diff --git a/csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnection/InsecureSQLConnection.cs b/csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnection/InsecureSQLConnection.cs index d8b63204b67..f60accb818d 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnection/InsecureSQLConnection.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnection/InsecureSQLConnection.cs @@ -1,4 +1,3 @@ -using System; using System.Data.SqlClient; namespace InsecureSQLConnection @@ -35,13 +34,13 @@ namespace InsecureSQLConnection public void StringInInitializer() { string connectString = "Server=1.2.3.4;Database=Anything;UID=ab;Pwd=cd;Encrypt=false"; - SqlConnectionStringBuilder conBuilder = new SqlConnectionStringBuilder(connectString) { Encrypt = true}; // False Positive + SqlConnectionStringBuilder conBuilder = new SqlConnectionStringBuilder(connectString) { Encrypt = true }; } - + public void TriggerThis() { - // BAD, Encrypt not specified (version dependent) + // BAD, Encrypt not specified SqlConnection conn = new SqlConnection("Server=myServerName\\myInstanceName;Database=myDataBase;User Id=myUsername;"); } @@ -49,7 +48,7 @@ namespace InsecureSQLConnection { string connectString = "Server=1.2.3.4;Database=Anything;UID=ab;Pwd=cd"; - // BAD, Encrypt not specified (version dependent) + // BAD, Encrypt not specified SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder(connectString); var conn = new SqlConnection(builder.ConnectionString); } @@ -62,20 +61,5 @@ namespace InsecureSQLConnection SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder(connectString); var conn = new SqlConnection(builder.ConnectionString); } - - void Test6() - { - var conn = new SqlConnectionStringBuilder(SetToTrueConnStr) { Encrypt = false }; // Bug - cs/insecure-sql-connection-initializer - } - - void Test72ndPhase(bool encrypt) - { - var conn = new SqlConnectionStringBuilder(SetToTrueConnStr) { Encrypt = encrypt }; // Bug - cs/insecure-sql-connection-initializer (sink) - } - - void Test7() - { - Test72ndPhase(false); // Bug - cs/insecure-sql-connection-initializer (source) - } } } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnectionInitializer/InsecureSQLConnection.cs b/csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnectionInitializer/InsecureSQLConnection.cs new file mode 100644 index 00000000000..e69de29bb2d diff --git a/csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnectionInitializer/InsecureSQLConnectionInitializer.expected b/csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnectionInitializer/InsecureSQLConnectionInitializer.expected new file mode 100644 index 00000000000..e217064d1df --- /dev/null +++ b/csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnectionInitializer/InsecureSQLConnectionInitializer.expected @@ -0,0 +1,4 @@ +edges +nodes +subpaths +#select diff --git a/csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnection/InsecureSQLConnectionInitializer.qlref b/csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnectionInitializer/InsecureSQLConnectionInitializer.qlref similarity index 100% rename from csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnection/InsecureSQLConnectionInitializer.qlref rename to csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnectionInitializer/InsecureSQLConnectionInitializer.qlref