hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
sauyon/java-spring-stringutils
codeql/csharp/ql/test/query-tests/Security Features/CWE-090/StoredLDAPInjection.cs
Pavel Avgustinov b55526aa58 QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00

31 lines
930 B
C#
Raw Permalink Blame History

// semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Data.cs /r:System.Data.Common.dll
using System;
using System.Data.SqlClient;
using System.DirectoryServices;
namespace Test
{
class StoredLDAPInjection
{
public void processRequest()
{
using (SqlConnection connection = new SqlConnection(""))
{
connection.Open();
SqlCommand customerCommand = new SqlCommand("SELECT * FROM customers", connection);
SqlDataReader customerReader = customerCommand.ExecuteReader();
while (customerReader.Read())
{
// BAD: Read from database, write it straight to a response
DirectorySearcher ds = new DirectorySearcher("accountname=" + customerReader.GetString(1));
}
customerReader.Close();
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink