mirror of
https://github.com/hohn/codeql-intro-csharp.git
synced 2025-12-15 18:23:04 +01:00
22 lines
554 B
Plaintext
22 lines
554 B
Plaintext
/**
|
|
* @name SQLI Vulnerability
|
|
* @description Using untrusted strings in a sql query allows sql injection attacks.
|
|
* @kind problem
|
|
* @id workshop/sqlivulnerable
|
|
* @problem.severity warning
|
|
*/
|
|
|
|
import csharp
|
|
|
|
/*
|
|
* 2. Identify the /sink/ part of the
|
|
* : var command = new SqliteCommand(query, connection))
|
|
* expression, the =query= argument.
|
|
*/
|
|
|
|
from ObjectCreation oc, Expr queryArg
|
|
where
|
|
oc.getObjectType().getName() = "SqliteCommand" and
|
|
oc.getArgument(0) = queryArg
|
|
select queryArg, "Sink identified: " + queryArg.toString()
|