Skip to content

Commit 85d800f

Browse files
owen-mcgeoffw0
andauthored
Apply suggestions from code review
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
1 parent b6d588c commit 85d800f

4 files changed

Lines changed: 7 additions & 7 deletions

File tree

csharp/ql/campaigns/Solorigate/test/Solorigate/test.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,12 +6,12 @@ class FalsePositiveCases
66
// regular FVN
77
ulong GetRegularFvnHash(string s)
88
{
9-
ulong num = 14695981039346656037UL; /* FNV base offset */ // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold]
9+
ulong num = 14695981039346656037UL; /* FNV base offset */ // $ SPURIOUS: Alert[cs/solorigate/number-of-known-hashes-above-threshold]
1010

1111
foreach (byte b in Encoding.UTF8.GetBytes(s))
1212
{
1313
num ^= (ulong)b;
14-
num *= 1099511628211UL; /* FNV prime */ // $ Alert[cs/solorigate/number-of-known-hashes-above-threshold]
14+
num *= 1099511628211UL; /* FNV prime */ // $ SPURIOUS: Alert[cs/solorigate/number-of-known-hashes-above-threshold]
1515
}
1616

1717
return num;

csharp/ql/test/experimental/Security Features/JsonWebTokenHandler/delegation-test.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -98,8 +98,8 @@ public void TestCase01()
9898
SaveSigninToken = true
9999
};
100100

101-
tokenValidationParamsBaseline.LifetimeValidator = (notBefore, expires, securityToken, validationParameters) => ValidateLifetimeAlwaysTrue(securityToken, validationParameters); // $ Alert[cs/json-webtoken-handler/delegated-security-validations-always-return-true] // BUG delegated-security-validations-always-return-true
102-
tokenValidationParamsBaseline.AudienceValidator = (IEnumerable<string> audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => true; // $ Alert[cs/json-webtoken-handler/delegated-security-validations-always-return-true] // BUG delegated-security-validations-always-return-true
101+
tokenValidationParamsBaseline.LifetimeValidator = (notBefore, expires, securityToken, validationParameters) => ValidateLifetimeAlwaysTrue(securityToken, validationParameters); // $ Alert[cs/json-webtoken-handler/delegated-security-validations-always-return-true]
102+
tokenValidationParamsBaseline.AudienceValidator = (IEnumerable<string> audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => true; // $ Alert[cs/json-webtoken-handler/delegated-security-validations-always-return-true]
103103
tokenValidationParamsBaseline.TokenReplayValidator = (DateTime? expirationTime, string securityToken, TokenValidationParameters validationParameters) => // GOOD
104104
{
105105
if (securityToken is null)

csharp/ql/test/query-tests/Language Abuse/UselessCastToSelf/UselessCastToSelf.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ void f()
99
var bad1 = (int)1; // $ Alert
1010
var bad2 = (Test)this; // $ Alert
1111
var bad3 = this as Test; // $ Alert
12-
func = (Func<int, int?>)(x => x); // MISSING
12+
func = (Func<int, int?>)(x => x); // $ MISSING: Alert
1313
exprFunc = (Expression<Func<int, int?>>)(x => x); // $ Alert
1414

1515
// GOOD
@@ -22,7 +22,7 @@ void f()
2222
var good7 = (Action<int>)((int x) => { });
2323
func = x => x;
2424
exprFunc = x => x;
25-
exprFuncUntyped = (Expression<Func<int, int?>>)(x => x); // $ Alert // FP
25+
exprFuncUntyped = (Expression<Func<int, int?>>)(x => x); // $ SPURIOUS: Alert
2626
}
2727

2828
enum Enum

csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ public void ProcessRequest(HttpContext ctx)
2424

2525
// FALSE POSITIVES: both methods are conditionally executed, but they probably
2626
// both perform the security-critical action
27-
if (adminCookie.Value == "false") // $ Alert=r3 Alert=r4 Alert=r2
27+
if (adminCookie.Value == "false") // $ SPURIOUS: Alert=r3 Alert=r4 Alert=r2
2828
{
2929
login(user, password);
3030
}

0 commit comments

Comments
 (0)