Added tests

Kwstubbs · Kwstubbs · commit a4fb0e06b311 · 2024-11-26T15:16:32.000-08:00
diff --git a/csharp/ql/test/experimental/CWE-942/CORSMisconfiguration.txt b/csharp/ql/test/experimental/CWE-942/CORSMisconfiguration.txt
@@ -0,0 +1,32 @@
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Mvc;
+using System;
+
+
+public class Startup
+{
+    public void ConfigureServices(IServiceCollection services)
+    {
+var builder = WebApplication.CreateBuilder(args);
+var MyAllowSpecificOrigins = "_myAllowSpecificOrigins";
+
+
+builder.Services.AddCors(options =>
+{
+    options.AddPolicy(MyAllowSpecificOrigins,
+                      policy =>
+                      {
+                          policy.SetIsOriginAllowed(test => true).AllowCredentials().AllowAnyHeader().AllowAnyMethod();
+                      });
+});
+
+var app = builder.Build();
+
+
+
+app.MapGet("/", () => "Hello World!");
+app.UseCors(MyAllowSpecificOrigins);
+
+app.Run();
+    }
+}
diff --git a/csharp/ql/test/experimental/CWE-942/CorsMiconfiguration.cs b/csharp/ql/test/experimental/CWE-942/CorsMiconfiguration.cs
@@ -0,0 +1,25 @@
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Mvc;
+using System;
+
+var builder = WebApplication.CreateBuilder(args);
+var MyAllowSpecificOrigins = "_myAllowSpecificOrigins";
+
+
+builder.Services.AddCors(options =>
+{
+    options.AddPolicy(MyAllowSpecificOrigins,
+                      policy =>
+                      {
+                          policy.SetIsOriginAllowed(test => true).AllowCredentials().AllowAnyHeader().AllowAnyMethod();
+                      });
+});
+
+var app = builder.Build();
+
+
+
+app.MapGet("/", () => "Hello World!");
+app.UseCors(MyAllowSpecificOrigins);
+
+app.Run();
diff --git a/csharp/ql/test/experimental/CWE-942/CorsMisconfiguration.qlref b/csharp/ql/test/experimental/CWE-942/CorsMisconfiguration.qlref
@@ -0,0 +1 @@
+experimental/CWE-942/CorsMisconfiguration.ql
diff --git a/csharp/ql/test/experimental/CWE-942/options b/csharp/ql/test/experimental/CWE-942/options
@@ -0,0 +1,5 @@
+semmle-extractor-options: /nostdlib /noconfig
+semmle-extractor-options: --load-sources-from-project:${testdir}/../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj
+semmle-extractor-options: --load-sources-from-project:../../resources/stubs/_frameworks/Microsoft.AspNetCore.App/Microsoft.AspNetCore.App.csproj
+semmle-extractor-options: --load-sources-from-project:../../resources/stubs/Microsoft.Extensions.DependencyInjection.Abstractions/6.0.0/Microsoft.Extensions.DependencyInjection.Abstractions.csproj
+

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+experimental/CWE-942/CorsMisconfiguration.ql`