Skip to content

Conditional application of InjectableArguments #135

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
kevin-montrose wants to merge 26 commits into from
Closed

Conditional application of InjectableArguments #135

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
586b730
Named parameters confuses behaviors, this fixes (CSharp|VB)CodeEvalua…
kevin-montrose Aug 8, 2019
613fd09
fix off by one error
kevin-montrose Aug 12, 2019
fdec12d
fix null refs; note to self, actually test before pushing -_-
kevin-montrose Aug 12, 2019
5b7a23f
start punching args in for a condition
kevin-montrose Aug 8, 2019
489e893
partial implementation
kevin-montrose Aug 8, 2019
149f227
sort of works, neat
kevin-montrose Aug 8, 2019
026e7a9
pull in #131 to fix tests
kevin-montrose Aug 12, 2019
3b25c59
use the helper in #131 to make conditional behavior checking a bit ea…
kevin-montrose Aug 12, 2019
c436a33
no reason to re-evaluate this on each loop
kevin-montrose Aug 12, 2019
612d218
bounds check
kevin-montrose Aug 12, 2019
f7bb279
tweaks on conditional handling
kevin-montrose Aug 12, 2019
a7258d3
don't bump version
kevin-montrose Aug 15, 2019
3b77900
not super sure how these line numbers got off, but correcting them
kevin-montrose Aug 15, 2019
784e770
implement VB equivalent
kevin-montrose Aug 15, 2019
4be6cb7
fix merge
kevin-montrose Aug 15, 2019
9a93336
failing test (index out of bounds) when evaluating a call of an exten…
kevin-montrose Aug 15, 2019
ff0522a
fix extension methods with ref-like params
kevin-montrose Aug 15, 2019
1fb2b0d
equivalent test and fix for vb.net
kevin-montrose Aug 15, 2019
1209a69
add Condition to Main.yaml docs
kevin-montrose Aug 15, 2019
4b4418d
remove debug code
kevin-montrose Aug 15, 2019
367824c
remove spurious include
kevin-montrose Aug 15, 2019
eeced5d
removing empty lines per https://github.com/security-code-scan/securi…
kevin-montrose Aug 19, 2019
d5de741
wow, VS really likes to eat this formatting; fixing per https://githu…
kevin-montrose Aug 19, 2019
c8140de
add a blank line per https://github.com/security-code-scan/security-c…
kevin-montrose Aug 19, 2019
a735107
for conditional configuration, force indexes to be ints post-load and…
kevin-montrose Aug 19, 2019
790e6f4
these were meant to handle not-yet-valid source, but looks like symbo…
kevin-montrose Aug 19, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
162 changes: 162 additions & 0 deletions SecurityCodeScan.Test/Tests/Taint/OpenRedirectAnalyzerTest.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -327,5 +327,167 @@ End Class
await VerifyCSharpDiagnostic(cSharpTest2).ConfigureAwait(false);
await VerifyVisualBasicDiagnostic(visualBasicTest).ConfigureAwait(false);
}

[TestCategory("Detect")]
[TestMethod]
public async Task ConditionalOpenRedirect()
{
var cSharpTest1 = @"
using Microsoft.AspNetCore.Mvc;

class OpenRedirect : Controller
{
public ActionResult Vulnerable(string scary)
{
return ConditionalRedirect(scary, false);
}

public ActionResult Safe(string notScary)
{
return ConditionalRedirect(notScary, true);
}

private ActionResult ConditionalRedirect(string url, bool internalOnly)
{
// pretend this does something
return null;
}
}
";
var cSharpTest2 = @"
using Microsoft.AspNetCore.Mvc;

class OpenRedirect : Controller
{
public ActionResult Vulnerable(string scary1)
{
return ConditionalRedirect(scary1, false);
}

public ActionResult VulnerableNamed(string scary2)
{
return ConditionalRedirect(internalOnly: false, url: scary2);
}

public ActionResult Safe(string notScary1)
{
return ConditionalRedirect(notScary1);
}

public ActionResult SafeNamed1(string notScary2)
{
return ConditionalRedirect(url: notScary2);
}

public ActionResult SafeNamed2(string notScary3)
{
return ConditionalRedirect(internalOnly: true, url: notScary3);
}

private ActionResult ConditionalRedirect(string url, bool internalOnly = true)
{
// pretend this does something
return null;
}
}
";

var vbTest1 = @"
Imports Microsoft.AspNetCore.Mvc

Class OpenRedirect
Inherits Controller

Public Function Vulnerable(ByVal scary As String) As ActionResult
Return ConditionalRedirect(scary, False)
End Function

Public Function Safe(ByVal notScary As String) As ActionResult
Return ConditionalRedirect(notScary, True)
End Function

Private Function ConditionalRedirect(ByVal url As String, ByVal internalOnly As Boolean) As ActionResult
Return Nothing
End Function
End Class
";

var vbTest2 = @"
Imports Microsoft.AspNetCore.Mvc

Class OpenRedirect
Inherits Controller

Public Function Vulnerable(ByVal scary1 As String) As ActionResult
Return ConditionalRedirect(scary1, False)
End Function

Public Function VulnerableNamed(ByVal scary2 As String) As ActionResult
Return ConditionalRedirect(internalOnly:=False, url:=scary2)
End Function

Public Function Safe(ByVal notScary1 As String) As ActionResult
Return ConditionalRedirect(notScary1)
End Function

Public Function SafeNamed1(ByVal notScary2 As String) As ActionResult
Return ConditionalRedirect(url:=notScary2)
End Function

Public Function SafeNamed2(ByVal notScary3 As String) As ActionResult
Return ConditionalRedirect(internalOnly:=True, url:=notScary3)
End Function

Private Function ConditionalRedirect(ByVal url As String, ByVal Optional internalOnly As Boolean = True) As ActionResult
Return Nothing
End Function
End Class

";


var testConfig = @"
Behavior:

Conditional:
ClassName: OpenRedirect
Name: ConditionalRedirect
Method:
Condition: {1: { Value: False } }
ArgTypes: (System.String, System.Boolean)
InjectableArguments: [SCS0027: 0]
";

var expectedCSharp1 =
new[]
{
Expected.WithLocation(8, 36)
};

var expectedCSharp2 =
new[]
{
Expected.WithLocation(8, 36),
Expected.WithLocation(13, 62)
};
var expectedVB1 =
new[]
{
Expected.WithLocation(8, 36)
};
var expectedVB2 =
new[]
{
Expected.WithLocation(8, 36),
Expected.WithLocation(12, 62)
};

var config = ConfigurationTest.CreateAnalyzersOptionsWithConfig(testConfig);
await VerifyCSharpDiagnostic(cSharpTest1, expectedCSharp1, options: config).ConfigureAwait(false);
await VerifyCSharpDiagnostic(cSharpTest2, expectedCSharp2, options: config).ConfigureAwait(false);

await VerifyVisualBasicDiagnostic(vbTest1, expectedVB1, options: config).ConfigureAwait(false);
await VerifyVisualBasicDiagnostic(vbTest2, expectedVB2, options: config).ConfigureAwait(false);
}
}
}
Loading