C#: Add SecondOrder SQL injection example, where reading from a file.

2025-12-16 16:53:25 +01:00 · 2022-08-02 13:06:37 +02:00
parent 1e7e49a528
commit 2b51e03223
2 changed files with 32 additions and 5 deletions
--- a/Features/CWE-089/SecondOrderSqlInjection.cs
+++ b/Features/CWE-089/SecondOrderSqlInjection.cs
@@ -4,10 +4,14 @@ using System.Data.SqlClient;
 namespace Test
 {

+    using System.Data.SQLite;
+    using System.IO;
+    using System.Text;
+
    class SecondOrderSqlInjection
    {

-        public void processRequest()
+        public void ProcessRequest()
        {
            using (SqlConnection connection = new SqlConnection(""))
            {
@@ -23,5 +27,28 @@ namespace Test
                customerReader.Close();
            }
        }
+
+        public void RunSQLFromFile()
+        {
+            using (FileStream fs = new FileStream("myfile.txt", FileMode.Open))
+            {
+                using (StreamReader sr = new StreamReader(fs, Encoding.UTF8))
+                {
+                    var sql = String.Empty;
+                    while ((sql = sr.ReadLine()) != null)
+                    {
+                        sql = sql.Trim();
+                        if (sql.StartsWith("--"))
+                            continue;
+                        using (var connection = new SQLiteConnection(""))
+                        {
+                            var cmd = new SQLiteCommand(sql, connection);
+                            cmd.ExecuteScalar();
+                        }
+                    }
+                }
+            }
+        }
+
    }
 }
--- a/Features/CWE-089/SecondOrderSqlInjection.expected
+++ b/Features/CWE-089/SecondOrderSqlInjection.expected
@@ -1,8 +1,8 @@
 edges
-| SecondOrderSqlInjection.cs:21:119:21:145 | call to method GetString : String | SecondOrderSqlInjection.cs:21:71:21:145 | ... + ... |
+| SecondOrderSqlInjection.cs:25:119:25:145 | call to method GetString : String | SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... |
 nodes
-| SecondOrderSqlInjection.cs:21:71:21:145 | ... + ... | semmle.label | ... + ... |
-| SecondOrderSqlInjection.cs:21:119:21:145 | call to method GetString : String | semmle.label | call to method GetString : String |
+| SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | semmle.label | ... + ... |
+| SecondOrderSqlInjection.cs:25:119:25:145 | call to method GetString : String | semmle.label | call to method GetString : String |
 subpaths
 #select
-| SecondOrderSqlInjection.cs:21:71:21:145 | ... + ... | SecondOrderSqlInjection.cs:21:119:21:145 | call to method GetString : String | SecondOrderSqlInjection.cs:21:71:21:145 | ... + ... | $@ flows to here and is used in an SQL query. | SecondOrderSqlInjection.cs:21:119:21:145 | call to method GetString | Stored user-provided value |
+| SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | SecondOrderSqlInjection.cs:25:119:25:145 | call to method GetString : String | SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | $@ flows to here and is used in an SQL query. | SecondOrderSqlInjection.cs:25:119:25:145 | call to method GetString | Stored user-provided value |