Skip to content

Commit 8579a93

Browse files
committed
Remove unneeded query ids
1 parent 7f96e41 commit 8579a93

30 files changed

Lines changed: 161 additions & 161 deletions

File tree

csharp/ql/test/experimental/CWE-918/RequestForgery.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,9 +9,9 @@ public class SSRFController : Controller
99
{
1010
[HttpPost]
1111
[ValidateAntiForgeryToken]
12-
public async Task<ActionResult> Bad(string url) // $ Source[cs/request-forgery]=r1
12+
public async Task<ActionResult> Bad(string url) // $ Source=r1
1313
{
14-
var request = new HttpRequestMessage(HttpMethod.Get, url); // $ Alert[cs/request-forgery]=r1
14+
var request = new HttpRequestMessage(HttpMethod.Get, url); // $ Alert=r1
1515

1616
var client = new HttpClient();
1717
await client.SendAsync(request);

csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Components_Pages_TestPage_razor.g.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -135,7 +135,7 @@ protected override void BuildRenderTree(global::Microsoft.AspNetCore.Components.
135135
__builder.AddContent(18, "Raw parameter from URL: ");
136136
__builder.AddContent(19,
137137
#nullable restore
138-
(MarkupString)UrlParam // $ Alert[cs/web/xss]=r1 $ Alert[cs/web/xss]=r1
138+
(MarkupString)UrlParam // $ Alert=r1 $ Alert=r1
139139

140140
#line default
141141
#line hidden
@@ -185,7 +185,7 @@ protected override void BuildRenderTree(global::Microsoft.AspNetCore.Components.
185185
__builder.AddContent(35, "Raw parameter from query string: ");
186186
__builder.AddContent(36,
187187
#nullable restore
188-
new MarkupString(QueryParam) // $ Alert[cs/web/xss]=r2 $ Alert[cs/web/xss]=r2
188+
new MarkupString(QueryParam) // $ Alert=r2 $ Alert=r2
189189

190190
#line default
191191
#line hidden

csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Name.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ protected override void BuildRenderTree(Microsoft.AspNetCore.Components.Renderin
1010
{
1111
builder.OpenElement(0, "div");
1212
builder.OpenElement(1, "p");
13-
builder.AddContent(2, (MarkupString)TheName); // $ Alert[cs/web/xss]=r3 $ Alert[cs/web/xss]=r4
13+
builder.AddContent(2, (MarkupString)TheName); // $ Alert=r3 $ Alert=r4
1414
builder.CloseElement();
1515
builder.CloseElement();
1616
}

csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ protected override void BuildRenderTree(Microsoft.AspNetCore.Components.Renderin
2828
builder.OpenElement(6, "p");
2929
builder.AddContent(7, "Name: ");
3030
builder.OpenComponent<VulnerableBlazorApp.Components.Name>(8);
31-
builder.AddComponentParameter(9, nameof(VulnerableBlazorApp.Components.Name.TheName), Name); // $ Source[cs/web/xss]=r4
31+
builder.AddComponentParameter(9, nameof(VulnerableBlazorApp.Components.Name.TheName), Name); // $ Source=r4
3232
builder.CloseComponent();
3333
builder.CloseElement();
3434
}

csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList2.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ protected override void BuildRenderTree(Microsoft.AspNetCore.Components.Renderin
2828
builder.OpenElement(6, "p");
2929
builder.AddContent(7, "Name: ");
3030
builder.OpenComponent<VulnerableBlazorApp.Components.Name>(8);
31-
builder.AddComponentParameter(9, "TheName", Name); // $ Source[cs/web/xss]=r3
31+
builder.AddComponentParameter(9, "TheName", Name); // $ Source=r3
3232
builder.CloseComponent();
3333
builder.CloseElement();
3434
}

csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.cs

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -7,35 +7,35 @@ public class TaintedPathHandler : IHttpHandler
77

88
public void ProcessRequest(HttpContext ctx)
99
{
10-
String path = ctx.Request.QueryString["page"]; // $ Source[cs/path-injection]=r1 $ Source[cs/path-injection]=r2 $ Source[cs/path-injection]=r3 $ Source[cs/path-injection]=r4 $ Source[cs/path-injection]=r5 $ Source[cs/path-injection]=r6 $ Source[cs/path-injection]=r7
10+
String path = ctx.Request.QueryString["page"]; // $ Source=r1 $ Source=r2 $ Source=r3 $ Source=r4 $ Source=r5 $ Source=r6 $ Source=r7
1111
// BAD: Used via a File.Create... call.
12-
using (StreamWriter sw = File.CreateText(path)) // $ Alert[cs/path-injection]=r1 $ Alert[cs/path-injection]=r2 $ Alert[cs/path-injection]=r3 $ Alert[cs/path-injection]=r4 $ Alert[cs/path-injection]=r5 $ Alert[cs/path-injection]=r6 $ Alert[cs/path-injection]=r7
12+
using (StreamWriter sw = File.CreateText(path)) // $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7
1313
{
1414
sw.WriteLine("Hello");
1515
}
1616
// BAD: Used via StreamWriter constructor
17-
using (StreamWriter sw = new StreamWriter(path)) // $ Alert[cs/path-injection]=r1 $ Alert[cs/path-injection]=r2 $ Alert[cs/path-injection]=r3 $ Alert[cs/path-injection]=r4 $ Alert[cs/path-injection]=r5 $ Alert[cs/path-injection]=r6 $ Alert[cs/path-injection]=r7
17+
using (StreamWriter sw = new StreamWriter(path)) // $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7
1818
{
1919
sw.WriteLine("Hello");
2020
}
2121

2222
// BAD: Check is insufficient, text is read.
2323
if (!path.StartsWith("../"))
2424
{
25-
File.ReadAllText(path); // $ Alert[cs/path-injection]=r1 $ Alert[cs/path-injection]=r2 $ Alert[cs/path-injection]=r3 $ Alert[cs/path-injection]=r4 $ Alert[cs/path-injection]=r5 $ Alert[cs/path-injection]=r6 $ Alert[cs/path-injection]=r7
25+
File.ReadAllText(path); // $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7
2626
}
2727

2828
// BAD: Check is insufficient, text is read.
2929
if (!string.IsNullOrEmpty(path))
3030
{
31-
File.ReadAllText(path); // $ Alert[cs/path-injection]=r1 $ Alert[cs/path-injection]=r2 $ Alert[cs/path-injection]=r3 $ Alert[cs/path-injection]=r4 $ Alert[cs/path-injection]=r5 $ Alert[cs/path-injection]=r6 $ Alert[cs/path-injection]=r7
31+
File.ReadAllText(path); // $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7
3232
}
3333

3434
// BAD: Check is insufficient, text is read.
3535
string badPath = "/home/user/" + path;
36-
if (File.Exists(badPath)) // $ Alert[cs/path-injection]=r1 $ Alert[cs/path-injection]=r2 $ Alert[cs/path-injection]=r3 $ Alert[cs/path-injection]=r4 $ Alert[cs/path-injection]=r5 $ Alert[cs/path-injection]=r6 $ Alert[cs/path-injection]=r7
36+
if (File.Exists(badPath)) // $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7
3737
{
38-
ctx.Response.Write(File.ReadAllText(badPath)); // $ Alert[cs/path-injection]=r1 $ Alert[cs/path-injection]=r2 $ Alert[cs/path-injection]=r3 $ Alert[cs/path-injection]=r4 $ Alert[cs/path-injection]=r5 $ Alert[cs/path-injection]=r6 $ Alert[cs/path-injection]=r7
38+
ctx.Response.Write(File.ReadAllText(badPath)); // $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7
3939
}
4040

4141
// GOOD: Tainted path is passed through MapPath
@@ -48,7 +48,7 @@ public void ProcessRequest(HttpContext ctx)
4848
File.ReadAllText(path);
4949
}
5050

51-
Directory.Exists(path); // $ Alert[cs/path-injection]=r1 $ Alert[cs/path-injection]=r2 $ Alert[cs/path-injection]=r3 $ Alert[cs/path-injection]=r4 $ Alert[cs/path-injection]=r5 $ Alert[cs/path-injection]=r6 $ Alert[cs/path-injection]=r7
51+
Directory.Exists(path); // $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7
5252

5353
// GOOD: A Guid.
5454
File.ReadAllText(new Guid(path).ToString());

csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.cs

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -12,31 +12,31 @@ public static void UnzipFileByFile(ZipArchive archive,
1212
{
1313
foreach (var entry in archive.Entries)
1414
{
15-
string fullPath = Path.GetFullPath(entry.FullName); // $ Alert[cs/zipslip]=r1 $ Alert[cs/zipslip]=r2 $ Alert[cs/zipslip]=r3
15+
string fullPath = Path.GetFullPath(entry.FullName); // $ Alert=r1 $ Alert=r2 $ Alert=r3
1616
string fileName = Path.GetFileName(entry.FullName);
1717
string filename = entry.Name;
18-
string file = entry.FullName; // $ Alert[cs/zipslip]=r4
18+
string file = entry.FullName; // $ Alert=r4
1919
if (!string.IsNullOrEmpty(file))
2020
{
2121
// BAD
2222
string destFileName = Path.Combine(destDirectory, file);
23-
entry.ExtractToFile(destFileName, true); // $ Sink[cs/zipslip]=r4
23+
entry.ExtractToFile(destFileName, true); // $ Sink=r4
2424

2525
// GOOD
2626
string sanitizedFileName = Path.Combine(destDirectory, fileName);
2727
entry.ExtractToFile(sanitizedFileName, true);
2828

2929
// BAD
3030
string destFilePath = Path.Combine(destDirectory, fullPath);
31-
entry.ExtractToFile(destFilePath, true); // $ Sink[cs/zipslip]=r1 $ Sink[cs/zipslip]=r2 $ Sink[cs/zipslip]=r3
31+
entry.ExtractToFile(destFilePath, true); // $ Sink=r1 $ Sink=r2 $ Sink=r3
3232

3333
// BAD: destFilePath isn't fully resolved, so may still contain ..
3434
if (destFilePath.StartsWith(destDirectory))
35-
entry.ExtractToFile(destFilePath, true); // $ Sink[cs/zipslip]=r2 $ Sink=r1 $ Sink=r3
35+
entry.ExtractToFile(destFilePath, true); // $ Sink=r2 $ Sink=r1 $ Sink=r3
3636

3737
// BAD
3838
destFilePath = Path.GetFullPath(Path.Combine(destDirectory, fullPath));
39-
entry.ExtractToFile(destFilePath, true); // $ Sink[cs/zipslip]=r3 $ Sink=r1 $ Sink=r2
39+
entry.ExtractToFile(destFilePath, true); // $ Sink=r3 $ Sink=r1 $ Sink=r2
4040

4141
// GOOD: a check for StartsWith against a fully resolved path
4242
if (destFilePath.StartsWith(destDirectory))
@@ -58,36 +58,36 @@ private static int UnzipToStream(Stream zipStream, string installDir)
5858
foreach (ZipArchiveEntry entry in archive.Entries)
5959
{
6060
// figure out where we are putting the file
61-
String destFilePath = Path.Combine(InstallDir, entry.FullName); // $ Alert[cs/zipslip]=r5 $ Alert[cs/zipslip]=r6 $ Alert[cs/zipslip]=r7 $ Alert[cs/zipslip]=r8
61+
String destFilePath = Path.Combine(InstallDir, entry.FullName); // $ Alert=r5 $ Alert=r6 $ Alert=r7 $ Alert=r8
6262

6363
Directory.CreateDirectory(Path.GetDirectoryName(destFilePath));
6464

6565
using (Stream archiveFileStream = entry.Open())
6666
{
6767
// BAD: writing to file stream
68-
using (Stream tfsFileStream = new FileStream(destFilePath, FileMode.CreateNew, FileAccess.ReadWrite, FileShare.None)) // $ Sink[cs/zipslip]=r5 $ Sink=r6 $ Sink=r7 $ Sink=r8
68+
using (Stream tfsFileStream = new FileStream(destFilePath, FileMode.CreateNew, FileAccess.ReadWrite, FileShare.None)) // $ Sink=r5 $ Sink=r6 $ Sink=r7 $ Sink=r8
6969
{
7070
Console.WriteLine(@"Writing ""{0}""", destFilePath);
7171
archiveFileStream.CopyTo(tfsFileStream);
7272
}
7373

7474
// BAD: can do it this way too
75-
using (Stream tfsFileStream = File.Create(destFilePath)) // $ Sink[cs/zipslip]=r6 $ Sink=r5 $ Sink=r7 $ Sink=r8
75+
using (Stream tfsFileStream = File.Create(destFilePath)) // $ Sink=r6 $ Sink=r5 $ Sink=r7 $ Sink=r8
7676
{
7777
Console.WriteLine(@"Writing ""{0}""", destFilePath);
7878
archiveFileStream.CopyTo(tfsFileStream);
7979
}
8080

8181
// BAD: creating stream using fileInfo
82-
var fileInfo = new FileInfo(destFilePath); // $ Sink[cs/zipslip]=r7 $ Sink=r5 $ Sink=r6 $ Sink=r8
82+
var fileInfo = new FileInfo(destFilePath); // $ Sink=r7 $ Sink=r5 $ Sink=r6 $ Sink=r8
8383
using (FileStream fs = fileInfo.OpenWrite())
8484
{
8585
Console.WriteLine(@"Writing ""{0}""", destFilePath);
8686
archiveFileStream.CopyTo(fs);
8787
}
8888

8989
// BAD: creating stream using fileInfo
90-
var fileInfo1 = new FileInfo(destFilePath); // $ Sink[cs/zipslip]=r8 $ Sink=r5 $ Sink=r6 $ Sink=r7
90+
var fileInfo1 = new FileInfo(destFilePath); // $ Sink=r8 $ Sink=r5 $ Sink=r6 $ Sink=r7
9191
using (FileStream fs = fileInfo1.Open(FileMode.Create))
9292
{
9393
Console.WriteLine(@"Writing ""{0}""", destFilePath);

csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlipBad.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ class Bad
66
public static void WriteToDirectory(ZipArchiveEntry entry,
77
string destDirectory)
88
{
9-
string destFileName = Path.Combine(destDirectory, entry.FullName); // $ Alert[cs/zipslip]=r9
10-
entry.ExtractToFile(destFileName); // $ Sink[cs/zipslip]=r9
9+
string destFileName = Path.Combine(destDirectory, entry.FullName); // $ Alert=r9
10+
entry.ExtractToFile(destFileName); // $ Sink=r9
1111
}
1212
}

csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.cs

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -24,16 +24,16 @@ class CommandInjection
2424
public void WebCommandInjection()
2525
{
2626
// BAD: Reading from textbox, then using that in the arguments and file name
27-
string userInput = categoryTextBox.Text; // $ Source[cs/command-line-injection]=r1 $ Source[cs/command-line-injection]=r2 $ Source[cs/command-line-injection]=r3 $ Source[cs/command-line-injection]=r4 $ Source[cs/command-line-injection]=r5 $ Source[cs/command-line-injection]=r6 $ Source[cs/command-line-injection]=r7
28-
Process.Start("foo.exe" + userInput, "/c " + userInput); // $ Alert[cs/command-line-injection]=r1 $ Alert[cs/command-line-injection]=r2 $ Alert[cs/command-line-injection]=r3 $ Alert[cs/command-line-injection]=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7
27+
string userInput = categoryTextBox.Text; // $ Source=r1 $ Source=r2 $ Source=r3 $ Source=r4 $ Source=r5 $ Source=r6 $ Source=r7
28+
Process.Start("foo.exe" + userInput, "/c " + userInput); // $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6 $ Alert=r7
2929

30-
ProcessStartInfo startInfo = new ProcessStartInfo(userInput, userInput); // $ Alert[cs/command-line-injection]=r3 $ Alert[cs/command-line-injection]=r4 $ Alert=r1 $ Alert=r2 $ Alert=r5 $ Alert=r6 $ Alert=r7
30+
ProcessStartInfo startInfo = new ProcessStartInfo(userInput, userInput); // $ Alert=r3 $ Alert=r4 $ Alert=r1 $ Alert=r2 $ Alert=r5 $ Alert=r6 $ Alert=r7
3131
Process.Start(startInfo);
3232

3333
ProcessStartInfo startInfoProps = new ProcessStartInfo();
34-
startInfoProps.FileName = userInput; // $ Alert[cs/command-line-injection]=r5 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r6 $ Alert=r7
35-
startInfoProps.Arguments = userInput; // $ Alert[cs/command-line-injection]=r6 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r7
36-
startInfoProps.WorkingDirectory = userInput; // $ Alert[cs/command-line-injection]=r7 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6
34+
startInfoProps.FileName = userInput; // $ Alert=r5 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r6 $ Alert=r7
35+
startInfoProps.Arguments = userInput; // $ Alert=r6 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r7
36+
startInfoProps.WorkingDirectory = userInput; // $ Alert=r7 $ Alert=r1 $ Alert=r2 $ Alert=r3 $ Alert=r4 $ Alert=r5 $ Alert=r6
3737
Process.Start(startInfoProps);
3838
}
3939

@@ -43,12 +43,12 @@ public void StoredCommandInjection()
4343
{
4444
connection.Open();
4545
SqlCommand customerCommand = new SqlCommand("SELECT * FROM customers", connection);
46-
SqlDataReader customerReader = customerCommand.ExecuteReader(); // $ Source[cs/command-line-injection]=r8
46+
SqlDataReader customerReader = customerCommand.ExecuteReader(); // $ Source=r8
4747

4848
while (customerReader.Read())
4949
{
5050
// BAD: Read from database, and use it to directly execute a command
51-
Process.Start("foo.exe", "/c " + customerReader.GetString(1)); // $ Alert[cs/command-line-injection]=r8
51+
Process.Start("foo.exe", "/c " + customerReader.GetString(1)); // $ Alert=r8
5252
}
5353
customerReader.Close();
5454
}

csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,12 +14,12 @@ public void processRequest(HttpContext context)
1414
{
1515
connection.Open();
1616
SqlCommand customerCommand = new SqlCommand("SELECT * FROM customers", connection);
17-
SqlDataReader customerReader = customerCommand.ExecuteReader(); // $ Source[cs/web/xss]=r1
17+
SqlDataReader customerReader = customerCommand.ExecuteReader(); // $ Source=r1
1818

1919
while (customerReader.Read())
2020
{
2121
// BAD: Read from database, write it straight to a response
22-
context.Response.Write("Orders for " + customerReader.GetString(1)); // $ Alert[cs/web/xss]=r1
22+
context.Response.Write("Orders for " + customerReader.GetString(1)); // $ Alert=r1
2323
}
2424
customerReader.Close();
2525
}

0 commit comments

Comments
 (0)