public void /* DangerousMethodsShouldBeAvoided(System.Web.HttpServerUtility.Transfer) */ MethodWithTransfer(/**/) { HttpServerUtility obj = new HttpServerUtility(); obj.Transfer("/new/path"); } public void /* DangerousMethodsShouldBeAvoided(System.Threading.Tasks.TaskFactory.StartNew) */ MethodWithTaskFactoryStartNew(/**/) { System.Threading.Tasks.Task.Factory.StartNew(() => { }); } public void /* DangerousMethodsShouldBeAvoided(System.Threading.Tasks.TaskFactory.StartNew) */ MethodWithGenericTaskFactoryStartNew(/**/) { System.Threading.Tasks.Task <int> .Factory.StartNew(() => 1); } public void /* DangerousMethodsShouldBeAvoided(System.Threading.Thread.Sleep) */ MethodWithThreadSleepInt(/**/)
public void /* DangerousMethodsShouldBeAvoided(System.Web.HttpServerUtility.Transfer) */ MethodWithTransfer(/**/) { HttpServerUtility obj = new HttpServerUtility(); obj.Transfer("/new/path"); } public void /* DangerousMethodsShouldBeAvoided(System.Threading.Tasks.TaskFactory.StartNew) */ MethodWithTaskFactoryStartNew(/**/) { System.Threading.Tasks.Task.Factory.StartNew(() => { }); } public void /* DangerousMethodsShouldBeAvoided(System.Threading.Tasks.TaskFactory.StartNew) */ MethodWithGenericTaskFactoryStartNew(/**/) { System.Threading.Tasks.Task <int> .Factory.StartNew(() => 1); } } internal sealed class AuditedUsages { [DangerousMethodUsage.Audited(typeof(PropertyInfo), "SetValue")] public AuditedUsages() { PropertyInfo p = typeof(string).GetProperty(nameof(string.Length)); p.SetValue("str", 7, null); } [DangerousMethodUsage.Audited(typeof(PropertyInfo), "SetValue")] public void Method() { PropertyInfo p = typeof(string).GetProperty(nameof(string.Length)); p.SetValue("str", 7, null); } [DangerousMethodUsage.Audited(typeof(Task), "Run")] public void AsyncMethod() { Task.Run <int>(() => Task.FromResult(7)); } public int PropertyGetter { [DangerousMethodUsage.Audited(typeof(PropertyInfo), "SetValue")] get { PropertyInfo p = typeof(string).GetProperty(nameof(string.Length)); p.SetValue("str", 7, null); return(1); } } public int PropertySetter { [DangerousMethodUsage.Audited(typeof(PropertyInfo), "SetValue")] set { PropertyInfo p = typeof(string).GetProperty(nameof(string.Length)); p.SetValue("str", value, null); } } [DangerousMethodUsage.Audited(typeof(PropertyInfo), "SetValue")] public void DelegateInsideMethod() { Action hacker = () => { PropertyInfo p = typeof(string).GetProperty(nameof(string.Length)); p.SetValue("str", 7, null); }; } [DangerousMethodUsage.Audited(typeof(HostingEnvironment), "MapPath")] public void MethodWithMapPath() { HostingEnvironment.MapPath("/d2l"); } [DangerousMethodUsage.Audited(typeof(HttpServerUtility), "Transfer")] public void MethodWithTransfer() { HttpServerUtility obj = new HttpServerUtility(); obj.Transfer("/new/path"); } } internal sealed class UnauditedUsages { [DangerousMethodUsage.Unaudited(typeof(PropertyInfo), "SetValue")] public UnauditedUsages() { PropertyInfo p = typeof(string).GetProperty(nameof(string.Length)); p.SetValue("str", 7, null); } [DangerousMethodUsage.Unaudited(typeof(PropertyInfo), "SetValue")] public void Method() { PropertyInfo p = typeof(string).GetProperty(nameof(string.Length)); p.SetValue("str", 7, null); } [DangerousMethodUsage.Unaudited(typeof(Task), "Run")] public void AsyncMethod() { Task.Run <int>(() => Task.FromResult(7)); } public int PropertyGetter { [DangerousMethodUsage.Unaudited(typeof(PropertyInfo), "SetValue")] get { PropertyInfo p = typeof(string).GetProperty(nameof(string.Length)); p.SetValue("str", 7, null); return(1); } } public int PropertySetter { [DangerousMethodUsage.Unaudited(typeof(PropertyInfo), "SetValue")] set { PropertyInfo p = typeof(string).GetProperty(nameof(string.Length)); p.SetValue("str", value, null); } } [DangerousMethodUsage.Unaudited(typeof(PropertyInfo), "SetValue")] public void DelegateInsideMethod() { Action hacker = () => { PropertyInfo p = typeof(string).GetProperty(nameof(string.Length)); p.SetValue("str", 7, null); }; } [DangerousMethodUsage.Unaudited(typeof(HostingEnvironment), "MapPath")] public void MethodWithMapPath() { HostingEnvironment.MapPath("/d2l"); } [DangerousMethodUsage.Unaudited(typeof(HttpServerUtility), "Transfer")] public void MethodWithTransfer() { HttpServerUtility obj = new HttpServerUtility(); obj.Transfer("/new/path"); } } internal sealed class MismatchedAuditedUsages { [DangerousMethodUsage.Audited(null, "SetValue")] public void /* DangerousMethodsShouldBeAvoided(System.Reflection.PropertyInfo.SetValue) */ NullDeclaringType(/**/)