From 690a6fc046d50cf70b98b26c4c41795f40378f67 Mon Sep 17 00:00:00 2001 From: Michael Hohn Date: Mon, 2 Dec 2024 14:58:44 -0800 Subject: [PATCH] wip: add c# version of sql injection code --- HelloWorld/HelloWorld.csproj | 10 +++ HelloWorld/Program.cs | 9 +++ README.org | 117 +++++++++++++++++++++++++++++++++++ SqliDemo/Injectable.cs | 68 ++++++++++++++++++++ SqliDemo/SqliDemo.csproj | 17 +++++ SqliDemo/users.sqlite | Bin 0 -> 8192 bytes 6 files changed, 221 insertions(+) create mode 100644 HelloWorld/HelloWorld.csproj create mode 100644 HelloWorld/Program.cs create mode 100644 README.org create mode 100644 SqliDemo/Injectable.cs create mode 100644 SqliDemo/SqliDemo.csproj create mode 100644 SqliDemo/users.sqlite diff --git a/HelloWorld/HelloWorld.csproj b/HelloWorld/HelloWorld.csproj new file mode 100644 index 0000000..fd4bd08 --- /dev/null +++ b/HelloWorld/HelloWorld.csproj @@ -0,0 +1,10 @@ + + + + Exe + net9.0 + enable + enable + + + diff --git a/HelloWorld/Program.cs b/HelloWorld/Program.cs new file mode 100644 index 0000000..52e24e5 --- /dev/null +++ b/HelloWorld/Program.cs @@ -0,0 +1,9 @@ +using System; + +class Program +{ + static void Main(string[] args) + { + Console.WriteLine("Hello, World!"); + } +} diff --git a/README.org b/README.org new file mode 100644 index 0000000..76ae969 --- /dev/null +++ b/README.org @@ -0,0 +1,117 @@ +* Introduction to CodeQL + 1. [ ] describe the system using diagrams as reference point, with details from + existing docs + - https://github.com/hohn/codeql-visual-guides/blob/master/codeql-system.drawio.pdf, + ~/work-gh/codeql-visual-guides/ + + 2. Update https://github.com/hohn/codeql-cli-end-to-end + - [ ] Send setup instructions for windows / linux -- for the laptops, not + VMs or Docker. + - old: + https://github.com/advanced-security/codeql-workshops-staging/blob/master/java/workshop-java-mismatched-loop-condition.md#setup-instructions + - better: + https://github.com/ps-resources/codeql-partner-training/blob/39bc5e8d84a8f0dd1698d9cdcc59eed98fa691b9/preparation-materials/setup-instructions.md#codeql-workshop-preparation-instructions + + - ~/local/codeql-operational-view/operational-view.pdf + + - [ ] windows version -- to be written. + + - [ ] Suggest variant analysis for log4j etc. + - [ ] Tools: + - octopuss deploy + - progit for package management -- anito. + - Actions for building + - [ ] + 3. https://github.com/hohn/codeql-workshop-sql-injection-java + - [ ] version for C# + +* CodeQL overview + - /Users/hohn/local/codeql-dataflow-sql-injection/CodeQL-workshop-overview-only.pdf + + There are two identifyable tracks for codeql users: [[*CodeQL for Devops and Administrators][devops]] and [[*CodeQL for Query Writers][query writers]]. + The first one focuses on setup, deployment, and query selection; the second on + query writing. There is significant overlap; the [[*CodeQL CLI Setup][CodeQL CLI Setup]] is needed by + both. + +* CodeQL CLI Setup + +* Test Problem Setup +** Hello World Sample + #+BEGIN_SRC sh + # Install sdk + brew install --cask dotnet-sdk + dotnet --version + + # Create template project + mkdir HelloWorld + cd HelloWorld + dotnet new console + + # Compile template project + cd ~/work-gh/codeql-intro-csharp/HelloWorld/ + dotnet build + + # Run template project + dotnet run + # or + ./bin/Debug/net9.0/HelloWorld + + #+END_SRC + +** SQL Injection + #+BEGIN_SRC sh + # Project Setup + cd ~/work-gh/codeql-intro-csharp/ + dotnet new console -n SqliDemo + cd SqliDemo + + dotnet add package Microsoft.Data.Sqlite + + # Database Init + cd ~/work-gh/codeql-intro-csharp/SqliDemo + sqlite3 users.sqlite + CREATE TABLE users (id INTEGER, info TEXT); + .exit + + # Build + cd ~/work-gh/codeql-intro-csharp/SqliDemo + dotnet build + + # Run + dotnet run + First User + + # Check db + echo ' + SELECT * FROM users; + ' | sqlite3 users.sqlite + + # Add Johnny Droptable + dotnet run + Johnny'); DROP TABLE users; -- + + # Check db + echo ' + SELECT * FROM users; + ' | sqlite3 users.sqlite + # Parse error near line 2: no such table: users + #+END_SRC + + +* CodeQL VS Code Setup +* CodeQL for Devops and Administrators + - https://docs.github.com/en/code-security/codeql-cli/codeql-cli-manual + - https://github.com/hohn/codeql-visual-guides/blob/master/codeql-system.drawio.pdf + - https://htmlpreview.github.io/?https://github.com/hohn/codeql-cli-end-to-end/blob/master/doc/readme.html + - https://github.com/hohn/codeql-workshop-sql-injection-java + + https://github.com/hohn/codeql-workshop-sql-injection-java/blob/master/src/README.org + - [[file:~/local/codeql-dataflow-II-cpp/README.org::*Prerequisites and setup instructions][Prerequisites and setup instructions]] + - picking queries via query suites + - /Users/hohn/local/codeql-workshops-staging/java/codeql-java-workshop-notes.md + - /Users/hohn/local/codeql-cli-end-to-end/doc/readme.md + - /Users/hohn/local/codeql-cli-end-to-end/sarif-cli/non-sarif-metadata/README.org + +* CodeQL for Query Writers + - https://github.com/hohn/codeql-workshop-sql-injection-java + + https://github.com/hohn/codeql-workshop-sql-injection-java/blob/master/session/README.org + diff --git a/SqliDemo/Injectable.cs b/SqliDemo/Injectable.cs new file mode 100644 index 0000000..46983ed --- /dev/null +++ b/SqliDemo/Injectable.cs @@ -0,0 +1,68 @@ +using System; +using Microsoft.Data.Sqlite; +using System.Diagnostics; +using System.IO; + +class Injectable +{ + static string GetUserInput() + { + Console.WriteLine("Hello, World!"); + Console.WriteLine("*** Welcome to sql injection ***"); + Console.Write("Please enter name: "); + string input = Console.ReadLine()?.Trim() ?? string.Empty; + return input; + } + + static int GetNewId() + { + return Process.GetCurrentProcess().Id; + } + +static void WriteInfo(int id, string info) +{ + const string connectionString = "Data Source=users.sqlite"; + using (var connection = new SqliteConnection(connectionString)) + { + connection.Open(); + // '{info.Replace("'", "''")}')" has no vulnerability + string query = $"INSERT INTO users VALUES ({id}, '{info}')"; + Console.WriteLine($"Running query: {query}"); + + using (var command = new SqliteCommand(query, connection)) + { + try + { + command.ExecuteNonQuery(); + } + catch (Exception ex) + { + Console.WriteLine($"Error executing query: {ex.Message}"); + } + } + } +} + + + static void Main() + { + Console.WriteLine("sqli started"); + + string info; + try + { + info = GetUserInput(); + } + catch (Exception ex) + { + Console.WriteLine($"GetUserInput failed: {ex.Message}"); + Environment.Exit(1); + return; // Unreachable but keeps the compiler happy + } + + int id = GetNewId(); + WriteInfo(id, info); + + Console.WriteLine("sqli finished"); + } +} diff --git a/SqliDemo/SqliDemo.csproj b/SqliDemo/SqliDemo.csproj new file mode 100644 index 0000000..229a06e --- /dev/null +++ b/SqliDemo/SqliDemo.csproj @@ -0,0 +1,17 @@ + + + + Exe + net9.0 + enable + enable + + + + + + + + + + diff --git a/SqliDemo/users.sqlite b/SqliDemo/users.sqlite new file mode 100644 index 0000000000000000000000000000000000000000..799f2e51afcf4ddd2249e762689f3dee9a889c34 GIT binary patch literal 8192 zcmeI#y-EW?5C`!6xWp?itYC47%|Hqb7(p!4YJ&zMeCSD00Izz00bZa0SG_<0uX=z1RyXG=<>Sn``nafa1#%U zI4{PB*b8+KX^Mi~zNT@DHquM#9Yy*;hntjUiKR%NN3D61>Pvm9clD}X)Z@H4dJupB z1Rwwb2tWV=5P$##AOHaf{8PZIOS#IP&7r-@vioLDirz4oT-IA1+7FLUX8-dYYPV~S k6piAkDXZPW`FqzDQmkAoUEA2>Qmk!%B-YZv5+0hp>k1ONa4 literal 0 HcmV?d00001