C#: Add a false negative.

MathiasVP · MathiasVP · commit 03e671aff1fc · 2025-05-27T18:44:53.000+01:00
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.cs b/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.cs
@@ -61,6 +61,9 @@ public void ProcessRequest(HttpContext ctx)
         {
             File.ReadAllText(fullPath); // GOOD
         }
+        
+        // This test ensures that we can flow through `Path.GetFullPath` and still get a result.
+        ctx.Response.Write(File.ReadAllText(path)); // BAD [MISSING]
     }
 
     public bool IsReusable

Original file line number	Diff line number	Diff line change
`@@ -61,6 +61,9 @@ public void ProcessRequest(HttpContext ctx)`
`61`	`61`	`{`
`62`	`62`	`File.ReadAllText(fullPath); // GOOD`
`63`	`63`	`}`
	`64`	`+`
	`65`	+ // This test ensures that we can flow through `Path.GetFullPath` and still get a result.
	`66`	`+ ctx.Response.Write(File.ReadAllText(path)); // BAD [MISSING]`
`64`	`67`	`}`
`65`	`68`
`66`	`69`	`public bool IsReusable`