Ejemplos de testcases.CWE643_Xpath_Injection CWE643_Xpath_Injection__Listen_tcp_67a.Container en C# (CSharp)

Ejemplo n.º 1

Archivo: CWE643_Xpath_Injection__Listen_tcp_67b.cs Proyecto: Anzsley/Juliet_Test_Suite_v1.3_for_C_Sharp

        /* goodB2G() - use badsource and goodsink */
        public static void GoodB2GSink(CWE643_Xpath_Injection__Listen_tcp_67a.Container dataContainer)
        {
            string data    = dataContainer.containerOne;
            string xmlFile = null;

            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
            {
                /* running on Windows */
                xmlFile = "..\\..\\CWE643_Xpath_Injection__Helper.xml";
            }
            else
            {
                /* running on non-Windows */
                xmlFile = "../../CWE643_Xpath_Injection__Helper.xml";
            }
            if (data != null)
            {
                /* assume username||password as source */
                string[] tokens = data.Split("||".ToCharArray());
                if (tokens.Length < 2)
                {
                    return;
                }
                /* FIX: validate input using StringEscapeUtils */
                string username = System.Security.SecurityElement.Escape(tokens[0]);
                string password = System.Security.SecurityElement.Escape(tokens[1]);
                /* build xpath */
                XPathDocument  inputXml = new XPathDocument(xmlFile);
                XPathNavigator xPath    = inputXml.CreateNavigator();
                string         query    = "//users/user[name/text()='" + username +
                                          "' and pass/text()='" + password + "']" +
                                          "/secret/text()";
                string secret = (string)xPath.Evaluate(query);
            }
        }

Ejemplo n.º 2

Archivo: CWE643_Xpath_Injection__Listen_tcp_67b.cs Proyecto: Anzsley/Juliet_Test_Suite_v1.3_for_C_Sharp

        /* goodG2B() - use goodsource and badsink */
        public static void GoodG2BSink(CWE643_Xpath_Injection__Listen_tcp_67a.Container dataContainer)
        {
            string data    = dataContainer.containerOne;
            string xmlFile = null;

            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
            {
                /* running on Windows */
                xmlFile = "..\\..\\CWE643_Xpath_Injection__Helper.xml";
            }
            else
            {
                /* running on non-Windows */
                xmlFile = "../../CWE643_Xpath_Injection__Helper.xml";
            }
            if (data != null)
            {
                /* assume username||password as source */
                string[] tokens = data.Split("||".ToCharArray());
                if (tokens.Length < 2)
                {
                    return;
                }
                string username = tokens[0];
                string password = tokens[1];
                /* build xpath */
                XPathDocument  inputXml = new XPathDocument(xmlFile);
                XPathNavigator xPath    = inputXml.CreateNavigator();

                /* INCIDENTAL: CWE180 Incorrect Behavior Order: Validate Before Canonicalize
                 *     The user input should be canonicalized before validation. */
                /* POTENTIAL FLAW: user input is used without validate */
                string query = "//users/user[name/text()='" + username +
                               "' and pass/text()='" + password + "']" +
                               "/secret/text()";
                string secret = (string)xPath.Evaluate(query);
            }
        }