-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathProgram.cs
More file actions
55 lines (47 loc) · 1.53 KB
/
Program.cs
File metadata and controls
55 lines (47 loc) · 1.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
class Program
{
void CookieDefault()
{
var cookie = new System.Web.HttpCookie("cookieName"); // $Alert // BAD: requireSSL is set to false by default
}
void CookieDirectTrue()
{
var cookie = new System.Web.HttpCookie("cookieName");
cookie.Secure = true; // GOOD
}
void CookieDirectTrueInitializer()
{
var cookie = new System.Web.HttpCookie("cookieName") { Secure = true }; // GOOD
}
void CookieIntermediateTrue()
{
var cookie = new System.Web.HttpCookie("cookieName");
bool v = true;
cookie.Secure = v; // GOOD: should track local data flow
}
void CookieIntermediateTrueInitializer()
{
bool v = true;
var cookie = new System.Web.HttpCookie("cookieName") { Secure = v }; // GOOD: should track local data flow
}
void CookieDirectFalse()
{
var cookie = new System.Web.HttpCookie("cookieName"); // $Alert
cookie.Secure = false; // BAD
}
void CookieDirectFalseInitializer()
{
var cookie = new System.Web.HttpCookie("cookieName") { Secure = false }; // $Alert // BAD
}
void CookieIntermediateFalse()
{
var cookie = new System.Web.HttpCookie("cookieName"); // $MISSING:Alert
bool v = false;
cookie.Secure = v; // BAD, but not detected
}
void CookieIntermediateFalseInitializer()
{
bool v = false;
var cookie = new System.Web.HttpCookie("cookieName") { Secure = v }; // $MISSING:Alert // BAD, but not detected
}
}