hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

C#: Add SQLiteDataAdapter examples.

Browse Source
This commit is contained in:
Michael Nebel
2022-07-29 12:35:16 +02:00
parent ce9baaa1f3
commit 1fb209990e
1 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjectionSqlite.cs
View File

@@ -2,7 +2,7 @@ using System;
namespace TestSqlite
{
using System.Data;
using System.Data.SQLite;
using System.Web.UI.WebControls;
@@ -22,6 +22,21 @@ namespace TestSqlite
cmd = new SQLiteCommand(untrustedData.Text, connection);
}
SQLiteDataAdapter adapter;
DataSet result;
// BAD: untrusted data is not sanitized.
using (var connection = new SQLiteConnection(connectionString))
{
adapter = new SQLiteDataAdapter(untrustedData.Text, connection);
result = new DataSet();
adapter.Fill(result);
}
// BAD: untrusted data is not sanitized.
adapter = new SQLiteDataAdapter(untrustedData.Text, connectionString);
result = new DataSet();
adapter.Fill(result);
}
}
}