File tree Expand file tree Collapse file tree 1 file changed +17
-2
lines changed
csharp/ql/test/query-tests/Security Features/CWE-643 Expand file tree Collapse file tree 1 file changed +17
-2
lines changed Original file line number Diff line number Diff line change 1
- // semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll ${testdir}/../../../resources/stubs/System.Data.cs /r:System.Private.Xml.dll /r:System.Xml.XPath.dll /r:System.Data.Common.dll
1
+ // semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll ${testdir}/../../../resources/stubs/System.Data.cs /r:System.Private.Xml.dll /r:System.Xml.XPath.dll /r:System.Data.Common.dll /r:System.Runtime.Extensions.dll
2
2
3
3
using System ;
4
4
using System . Web ;
@@ -19,7 +19,22 @@ public void ProcessRequest(HttpContext ctx)
19
19
xmlNode . SelectNodes ( "//users/user[login/text()='" + userName + "' and password/text() = '" + password + "']/home_dir/text()" ) ;
20
20
21
21
// GOOD: Uses parameters to avoid including user input directly in XPath expression
22
- XPathExpression . Compile ( "//users/user[login/text()=$username]/home_dir/text()" ) ;
22
+ var expr = XPathExpression . Compile ( "//users/user[login/text()=$username]/home_dir/text()" ) ;
23
+
24
+ var doc = new XPathDocument ( "" ) ;
25
+ var nav = doc . CreateNavigator ( ) ;
26
+
27
+ // BAD
28
+ nav . Select ( "//users/user[login/text()='" + userName + "' and password/text() = '" + password + "']/home_dir/text()" ) ;
29
+
30
+ // BAD
31
+ nav . SelectSingleNode ( "//users/user[login/text()='" + userName + "' and password/text() = '" + password + "']/home_dir/text()" ) ;
32
+
33
+ // GOOD
34
+ nav . Select ( expr ) ;
35
+
36
+ // GOOD
37
+ nav . SelectSingleNode ( expr ) ;
23
38
}
24
39
25
40
public bool IsReusable
You can’t perform that action at this time.
0 commit comments