hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
377fb00dea83549416b95929962f555395e7898f
codeql/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.cs
Tamas Vajk 03d1a3e0ad Trim test files + remove duplicate newlines
2021-07-01 16:09:11 +02:00

30 lines
1.0 KiB
C#
Raw Blame History

using System.Data.SqlClient;
using System.Web;
public class ResourceInjectionHandler : IHttpHandler
{
public void ProcessRequest(HttpContext ctx)
{
string userName = ctx.Request.QueryString["userName"];
string connectionString = "server=(local);user id=" + userName + ";password= pass;";
// BAD: Direct use of user input in a connection string for the constructor
SqlConnection sqlConnection = new SqlConnection(connectionString);
// BAD: Direct use of user input assigned to a connection string property
sqlConnection.ConnectionString = connectionString;
// GOOD: Use SqlConnectionStringBuilder
SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder();
builder["Data Source"] = "(local)";
builder["integrated Security"] = true;
builder["user id"] = userName;
SqlConnection sqlConnectionGood = new SqlConnection(builder.ConnectionString);
}
public bool IsReusable
{
get
{
return true;
}
}
}
Reference in New Issue View Git Blame Copy Permalink