Merge pull request #19826 from hvitved/csharp/function-auth-test

hvitved · web-flow · commit 12cda8614125 · 2025-06-23T10:02:33.000+02:00
C#: Add another test for `MissingAccessControl.ql`
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/MVCTests/ProfileController.cs b/csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/MVCTests/ProfileController.cs
@@ -41,6 +41,14 @@ public ActionResult Delete4(int id)
         doThings();
         return View();
     }
+
+    // GOOD: The Authorize attribute is used.
+    [Authorize("foo")]
+    public ActionResult Delete5(int id)
+    {
+        doThings();
+        return View();
+    }
 }
 
 [Authorize]

Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,14 @@ public ActionResult Delete4(int id)`
`41`	`41`	`doThings();`
`42`	`42`	`return View();`
`43`	`43`	`}`
	`44`	`+`
	`45`	`+ // GOOD: The Authorize attribute is used.`
	`46`	`+ [Authorize("foo")]`
	`47`	`+ public ActionResult Delete5(int id)`
	`48`	`+ {`
	`49`	`+ doThings();`
	`50`	`+ return View();`
	`51`	`+ }`
`44`	`52`	`}`
`45`	`53`
`46`	`54`	`[Authorize]`