Skip to content

Commit 7eea191

Browse files
joefarebrotherjoefarebrother
committed
Add tests for MVC cases
1 parent 1500089 commit 7eea191

18 files changed

+26
-2
lines changed

csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/MVCTests/MissingAccessControl.expected

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
| ProfileController.cs:7:25:7:31 | Delete1 | This action is missing an authorization check. |

csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/MissingAccessControl.qlref renamed to csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/MVCTests/MissingAccessControl.qlref

File renamed without changes.

csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/MVCTests/ProfileController.cs

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
using Microsoft.AspNetCore.Mvc;
2+
3+
public class ProfileController : Controller {
4+
private void doThings() { }
5+
private bool isAuthorized() { return false; }
6+
7+
public ActionResult Delete1(int id) {
8+
doThings();
9+
return View();
10+
}
11+
12+
public ActionResult Delete2(int id) {
13+
if (!isAuthorized()) {
14+
return null;
15+
}
16+
doThings();
17+
return View();
18+
}
19+
}

csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/MVCTests/options

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
semmle-extractor-options: /nostdlib /noconfig
2+
semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj
3+
semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../resources/stubs/_frameworks/Microsoft.AspNetCore.App/Microsoft.AspNetCore.App.csproj

csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/MissingAccessControl.expected renamed to csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/WebFormsTests/MissingAccessControl.expected

File renamed without changes.

csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/WebFormsTests/MissingAccessControl.qlref

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
Security Features/CWE-285/MissingAccessControl.ql

csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/Test1/EditProfile.aspx.cs renamed to csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/WebFormsTests/Test1/EditProfile.aspx.cs

File renamed without changes.

csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/Test1/ViewProfile.aspx.cs renamed to csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/WebFormsTests/Test1/ViewProfile.aspx.cs

File renamed without changes.

csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/Test2/EditProfile.aspx.cs renamed to csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/WebFormsTests/Test2/EditProfile.aspx.cs

File renamed without changes.

csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/Test2/Web.config renamed to csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/WebFormsTests/Test2/Web.config

File renamed without changes.

0 commit comments

Comments
 (0)