C# (CSharp) testcases.CWE315_Cleartext_Storage_in_Cookie CWE315_Cleartext_Storage_in_Cookie__Web_61b Beispiele

Beispiel #1

Datei: CWE315_Cleartext_Storage_in_Cookie__Web_61a.cs Projekt: Anzsley/Juliet_Test_Suite_v1.3_for_C_Sharp

        /* goodG2B() - use goodsource and badsink */
        private static void GoodG2B(HttpRequest req, HttpResponse resp)
        {
            string data = CWE315_Cleartext_Storage_in_Cookie__Web_61b.GoodG2BSource(req, resp);

            /* NOTE: potential incidental issues with not setting secure or HttpOnly flag */
            /* POTENTIAL FLAW: Store data directly in cookie */
            resp.AppendCookie(new HttpCookie("auth", data));
        }

Beispiel #2

Datei: CWE315_Cleartext_Storage_in_Cookie__Web_61a.cs Projekt: Anzsley/Juliet_Test_Suite_v1.3_for_C_Sharp

        /* goodB2G() - use badsource and goodsink */
        private static void GoodB2G(HttpRequest req, HttpResponse resp)
        {
            string data = CWE315_Cleartext_Storage_in_Cookie__Web_61b.GoodB2GSource(req, resp);

            /* FIX: Hash data before storing in cookie */
            {
                string salt = "ThisIsMySalt";
                using (SHA512CryptoServiceProvider sha512 = new SHA512CryptoServiceProvider())
                {
                    byte[] buffer             = Encoding.UTF8.GetBytes(string.Concat(salt, data));
                    byte[] hashedCredsAsBytes = sha512.ComputeHash(buffer);
                    data = IO.ToHex(hashedCredsAsBytes);
                }
            }
            resp.AppendCookie(new HttpCookie("auth", data));
        }