpath-injection]=r2 $ Alert[cs/xml/xpath-injection]=r3 $ Alert[cs/xml/xpath-injection]=r4 $ Alert[cs/xml/xpath-injection]=r5 $ Alert[cs/xml/xpath-injection]=r6 $ Alert[cs/xml/xpath-injection]=r7 $ Alert[cs/xml/xpath-injection]=r8 $ Alert[cs/xml/xpath-injection]=r9 $ Alert[cs/xml/xpath-injection]=r10 $ Alert[cs/xml/xpath-injection]=r11 $ Alert[cs/xml/xpath-injection]=r12 $ Alert[cs/xml/xpath-injection]=r13 $ Alert[cs/xml/xpath-injection]=r14 + nav.SelectSingleNode(s); // $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7 $ Alert=r8 $ Alert=r9 $ Alert=r10 $ Alert=r11 $ Alert=r12 $ Alert=r13 $ Alert=r14 // GOOD nav.SelectSingleNode(expr); // BAD - nav.Compile(s); // $ Alert[cs/xml/xpath-injection]=r1 $ Alert[cs/xml/xpath-injection]=r2 $ Alert[cs/xml/xpath-injection]=r3 $ Alert[cs/xml/xpath-injection]=r4 $ Alert[cs/xml/xpath-injection]=r5 $ Alert[cs/xml/xpath-injection]=r6 $ Alert[cs/xml/xpath-injection]=r7 $ Alert[cs/xml/xpath-injection]=r8 $ Alert[cs/xml/xpath-injection]=r9 $ Alert[cs/xml/xpath-injection]=r10 $ Alert[cs/xml/xpath-injection]=r11 $ Alert[cs/xml/xpath-injection]=r12 $ Alert[cs/xml/xpath-injection]=r13 $ Alert[cs/xml/xpath-injection]=r14 + nav.Compile(s); // $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7 $ Alert=r8 $ Alert=r9 $ Alert=r10 $ Alert=r11 $ Alert=r12 $ Alert=r13 $ Alert=r14 // GOOD nav.Compile("//users/user[login/text()=$username]/home_dir/text()"); // BAD - nav.Evaluate(s); // $ Alert[cs/xml/xpath-injection]=r1 $ Alert[cs/xml/xpath-injection]=r2 $ Alert[cs/xml/xpath-injection]=r3 $ Alert[cs/xml/xpath-injection]=r4 $ Alert[cs/xml/xpath-injection]=r5 $ Alert[cs/xml/xpath-injection]=r6 $ Alert[cs/xml/xpath-injection]=r7 $ Alert[cs/xml/xpath-injection]=r8 $ Alert[cs/xml/xpath-injection]=r9 $ Alert[cs/xml/xpath-injection]=r10 $ Alert[cs/xml/xpath-injection]=r11 $ Alert[cs/xml/xpath-injection]=r12 $ Alert[cs/xml/xpath-injection]=r13 $ Alert[cs/xml/xpath-injection]=r14 + nav.Evaluate(s); // $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7 $ Alert=r8 $ Alert=r9 $ Alert=r10 $ Alert=r11 $ Alert=r12 $ Alert=r13 $ Alert=r14 // Good nav.Evaluate(expr); // BAD - nav.Matches(s); // $ Alert[cs/xml/xpath-injection]=r1 $ Alert[cs/xml/xpath-injection]=r2 $ Alert[cs/xml/xpath-injection]=r3 $ Alert[cs/xml/xpath-injection]=r4 $ Alert[cs/xml/xpath-injection]=r5 $ Alert[cs/xml/xpath-injection]=r6 $ Alert[cs/xml/xpath-injection]=r7 $ Alert[cs/xml/xpath-injection]=r8 $ Alert[cs/xml/xpath-injection]=r9 $ Alert[cs/xml/xpath-injection]=r10 $ Alert[cs/xml/xpath-injection]=r11 $ Alert[cs/xml/xpath-injection]=r12 $ Alert[cs/xml/xpath-injection]=r13 $ Alert[cs/xml/xpath-injection]=r14 + nav.Matches(s); // $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7 $ Alert=r8 $ Alert=r9 $ Alert=r10 $ Alert=r11 $ Alert=r12 $ Alert=r13 $ Alert=r14 // GOOD nav.Matches(expr); @@ -71,17 +71,17 @@ public void ProcessStoredRequest() { connection.Open(); SqlCommand customerCommand = new SqlCommand("SELECT * FROM customers", connection); - SqlDataReader customerReader = customerCommand.ExecuteReader(); // $ Source[cs/xml/xpath-injection]=r15 $ Source[cs/xml/xpath-injection]=r16 + SqlDataReader customerReader = customerCommand.ExecuteReader(); // $ Source=r15 $ Source=r16 while (customerReader.Read()) { string userName = customerReader.GetString(1); string password = customerReader.GetString(2); // BAD: User input used directly in an XPath expression - XPathExpression.Compile("//users/user[login/text()='" + userName + "' and password/text() = '" + password + "']/home_dir/text()"); // $ Alert[cs/xml/xpath-injection]=r15 $ Alert=r16 + XPathExpression.Compile("//users/user[login/text()='" + userName + "' and password/text() = '" + password + "']/home_dir/text()"); // $ Alert=r15 $ Alert=r16 XmlNode xmlNode = null; // BAD: User input used directly in an XPath expression to SelectNodes - xmlNode.SelectNodes("//users/user[login/text()='" + userName + "' and password/text() = '" + password + "']/home_dir/text()"); // $ Alert[cs/xml/xpath-injection]=r16 $ Alert=r15 + xmlNode.SelectNodes("//users/user[login/text()='" + userName + "' and password/text() = '" + password + "']/home_dir/text()"); // $ Alert=r16 $ Alert=r15 // GOOD: Uses parameters to avoid including user input directly in XPath expression XPathExpression.Compile("//users/user[login/text()=$username]/home_dir/text()"); diff --git a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ExponentialRegex.cs b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ExponentialRegex.cs index dd021a8da7a2..b840a8cf3393 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ExponentialRegex.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ExponentialRegex.cs @@ -8,20 +8,20 @@ public class RegexHandler : IHttpHandler public void ProcessRequest(HttpContext ctx) { - string userInput = ctx.Request.QueryString["userInput"]; // $ Source[cs/redos]=r1 $ Source[cs/redos]=r2 $ Source[cs/redos]=r3 $ Source[cs/redos]=r4 $ Source[cs/redos]=r5 + string userInput = ctx.Request.QueryString["userInput"]; // $ Source=r1 $ Source=r2 $ Source=r3 $ Source=r4 $ Source=r5 // BAD: // Artificial regexes - new Regex("^([a-z]+)+$").Match(userInput); // $ Alert[cs/redos]=r1 $ Alert[cs/redos]=r2 $ Alert[cs/redos]=r3 $ Alert=r4 $ Alert=r5 - new Regex("^([a-z]*)*$").Replace(userInput, ""); // $ Alert[cs/redos]=r2 $ Alert=r1 $ Alert=r3 $ Alert=r4 $ Alert=r5 + new Regex("^([a-z]+)+$").Match(userInput); // $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 + new Regex("^([a-z]*)*$").Replace(userInput, ""); // $ Alert=r2 $ Alert=r1 $ Alert=r3 $ Alert=r4 $ Alert=r5 // Known exponential blowup regex for e-mail address validation // Problematic part is: ([a-zA-Z0-9]+))* - new Regex("^([a-zA-Z0-9])(([\\-.]|[_]+)?([a-zA-Z0-9]+))*(@){1}[a-z0-9]+[.]{1}(([a-z]{2,3})|([a-z]{2,3}[.]{1}[a-z]{2,3}))$").Match(userInput); // $ Alert[cs/redos]=r3 $ Alert=r1 $ Alert=r2 $ Alert=r4 $ Alert=r5 + new Regex("^([a-zA-Z0-9])(([\\-.]|[_]+)?([a-zA-Z0-9]+))*(@){1}[a-z0-9]+[.]{1}(([a-z]{2,3})|([a-z]{2,3}[.]{1}[a-z]{2,3}))$").Match(userInput); // $ Alert=r3 $ Alert=r1 $ Alert=r2 $ Alert=r4 $ Alert=r5 // Known exponential blowup regex for Java class name validation // Problematic part is: (([a-z])+.)+ - new Regex(JAVA_CLASS_REGEX).Match(userInput); // $ Alert[cs/redos]=r4 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r5 + new Regex(JAVA_CLASS_REGEX).Match(userInput); // $ Alert=r4 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r5 // Static use - Regex.Match(userInput, JAVA_CLASS_REGEX); // $ Alert[cs/redos]=r5 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 + Regex.Match(userInput, JAVA_CLASS_REGEX); // $ Alert=r5 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 // GOOD: new Regex("^(([a-b]+[c-z]+)+$").Match(userInput); new Regex("^([a-z]+)+$", RegexOptions.IgnoreCase, TimeSpan.FromSeconds(1)).Match(userInput); diff --git a/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.cs b/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.cs index 877a029de660..5b4276d3af1d 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.cs @@ -7,11 +7,11 @@ public class RegexInjectionHandler : IHttpHandler public void ProcessRequest(HttpContext ctx) { - string regex = ctx.Request.QueryString["regex"]; // $ Source[cs/regex-injection]=r1 + string regex = ctx.Request.QueryString["regex"]; // $ Source=r1 string userInput = ctx.Request.QueryString["userInput"]; // BAD: User input used as regex - new Regex(regex).Match(userInput); // $ Alert[cs/regex-injection]=r1 + new Regex(regex).Match(userInput); // $ Alert=r1 // GOOD: User input escaped before being used as regex new Regex(Regex.Escape(regex)).Match(userInput); } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.cs b/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.cs index 37ba383da09a..f9229857f134 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.cs @@ -9,22 +9,22 @@ public void ProcessRequest(HttpContext ctx) { string user = ctx.Request.QueryString["user"]; string password = ctx.Request.QueryString["password"]; - string isAdmin = ctx.Request.QueryString["isAdmin"]; // $ Source[cs/user-controlled-bypass]=r1 + string isAdmin = ctx.Request.QueryString["isAdmin"]; // $ Source=r1 // BAD: login is only executed if isAdmin is false, but isAdmin // is controlled by the user - if (isAdmin == "false") // $ Alert[cs/user-controlled-bypass]=r1 + if (isAdmin == "false") // $ Alert=r1 login(user, password); - HttpCookie adminCookie = ctx.Request.Cookies["adminCookie"]; // $ Source[cs/user-controlled-bypass]=r2 $ Source[cs/user-controlled-bypass]=r3 $ Source[cs/user-controlled-bypass]=r4 + HttpCookie adminCookie = ctx.Request.Cookies["adminCookie"]; // $ Source=r2 $ Source=r3 $ Source=r4 // BAD: login is only executed if the cookie value is false, but the cookie // is controlled by the user - if (adminCookie.Value.Equals("false")) // $ Alert[cs/user-controlled-bypass]=r2 $ Alert[cs/user-controlled-bypass]=r3 $ Alert[cs/user-controlled-bypass]=r4 + if (adminCookie.Value.Equals("false")) // $ Alert=r2 $ Alert=r3 $ Alert=r4 login(user, password); // FALSE POSITIVES: both methods are conditionally executed, but they probably // both perform the security-critical action - if (adminCookie.Value == "false") // $ Alert[cs/user-controlled-bypass]=r3 $ Alert[cs/user-controlled-bypass]=r4 $ Alert=r2 + if (adminCookie.Value == "false") // $ Alert=r3 $ Alert=r4 $ Alert=r2 { login(user, password); } @@ -39,14 +39,14 @@ public void ProcessRequest(HttpContext ctx) // BAD: DNS may be controlled by the user IPAddress hostIPAddress = IPAddress.Parse("1.2.3.4"); - IPHostEntry hostInfo = Dns.GetHostByAddress(hostIPAddress); // $ Source[cs/user-controlled-bypass]=r5 $ Source[cs/user-controlled-bypass]=r6 + IPHostEntry hostInfo = Dns.GetHostByAddress(hostIPAddress); // $ Source=r5 $ Source=r6 // Exact comparison - if (hostInfo.HostName == "trustme.com") // $ Alert[cs/user-controlled-bypass]=r5 $ Alert=r6 + if (hostInfo.HostName == "trustme.com") // $ Alert=r5 $ Alert=r6 { login(user, password); } // Substring comparison - if (hostInfo.HostName.EndsWith("trustme.com")) // $ Alert[cs/user-controlled-bypass]=r6 $ Alert=r5 + if (hostInfo.HostName.EndsWith("trustme.com")) // $ Alert=r6 $ Alert=r5 { login(user, password); } @@ -67,9 +67,9 @@ public static void Test(HttpContext ctx, String user, String password) public static void Test2(HttpContext ctx, String user, String password) { - HttpCookie adminCookie = ctx.Request.Cookies["adminCookie"]; // $ Source[cs/user-controlled-bypass]=r7 + HttpCookie adminCookie = ctx.Request.Cookies["adminCookie"]; // $ Source=r7 // BAD: login may happen once or twice - if (adminCookie.Value == "false") // $ Alert[cs/user-controlled-bypass]=r7 + if (adminCookie.Value == "false") // $ Alert=r7 login(user, password); else { @@ -80,8 +80,8 @@ public static void Test2(HttpContext ctx, String user, String password) public static void Test3(HttpContext ctx, String user, String password) { - HttpCookie adminCookie = ctx.Request.Cookies["adminCookie"]; // $ Source[cs/user-controlled-bypass]=r8 - if (adminCookie.Value == "false") // $ Alert[cs/user-controlled-bypass]=r8 + HttpCookie adminCookie = ctx.Request.Cookies["adminCookie"]; // $ Source=r8 + if (adminCookie.Value == "false") // $ Alert=r8 login(user, password); else { diff --git a/csharp/ql/test/query-tests/Security Features/CWE-838/HtmlEncode.cs b/csharp/ql/test/query-tests/Security Features/CWE-838/HtmlEncode.cs index 66ad8fb4c1a4..fc86cc497ea4 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-838/HtmlEncode.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-838/HtmlEncode.cs @@ -7,7 +7,7 @@ public class HtmlEncode public static void Bad(HttpContext ctx) { var user = WebUtility.UrlDecode(ctx.Request.QueryString["user"]); - ctx.Response.Write("Hello, " + WebUtility.UrlEncode(user)); // $ Alert[cs/inappropriate-encoding]=r1 $ Alert[cs/inappropriate-encoding]=r1 + ctx.Response.Write("Hello, " + WebUtility.UrlEncode(user)); // $ Alert=r1 $ Alert=r1 } public static void Good(HttpContext ctx) diff --git a/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.cs b/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.cs index 1b432e41c112..9446505e7242 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.cs @@ -10,12 +10,12 @@ public class InappropriateEncoding { public void Sql(string value) { - var encodedValue = Encode(value); // $ Source[cs/inappropriate-encoding]=r2 + var encodedValue = Encode(value); // $ Source=r2 using (var connection = new SqlConnection("")) { var query1 = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + encodedValue + "' ORDER BY PRICE"; // BAD - var adapter = new SqlDataAdapter(query1, connection); // $ Alert[cs/inappropriate-encoding]=r2 $ Alert[cs/inappropriate-encoding]=r3 + var adapter = new SqlDataAdapter(query1, connection); // $ Alert=r2 $ Alert=r3 var query2 = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=@category ORDER BY PRICE"; // GOOD @@ -28,13 +28,13 @@ public void Sql(string value) public void Html(string value, Label label, System.Windows.Forms.HtmlElement html) { // BAD - label.Text = Encode(value); // $ Alert[cs/inappropriate-encoding]=r4 $ Alert[cs/inappropriate-encoding]=r4 - label.Text = HttpUtility.UrlEncode(value); // $ Alert[cs/inappropriate-encoding]=r5 $ Alert[cs/inappropriate-encoding]=r5 - label.Text = HttpUtility.UrlEncode(HttpUtility.HtmlEncode(value)); // $ Alert[cs/inappropriate-encoding]=r6 $ Alert[cs/inappropriate-encoding]=r6 - var encodedValue = HttpUtility.UrlEncode(value); // $ Source[cs/inappropriate-encoding]=r7 $ Source[cs/inappropriate-encoding]=r8 $ Source[cs/inappropriate-encoding]=r9 - html.SetAttribute("a", encodedValue); // $ Alert[cs/inappropriate-encoding]=r7 $ Alert[cs/inappropriate-encoding]=r8 $ Alert[cs/inappropriate-encoding]=r9 - label.Text = ""; // $ Alert[cs/inappropriate-encoding]=r8 $ Alert=r7 $ Alert=r9 - label.Text = string.Format("", encodedValue); // $ Alert[cs/inappropriate-encoding]=r9 $ Alert=r7 $ Alert=r8 + label.Text = Encode(value); // $ Alert=r4 $ Alert=r4 + label.Text = HttpUtility.UrlEncode(value); // $ Alert=r5 $ Alert=r5 + label.Text = HttpUtility.UrlEncode(HttpUtility.HtmlEncode(value)); // $ Alert=r6 $ Alert=r6 + var encodedValue = HttpUtility.UrlEncode(value); // $ Source=r7 $ Source=r8 $ Source=r9 + html.SetAttribute("a", encodedValue); // $ Alert=r7 $ Alert=r8 $ Alert=r9 + label.Text = ""; // $ Alert=r8 $ Alert=r7 $ Alert=r9 + label.Text = string.Format("", encodedValue); // $ Alert=r9 $ Alert=r7 $ Alert=r8 // GOOD label.Text = HttpUtility.HtmlEncode(value); @@ -52,8 +52,8 @@ public void Html(string value, Label label, System.Windows.Forms.HtmlElement htm public void Url(string value, HttpServerUtility util, HttpContext ctx) { // BAD - var encodedValue = HttpUtility.HtmlEncode(value); // $ Source[cs/inappropriate-encoding]=r10 - ctx.Response.Redirect(encodedValue); // $ Alert[cs/inappropriate-encoding]=r10 + var encodedValue = HttpUtility.HtmlEncode(value); // $ Source=r10 + ctx.Response.Redirect(encodedValue); // $ Alert=r10 // GOOD ctx.Response.Redirect(HttpUtility.UrlEncode(encodedValue)); @@ -63,6 +63,6 @@ public void Url(string value, HttpServerUtility util, HttpContext ctx) static string Encode(string value) { - return value.Replace("\"", "\\\""); // $ Source[cs/inappropriate-encoding]=r3 + return value.Replace("\"", "\\\""); // $ Source=r3 } } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-838/SqlEncode.cs b/csharp/ql/test/query-tests/Security Features/CWE-838/SqlEncode.cs index 1e55ade7a9de..77cb8a4485dd 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-838/SqlEncode.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-838/SqlEncode.cs @@ -11,8 +11,8 @@ public static DataSet Bad(HttpContext ctx) var user = WebUtility.UrlDecode(ctx.Request.QueryString["user"]); using (var connection = new SqlConnection("")) { - var query = "select * from Users where Name='" + user.Replace("\"", "\"\"") + "'"; // $ Source[cs/inappropriate-encoding]=r11 - var adapter = new SqlDataAdapter(query, connection); // $ Alert[cs/inappropriate-encoding]=r11 + var query = "select * from Users where Name='" + user.Replace("\"", "\"\"") + "'"; // $ Source=r11 + var adapter = new SqlDataAdapter(query, connection); // $ Alert=r11 var result = new DataSet(); adapter.Fill(result); return result; diff --git a/csharp/ql/test/query-tests/Security Features/CWE-838/UrlEncode.cs b/csharp/ql/test/query-tests/Security Features/CWE-838/UrlEncode.cs index 303a807a577d..a0576cd26a9c 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-838/UrlEncode.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-838/UrlEncode.cs @@ -7,7 +7,7 @@ public class UrlEncode public static void Bad(string value, HttpContext ctx) { var user = WebUtility.UrlDecode(ctx.Request.QueryString["user"]); - ctx.Response.Redirect("?param=" + WebUtility.HtmlEncode(user)); // $ Alert[cs/inappropriate-encoding]=r12 $ Alert[cs/inappropriate-encoding]=r12 + ctx.Response.Redirect("?param=" + WebUtility.HtmlEncode(user)); // $ Alert=r12 $ Alert=r12 } public static void Good(string value, HttpContext ctx)