Skip to content

Commit 5d1f2a1

Browse files
committed
C#: Convert Deserialization tests to use inline expectations.
1 parent 822486e commit 5d1f2a1

21 files changed

+37
-27
lines changed

csharp/ql/test/query-tests/Security Features/CWE-502/DeserializedDelegate/DeserializedDelegate.cs

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,11 +11,11 @@ public static void M(FileStream fs)
1111
{
1212
var formatter = new BinaryFormatter();
1313
// BAD
14-
var a = (Func<int>)formatter.Deserialize(fs);
14+
var a = (Func<int>)formatter.Deserialize(fs); // $ Alert[cs/deserialized-delegate]
1515
// BAD
16-
var b = (Expression<Func<int>>)formatter.Deserialize(fs);
16+
var b = (Expression<Func<int>>)formatter.Deserialize(fs); // $ Alert[cs/deserialized-delegate]
1717
// BAD
18-
var c = (D)formatter.Deserialize(fs);
18+
var c = (D)formatter.Deserialize(fs); // $ Alert[cs/deserialized-delegate]
1919
// GOOD
2020
var d = (int)formatter.Deserialize(fs);
2121
}
Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1,4 @@
1-
Security Features/CWE-502/DeserializedDelegate.ql
1+
query: Security Features/CWE-502/DeserializedDelegate.ql
2+
postprocess:
3+
- utils/test/PrettyPrintModels.ql
4+
- utils/test/InlineExpectationsTestQuery.ql

csharp/ql/test/query-tests/Security Features/CWE-502/DeserializedDelegate/DeserializedDelegateBad.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ public static int InvokeSerialized(FileStream fs)
88
{
99
var formatter = new BinaryFormatter();
1010
// BAD
11-
var f = (Func<int>)formatter.Deserialize(fs);
11+
var f = (Func<int>)formatter.Deserialize(fs); // $ Alert[cs/deserialized-delegate]
1212
return f();
1313
}
1414
}

csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserialization/BinaryFormatterBad.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,6 @@ public static object Deserialize(Stream s)
77
{
88
var ds = new BinaryFormatter();
99
// BAD
10-
return ds.Deserialize(s);
10+
return ds.Deserialize(s); // $ Alert[cs/unsafe-deserialization]
1111
}
1212
}

csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserialization/DataContractJsonSerializerBad.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,6 @@ public static object Deserialize(Type type, Stream s)
88
{
99
var ds = new DataContractJsonSerializer(type);
1010
// BAD
11-
return ds.ReadObject(s);
11+
return ds.ReadObject(s); // $ Alert[cs/unsafe-deserialization]
1212
}
1313
}

csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserialization/DataContractSerializerBad.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,6 @@ public static object Deserialize(Type type, Stream s)
88
{
99
var ds = new DataContractSerializer(type);
1010
// BAD
11-
return ds.ReadObject(s);
11+
return ds.ReadObject(s); // $ Alert[cs/unsafe-deserialization]
1212
}
1313
}

csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserialization/ResourceReaderBad.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,11 +6,11 @@ class BadResourceReader
66
{
77
public static void Deserialize(Stream s)
88
{
9-
var ds = new ResourceReader(s);
9+
var ds = new ResourceReader(s); // $ Alert[cs/unsafe-deserialization]
1010
// BAD
1111
var dict = ds.GetEnumerator();
1212
while (dict.MoveNext())
13-
Console.WriteLine(" {0}: '{1}' (Type {2})",
13+
Console.WriteLine(" {0}: '{1}' (Type {2})",
1414
dict.Key, dict.Value, dict.Value.GetType().Name);
1515
ds.Close();
1616
}
Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1,4 @@
1-
Security Features/CWE-502/UnsafeDeserialization.ql
1+
query: Security Features/CWE-502/UnsafeDeserialization.ql
2+
postprocess:
3+
- utils/test/PrettyPrintModels.ql
4+
- utils/test/InlineExpectationsTestQuery.ql

csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserialization/UnsafeDeserializationBad.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,6 @@ public static object Deserialize(string s)
66
{
77
JavaScriptSerializer sr = new JavaScriptSerializer(new SimpleTypeResolver());
88
// BAD
9-
return sr.DeserializeObject(s);
9+
return sr.DeserializeObject(s); // $ Alert[cs/unsafe-deserialization]
1010
}
1111
}

csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserialization/XmlObjectSerializerBad.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,6 @@ public static object Deserialize(Type type, Stream s)
88
{
99
XmlObjectSerializer ds = new DataContractSerializer(type);
1010
// BAD
11-
return ds.ReadObject(s);
11+
return ds.ReadObject(s); // $ Alert[cs/unsafe-deserialization]
1212
}
1313
}

0 commit comments

Comments
 (0)