codeql/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.cs at 7a446231b6aca5a45c621474ec0201758b4080ac · github/codeql · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
using System;
using System.Web;
using System.Data.Common;
using System.Net.Mail;

public class Handler : IHttpHandler
{

    public void ProcessRequest(HttpContext ctx)
    {
        try
        {
            var password = "123456";
            ctx.Response.Write(password); // BAD
        }
        catch (System.Data.SqlClient.SqlException ex)
        {
            ctx.Response.Write(ex.ToString());    // BAD
        }
        catch (DbException ex)
        {
            ctx.Response.Write(ex.Message);   // BAD
            ctx.Response.Write(ex.ToString());    // BAD
            ctx.Response.Write(ex.Data["password"]);  // BAD
        }
    }

    void SendPasswordToEmail()
    {
        var p = GetField("password");   // p is now tainted
        var message = new MailMessage("from", "to", p, p);  // BAD
        message.Body = "This is your password: " + p;   // BAD
        message.Subject = p;    // BAD
    }

    string GetField(string field)
    {
        return "";
    }

    public bool IsReusable => true;
}