public async Task PathTraversalMethods(string sink)
{
var cSharpTest = $@"
#pragma warning disable 8019
using System;
using System.Collections.Generic;
using System.IO;
using static System.IO.File;
using System.Security.AccessControl;
#pragma warning restore 8019
class PathTraversal
{{
public static void Run(string path, IEnumerable<String> contents, bool flag,
FileMode fileMode, FileAccess access, FileShare share, byte[] bytes,
FileSecurity fileSecurity, FileOptions fileOptions)
{{
{sink};
}}
}}
";
sink = sink.Replace("null", "Nothing");
var visualBasicTest = $@"
#Disable Warning BC50001
Imports System
Imports System.Collections.Generic
Imports System.IO
Imports System.IO.File
Imports System.Security.AccessControl
#Enable Warning BC50001
Class PathTraversal
Public Shared Sub Run(path As String, contents As IEnumerable(Of String), flag As Boolean, fileMode As FileMode,
access as FileAccess, share As FileShare, bytes As Byte(), fileSecurity As FileSecurity,
fileOptions As FileOptions)
{sink}
End Sub
End Class
";
// should be no warnings without audit config
await VerifyCSharpDiagnostic(cSharpTest).ConfigureAwait(false);
await VerifyVisualBasicDiagnostic(visualBasicTest).ConfigureAwait(false);
var expected = new DiagnosticResult
{
Id = "SCS0018",
Severity = DiagnosticSeverity.Warning,
};
await VerifyCSharpDiagnostic(cSharpTest,
expected,
await AuditTest.GetAuditModeConfigOptions()).ConfigureAwait(false);
await VerifyVisualBasicDiagnostic(visualBasicTest,
expected,
await AuditTest.GetAuditModeConfigOptions()).ConfigureAwait(false);
}
public async Task PathTraversalXmlReader(string sink)
{
var cSharpTest = $@"
#pragma warning disable 8019
using System.IO;
using System.Xml;
#pragma warning restore 8019
class PathTraversal
{{
public static void Run(string textInput, Stream streamInput, TextReader textReaderInput, XmlReader xmlReaderInput)
{{
var reader = {sink};
}}
}}
";
sink = sink.Replace("null", "Nothing");
sink = Regex.Replace(sink, "default\\(([^\\)]*)\\)", "DirectCast(Nothing, $1)");
var visualBasicTest = $@"
#Disable Warning BC50001
Imports System.IO
Imports System.Xml
#Enable Warning BC50001
Class PathTraversal
Public Shared Sub Run(textInput As String, streamInput As Stream, textReaderInput As TextReader, xmlReaderInput As XmlReader)
Dim reader As XMLReader = {sink}
End Sub
End Class
";
// should be no warnings without audit config
await VerifyCSharpDiagnostic(cSharpTest).ConfigureAwait(false);
await VerifyVisualBasicDiagnostic(visualBasicTest).ConfigureAwait(false);
var expected = new DiagnosticResult
{
Id = "SCS0018",
Severity = DiagnosticSeverity.Warning,
};
await VerifyCSharpDiagnostic(cSharpTest,
expected,
await AuditTest.GetAuditModeConfigOptions()).ConfigureAwait(false);
await VerifyVisualBasicDiagnostic(visualBasicTest,
expected,
await AuditTest.GetAuditModeConfigOptions()).ConfigureAwait(false);
}
public async Task PathTraversalMethodsConst(string sink)
{
var cSharpTest = $@"
#pragma warning disable 8019
using System;
using System.Collections.Generic;
using System.IO;
using static System.IO.File;
using System.Security.AccessControl;
#pragma warning restore 8019
class PathTraversal
{{
public static void Run(bool flag, int digit, System.Text.Encoding encoding)
{{
{sink};
}}
}}
";
sink = sink.Replace("null", "Nothing");
var visualBasicTest = $@"
#Disable Warning BC50001
Imports System
Imports System.Collections.Generic
Imports System.IO
Imports System.IO.File
Imports System.Security.AccessControl
#Enable Warning BC50001
Class PathTraversal
Public Shared Sub Run(flag As Boolean, digit As Int32, encoding As System.Text.Encoding)
{sink}
End Sub
End Class
";
// should be no warnings without audit config
await VerifyCSharpDiagnostic(cSharpTest).ConfigureAwait(false);
await VerifyVisualBasicDiagnostic(visualBasicTest).ConfigureAwait(false);
// no warnings with config too
await VerifyCSharpDiagnostic(cSharpTest, options : await AuditTest.GetAuditModeConfigOptions()).ConfigureAwait(false);
await VerifyVisualBasicDiagnostic(visualBasicTest, options : await AuditTest.GetAuditModeConfigOptions()).ConfigureAwait(false);
}
public async Task PathTraversalMethods(string sink)
{
var cSharpTest = $@"
#pragma warning disable 8019
using System;
using System.Collections.Generic;
using System.IO;
using FS = System.IO.File;
using static System.IO.File;
using System.Security.AccessControl;
using System.Security.Policy;
using System.Configuration.Assemblies;
using System.Reflection;
using System.Web.Mvc;
#pragma warning restore 8019
public class MyController : Controller
{{
public void Run(string path, IEnumerable<String> contents, bool flag,
FileMode fileMode, FileAccess access, FileShare share, byte[] bytes,
FileSecurity fileSecurity, FileOptions fileOptions)
{{
#pragma warning disable CS0618
{sink};
#pragma warning restore CS0618
}}
}}
";
var visualBasicTest = $@"
#Disable Warning BC50001
Imports System
Imports System.Collections.Generic
Imports System.IO
Imports System.IO.File
Imports FS = System.IO.File
Imports System.Security.AccessControl
Imports System.Security.Policy
Imports System.Configuration.Assemblies
Imports System.Reflection
Imports System.Web.Mvc
#Enable Warning BC50001
Public Class MyController
Inherits Controller
Public Sub Run(path As String, contents As IEnumerable(Of String), flag As Boolean, fileMode As FileMode,
access as FileAccess, share As FileShare, bytes As Byte(), fileSecurity As FileSecurity,
fileOptions As FileOptions)
#Disable Warning BC40000
{sink.CSharpReplaceToVBasic()}
#Enable Warning BC40000
End Sub
End Class
";
var expected = new DiagnosticResult
{
Id = "SCS0018",
Severity = DiagnosticSeverity.Warning,
};
await VerifyCSharpDiagnostic(cSharpTest, expected).ConfigureAwait(false);
await VerifyVisualBasicDiagnostic(visualBasicTest, expected).ConfigureAwait(false);
cSharpTest = $@"
#pragma warning disable 8019
using System;
using System.Collections.Generic;
using System.IO;
using FS = System.IO.File;
using static System.IO.File;
using System.Security.AccessControl;
using System.Security.Policy;
using System.Configuration.Assemblies;
using System.Reflection;
using System.Web.Mvc;
#pragma warning restore 8019
public class Foo
{{
public void Run(string path, IEnumerable<String> contents, bool flag,
FileMode fileMode, FileAccess access, FileShare share, byte[] bytes,
FileSecurity fileSecurity, FileOptions fileOptions)
{{
#pragma warning disable CS0618
{sink};
#pragma warning restore CS0618
}}
}}
";
visualBasicTest = $@"
#Disable Warning BC50001
Imports System
Imports System.Collections.Generic
Imports System.IO
Imports System.IO.File
Imports FS = System.IO.File
Imports System.Security.AccessControl
Imports System.Security.Policy
Imports System.Configuration.Assemblies
Imports System.Reflection
Imports System.Web.Mvc
#Enable Warning BC50001
Public Class Foo
Public Sub Run(path As String, contents As IEnumerable(Of String), flag As Boolean, fileMode As FileMode,
access as FileAccess, share As FileShare, bytes As Byte(), fileSecurity As FileSecurity,
fileOptions As FileOptions)
#Disable Warning BC40000
{sink.CSharpReplaceToVBasic()}
#Enable Warning BC40000
End Sub
End Class
";
// same warnings in audit mode
await VerifyCSharpDiagnostic(cSharpTest,
expected,
await AuditTest.GetAuditModeConfigOptions().ConfigureAwait(false)).ConfigureAwait(false);
await VerifyVisualBasicDiagnostic(visualBasicTest,
expected,
await AuditTest.GetAuditModeConfigOptions().ConfigureAwait(false)).ConfigureAwait(false);
}
public static async Task InitOptions(TestContext testContext)
{
Options = await AuditTest.GetAuditModeConfigOptions();
}