hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

C#: Add SQLCommand examples.

Browse Source
This commit is contained in:
Michael Nebel
2022-07-29 11:31:52 +02:00
parent 7fc95fb49b
commit d42752714c
2 changed files with 28 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjectionSqlite.cs Normal file
View File

@@ -0,0 +1,27 @@
using System;
namespace TestSqlite
{
using System.Data.SQLite;
using System.Web.UI.WebControls;
class SqlInjection
{
private string connectionString;
public TextBox untrustedData;
public void InjectUntrustedData()
{
// BAD: untrusted data is not sanitized.
SQLiteCommand cmd = new SQLiteCommand(untrustedData.Text);
// BAD: untrusted data is not sanitized.
using (var connection = new SQLiteConnection(connectionString))
{
cmd = new SQLiteCommand(untrustedData.Text, connection);
}
}
}
}

1
csharp/ql/test/query-tests/Security Features/CWE-089/options
View File

@@ -1,5 +1,6 @@
semmle-extractor-options: /nostdlib /noconfig
semmle-extractor-options: --load-sources-from-project:../../../resources/stubs/Dapper/2.0.90/Dapper.csproj
semmle-extractor-options: --load-sources-from-project:../../../resources/stubs/System.Data.SqlClient/4.8.3/System.Data.SqlClient.csproj
semmle-extractor-options: --load-sources-from-project:../../../resources/stubs/System.Data.SQLite/1.0.116/System.Data.SQLite.csproj
semmle-extractor-options: ${testdir}/../../../resources/stubs/EntityFramework.cs
semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Windows.cs