codeql/csharp/ql/src/Security Features/HeaderCheckingDisabled.ql at main · github/codeql · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
/**
 * @name Header checking disabled
 * @description Finds places where header checking is disabled.
 * @kind problem
 * @problem.severity warning
 * @security-severity 6.1
 * @precision high
 * @id cs/web/disabled-header-checking
 * @tags security
 *       external/cwe/cwe-113
 */

import csharp
import semmle.code.asp.WebConfig

from Element l
where
  // header checking is disabled programmatically in the code
  exists(Assignment a, PropertyAccess pa |
    a.getLeftOperand() = pa and
    pa.getTarget().hasName("EnableHeaderChecking") and
    pa.getTarget()
        .getDeclaringType()
        .hasFullyQualifiedName("System.Web.Configuration", "HttpRuntimeSection") and
    a.getRightOperand().getValue() = "false" and
    a = l
  )
  or
  // header checking is disabled in a configuration file
  exists(HttpRuntimeXmlElement e, XmlAttribute a |
    a = e.getAttribute("enableHeaderChecking") and
    a.getValue().toLowerCase() = "false" and
    a = l
  )
select l, "Do not disable header checking."