Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
ModifiedFnvFunctionDetection.ql
query: ModifiedFnvFunctionDetection.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
NumberOfKnownCommandsAboveThreshold.ql
query: NumberOfKnownCommandsAboveThreshold.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
NumberOfKnownHashesAboveThreshold.ql
query: NumberOfKnownHashesAboveThreshold.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
NumberOfKnownLiteralsAboveThreshold.ql
query: NumberOfKnownLiteralsAboveThreshold.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
NumberOfKnownMethodNamesAboveThreshold.ql
query: NumberOfKnownMethodNamesAboveThreshold.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
SwallowEverythingExceptionHandler.ql
query: SwallowEverythingExceptionHandler.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql
434 changes: 217 additions & 217 deletions csharp/ql/campaigns/Solorigate/test/Solorigate/test.cs

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

<div>
<p>Value from InputText: @Value</p>
<p>Raw value from InputText: @(new MarkupString(Value))</p>
<p>Raw value from InputText: @(new MarkupString(Value))</p> @* $ Alert[cs/web/xss]=r1 *@
</div>

@code {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
<h3>Route parameter</h3>
<p>Go to: <a href="/test/@XssUrl">/test/@XssUrl</a></p>
<p>Parameter from URL: @UrlParam</p>
<p>Raw parameter from URL: @((MarkupString)UrlParam)</p>
<p>Raw parameter from URL: @((MarkupString)UrlParam)</p> @* $ Alert[cs/web/xss]=r2 $ Alert[cs/web/xss]=r2 *@
</div>

<hr />
Expand All @@ -17,7 +17,7 @@
<h3>Query parameter</h3>
<p>Go to: <a href="/test/?qs=@XssUrl">/test/?qs=@XssUrl</a></p>
<p>Parameter from query string: @QueryParam</p>
<p>Raw parameter from query string: @(new MarkupString(QueryParam))</p>
<p>Raw parameter from query string: @(new MarkupString(QueryParam))</p> @* $ Alert[cs/web/xss]=r3 $ Alert[cs/web/xss]=r3 *@
</div>

<hr />
Expand Down Expand Up @@ -82,7 +82,7 @@
</div>

<div>
<MyOutput Value="@QueryParam" />
<MyOutput Value="@QueryParam" /> @* $ Source[cs/web/xss]=r1 *@
</div>

@code {
Expand Down
Original file line number Diff line number Diff line change
@@ -1,2 +1,4 @@
query: Security Features/CWE-079/XSS.ql
postprocess: utils/test/PrettyPrintModels.ql
postprocess:
- utils/test/PrettyPrintModels.ql
- utils/test/InlineExpectationsTestQuery.ql
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

<div>
<p>Value from InputText: @Value</p>
<p>Raw value from InputText: @(new MarkupString(Value))</p>
<p>Raw value from InputText: @(new MarkupString(Value))</p> @* $ Alert[cs/web/xss]=r1 *@
</div>

@code {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
<h3>Route parameter</h3>
<p>Go to: <a href="/test/@XssUrl">/test/@XssUrl</a></p>
<p>Parameter from URL: @UrlParam</p>
<p>Raw parameter from URL: @((MarkupString)UrlParam)</p>
<p>Raw parameter from URL: @((MarkupString)UrlParam)</p> @* $ Alert[cs/web/xss]=r2 $ Alert[cs/web/xss]=r2 *@
</div>

<hr />
Expand All @@ -17,7 +17,7 @@
<h3>Query parameter</h3>
<p>Go to: <a href="/test/?qs=@XssUrl">/test/?qs=@XssUrl</a></p>
<p>Parameter from query string: @QueryParam</p>
<p>Raw parameter from query string: @(new MarkupString(QueryParam))</p>
<p>Raw parameter from query string: @(new MarkupString(QueryParam))</p> @* $ Alert[cs/web/xss]=r3 $ Alert[cs/web/xss]=r3 *@
</div>

<hr />
Expand Down Expand Up @@ -82,7 +82,7 @@
</div>

<div>
<MyOutput Value="@QueryParam" />
<MyOutput Value="@QueryParam" /> @* $ Source[cs/web/xss]=r1 *@
</div>

@code {
Expand Down
Original file line number Diff line number Diff line change
@@ -1,2 +1,4 @@
query: Security Features/CWE-079/XSS.ql
postprocess: utils/test/PrettyPrintModels.ql
postprocess:
- utils/test/PrettyPrintModels.ql
- utils/test/InlineExpectationsTestQuery.ql
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

<div>
<p>Value from InputText: @Value</p>
<p>Raw value from InputText: @(new MarkupString(Value))</p>
<p>Raw value from InputText: @(new MarkupString(Value))</p> @* $ Alert[cs/web/xss]=r1 *@
</div>

@code {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
<h3>Route parameter</h3>
<p>Go to: <a href="/test/@XssUrl">/test/@XssUrl</a></p>
<p>Parameter from URL: @UrlParam</p>
<p>Raw parameter from URL: @((MarkupString)UrlParam)</p>
<p>Raw parameter from URL: @((MarkupString)UrlParam)</p> @* $ Alert[cs/web/xss]=r2 $ Alert[cs/web/xss]=r2 *@
</div>

<hr />
Expand All @@ -17,7 +17,7 @@
<h3>Query parameter</h3>
<p>Go to: <a href="/test/?qs=@XssUrl">/test/?qs=@XssUrl</a></p>
<p>Parameter from query string: @QueryParam</p>
<p>Raw parameter from query string: @(new MarkupString(QueryParam))</p>
<p>Raw parameter from query string: @(new MarkupString(QueryParam))</p> @* $ Alert[cs/web/xss]=r3 $ Alert[cs/web/xss]=r3 *@
</div>

<hr />
Expand Down Expand Up @@ -82,7 +82,7 @@
</div>

<div>
<MyOutput Value="@QueryParam" />
<MyOutput Value="@QueryParam" /> @* $ Source[cs/web/xss]=r1 *@
</div>

@code {
Expand Down
Original file line number Diff line number Diff line change
@@ -1,2 +1,4 @@
query: Security Features/CWE-079/XSS.ql
postprocess: utils/test/PrettyPrintModels.ql
postprocess:
- utils/test/PrettyPrintModels.ql
- utils/test/InlineExpectationsTestQuery.ql
Original file line number Diff line number Diff line change
@@ -1 +1 @@
Telemetry/DatabaseQualityDiagnostics.ql
query: Telemetry/DatabaseQualityDiagnostics.ql
Original file line number Diff line number Diff line change
@@ -1 +1 @@
Telemetry/DatabaseQualityDiagnostics.ql
query: Telemetry/DatabaseQualityDiagnostics.ql
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,6 @@ public PersonBad(int age)
[OnDeserializing]
void ISerializable.GetObjectData(SerializationInfo info, StreamingContext context)
{
Age = info.GetInt32("age"); // BAD - write is unsafe
Age = info.GetInt32("age"); // $ Alert // BAD - write is unsafe
}
}
4 changes: 2 additions & 2 deletions csharp/ql/test/experimental/CWE-918/RequestForgery.cs
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ public class SSRFController : Controller
{
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Bad(string url)
public async Task<ActionResult> Bad(string url) // $ Source=r1
{
var request = new HttpRequestMessage(HttpMethod.Get, url);
var request = new HttpRequestMessage(HttpMethod.Get, url); // $ Alert=r1

var client = new HttpClient();
await client.SendAsync(request);
Expand Down
3 changes: 2 additions & 1 deletion csharp/ql/test/experimental/CWE-918/RequestForgery.qlref
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
experimental/CWE-918/RequestForgery.ql
query: experimental/CWE-918/RequestForgery.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,9 @@ public class Test
// BAD - Hash without a salt.
public static String HashPassword(string password, string strAlgName ="SHA256")
{
IBuffer passBuff = CryptographicBuffer.ConvertStringToBinary(password, BinaryStringEncoding.Utf8);
IBuffer passBuff = CryptographicBuffer.ConvertStringToBinary(password, BinaryStringEncoding.Utf8); // $ Source
HashAlgorithmProvider algProvider = HashAlgorithmProvider.OpenAlgorithm(strAlgName);
IBuffer hashBuff = algProvider.HashData(passBuff);
IBuffer hashBuff = algProvider.HashData(passBuff); // $ Alert
return CryptographicBuffer.EncodeToBase64String(hashBuff);
}

Expand All @@ -35,8 +35,8 @@ public static string HashPassword2(string password, string salt, string strAlgNa
public static string HashPassword(string password)
{
SHA256 sha256Hash = SHA256.Create();
byte[] passBytes = System.Text.Encoding.ASCII.GetBytes(password);
byte[] hashBytes = sha256Hash.ComputeHash(passBytes);
byte[] passBytes = System.Text.Encoding.ASCII.GetBytes(password); // $ Source
byte[] hashBytes = sha256Hash.ComputeHash(passBytes); // $ Alert
return Convert.ToBase64String(hashBytes);
}

Expand All @@ -47,11 +47,11 @@ public static string HashPassword2(string password)
byte[] saltBytes = GenerateSalt();

// Add the salt to the hash.
byte[] rawSalted = new byte[passBytes.Length + saltBytes.Length];
byte[] rawSalted = new byte[passBytes.Length + saltBytes.Length];
passBytes.CopyTo(rawSalted, 0);
saltBytes.CopyTo(rawSalted, passBytes.Length);

//Create the salted hash.
//Create the salted hash.
SHA256 sha256 = SHA256.Create();
byte[] saltedPassBytes = sha256.ComputeHash(rawSalted);

Expand All @@ -67,8 +67,8 @@ public static string HashPassword2(string password)
public static string HashPassword3(string password)
{
HashAlgorithm hashAlg = new SHA256CryptoServiceProvider();
byte[] passBytes = System.Text.Encoding.ASCII.GetBytes(password);
byte[] hashBytes = hashAlg.ComputeHash(passBytes);
byte[] passBytes = System.Text.Encoding.ASCII.GetBytes(password); // $ Source
byte[] hashBytes = hashAlg.ComputeHash(passBytes); // $ Alert
return Convert.ToBase64String(hashBytes);
}

Expand Down Expand Up @@ -164,7 +164,7 @@ private string GetMD5HashBinHex (string toBeHashed)
StringBuilder sb = new StringBuilder ();
foreach (byte b in result)
sb.Append (b.ToString ("x2"));

return sb.ToString ();
}

Expand Down
Original file line number Diff line number Diff line change
@@ -1,2 +1,4 @@
query: experimental/Security Features/CWE-759/HashWithoutSalt.ql
postprocess: utils/test/PrettyPrintModels.ql
postprocess:
- utils/test/PrettyPrintModels.ql
- utils/test/InlineExpectationsTestQuery.ql
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.ql
query: experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql
Original file line number Diff line number Diff line change
Expand Up @@ -98,8 +98,8 @@ public void TestCase01()
SaveSigninToken = true
};

tokenValidationParamsBaseline.LifetimeValidator = (notBefore, expires, securityToken, validationParameters) => ValidateLifetimeAlwaysTrue(securityToken, validationParameters); // BUG delegated-security-validations-always-return-true
tokenValidationParamsBaseline.AudienceValidator = (IEnumerable<string> audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => true; // BUG delegated-security-validations-always-return-true
tokenValidationParamsBaseline.LifetimeValidator = (notBefore, expires, securityToken, validationParameters) => ValidateLifetimeAlwaysTrue(securityToken, validationParameters); // $ Alert[cs/json-webtoken-handler/delegated-security-validations-always-return-true] // BUG delegated-security-validations-always-return-true
tokenValidationParamsBaseline.AudienceValidator = (IEnumerable<string> audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => true; // $ Alert[cs/json-webtoken-handler/delegated-security-validations-always-return-true] // BUG delegated-security-validations-always-return-true
tokenValidationParamsBaseline.TokenReplayValidator = (DateTime? expirationTime, string securityToken, TokenValidationParameters validationParameters) => // GOOD
{
if (securityToken is null)
Expand All @@ -111,12 +111,12 @@ public void TestCase01()

tokenValidationParamsBaseline.LifetimeValidator = (notBefore, expires, securityToken, validationParameters) => ValidateLifetime02(securityToken, validationParameters); // GOOD
tokenValidationParamsBaseline.AudienceValidator = (IEnumerable<string> audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => {return securityToken is null?false:true; }; // GOOD
tokenValidationParamsBaseline.AudienceValidator = (IEnumerable<string> audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => { return true; }; // BUG
tokenValidationParamsBaseline.AudienceValidator = (IEnumerable<string> audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => !false ; // BUG
tokenValidationParamsBaseline.AudienceValidator = (IEnumerable<string> audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => { return securityToken is null?true:true; }; // BUG
tokenValidationParamsBaseline.AudienceValidator = (IEnumerable<string> audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => { return ValidateLifetimeAlwaysTrue(securityToken, validationParameters);}; //BUG
tokenValidationParamsBaseline.AudienceValidator = (audiences, securityToken, validationParameters) => ValidateLifetimeAlwaysTrue(securityToken, validationParameters); //BUG

tokenValidationParamsBaseline.AudienceValidator = (IEnumerable<string> audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => { return true; }; // $ Alert[cs/json-webtoken-handler/delegated-security-validations-always-return-true] // BUG
tokenValidationParamsBaseline.AudienceValidator = (IEnumerable<string> audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => !false ; // $ Alert[cs/json-webtoken-handler/delegated-security-validations-always-return-true] // BUG
tokenValidationParamsBaseline.AudienceValidator = (IEnumerable<string> audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => { return securityToken is null?true:true; }; // $ Alert[cs/json-webtoken-handler/delegated-security-validations-always-return-true] // BUG
tokenValidationParamsBaseline.AudienceValidator = (IEnumerable<string> audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => { return ValidateLifetimeAlwaysTrue(securityToken, validationParameters);}; // $ Alert[cs/json-webtoken-handler/delegated-security-validations-always-return-true] //BUG
tokenValidationParamsBaseline.AudienceValidator = (audiences, securityToken, validationParameters) => ValidateLifetimeAlwaysTrue(securityToken, validationParameters); // $ Alert[cs/json-webtoken-handler/delegated-security-validations-always-return-true] //BUG

}

Expand All @@ -134,4 +134,4 @@ internal static bool ValidateLifetimeAlwaysTrue02(
return !false;
}
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -28,16 +28,16 @@ public void TestCase01()
ClockSkew = TimeSpan.FromMinutes(5),
ValidateActor = false,
ValidateIssuerSigningKey = false,
ValidateIssuer = false, // BUG
ValidateAudience = false, // BUG
ValidateLifetime = false, // BUG
RequireExpirationTime = false, // BUG
ValidateIssuer = false, // $ Alert[cs/json-webtoken-handler/security-validations-disabled] // BUG
ValidateAudience = false, // $ Alert[cs/json-webtoken-handler/security-validations-disabled] // BUG
ValidateLifetime = false, // $ Alert[cs/json-webtoken-handler/security-validations-disabled] // BUG
RequireExpirationTime = false, // $ Alert[cs/json-webtoken-handler/security-validations-disabled] // BUG
ValidateTokenReplay = false,
RequireSignedTokens = false,
RequireAudience = false, // BUG
RequireAudience = false, // $ Alert[cs/json-webtoken-handler/security-validations-disabled] // BUG
SaveSigninToken = false
};
}

}
}
}
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.ql
query: experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
experimental/Security Features/Serialization/DefiningDatasetRelatedType.ql
query: experimental/Security Features/Serialization/DefiningDatasetRelatedType.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
experimental/Security Features/Serialization/DefiningPotentiallyUnsafeXmlSerializer.ql
query: experimental/Security Features/Serialization/DefiningPotentiallyUnsafeXmlSerializer.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
experimental/Security Features/Serialization/UnsafeTypeUsedDataContractSerializer.ql
query: experimental/Security Features/Serialization/UnsafeTypeUsedDataContractSerializer.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
experimental/Security Features/Serialization/XmlDeserializationWithDataSet.ql
query: experimental/Security Features/Serialization/XmlDeserializationWithDataSet.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@

namespace DataSetSerializationTest
{
public class DerivesFromDeprecatedType1 : XmlSerializer // warning:DefiningDatasetRelatedType.ql
public class DerivesFromDeprecatedType1 : XmlSerializer // $ Alert[cs/dataset-serialization/defining-dataset-related-type] // warning:DefiningDatasetRelatedType.ql
{
public DataSet MyDataSet { get; set; } // bug:DefiningPotentiallyUnsafeXmlSerializer.ql
public DataSet MyDataSet { get; set; } // $ Alert[cs/dataset-serialization/defining-potentially-unsafe-xml-serializer] // bug:DefiningPotentiallyUnsafeXmlSerializer.ql

public DerivesFromDeprecatedType1()
{
Expand Down Expand Up @@ -54,9 +54,9 @@ public override void WriteEndObject(XmlDictionaryWriter writer) { }
*/

[Serializable()]
public class AttributeSerializer01 // warning:DefiningDatasetRelatedType.ql
public class AttributeSerializer01 // $ Alert[cs/dataset-serialization/defining-dataset-related-type] // warning:DefiningDatasetRelatedType.ql
{
private DataSet MyDataSet; // bug:DefiningPotentiallyUnsafeXmlSerializer.ql
private DataSet MyDataSet; // $ Alert[cs/dataset-serialization/defining-potentially-unsafe-xml-serializer] // bug:DefiningPotentiallyUnsafeXmlSerializer.ql

AttributeSerializer01()
{
Expand All @@ -83,17 +83,8 @@ static void datatable_readxmlschema_01(string fileName)
{
DataTable newTable = new DataTable();
System.Xml.XmlTextReader reader = new System.Xml.XmlTextReader(fs);
newTable.ReadXmlSchema(reader); //bug:XmlDeserializationWithDataSet.ql
newTable.ReadXmlSchema(reader); // $ Aleryjht[cs/dataset-serialization/xml-deserialization-with-dataset] //bug:XmlDeserializationWithDataSet.ql
}
}

static void Main(string[] args)
{

XmlSerializer x = new XmlSerializer(typeof(DataSet)); // bug:UnsafeTypeUsedDataContractSerializer.ql
XmlSerializer y = new XmlSerializer(typeof(AttributeSerializer01)); //bug:UnsafeTypeUsedDataContractSerializer.ql

Console.WriteLine("Hello World!");
}
}h6dy
}
}
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
experimental/Security Features/backdoor/DangerousNativeFunctionCall.ql
query: experimental/Security Features/backdoor/DangerousNativeFunctionCall.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
experimental/Security Features/backdoor/PotentialTimeBomb.ql
query: experimental/Security Features/backdoor/PotentialTimeBomb.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.ql
query: experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql
Loading
Loading