mirror of
https://github.com/github/codeql.git
synced 2025-12-17 01:03:14 +01:00
38 lines
1.5 KiB
C#
38 lines
1.5 KiB
C#
using System;
|
|
using System.Data.SqlClient;
|
|
using System.Xml;
|
|
using System.Xml.XPath;
|
|
|
|
namespace Test
|
|
{
|
|
|
|
class StoredXPathInjection
|
|
{
|
|
|
|
public void processRequest()
|
|
{
|
|
using (SqlConnection connection = new SqlConnection(""))
|
|
{
|
|
connection.Open();
|
|
SqlCommand customerCommand = new SqlCommand("SELECT * FROM customers", connection);
|
|
SqlDataReader customerReader = customerCommand.ExecuteReader();
|
|
|
|
while (customerReader.Read())
|
|
{
|
|
string userName = customerReader.GetString(1);
|
|
string password = customerReader.GetString(2);
|
|
// BAD: User input used directly in an XPath expression
|
|
XPathExpression.Compile("//users/user[login/text()='" + userName + "' and password/text() = '" + password + "']/home_dir/text()");
|
|
XmlNode xmlNode = null;
|
|
// BAD: User input used directly in an XPath expression to SelectNodes
|
|
xmlNode.SelectNodes("//users/user[login/text()='" + userName + "' and password/text() = '" + password + "']/home_dir/text()");
|
|
|
|
// GOOD: Uses parameters to avoid including user input directly in XPath expression
|
|
XPathExpression.Compile("//users/user[login/text()=$username]/home_dir/text()");
|
|
}
|
|
customerReader.Close();
|
|
}
|
|
}
|
|
}
|
|
}
|