-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathProgram.cs
More file actions
66 lines (56 loc) · 1.81 KB
/
Program.cs
File metadata and controls
66 lines (56 loc) · 1.81 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
class Program
{
void CookieDirectTrue()
{
var cookie = new System.Web.HttpCookie("sessionID");
cookie.HttpOnly = true; // GOOD
}
void CookieDirectTrueInitializer()
{
var cookie = new System.Web.HttpCookie("sessionID") { HttpOnly = true }; // GOOD
}
void CookieDefault()
{
var cookie = new System.Web.HttpCookie("sessionID"); // $Alert // BAD: httpOnlyCookies is set to false by default
}
void CookieDefaultForgery()
{
var cookie = new System.Web.HttpCookie("anticsrftoken"); // GOOD: not an auth cookie
}
void CookieForgeryDirectFalse()
{
var cookie = new System.Web.HttpCookie("antiforgerytoken");
cookie.HttpOnly = false; // GOOD: not an auth cookie
}
void CookieDirectFalse()
{
var cookie = new System.Web.HttpCookie("sessionID"); // $Alert
cookie.HttpOnly = false; // BAD
}
void CookieDirectFalseInitializer()
{
var cookie = new System.Web.HttpCookie("sessionID") { HttpOnly = false }; // $Alert // BAD
}
void CookieIntermediateTrue()
{
var cookie = new System.Web.HttpCookie("sessionID");
bool v = true;
cookie.HttpOnly = v; // GOOD: should track local data flow
}
void CookieIntermediateTrueInitializer()
{
bool v = true;
var cookie = new System.Web.HttpCookie("sessionID") { HttpOnly = v }; // GOOD: should track local data flow
}
void CookieIntermediateFalse()
{
var cookie = new System.Web.HttpCookie("sessionID"); // MISSING:Alert
bool v = false;
cookie.HttpOnly = v; // BAD
}
void CookieIntermediateFalseInitializer()
{
bool v = false;
var cookie = new System.Web.HttpCookie("sessionID") { HttpOnly = v }; // $MISSING:Alert // BAD
}
}