C#: Add NHibernate SQL injection tests

2025-12-17 01:03:14 +01:00 · 2025-12-11 13:14:44 +01:00
parent fac84ee9f3
commit 776f6cd56f
3 changed files with 105 additions and 59 deletions
--- a/Features/CWE-089/SqlInjectionNHibernate.cs
+++ b/Features/CWE-089/SqlInjectionNHibernate.cs
@@ -0,0 +1,24 @@
+using System;
+
+namespace TestNHibernate
+{
+    using System.Data;
+    using System.IO;
+    using System.Text;
+    using System.Web.UI.WebControls;
+
+    class SqlInjection
+    {
+        private string connectionString;
+        public TextBox untrustedData;
+
+        public void InjectUntrustedData(NHibernate.ISession session, NHibernate.IStatelessSession statelessSession, NHibernate.Impl.AbstractSessionImpl impl)
+        {
+            session.CreateSQLQuery(untrustedData.Text); // $ Alert[cs/sql-injection]
+
+            statelessSession.CreateSQLQuery(untrustedData.Text); // $ Alert[cs/sql-injection]
+
+            impl.CreateSQLQuery(untrustedData.Text); // $ Alert[cs/sql-injection]
+        }
+    }
+}