C#: Split the StoredXss test from XSS Asp test. Make the former based on stubs.

michaelnebel · michaelnebel · commit b674a8eab751 · 2023-06-15T16:05:45.000+02:00
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.cs b/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.cs
@@ -1,5 +1,3 @@
-// semmle-extractor-options: /r:${testdir}/../../../../resources/assemblies/System.Data.dll /r:${testdir}/../../../../resources/assemblies/System.Web.dll /r:${testdir}/../../../../resources/assemblies/System.Web.Mvc.dll /r:System.ComponentModel.Primitives.dll /r:System.Collections.Specialized.dll /r:${testdir}/../../../../resources/assemblies/System.Net.Http.dll
-
 using System;
 using System.Data.SqlClient;
 using System.Web;
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected b/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected
@@ -1,8 +1,8 @@
 edges
-| StoredXSS.cs:24:60:24:86 | call to method GetString : String | StoredXSS.cs:24:44:24:86 | ... + ... |
+| StoredXSS.cs:22:60:22:86 | call to method GetString : String | StoredXSS.cs:22:44:22:86 | ... + ... |
 nodes
-| StoredXSS.cs:24:44:24:86 | ... + ... | semmle.label | ... + ... |
-| StoredXSS.cs:24:60:24:86 | call to method GetString : String | semmle.label | call to method GetString : String |
+| StoredXSS.cs:22:44:22:86 | ... + ... | semmle.label | ... + ... |
+| StoredXSS.cs:22:60:22:86 | call to method GetString : String | semmle.label | call to method GetString : String |
 subpaths
 #select
-| StoredXSS.cs:24:44:24:86 | ... + ... | StoredXSS.cs:24:60:24:86 | call to method GetString : String | StoredXSS.cs:24:44:24:86 | ... + ... | This HTML or JavaScript write depends on a $@. | StoredXSS.cs:24:60:24:86 | call to method GetString | stored (potentially user-provided) value |
+| StoredXSS.cs:22:44:22:86 | ... + ... | StoredXSS.cs:22:60:22:86 | call to method GetString : String | StoredXSS.cs:22:44:22:86 | ... + ... | This HTML or JavaScript write depends on a $@. | StoredXSS.cs:22:60:22:86 | call to method GetString | stored (potentially user-provided) value |
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/options b/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/options
@@ -1 +1,3 @@
-semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Net.cs
+semmle-extractor-options: /nostdlib /noconfig
+semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../resources/stubs/System.Data.SqlClient/4.8.3/System.Data.SqlClient.csproj
+semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/AspInline.expected b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/AspInline.expected
@@ -1,5 +1,5 @@
-| script.aspx:4:1:4:23 | <%= ... %> | XSS.cs:114:16:114:29 | someJavascript |
-| script.aspx:8:1:8:12 | <%= ... %> | XSS.cs:121:24:121:28 | Field |
+| script.aspx:4:1:4:23 | <%= ... %> | XSS.cs:115:16:115:29 | someJavascript |
+| script.aspx:8:1:8:12 | <%= ... %> | XSS.cs:122:24:122:28 | Field |
 | script.aspx:12:1:12:14 | <%= ... %> | <outside test directory> | Request |
 | script.aspx:16:1:16:34 | <%= ... %> | <outside test directory> | QueryString |
 | script.aspx:20:1:20:41 | <%= ... %> | <outside test directory> | QueryString |
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/AspInline.ql b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/AspInline.ql
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.cs b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.cs
@@ -1,4 +1,4 @@
-
+// semmle-extractor-options: /r:${testdir}/../../../../resources/assemblies/System.Web.dll /r:${testdir}/../../../../resources/assemblies/System.Web.Mvc.dll /r:System.Collections.Specialized.dll /r:${testdir}/../../../../resources/assemblies/System.Net.Http.dll
 using System;
 using System.Net;
 using System.Net.Http;
@@ -102,7 +102,8 @@ public void HtmlEncoded(HttpContextBase context)
             new StringContent(HttpUtility.HtmlEncode(name));
         }
 
-        public void UrlEncoded(HttpContextBase context) {
+        public void UrlEncoded(HttpContextBase context)
+        {
             // GOOD: URL encoding
             string name = context.Request.QueryString["name"];
             new StringContent(HttpUtility.UrlEncode(name));
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected
@@ -56,7 +56,7 @@ nodes
 | XSS.cs:94:27:94:53 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
 | XSS.cs:94:27:94:61 | access to indexer : String | semmle.label | access to indexer : String |
 | XSS.cs:95:31:95:34 | access to local variable name | semmle.label | access to local variable name |
-| XSS.cs:134:20:134:33 | access to property RawUrl | semmle.label | access to property RawUrl |
+| XSS.cs:135:20:135:33 | access to property RawUrl | semmle.label | access to property RawUrl |
 | script.aspx:12:1:12:14 | <%= ... %> | semmle.label | <%= ... %> |
 | script.aspx:16:1:16:34 | <%= ... %> | semmle.label | <%= ... %> |
 | script.aspx:20:1:20:41 | <%= ... %> | semmle.label | <%= ... %> |
@@ -72,7 +72,7 @@ subpaths
 | XSS.cs:86:28:86:31 | access to local variable name | XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | XSS.cs:86:28:86:31 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | User-provided value |
 | XSS.cs:87:31:87:34 | access to local variable name | XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | XSS.cs:87:31:87:34 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | User-provided value |
 | XSS.cs:95:31:95:34 | access to local variable name | XSS.cs:94:27:94:53 | access to property QueryString : NameValueCollection | XSS.cs:95:31:95:34 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:94:27:94:53 | access to property QueryString : NameValueCollection | User-provided value |
-| XSS.cs:134:20:134:33 | access to property RawUrl | XSS.cs:134:20:134:33 | access to property RawUrl | XSS.cs:134:20:134:33 | access to property RawUrl | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:134:20:134:33 | access to property RawUrl | User-provided value |
+| XSS.cs:135:20:135:33 | access to property RawUrl | XSS.cs:135:20:135:33 | access to property RawUrl | XSS.cs:135:20:135:33 | access to property RawUrl | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:135:20:135:33 | access to property RawUrl | User-provided value |
 | script.aspx:12:1:12:14 | <%= ... %> | script.aspx:12:1:12:14 | <%= ... %> | script.aspx:12:1:12:14 | <%= ... %> | $@ flows to here and is a remote source accessed inline in an ASPX page. | script.aspx:12:1:12:14 | <%= ... %> | User-provided value |
 | script.aspx:16:1:16:34 | <%= ... %> | script.aspx:16:1:16:34 | <%= ... %> | script.aspx:16:1:16:34 | <%= ... %> | $@ flows to here and is a remote source accessed inline in an ASPX page. | script.aspx:16:1:16:34 | <%= ... %> | User-provided value |
 | script.aspx:20:1:20:41 | <%= ... %> | script.aspx:20:1:20:41 | <%= ... %> | script.aspx:20:1:20:41 | <%= ... %> | $@ flows to here and is a remote source accessed inline in an ASPX page. | script.aspx:20:1:20:41 | <%= ... %> | User-provided value |
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.qlref b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.qlref
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/options b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/options
@@ -0,0 +1 @@
+semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Net.cs
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/script.aspx b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/script.aspx

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,3 @@`
`1`		`-// semmle-extractor-options: /r:${testdir}/../../../../resources/assemblies/System.Data.dll /r:${testdir}/../../../../resources/assemblies/System.Web.dll /r:${testdir}/../../../../resources/assemblies/System.Web.Mvc.dll /r:System.ComponentModel.Primitives.dll /r:System.Collections.Specialized.dll /r:${testdir}/../../../../resources/assemblies/System.Net.Http.dll`
`2`		`-`
`3`	`1`	`using System;`
`4`	`2`	`using System.Data.SqlClient;`
`5`	`3`	`using System.Web;`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Net.cs`