Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update SQLIController.cs #1

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 24 additions & 9 deletions RandomQuotes/Controllers/SQLIController.cs
Original file line number Diff line number Diff line change
Expand Up @@ -3,25 +3,40 @@
using System.IO;
using System.Text;
using Microsoft.AspNetCore.Mvc;
using System.Data.SQLite;
using System.Data.SQLite;
using System.Linq;
using Microsoft.AspNetCore.Http.Extensions;


namespace RandomQuotes.Controllers
{
public class SQLIController : Controller
{
// testing normal: /sqli?name=Andrew
// testing exploit: /sqli?name=1%27%20or%20%271%27==%271
// testing exploit: /sqli?name=Octopus%27%20or%20%271%27==%271
[HttpGet("sqli")]
public IActionResult Get(string name)
{
SQLiteConnection conn = new SQLiteConnection("Data Source=Chinook_Sqlite.sqlite");
conn.Open();

SQLiteCommand cmd = new SQLiteCommand(conn);
cmd.CommandText = "select * from Employee where FirstName == '" + name + "';";
string clause = "";
List<string> list = new List<string>();
if (name.StartsWith("Octopus"))
{
list.Add("FirstName == '" + name + "';");
}
else
{
list.Add("FirstName == 'Andrew';");
}

SQLiteConnection conn2 = new SQLiteConnection("Data Source=Chinook_Sqlite.sqlite");
conn2.Open();

SQLiteDataReader reader = cmd.ExecuteReader();
SQLiteCommand cmd2 = new SQLiteCommand(conn2);
string whereClause = "where " + string.Join(" OR ", list);

cmd2.CommandText = "select * from Employee " + whereClause;

Check warning on line 37 in RandomQuotes/Controllers/SQLIController.cs

View workflow job for this annotation

GitHub Actions / AppScan CodeSweep #3

Potential SQL injection is detected

Vulnerability: Injection.SQL [Severity: High]
Raw output
{"file":"SQLIController.cs","filePath":"RandomQuotes/Controllers/SQLIController.cs","lineNumber":37,"columnNumber":0,"language":"C#","vulnName":"Potential SQL injection is detected","vulnType":"Injection.SQL","ruleName":"com.hcl.appscan.scanner.csharp.rules.SqlInjectionCsharp","context":"\"select * from Employee \" + whereClause;","severity":0,"codeFixes":[],"hashValues":{"0":-1939971461,"1":-1939971461,"2":-1790236351,"3":-1790236351,"4":396064570,"5":396064570}}

Check warning on line 37 in RandomQuotes/Controllers/SQLIController.cs

View workflow job for this annotation

GitHub Actions / AppScan CodeSweep #2

Potentially hazardous SQL query detected in Xamarin code

Vulnerability: Injection.SQL [Severity: High]
Raw output
{"file":"SQLIController.cs","filePath":"RandomQuotes/Controllers/SQLIController.cs","lineNumber":37,"columnNumber":0,"language":"Xamarin","vulnName":"Potentially hazardous SQL query detected in Xamarin code","vulnType":"Injection.SQL","ruleName":"com.hcl.appscan.scanner.xamarin.rules.SqlInjectionXamarin","context":"\"select * from Employee \" + whereClause","severity":0,"codeFixes":[],"hashValues":{"0":-282644332,"1":-282644332,"2":1117929674,"3":1117929674,"4":-218546758,"5":-218546758}}

Check failure

Code scanning / CodeQL

SQL query built from user-controlled sources

Query might include code from [this ASP.NET Core MVC action method parameter](1).
Fixed Show fixed Hide fixed

Check failure

Code scanning / SonarCloud

Database queries should not be vulnerable to injection attacks High

Change this code to not construct SQL queries directly from user-controlled data. See more on SonarCloud
Console.WriteLine(cmd2.CommandText);

Check warning on line 38 in RandomQuotes/Controllers/SQLIController.cs

View workflow job for this annotation

GitHub Actions / AppScan CodeSweep #1

Console logging

Vulnerability: Logging.RevealsDetails.SensitiveData [Severity: Low]
Raw output
{"file":"SQLIController.cs","filePath":"RandomQuotes/Controllers/SQLIController.cs","lineNumber":38,"columnNumber":0,"language":"C#","vulnName":"Console logging","vulnType":"Logging.RevealsDetails.SensitiveData","ruleName":"com.hcl.appscan.scanner.csharp.rules.ConsoleWriteCsharp","context":"Console.WriteLine(cmd2.CommandText);","severity":2,"codeFixes":[],"hashValues":{"0":789796345,"1":789796345,"2":-820949777,"3":-820949777,"4":-758150671,"5":-758150671}}
SQLiteDataReader reader = cmd2.ExecuteReader();


List<string> res = new List<string>();
Expand All @@ -40,4 +55,4 @@
return Ok(res);
}
}
}
}
Loading