codeql/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.cs at 78ddb37a8c83a933c6516b6a13e0364de8f5c884 · github/codeql · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
// semmle-extractor-options: /r:System.Collections.Specialized.dll ${testdir}/../../../../resources/stubs/System.Web.cs ${testdir}/../../../../resources/stubs/System.Data.cs ${testdir}/../../../../resources/stubs/System.Net.cs /r:System.Data.Common.dll

using System;
using System.Web;
using System.Data.Common;
using System.Net.Mail;

public class Handler : IHttpHandler
{

    public void ProcessRequest(HttpContext ctx)
    {
        try
        {
            var password = "123456";
            ctx.Response.Write(password); // BAD
        }
        catch (System.Data.SqlClient.SqlException ex)
        {
            ctx.Response.Write(ex.ToString());    // BAD
        }
        catch (DbException ex)
        {
            ctx.Response.Write(ex.Message);   // BAD
            ctx.Response.Write(ex.ToString());    // BAD
            ctx.Response.Write(ex.Data["password"]);  // BAD
        }
    }

    void SendPasswordToEmail()
    {
        var p = GetField("password");   // p is now tainted
        var message = new MailMessage("from", "to", p, p);  // BAD
        message.Body = "This is your password: " + p;   // BAD
        message.Subject = p;    // BAD
    }

    string GetField(string field)
    {
        return "";
    }

    public bool IsReusable => true;
}