-
Notifications
You must be signed in to change notification settings - Fork 70
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
zestrella
committed
Aug 9, 2021
1 parent
8615f8f
commit 12f2bd1
Showing
57 changed files
with
27,636 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| # VeraDemoDotNet | ||
|
|
||
| VeraDemoDotNet is a great test application for Veracode IDE Scanner for Visual Studio, Visual Studio Code, and the Veracode Static Pipeline Scanner. | ||
| This example uses Azure Dev Ops to build and test VeraDemoDotNet with the Veracode Static Pipeline scanner. A Veracode subscription is required. | ||
|
|
||
| Clone or connect this repo to Azure Dev Ops. Create a Pipeline using included example azure-pipelines.yml. | ||
|
|
||
| Setup API ID and Key in Pipeline Variables – | ||
| - VERACODE_API_ID | ||
| - VERACODE_API_KEY | ||
|
|
||
| Once build completes you can download results.json from build summary screen or view them in the console output for the Pipeline scanner step. | ||
|
|
||
| Check the results.json into source code and reference it in the command to break build on new findings. | ||
|
|
||
| To break on new flaws found from previous scan, add "- bf results.json" to string and remove "|| true" at the end of the string so the step will break the build process on new flaws. | ||
|
|
||
| Find further options here:https://help.veracode.com/r/r_pipeline_scan_commands |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| using System.Web; | ||
| using System.Web.Optimization; | ||
|
|
||
| namespace Verademo_dotnet | ||
| { | ||
| public class BundleConfig | ||
| { | ||
| // For more information on bundling, visit http://go.microsoft.com/fwlink/?LinkId=301862 | ||
| public static void RegisterBundles(BundleCollection bundles) | ||
| { | ||
| bundles.Add(new ScriptBundle("~/bundles/jquery").Include( | ||
| "~/Scripts/jquery-{version}.js")); | ||
|
|
||
| bundles.Add(new ScriptBundle("~/bundles/jqueryval").Include( | ||
| "~/Scripts/jquery.validate*")); | ||
|
|
||
| // Use the development version of Modernizr to develop with and learn from. Then, when you're | ||
| // ready for production, use the build tool at http://modernizr.com to pick only the tests you need. | ||
| bundles.Add(new ScriptBundle("~/bundles/modernizr").Include( | ||
| "~/Scripts/modernizr-*")); | ||
|
|
||
| bundles.Add(new ScriptBundle("~/bundles/bootstrap").Include( | ||
| "~/Scripts/bootstrap.js", | ||
| "~/Scripts/respond.js")); | ||
|
|
||
| bundles.Add(new StyleBundle("~/Content/css").Include( | ||
| "~/Content/bootstrap.css", | ||
| "~/Content/site.css")); | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| using System.Web; | ||
| using System.Web.Mvc; | ||
|
|
||
| namespace Verademo_dotnet | ||
| { | ||
| public class FilterConfig | ||
| { | ||
| public static void RegisterGlobalFilters(GlobalFilterCollection filters) | ||
| { | ||
| filters.Add(new HandleErrorAttribute()); | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| using System; | ||
| using System.Collections.Generic; | ||
| using System.Linq; | ||
| using System.Web; | ||
| using System.Web.Mvc; | ||
| using System.Web.Routing; | ||
|
|
||
| namespace Verademo_dotnet | ||
| { | ||
| public class RouteConfig | ||
| { | ||
| public static void RegisterRoutes(RouteCollection routes) | ||
| { | ||
| routes.IgnoreRoute("{resource}.axd/{*pathInfo}"); | ||
|
|
||
| routes.MapRoute( | ||
| name: "Default", | ||
| url: "{controller}/{action}/{id}", | ||
| defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional } | ||
| ); | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| <%@ Page Language="C#" AutoEventWireup="true" CodeBehind="CommandInjection.aspx.cs" Inherits="Verademo_dotnet.WebForm1" %> | ||
|
|
||
| <!DOCTYPE html> | ||
|
|
||
| <html xmlns="http://www.w3.org/1999/xhtml"> | ||
| <head runat="server"> | ||
| <title></title> | ||
| </head> | ||
| <body> | ||
| <form id="FormCommandInjectionExample" runat="server"> | ||
| <div> | ||
|
|
||
| </div> | ||
| </form> | ||
| </body> | ||
| </html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| using System; | ||
| using System.Collections.Generic; | ||
| using System.Linq; | ||
| using System.Web; | ||
| using System.Web.UI; | ||
| using System.Web.UI.WebControls; | ||
|
|
||
| namespace Verademo_dotnet | ||
| { | ||
| public partial class WebForm1 : System.Web.UI.Page | ||
| { | ||
| protected void Page_Load(object sender, EventArgs e) | ||
| { | ||
| if (Request.QueryString["command"] != null) | ||
| { | ||
| // bad | ||
| // System.Diagnostics.Process.Start(Request.QueryString["command"]); | ||
|
|
||
| } | ||
| } | ||
| } | ||
| } |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| body { | ||
| padding-top: 50px; | ||
| padding-bottom: 20px; | ||
| } | ||
|
|
||
| /* Set padding to keep content from hitting the edges */ | ||
| .body-content { | ||
| padding-left: 15px; | ||
| padding-right: 15px; | ||
| } | ||
|
|
||
| /* Override the default bootstrap behavior where horizontal description lists | ||
| will truncate terms that are too long to fit in the left column | ||
| */ | ||
| .dl-horizontal dt { | ||
| white-space: normal; | ||
| } | ||
|
|
||
| /* Set width on the form input elements since they're 100% wide by default */ | ||
| input, | ||
| select, | ||
| textarea { | ||
| max-width: 280px; | ||
| } |
Oops, something went wrong.