/* DangerousMethodsShouldBeAvoided(System.Reflection.PropertyInfo.SetValue) */ set /**/ {
PropertyInfo p = typeof(string).GetProperty(nameof(string.Length));
p.SetValue("str", value, null);
}
}
public void /* DangerousMethodsShouldBeAvoided(System.Reflection.PropertyInfo.SetValue) */ DelegateInsideMethod(/**/)
{
Action hacker = () => {
PropertyInfo p = typeof(string).GetProperty(nameof(string.Length));
p.SetValue("str", 7, null);
};
}
}
internal sealed class AuditedUsages {
[DangerousMethodUsage.Audited(typeof(PropertyInfo), "SetValue")]
public AuditedUsages()
{
PropertyInfo p = typeof(string).GetProperty(nameof(string.Length));
p.SetValue("str", 7, null);
}
[DangerousMethodUsage.Audited(typeof(PropertyInfo), "SetValue")]
public void Method()
{
PropertyInfo p = typeof(string).GetProperty(nameof(string.Length));
p.SetValue("str", 7, null);
}
[DangerousMethodUsage.Audited(typeof(Task), "Run")]
public void AsyncMethod()
{
Task.Run <int>(() => Task.FromResult(7));
}
public int PropertyGetter {
[DangerousMethodUsage.Audited(typeof(PropertyInfo), "SetValue")]
get {
PropertyInfo p = typeof(string).GetProperty(nameof(string.Length));
p.SetValue("str", 7, null);
return(1);
}
}
public int PropertySetter {
[DangerousMethodUsage.Audited(typeof(PropertyInfo), "SetValue")]
set {
PropertyInfo p = typeof(string).GetProperty(nameof(string.Length));
p.SetValue("str", value, null);
}
}
[DangerousMethodUsage.Audited(typeof(PropertyInfo), "SetValue")]
public void DelegateInsideMethod()
{
Action hacker = () => {
PropertyInfo p = typeof(string).GetProperty(nameof(string.Length));
p.SetValue("str", 7, null);
};
}
}
internal sealed class UnauditedUsages {
[DangerousMethodUsage.Unaudited(typeof(PropertyInfo), "SetValue")]
public UnauditedUsages()
{
PropertyInfo p = typeof(string).GetProperty(nameof(string.Length));
p.SetValue("str", 7, null);
}
[DangerousMethodUsage.Unaudited(typeof(PropertyInfo), "SetValue")]
public void Method()
{
PropertyInfo p = typeof(string).GetProperty(nameof(string.Length));
p.SetValue("str", 7, null);
}
[DangerousMethodUsage.Unaudited(typeof(Task), "Run")]
public void AsyncMethod()
{
Task.Run <int>(() => Task.FromResult(7));
}
public int PropertyGetter {
[DangerousMethodUsage.Unaudited(typeof(PropertyInfo), "SetValue")]
get {
PropertyInfo p = typeof(string).GetProperty(nameof(string.Length));
p.SetValue("str", 7, null);
return(1);
}
}
public int PropertySetter {
[DangerousMethodUsage.Unaudited(typeof(PropertyInfo), "SetValue")]
set {
PropertyInfo p = typeof(string).GetProperty(nameof(string.Length));
p.SetValue("str", value, null);
}
}
[DangerousMethodUsage.Unaudited(typeof(PropertyInfo), "SetValue")]
public void DelegateInsideMethod()
{
Action hacker = () => {
PropertyInfo p = typeof(string).GetProperty(nameof(string.Length));
p.SetValue("str", 7, null);
};
}
}
internal sealed class MismatchedAuditedUsages {
[DangerousMethodUsage.Audited(null, "SetValue")]
public void /* DangerousMethodsShouldBeAvoided(System.Reflection.PropertyInfo.SetValue) */ NullDeclaringType(/**/)
{
PropertyInfo p = typeof(string).GetProperty(nameof(string.Length));
p.SetValue("str", 7, null);
}
[DangerousMethodUsage.Audited(typeof(FieldInfo), "SetValue")]
public void /* DangerousMethodsShouldBeAvoided(System.Reflection.PropertyInfo.SetValue) */ DifferentDeclaringType(/**/)
public IHttpHandler /* DangerousPropertiesShouldBeAvoided(System.Web.HttpContext.Handler) */ UnmarkedInstanceGetUsage(/**/)
{
HttpContext context = new HttpContext();
return(context.Handler);
}
public void /* DangerousPropertiesShouldBeAvoided(System.Web.HttpContext.Handler) */ UnmarkedInstanceSetUsage(/**/)
{
HttpContext context = new HttpContext();
context.Handler = null;
}
}
internal sealed class AuditedUsages {
[DangerousPropertyUsage.Audited(typeof(ServicePointManager), "DefaultConnectionLimit")]
public int AuditedStaticGetUsage()
{
return(ServicePointManager.DefaultConnectionLimit);
}
[DangerousPropertyUsage.Audited(typeof(ServicePointManager), "DefaultConnectionLimit")]
public void AuditedStaticSetUsage()
{
ServicePointManager.DefaultConnectionLimit = 99;
}
[DangerousPropertyUsage.Audited(typeof(HttpContext), "Handler")]
public IHttpHandler AuditedInstanceGetUsage()
{
HttpContext context = new HttpContext();
return(context.Handler);
}
[DangerousPropertyUsage.Audited(typeof(HttpContext), "Handler")]
public void AuditedStaticSetUsage()
{
HttpContext context = new HttpContext();
context.Handler = null;
}
}
internal sealed class UnauditedUsages {
[DangerousPropertyUsage.Unaudited(typeof(ServicePointManager), "DefaultConnectionLimit")]
public int UnauditedStaticGetUsage()
{
return(ServicePointManager.DefaultConnectionLimit);
}
[DangerousPropertyUsage.Unaudited(typeof(ServicePointManager), "DefaultConnectionLimit")]
public void UnauditedStaticSetUsage()
{
ServicePointManager.DefaultConnectionLimit = 88;
}
[DangerousPropertyUsage.Unaudited(typeof(HttpContext), "Handler")]
public IHttpHandler UnauditedInstanceGetUsage()
{
HttpContext context = new HttpContext();
return(context.Handler);
}
[DangerousPropertyUsage.Unaudited(typeof(HttpContext), "Handler")]
public void UnauditedStaticSetUsage()
{
HttpContext context = new HttpContext();
context.Handler = null;
}
}
internal sealed class MismatchedAuditedUsages {
[DangerousPropertyUsage.Audited(null, "DefaultConnectionLimit")]
public int /* DangerousPropertiesShouldBeAvoided(System.Net.ServicePointManager.DefaultConnectionLimit) */ NullDeclaringType(/**/)
{
return(ServicePointManager.DefaultConnectionLimit);
}
[DangerousPropertyUsage.Audited(typeof(string), "DefaultConnectionLimit")]
public int /* DangerousPropertiesShouldBeAvoided(System.Net.ServicePointManager.DefaultConnectionLimit) */ DifferentDeclaringType(/**/)
public void /* DangerousMethodsShouldBeAvoided(System.Threading.Thread.Sleep) */ MethodWithThreadSleepInt(/**/)
{
System.Threading.Thread.Sleep(1);
}
public void /* DangerousMethodsShouldBeAvoided(System.Threading.Thread.Sleep) */ MethodWithThreadSleepTimeSpan(/**/)
{
System.Threading.Thread.Sleep(TimeSpan.FromMilliseconds(1));
}
}
internal sealed class AuditedUsages {
[DangerousMethodUsage.Audited(typeof(PropertyInfo), "SetValue", "John Doe", "1970-01-01", "Rationale")]
public AuditedUsages()
{
PropertyInfo p = typeof(string).GetProperty(nameof(string.Length));
p.SetValue("str", 7, null);
}
[DangerousMethodUsage.Audited(typeof(PropertyInfo), "SetValue", "John Doe", "1970-01-01", "Rationale")]
public void Method()
{
PropertyInfo p = typeof(string).GetProperty(nameof(string.Length));
p.SetValue("str", 7, null);
}
[DangerousMethodUsage.Audited(typeof(Task), "Run", "John Doe", "1970-01-01", "Rationale")]
public void AsyncMethod()
{
Task.Run <int>(() => Task.FromResult(7));
}
public int PropertyGetter {
[DangerousMethodUsage.Audited(typeof(PropertyInfo), "SetValue", "John Doe", "1970-01-01", "Rationale")]
get {
PropertyInfo p = typeof(string).GetProperty(nameof(string.Length));
p.SetValue("str", 7, null);
return(1);
}
}
public int PropertySetter {
[DangerousMethodUsage.Audited(typeof(PropertyInfo), "SetValue", "John Doe", "1970-01-01", "Rationale")]
set {
PropertyInfo p = typeof(string).GetProperty(nameof(string.Length));
p.SetValue("str", value, null);
}
}
[DangerousMethodUsage.Audited(typeof(PropertyInfo), "SetValue", "John Doe", "1970-01-01", "Rationale")]
public void DelegateInsideMethod()
{
Action hacker = () => {
PropertyInfo p = typeof(string).GetProperty(nameof(string.Length));
p.SetValue("str", 7, null);
};
}
[DangerousMethodUsage.Audited(typeof(HostingEnvironment), "MapPath", "John Doe", "1970-01-01", "Rationale")]
public void MethodWithMapPath()
{
HostingEnvironment.MapPath("/d2l");
}
[DangerousMethodUsage.Audited(typeof(HttpServerUtility), "Transfer", "John Doe", "1970-01-01", "Rationale")]
public void MethodWithTransfer()
{
HttpServerUtility obj = new HttpServerUtility();
obj.Transfer("/new/path");
}
}
internal sealed class UnauditedUsages {
[DangerousMethodUsage.Unaudited(typeof(PropertyInfo), "SetValue")]
public UnauditedUsages()
{
PropertyInfo p = typeof(string).GetProperty(nameof(string.Length));
p.SetValue("str", 7, null);
}
[DangerousMethodUsage.Unaudited(typeof(PropertyInfo), "SetValue")]
public void Method()
{
PropertyInfo p = typeof(string).GetProperty(nameof(string.Length));
p.SetValue("str", 7, null);
}
[DangerousMethodUsage.Unaudited(typeof(Task), "Run")]
public void AsyncMethod()
{
Task.Run <int>(() => Task.FromResult(7));
}
public int PropertyGetter {
[DangerousMethodUsage.Unaudited(typeof(PropertyInfo), "SetValue")]
get {
PropertyInfo p = typeof(string).GetProperty(nameof(string.Length));
p.SetValue("str", 7, null);
return(1);
}
}
public int PropertySetter {
[DangerousMethodUsage.Unaudited(typeof(PropertyInfo), "SetValue")]
set {
PropertyInfo p = typeof(string).GetProperty(nameof(string.Length));
p.SetValue("str", value, null);
}
}
[DangerousMethodUsage.Unaudited(typeof(PropertyInfo), "SetValue")]
public void DelegateInsideMethod()
{
Action hacker = () => {
PropertyInfo p = typeof(string).GetProperty(nameof(string.Length));
p.SetValue("str", 7, null);
};
}
[DangerousMethodUsage.Unaudited(typeof(HostingEnvironment), "MapPath")]
public void MethodWithMapPath()
{
HostingEnvironment.MapPath("/d2l");
}
[DangerousMethodUsage.Unaudited(typeof(HttpServerUtility), "Transfer")]
public void MethodWithTransfer()
{
HttpServerUtility obj = new HttpServerUtility();
obj.Transfer("/new/path");
}
}
internal sealed class MismatchedAuditedUsages {
[DangerousMethodUsage.Audited(null, "SetValue")]
public void /* DangerousMethodsShouldBeAvoided(System.Reflection.PropertyInfo.SetValue) */ NullDeclaringType(/**/)
{
PropertyInfo p = typeof(string).GetProperty(nameof(string.Length));
p.SetValue("str", 7, null);
}
[DangerousMethodUsage.Audited(typeof(FieldInfo), "SetValue")]
public void /* DangerousMethodsShouldBeAvoided(System.Reflection.PropertyInfo.SetValue) */ DifferentDeclaringType(/**/)
