hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.20.6
codeql/csharp/ql/test/query-tests/Security Features/CWE-327/InsecureSQLConnection/InsecureSQLConnection.cs
Chanel Young 5ee7004a62 fp case if encrypt set in initializer
2024-05-16 17:59:17 -07:00

66 lines
2.1 KiB
C#
Raw Permalink Blame History

using System.Data.SqlClient;
namespace InsecureSQLConnection
{
public class Class1
{
public void StringInConstructor()
{
SqlConnection conn = new SqlConnection("Encrypt=true");
}
public void StringInProperty()
{
SqlConnection conn = new SqlConnection();
conn.ConnectionString = "Encrypt=true";
}
public void StringInBuilder()
{
SqlConnectionStringBuilder conBuilder = new SqlConnectionStringBuilder();
conBuilder.Encrypt = true;
SqlConnection conn = new SqlConnection(conBuilder.ToString());
}
public void StringInBuilderProperty()
{
SqlConnectionStringBuilder conBuilder = new SqlConnectionStringBuilder();
conBuilder.Encrypt = true;
SqlConnection conn = new SqlConnection();
conn.ConnectionString = conBuilder.ToString();
}
public void StringInInitializer()
{
string connectString = "Server=1.2.3.4;Database=Anything;UID=ab;Pwd=cd;Encrypt=false";
SqlConnectionStringBuilder conBuilder = new SqlConnectionStringBuilder(connectString) { Encrypt = true};
}
public void TriggerThis()
{
// BAD, Encrypt not specified
SqlConnection conn = new SqlConnection("Server=myServerName\\myInstanceName;Database=myDataBase;User Id=myUsername;");
}
void Test4()
{
string connectString =
"Server=1.2.3.4;Database=Anything;UID=ab;Pwd=cd";
// BAD, Encrypt not specified
SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder(connectString);
var conn = new SqlConnection(builder.ConnectionString);
}
void Test5()
{
string connectString =
"Server=1.2.3.4;Database=Anything;UID=ab;Pwd=cd;Encrypt=false";
// BAD, Encrypt set to false
SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder(connectString);
var conn = new SqlConnection(builder.ConnectionString);
}
}
}
Reference in New Issue View Git Blame Copy Permalink