From 80967dcd64faf1618420925b739a2c41f1cf2996 Mon Sep 17 00:00:00 2001 From: Kevin Stubbings Date: Tue, 26 Nov 2024 15:47:55 -0800 Subject: [PATCH] Fix issues --- .../CWE-942/{examples => }/CORSBad.cs | 0 .../CWE-942/{examples => }/CORSGood.cs | 0 .../CorsMisconfigurationCredentials.ql | 2 +- .../CWE-942/CORSMisconfiguration.txt | 32 ------------------- ...n.cs => CorsMiconfigurationCredentials.cs} | 0 .../CWE-942/CorsMisconfiguration.expected | 0 .../CWE-942/CorsMisconfiguration.qlref | 1 - .../CorsMisconfigurationCredentials.qlref | 1 + 8 files changed, 2 insertions(+), 34 deletions(-) rename csharp/ql/src/experimental/CWE-942/{examples => }/CORSBad.cs (100%) rename csharp/ql/src/experimental/CWE-942/{examples => }/CORSGood.cs (100%) delete mode 100644 csharp/ql/test/experimental/CWE-942/CORSMisconfiguration.txt rename csharp/ql/test/experimental/CWE-942/{CorsMiconfiguration.cs => CorsMiconfigurationCredentials.cs} (100%) create mode 100644 csharp/ql/test/experimental/CWE-942/CorsMisconfiguration.expected delete mode 100644 csharp/ql/test/experimental/CWE-942/CorsMisconfiguration.qlref create mode 100644 csharp/ql/test/experimental/CWE-942/CorsMisconfigurationCredentials.qlref diff --git a/csharp/ql/src/experimental/CWE-942/examples/CORSBad.cs b/csharp/ql/src/experimental/CWE-942/CORSBad.cs similarity index 100% rename from csharp/ql/src/experimental/CWE-942/examples/CORSBad.cs rename to csharp/ql/src/experimental/CWE-942/CORSBad.cs diff --git a/csharp/ql/src/experimental/CWE-942/examples/CORSGood.cs b/csharp/ql/src/experimental/CWE-942/CORSGood.cs similarity index 100% rename from csharp/ql/src/experimental/CWE-942/examples/CORSGood.cs rename to csharp/ql/src/experimental/CWE-942/CORSGood.cs diff --git a/csharp/ql/src/experimental/CWE-942/CorsMisconfigurationCredentials.ql b/csharp/ql/src/experimental/CWE-942/CorsMisconfigurationCredentials.ql index 1dc4e4cb98d1..e1288fd0c890 100644 --- a/csharp/ql/src/experimental/CWE-942/CorsMisconfigurationCredentials.ql +++ b/csharp/ql/src/experimental/CWE-942/CorsMisconfigurationCredentials.ql @@ -6,7 +6,7 @@ * @problem.severity error * @security-severity 7.5 * @precision high - * @id cs/web/cors-misconfiguration + * @id cs/web/cors-misconfiguration-credentials * @tags security * external/cwe/cwe-942 */ diff --git a/csharp/ql/test/experimental/CWE-942/CORSMisconfiguration.txt b/csharp/ql/test/experimental/CWE-942/CORSMisconfiguration.txt deleted file mode 100644 index 4d66e855941b..000000000000 --- a/csharp/ql/test/experimental/CWE-942/CORSMisconfiguration.txt +++ /dev/null @@ -1,32 +0,0 @@ -using Microsoft.AspNetCore.Builder; -using Microsoft.AspNetCore.Mvc; -using System; - - -public class Startup -{ - public void ConfigureServices(IServiceCollection services) - { -var builder = WebApplication.CreateBuilder(args); -var MyAllowSpecificOrigins = "_myAllowSpecificOrigins"; - - -builder.Services.AddCors(options => -{ - options.AddPolicy(MyAllowSpecificOrigins, - policy => - { - policy.SetIsOriginAllowed(test => true).AllowCredentials().AllowAnyHeader().AllowAnyMethod(); - }); -}); - -var app = builder.Build(); - - - -app.MapGet("/", () => "Hello World!"); -app.UseCors(MyAllowSpecificOrigins); - -app.Run(); - } -} \ No newline at end of file diff --git a/csharp/ql/test/experimental/CWE-942/CorsMiconfiguration.cs b/csharp/ql/test/experimental/CWE-942/CorsMiconfigurationCredentials.cs similarity index 100% rename from csharp/ql/test/experimental/CWE-942/CorsMiconfiguration.cs rename to csharp/ql/test/experimental/CWE-942/CorsMiconfigurationCredentials.cs diff --git a/csharp/ql/test/experimental/CWE-942/CorsMisconfiguration.expected b/csharp/ql/test/experimental/CWE-942/CorsMisconfiguration.expected new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/csharp/ql/test/experimental/CWE-942/CorsMisconfiguration.qlref b/csharp/ql/test/experimental/CWE-942/CorsMisconfiguration.qlref deleted file mode 100644 index cadcb0509195..000000000000 --- a/csharp/ql/test/experimental/CWE-942/CorsMisconfiguration.qlref +++ /dev/null @@ -1 +0,0 @@ -experimental/CWE-942/CorsMisconfiguration.ql \ No newline at end of file diff --git a/csharp/ql/test/experimental/CWE-942/CorsMisconfigurationCredentials.qlref b/csharp/ql/test/experimental/CWE-942/CorsMisconfigurationCredentials.qlref new file mode 100644 index 000000000000..5b17285c64b0 --- /dev/null +++ b/csharp/ql/test/experimental/CWE-942/CorsMisconfigurationCredentials.qlref @@ -0,0 +1 @@ +experimental/CWE-942/CorsMisconfigurationCredentials.ql \ No newline at end of file