Skip to content

Commit 2a4ed45

Browse files
KwstubbsKwstubbs
committed
Formatting
1 parent 7e2b831 commit 2a4ed45

File tree

3 files changed

+16
-31
lines changed

3 files changed

+16
-31
lines changed

csharp/ql/src/experimental/CWE-942/CorsMisconfiguration.ql

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,6 @@
1212
*/
1313

1414
import csharp
15-
private import DataFlow
16-
import semmle.code.csharp.frameworks.system.Web
1715
import CorsMisconfigurationLib
1816

1917
/**

csharp/ql/src/experimental/CWE-942/CorsMisconfigurationCredentials.ql

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -12,13 +12,9 @@
1212
*/
1313

1414
import csharp
15-
private import DataFlow
16-
import semmle.code.csharp.frameworks.system.Web
1715
import CorsMisconfigurationLib
1816

19-
/**
20-
* Holds if credentials are allowed
21-
*/
17+
/** A call to `CorsPolicyBuilder.AllowCredentials`. */
2218
class AllowsCredentials extends MethodCall {
2319
AllowsCredentials() {
2420
this.getTarget()

csharp/ql/test/experimental/CWE-942/CorsMiconfigurationCredentials.cs

Lines changed: 15 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -3,32 +3,23 @@
33
using System;
44
using Microsoft.Extensions.DependencyInjection;
55

6+
public class Startup {
7+
public void ConfigureServices(string[] args) {
8+
var builder = WebApplication.CreateBuilder(args);
9+
var MyAllowSpecificOrigins = "_myAllowSpecificOrigins";
610

11+
builder.Services.AddCors(options => {
12+
options.AddPolicy(MyAllowSpecificOrigins,
13+
policy => {
14+
policy.SetIsOriginAllowed(test => true).AllowCredentials().AllowAnyHeader().AllowAnyMethod();
15+
});
16+
});
717

8-
public class Startup
9-
{
10-
    public void ConfigureServices(string[] args)
11-
    {
12-
var builder = WebApplication.CreateBuilder(args);
13-
var MyAllowSpecificOrigins = "_myAllowSpecificOrigins";
18+
var app = builder.Build();
1419

20+
app.MapGet("/", () => "Hello World!");
21+
app.UseCors(MyAllowSpecificOrigins);
1522

16-
builder.Services.AddCors(options =>
17-
{
18-
    options.AddPolicy(MyAllowSpecificOrigins,
19-
                      policy =>
20-
                      {
21-
                          policy.SetIsOriginAllowed(test => true).AllowCredentials().AllowAnyHeader().AllowAnyMethod();
22-
                      });
23-
});
24-
25-
var app = builder.Build();
26-
27-
28-
29-
app.MapGet("/", () => "Hello World!");
30-
app.UseCors(MyAllowSpecificOrigins);
31-
32-
app.Run();
33-
    }
23+
app.Run();
24+
}
3425
}

0 commit comments

Comments
 (0)