ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S4834/vbnet/rule.adoc

61 lines
2.1 KiB
Plaintext
Raw Blame History

include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
----
Imports System.Threading
Imports System.Security.Permissions
Imports System.Security.Principal
Imports System.IdentityModel.Tokens
Class SecurityPrincipalDemo
Class MyIdentity
Implements IIdentity ' Sensitive, custom IIdentity implementations should be reviewed
End Class
Class MyPrincipal
Implements IPrincipal ' Sensitive, custom IPrincipal implementations should be reviewed
End Class
<System.Security.Permissions.PrincipalPermission(SecurityAction.Demand, Role:="Administrators")> ' Sensitive. The access restrictions enforced by this attribute should be reviewed.
Private Shared Sub CheckAdministrator()
Dim MyIdentity As WindowsIdentity = WindowsIdentity.GetCurrent() ' Sensitive
HttpContext.User = ... ' Sensitive: review all reference (set and get) to System.Web HttpContext.User
Dim domain As AppDomain = AppDomain.CurrentDomain
domain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal) ' Sensitive
Dim identity As MyIdentity = New MyIdentity() ' Sensitive
Dim MyPrincipal As MyPrincipal = New MyPrincipal(MyIdentity) ' Sensitive
Thread.CurrentPrincipal = MyPrincipal ' Sensitive
domain.SetThreadPrincipal(MyPrincipal) ' Sensitive
Dim principalPerm As PrincipalPermission = New PrincipalPermission(Nothing, "Administrators") ' Sensitive
principalPerm.Demand()
Dim handler As SecurityTokenHandler = ...
Dim identities As ReadOnlyCollection(Of ClaimsIdentity) = handler.ValidateToken() ' Sensitive, this creates identity
End Sub
' Sensitive: review how this function uses the identity and principal.
Private Sub modifyPrincipal(ByVal identity As MyIdentity, ByVal principal As MyPrincipal)
End Sub
End Class
----
include::../see.adoc[]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::../message.adoc[]
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink