wip: add c# version of sql injection code

2025-12-15 18:23:04 +01:00 · 2024-12-02 14:58:44 -08:00
commit 690a6fc046
6 changed files with 221 additions and 0 deletions
--- a/HelloWorld/HelloWorld.csproj
+++ b/HelloWorld/HelloWorld.csproj
@@ -0,0 +1,10 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>net9.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+</Project>
--- a/HelloWorld/Program.cs
+++ b/HelloWorld/Program.cs
@@ -0,0 +1,9 @@
+using System;
+
+class Program
+{
+    static void Main(string[] args)
+    {
+        Console.WriteLine("Hello, World!");
+    }
+}
--- a/README.org
+++ b/README.org
@@ -0,0 +1,117 @@
+* Introduction to CodeQL 
+  1. [ ] describe the system using diagrams as reference point, with details from
+     existing docs
+     - https://github.com/hohn/codeql-visual-guides/blob/master/codeql-system.drawio.pdf,
+       ~/work-gh/codeql-visual-guides/ 
+
+  2. Update https://github.com/hohn/codeql-cli-end-to-end
+     - [ ] Send setup instructions for windows / linux -- for the laptops, not
+       VMs or Docker.
+       - old:
+         https://github.com/advanced-security/codeql-workshops-staging/blob/master/java/workshop-java-mismatched-loop-condition.md#setup-instructions
+       - better:
+         https://github.com/ps-resources/codeql-partner-training/blob/39bc5e8d84a8f0dd1698d9cdcc59eed98fa691b9/preparation-materials/setup-instructions.md#codeql-workshop-preparation-instructions
+
+       - ~/local/codeql-operational-view/operational-view.pdf
+
+       - [ ] windows version -- to be written.
+
+     - [ ] Suggest variant analysis for log4j etc.
+     - [ ] Tools:
+       - octopuss deploy
+       - progit for package management -- anito.
+       - Actions for building
+     - [ ] 
+  3. https://github.com/hohn/codeql-workshop-sql-injection-java
+     - [ ] version for C#
+
+* CodeQL overview
+  - /Users/hohn/local/codeql-dataflow-sql-injection/CodeQL-workshop-overview-only.pdf
+
+  There are two identifyable tracks for codeql users: [[*CodeQL for Devops and Administrators][devops]] and [[*CodeQL for Query Writers][query writers]].
+  The first one focuses on setup, deployment, and query selection; the second on
+  query writing.  There is significant overlap; the [[*CodeQL CLI Setup][CodeQL CLI Setup]] is needed by
+  both. 
+
+* CodeQL CLI Setup
+  
+* Test Problem Setup
+** Hello World Sample
+  #+BEGIN_SRC sh 
+    # Install sdk
+    brew install --cask dotnet-sdk
+    dotnet --version
+
+    # Create template project
+    mkdir HelloWorld
+    cd HelloWorld
+    dotnet new console
+
+    # Compile template project
+    cd ~/work-gh/codeql-intro-csharp/HelloWorld/
+    dotnet build
+
+    # Run template project
+    dotnet run
+    # or
+    ./bin/Debug/net9.0/HelloWorld 
+
+  #+END_SRC
+
+** SQL Injection
+  #+BEGIN_SRC sh 
+    # Project Setup
+    cd ~/work-gh/codeql-intro-csharp/
+    dotnet new console -n SqliDemo
+    cd SqliDemo
+
+    dotnet add package Microsoft.Data.Sqlite
+
+    # Database Init
+    cd ~/work-gh/codeql-intro-csharp/SqliDemo
+    sqlite3 users.sqlite
+    CREATE TABLE users (id INTEGER, info TEXT);
+    .exit
+
+    # Build
+    cd ~/work-gh/codeql-intro-csharp/SqliDemo
+    dotnet build
+
+    # Run
+    dotnet run
+    First User
+
+    # Check db
+    echo '
+        SELECT * FROM users;
+    ' | sqlite3 users.sqlite 
+
+    # Add Johnny Droptable 
+    dotnet run
+    Johnny'); DROP TABLE users; --
+
+    # Check db
+    echo '
+        SELECT * FROM users;
+    ' | sqlite3 users.sqlite 
+    # Parse error near line 2: no such table: users
+  #+END_SRC
+
+
+* CodeQL VS Code Setup
+* CodeQL for Devops and Administrators
+  - https://docs.github.com/en/code-security/codeql-cli/codeql-cli-manual
+  - https://github.com/hohn/codeql-visual-guides/blob/master/codeql-system.drawio.pdf
+  - https://htmlpreview.github.io/?https://github.com/hohn/codeql-cli-end-to-end/blob/master/doc/readme.html
+  - https://github.com/hohn/codeql-workshop-sql-injection-java
+    + https://github.com/hohn/codeql-workshop-sql-injection-java/blob/master/src/README.org
+  - [[file:~/local/codeql-dataflow-II-cpp/README.org::*Prerequisites and setup instructions][Prerequisites and setup instructions]]
+  - picking queries via query suites
+    - /Users/hohn/local/codeql-workshops-staging/java/codeql-java-workshop-notes.md
+    - /Users/hohn/local/codeql-cli-end-to-end/doc/readme.md
+    - /Users/hohn/local/codeql-cli-end-to-end/sarif-cli/non-sarif-metadata/README.org
+
+* CodeQL for Query Writers
+  - https://github.com/hohn/codeql-workshop-sql-injection-java
+    + https://github.com/hohn/codeql-workshop-sql-injection-java/blob/master/session/README.org
+    
--- a/SqliDemo/Injectable.cs
+++ b/SqliDemo/Injectable.cs
@@ -0,0 +1,68 @@
+using System;
+using Microsoft.Data.Sqlite;
+using System.Diagnostics;
+using System.IO;
+
+class Injectable
+{
+    static string GetUserInput()
+    {
+        Console.WriteLine("Hello, World!");
+        Console.WriteLine("*** Welcome to sql injection ***");
+        Console.Write("Please enter name: ");
+        string input = Console.ReadLine()?.Trim() ?? string.Empty;
+        return input;
+    }
+
+    static int GetNewId()
+    {
+        return Process.GetCurrentProcess().Id;
+    }
+
+static void WriteInfo(int id, string info)
+{
+    const string connectionString = "Data Source=users.sqlite";
+    using (var connection = new SqliteConnection(connectionString))
+    {
+        connection.Open();
+        // '{info.Replace("'", "''")}')" has no vulnerability
+        string query = $"INSERT INTO users VALUES ({id}, '{info}')";
+        Console.WriteLine($"Running query: {query}");
+
+        using (var command = new SqliteCommand(query, connection))
+        {
+            try
+            {
+                command.ExecuteNonQuery();
+            }
+            catch (Exception ex)
+            {
+                Console.WriteLine($"Error executing query: {ex.Message}");
+            }
+        }
+    }
+}
+
+
+    static void Main()
+    {
+        Console.WriteLine("sqli started");
+
+        string info;
+        try
+        {
+            info = GetUserInput();
+        }
+        catch (Exception ex)
+        {
+            Console.WriteLine($"GetUserInput failed: {ex.Message}");
+            Environment.Exit(1);
+            return; // Unreachable but keeps the compiler happy
+        }
+
+        int id = GetNewId();
+        WriteInfo(id, info);
+
+        Console.WriteLine("sqli finished");
+    }
+}
--- a/SqliDemo/SqliDemo.csproj
+++ b/SqliDemo/SqliDemo.csproj
@@ -0,0 +1,17 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>net9.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+  <ItemGroup>
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.Data.Sqlite" Version="9.0.0" />
+  </ItemGroup>
+
+</Project>
--- a/SqliDemo/users.sqlite
+++ b/SqliDemo/users.sqlite