File tree Expand file tree Collapse file tree 3 files changed +138
-0
lines changed Expand file tree Collapse file tree 3 files changed +138
-0
lines changed Original file line number Diff line number Diff line change 1+ id : stacktrace-disclosure-csharp
2+ severity : warning
3+ language : csharp
4+ message : >-
5+ Stacktrace information is displayed in a non-Development environment.
6+ Accidentally disclosing sensitive stack trace information in a production
7+ environment aids an attacker in reconnaissance and information gathering.
8+ note : >-
9+ [CWE-209] Generation of Error Message Containing Sensitive Information.
10+ [REFERENCES]
11+ - https://cwe.mitre.org/data/definitions/209.html
12+ - https://owasp.org/Top10/A04_2021-Insecure_Design/
13+ utils :
14+ $APP.UseDeveloperExceptionPage(...) :
15+ kind : expression_statement
16+ pattern : $APP.UseDeveloperExceptionPage($$$);
17+ inside :
18+ stopBy : neighbor
19+ kind : block
20+ not :
21+ follows :
22+ stopBy : end
23+ kind : invocation_expression
24+ pattern : $ENV.IsDevelopment()
25+ rule :
26+ kind : expression_statement
27+ matches : $APP.UseDeveloperExceptionPage(...)
Original file line number Diff line number Diff line change 1+ id : stacktrace-disclosure-csharp
2+ snapshots :
3+ ? "if (!env.IsDevelopment()) \n {\n app.UseDeveloperExceptionPage(); \n }\n"
4+ : labels :
5+ - source : app.UseDeveloperExceptionPage();
6+ style : primary
7+ start : 42
8+ end : 74
9+ - source : " {\n app.UseDeveloperExceptionPage(); \n }"
10+ style : secondary
11+ start : 32
12+ end : 82
13+ ? "if (DateTime.Now.DayOfWeek == DayOfWeek.Monday) \n {\n app.UseDeveloperExceptionPage(); \n }\n"
14+ : labels :
15+ - source : app.UseDeveloperExceptionPage();
16+ style : primary
17+ start : 63
18+ end : 95
19+ - source : " {\n app.UseDeveloperExceptionPage(); \n }"
20+ style : secondary
21+ start : 53
22+ end : 102
23+ ? "if (DateTime.Now.DayOfWeek == DayOfWeek.Monday) \n {\n app.UseDeveloperExceptionPage();\n }\n"
24+ : labels :
25+ - source : app.UseDeveloperExceptionPage();
26+ style : primary
27+ start : 64
28+ end : 96
29+ - source : |-
30+ {
31+ app.UseDeveloperExceptionPage();
32+ }
33+ style: secondary
34+ start: 54
35+ end: 102
36+ ? "if (env.IsProduction()) \n {\n app.UseDeveloperExceptionPage(); \n }\n"
37+ : labels :
38+ - source : app.UseDeveloperExceptionPage();
39+ style : primary
40+ start : 40
41+ end : 72
42+ - source : " {\n app.UseDeveloperExceptionPage(); \n }"
43+ style : secondary
44+ start : 30
45+ end : 79
46+ ? "if (environment == \"dev\") \n {\n app.UseDeveloperExceptionPage(); \n }\n"
47+ : labels :
48+ - source : app.UseDeveloperExceptionPage();
49+ style : primary
50+ start : 42
51+ end : 74
52+ - source : " {\n app.UseDeveloperExceptionPage(); \n }"
53+ style : secondary
54+ start : 32
55+ end : 82
56+ ? |
57+ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
58+ {
59+ app.UseDeveloperExceptionPage();
60+ }
61+ : labels :
62+ - source : app.UseDeveloperExceptionPage();
63+ style : primary
64+ start : 74
65+ end : 106
66+ - source : |-
67+ {
68+ app.UseDeveloperExceptionPage();
69+ }
70+ style: secondary
71+ start: 72
72+ end: 108
Original file line number Diff line number Diff line change 1+ id : stacktrace-disclosure-csharp
2+ valid :
3+ - |
4+ if (env.IsDevelopment())
5+ {
6+ app.UseExceptionHandler("/Error");
7+ }
8+ invalid :
9+ - |
10+ if (env.IsProduction())
11+ {
12+ app.UseDeveloperExceptionPage();
13+ }
14+ |
15+ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
16+ {
17+ app.UseDeveloperExceptionPage();
18+ }
19+ |
20+ if (!env.IsDevelopment())
21+ {
22+ app.UseDeveloperExceptionPage();
23+ }
24+ |
25+ if (DateTime.Now.DayOfWeek == DayOfWeek.Monday)
26+ {
27+ app.UseDeveloperExceptionPage();
28+ }
29+ |
30+ if (DateTime.Now.DayOfWeek == DayOfWeek.Monday)
31+ {
32+ app.UseDeveloperExceptionPage();
33+ }
34+ |
35+ if (environment == "dev")
36+ {
37+ app.UseDeveloperExceptionPage();
38+ }
39+
You can’t perform that action at this time.
0 commit comments