hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 13:15:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

C#: Add Dapper stub and new SqlInjection test cases

Browse Source
This commit is contained in:
Tamas Vajk
2021-04-06 13:30:31 +02:00
parent a23d8deb10
commit 98001c494f
3 changed files with 119 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjection.cs
View File

@@ -1,4 +1,4 @@
// semmle-extractor-options: /r:System.ComponentModel.Primitives.dll /r:System.ComponentModel.TypeConverter.dll /r:System.Data.Common.dll ${testdir}/../../../resources/stubs/EntityFramework.cs ${testdir}/../../../resources/stubs/System.Data.cs ${testdir}/../../../resources/stubs/System.Windows.cs
// semmle-extractor-options: /r:System.ComponentModel.Primitives.dll /r:System.ComponentModel.TypeConverter.dll /r:System.Data.Common.dll ${testdir}/../../../resources/stubs/EntityFramework.cs ${testdir}/../../../resources/stubs/System.Data.cs ${testdir}/../../../resources/stubs/System.Windows.cs ${testdir}/../../../resources/stubs/Dapper.cs /r:System.Linq.Expressions.dll
using System;

84
csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjectionDapper.cs Normal file
View File

@@ -0,0 +1,84 @@
using System;
namespace Test
{
using System.Data;
using System.Data.Entity;
using System.Data.SqlClient;
using System.Web.UI.WebControls;
using System.Threading.Tasks;
using Dapper;
class SqlInjectionDapper
{
string connectionString;
public void Bad01()
{
using (var connection = new SqlConnection(connectionString))
{
var query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + box1.Text + "' ORDER BY PRICE";
var result = connection.Query<object>(query);
}
}
public async Task Bad02()
{
using (var connection = new SqlConnection(connectionString))
{
var query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + box1.Text + "' ORDER BY PRICE";
var result = await connection.QueryAsync<object>(query);
}
}
public async Task Bad03()
{
using (var connection = new SqlConnection(connectionString))
{
var query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + box1.Text + "' ORDER BY PRICE";
var result = await connection.QueryFirstAsync(query);
}
}
public async Task Bad04()
{
using (var connection = new SqlConnection(connectionString))
{
var query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + box1.Text + "' ORDER BY PRICE";
await connection.ExecuteAsync(query);
}
}
public void Bad05()
{
using (var connection = new SqlConnection(connectionString))
{
var query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + box1.Text + "' ORDER BY PRICE";
connection.ExecuteScalar(query);
}
}
public void Bad06()
{
using (var connection = new SqlConnection(connectionString))
{
var query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + box1.Text + "' ORDER BY PRICE";
connection.ExecuteReader(query);
}
}
public async Task Bad07()
{
using (var connection = new SqlConnection(connectionString))
{
var query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + box1.Text + "' ORDER BY PRICE";
var comDef = new CommandDefinition(query);
var result = await connection.QueryFirstAsync(comDef);
}
}
System.Windows.Forms.TextBox box1;
}
}

34
csharp/ql/test/resources/stubs/Dapper.cs Normal file
View File

@@ -0,0 +1,34 @@
// This file contains auto-generated code.
// original-extractor-options: /r:Dapper.dll /r:System.Data.SqlClient.dll ...
namespace Dapper
{
// Generated from `Dapper.CommandDefinition` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
public struct CommandDefinition
{
public CommandDefinition(string commandText, object parameters = null, System.Data.IDbTransaction transaction = null, int? commandTimeout = null, System.Data.CommandType? commandType = null, Dapper.CommandFlags flags = CommandFlags.Buffered, System.Threading.CancellationToken cancellationToken = default) => throw null;
}
// Generated from `Dapper.CommandFlags` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
[System.Flags]
public enum CommandFlags
{
None = 0x0,
Buffered = 0x1,
Pipelined = 0x2,
NoCache = 0x4
}
// Generated from `Dapper.SqlMapper` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
static public class SqlMapper
{
public static System.Collections.Generic.IEnumerable<T> Query<T>(this System.Data.IDbConnection cnn, string sql, object param = null, System.Data.IDbTransaction transaction = null, bool buffered = true, int? commandTimeout = null, System.Data.CommandType? commandType = null) => throw null;
public static System.Data.IDataReader ExecuteReader(this System.Data.IDbConnection cnn, string sql, object param = null, System.Data.IDbTransaction transaction = null, int? commandTimeout = null, System.Data.CommandType? commandType = null) => throw null;
public static System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<T>> QueryAsync<T>(this System.Data.IDbConnection cnn, string sql, object param = null, System.Data.IDbTransaction transaction = null, int? commandTimeout = null, System.Data.CommandType? commandType = null) => throw null;
public static System.Threading.Tasks.Task<dynamic> QueryFirstAsync(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
public static System.Threading.Tasks.Task<dynamic> QueryFirstAsync(this System.Data.IDbConnection cnn, string sql, object param = null, System.Data.IDbTransaction transaction = null, int? commandTimeout = null, System.Data.CommandType? commandType = null) => throw null;
public static System.Threading.Tasks.Task<int> ExecuteAsync(this System.Data.IDbConnection cnn, string sql, object param = null, System.Data.IDbTransaction transaction = null, int? commandTimeout = null, System.Data.CommandType? commandType = null) => throw null;
public static object ExecuteScalar(this System.Data.IDbConnection cnn, string sql, object param = null, System.Data.IDbTransaction transaction = null, int? commandTimeout = null, System.Data.CommandType? commandType = null) => throw null;
}
}