fluidasserts.lang.csharp module

This module allows to check C# code vulnerabilities.

fluidasserts.lang.csharp.has_generic_exceptions(csharp_dest, exclude=None)

Search for generic exceptions in a C# source file or package.

Parameters

  • csharp_dest (str) – Path to a C# source file or package.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

Return type

fluidasserts.Result

fluidasserts.lang.csharp.has_if_without_else(csharp_dest, conditions, use_regex=False, exclude=None)

Check if all ifs have an else clause.

See REQ.161.

Parameters

  • csharp_dest (str) – Path to a C# source file or package.

  • conditions (list) – List of texts between parentheses of the if (condition) statement.

  • use_regex (bool) – Use regular expressions instead of literals to search.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

Return type

fluidasserts.Result

fluidasserts.lang.csharp.has_insecure_randoms(csharp_dest, exclude=None)

Check if code instantiates Random class.

See REQ.224.

Parameters

  • csharp_dest (str) – Path to a C# source file or package.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

Return type

fluidasserts.Result

fluidasserts.lang.csharp.has_switch_without_default(csharp_dest, exclude=None)

Check if all switches have a default clause.

See REQ.161.

See CWE-478.

Parameters

  • csharp_dest (str) – Path to a C# source file or package.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

Return type

fluidasserts.Result

fluidasserts.lang.csharp.swallows_exceptions(csharp_dest, exclude=None)

Search for catch blocks that are empty or only have comments.

See REQ.161.

Parameters

  • csharp_dest (str) – Path to a C# source file or package.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

Return type

fluidasserts.Result

fluidasserts.lang.csharp.uses_catch_for_null_reference_exception(csharp_dest, exclude=None)

Search for the use of NullReferenceException “catch” in a path.

See CWE-395.

Parameters

  • csharp_dest (str) – Path to a C# source file or package.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

Return type

fluidasserts.Result

fluidasserts.lang.csharp.uses_console_writeline(csharp_dest, exclude=None)

Check if code uses Console.WriteLine method.

Parameters

  • csharp_dest (str) – Path to a C# source file or package.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

Return type

fluidasserts.Result

fluidasserts.lang.csharp.uses_debug_writeline(csharp_dest, exclude=None)

Check if code uses Debug.WriteLine method.

Parameters

  • csharp_dest (str) – Path to a C# source file or package.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

Return type

fluidasserts.Result

fluidasserts.lang.csharp.uses_ecb_encryption_mode(csharp_dest, exclude=None)

Check if code uses ECB as encryption mode.

Parameters

  • csharp_dest (str) – Path to a C# source file or package.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

Return type

fluidasserts.Result

fluidasserts.lang.csharp.uses_md5_hash(csharp_dest, exclude=None)

Check if code uses MD5 as hashing algorithm.

See REQ.150.

Parameters

  • csharp_dest (str) – Path to a C# source file or package.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

Return type

fluidasserts.Result

fluidasserts.lang.csharp.uses_sha1_hash(csharp_dest, exclude=None)

Check if code uses SHA1 as hashing algorithm.

See REQ.150.

Parameters

  • csharp_dest (str) – Path to a C# source file or package.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

Return type

fluidasserts.Result