[CSharp] Add Unicode Bypass Validation query, test and help file

github / securitylab

Resources related to GitHub Security Lab

https://securitylab.github.com

MIT License

1.41k stars 245 forks source link

[CSharp] Add Unicode Bypass Validation query, test and help file #753

Closed Sim4n6 closed 8 months ago

Sim4n6 commented 1 year ago

Query PR

https://github.com/github/codeql/pull/12996

Language

CVE(s) ID list

CVE-2019-10160

CWE

CWE-176

Report

Please refer to the report in this issue: https://github.com/github/securitylab/issues/749

Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).

[X] Yes
[ ] No

Blog post link

https://sim4n6.beehiiv.com

jorgectf commented 1 year ago

👋 @Sim4n6

Thank you for your contribution!

The CVE linked does not relate to the contribution itself, as the code in question is not C#. Could you provide a CVE that matches the contribution fully?

Sim4n6 commented 8 months ago

Sorry @jorgectf, but I was unsuccessful in identifying a vulnerable component and ethically reporting it or an already identified one that could be caught with the UBV query for CSharp only. I'm still investigating the other ones.

I'm self-closing this issue as not planned.

ghsecuritylab commented 8 months ago

Your submission is now in status Closed.

For information, the evaluation workflow is the following: Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed