Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion comp-dotnet/project/MyClass.cs
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,4 @@ public string ReturnMessage()
return "Happy coding!";
}
}
}
}
43 changes: 43 additions & 0 deletions comp-dotnet/project/Test.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
// Test.cs
using System;
using System.Net.Http;

namespace DonorSearchExample
{
// This class mirrors your DonorAPI/DonorProvider pattern
public class DonorSearch
{
// This method is what Sonar should flag
public void VulnerableSearch(string requestKey, string emailAddress)
{
// ----- Mirrors your DonorAPI.cs -----
string filter = "{" + requestKey + ":'" + emailAddress + "'}";
Console.WriteLine("Filter: " + filter);

// ----- Mirrors your DonorProvider.cs -----
string endpointCustomer = string.Format(
"https://api.example.com/v1.3/search?q={0}",
filter); // tainted data inserted into query parameter

Console.WriteLine("Calling: " + endpointCustomer);

// Classic using-statement, compatible with C# 7.3
using (var client = new HttpClient())
{
try
{
// This call is the "sink" for the tainted data
HttpResponseMessage response =
client.GetAsync(endpointCustomer).Result;

string body = response.Content.ReadAsStringAsync().Result;
Console.WriteLine("Response received (length): " + body.Length);
}
catch (Exception ex)
{
Console.WriteLine("Error during request: " + ex.Message);
}
}
}
}
}