ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S4834/vbnet/rule.adoc
Fred Tingaud 51369b610e
Make sure that includes are always surrounded by empty lines (#2270) 
When an include is not surrounded by empty lines, its content is inlined
on the same line as the adjacent content. That can lead to broken tags
and other display issues.
This PR fixes all such includes and introduces a validation step that
forbids introducing the same problem again.
2023-06-22 10:38:01 +02:00

62 lines
2.1 KiB
Plaintext
Raw Permalink Blame History

include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
----
Imports System.Threading
Imports System.Security.Permissions
Imports System.Security.Principal
Imports System.IdentityModel.Tokens
Class SecurityPrincipalDemo
Class MyIdentity
Implements IIdentity ' Sensitive, custom IIdentity implementations should be reviewed
End Class
Class MyPrincipal
Implements IPrincipal ' Sensitive, custom IPrincipal implementations should be reviewed
End Class
<System.Security.Permissions.PrincipalPermission(SecurityAction.Demand, Role:="Administrators")> ' Sensitive. The access restrictions enforced by this attribute should be reviewed.
Private Shared Sub CheckAdministrator()
Dim MyIdentity As WindowsIdentity = WindowsIdentity.GetCurrent() ' Sensitive
HttpContext.User = ... ' Sensitive: review all reference (set and get) to System.Web HttpContext.User
Dim domain As AppDomain = AppDomain.CurrentDomain
domain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal) ' Sensitive
Dim identity As MyIdentity = New MyIdentity() ' Sensitive
Dim MyPrincipal As MyPrincipal = New MyPrincipal(MyIdentity) ' Sensitive
Thread.CurrentPrincipal = MyPrincipal ' Sensitive
domain.SetThreadPrincipal(MyPrincipal) ' Sensitive
Dim principalPerm As PrincipalPermission = New PrincipalPermission(Nothing, "Administrators") ' Sensitive
principalPerm.Demand()
Dim handler As SecurityTokenHandler = ...
Dim identities As ReadOnlyCollection(Of ClaimsIdentity) = handler.ValidateToken() ' Sensitive, this creates identity
End Sub
' Sensitive: review how this function uses the identity and principal.
Private Sub modifyPrincipal(ByVal identity As MyIdentity, ByVal principal As MyPrincipal)
End Sub
End Class
----
include::../see.adoc[]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::../message.adoc[]
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink