C# (CSharp) testcases.CWE315_Cleartext_Storage_in_Cookie CWE315_Cleartext_Storage_in_Cookie__Web_67a.Container 예제들

예제 #1

파일: CWE315_Cleartext_Storage_in_Cookie__Web_67b.cs 프로젝트: Anzsley/Juliet_Test_Suite_v1.3_for_C_Sharp

        /* goodG2B() - use goodsource and badsink */
        public static void GoodG2BSink(CWE315_Cleartext_Storage_in_Cookie__Web_67a.Container dataContainer, HttpRequest req, HttpResponse resp)
        {
            string data = dataContainer.containerOne;

            /* NOTE: potential incidental issues with not setting secure or HttpOnly flag */
            /* POTENTIAL FLAW: Store data directly in cookie */
            resp.AppendCookie(new HttpCookie("auth", data));
        }

예제 #2

파일: CWE315_Cleartext_Storage_in_Cookie__Web_67b.cs 프로젝트: Anzsley/Juliet_Test_Suite_v1.3_for_C_Sharp

        /* goodB2G() - use badsource and goodsink */
        public static void GoodB2GSink(CWE315_Cleartext_Storage_in_Cookie__Web_67a.Container dataContainer, HttpRequest req, HttpResponse resp)
        {
            string data = dataContainer.containerOne;

            /* FIX: Hash data before storing in cookie */
            {
                string salt = "ThisIsMySalt";
                using (SHA512CryptoServiceProvider sha512 = new SHA512CryptoServiceProvider())
                {
                    byte[] buffer             = Encoding.UTF8.GetBytes(string.Concat(salt, data));
                    byte[] hashedCredsAsBytes = sha512.ComputeHash(buffer);
                    data = IO.ToHex(hashedCredsAsBytes);
                }
            }
            resp.AppendCookie(new HttpCookie("auth", data));
        }