[研究]ASP.NET WebForm 讓 Fortify SAST (SCA) 掃描結果 Critlcal, High, Medium, Low, Info 都各自剛好有一項的程式
2025-09-05
環境:Visual Studio 2022 + ASP.NET + WebForm + Web Application + C# + SQL Server 2019 + SQL Server Management Studio (SSMS) 20.2
********************************************************************************
ASP.NET WebForm, 請給我完整 Default.aspx 和 Default.aspx.cs 內容,可以讓 Fortify SAST (SCA) 掃描有 Critlcal, High, Medium, Low, Info 都各自剛好有一項結果的程式
ChatGPT 說:
Default.aspx
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs"
Inherits="WebApplication1.Default" %>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
<h2>Fortify SAST Vulnerability Test</h2>
<asp:Label ID="lblInput" runat="server" Text="Enter text: "></asp:Label>
<asp:TextBox ID="txtInput" runat="server"></asp:TextBox>
<asp:Button ID="btnSubmit" runat="server" Text="Submit" OnClick="btnSubmit_Click" />
<br />
<br />
<asp:Label ID="lblOutput" runat="server" Text=""></asp:Label>
</div>
</form>
</body>
</html>
|
Default.aspx.cs
using System;
using System.Data.SqlClient;
using System.IO;
namespace WebApplication1
{
public partial class Default : System.Web.UI.Page
{
// Hardcoded password (Low severity / Info)
private string hardcodedPassword = "P@ssw0rd123";
protected void Page_Load(object sender, EventArgs e)
{
// Information Disclosure (Low/Info)
Response.Headers.Add("X-Powered-By", "ASP.NET WebForms Fortify Test");
if (!IsPostBack)
{
// Logging sensitive info (Medium)
File.AppendAllText(Server.MapPath("~/log.txt"), "Page loaded at " + DateTime.Now
+ " with password: " + hardcodedPassword + Environment.NewLine);
}
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
string userInput = txtInput.Text;
// 1. XSS (High)
lblOutput.Text = "You entered: " + userInput;
// 2. SQL Injection (Critical)
string connString = "Data Source=.;Initial Catalog=TestDB;Integrated Security=True";
string query = "SELECT * FROM Users WHERE Username = '" + userInput + "'";
using (SqlConnection conn = new SqlConnection(connString))
{
SqlCommand cmd = new SqlCommand(query, conn);
conn.Open();
SqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
lblOutput.Text += "<br/>User: " + reader["Username"].ToString();
}
}
// 3. Insecure Random (Low/Info)
Random rand = new Random();
int weakRandom = rand.Next(1000);
lblOutput.Text += "<br/>Random number: " + weakRandom;
// 4. Potential Path Traversal (Medium)
string path = Server.MapPath("~/uploads/") + userInput + ".txt";
if (File.Exists(path))
{
lblOutput.Text += "<br/>File found: " + path;
}
}
}
}
|
********************************************************************************
實際測試
結果
- Cookie Security: HTTPOnly not Set on Application Cookie 3
- Cross-Site Scripting: Reflected 3
- Cross-Site Scripting: Persistent 2
- HTML5: MIME Sniffing 1
- Insecure Transport: Database 1
- Password Management: Password in Comment 1
- SQL Injection 1
- Weak Cryptographic Hash 1
似乎要 Critlcal, High, Medium, Low, Info 都各自剛好有一項的程式對 ChatGPT 是難以做到的,但至少數量不高,也各種都有,方便其他測試。
(完)
相關
沒有留言:
張貼留言