codeql/csharp/ql/src/Security Features/HeaderCheckingDisabled.ql at 7492dabde0fc4e0eb8d854ffbe447a7a6fdccbcc · github/codeql · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
/**
 * @name Header checking disabled
 * @description Finds places where header checking is disabled.
 * @kind problem
 * @problem.severity warning
 * @precision high
 * @id cs/web/disabled-header-checking
 * @tags security
 *       external/cwe/cwe-113
 */
import csharp
import semmle.code.asp.WebConfig

from Element l
where // header checking is disabled programmatically in the code
      exists(Assignment a, PropertyAccess pa |
            a.getLValue() = pa
        and pa.getTarget().hasName("EnableHeaderChecking")
        and pa.getTarget().getDeclaringType().hasQualifiedName("System.Web.Configuration", "HttpRuntimeSection")
        and a.getRValue().getValue() = "false"
        and a = l)
   or // header checking is disabled in a configuration file
      exists(HttpRuntimeXMLElement e, XMLAttribute a |
            a = e.getAttribute("enableHeaderChecking")
        and a.getValue().toLowerCase() = "false"
        and a = l)
select l, "Do not disable header checking."