Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update SQLIController.cs #1

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open
Changes from 4 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 24 additions & 9 deletions RandomQuotes/Controllers/SQLIController.cs
Original file line number Diff line number Diff line change
Expand Up @@ -3,25 +3,40 @@
using System.IO;
using System.Text;
using Microsoft.AspNetCore.Mvc;
using System.Data.SQLite;
using System.Data.SQLite;
using System.Linq;
using Microsoft.AspNetCore.Http.Extensions;


namespace RandomQuotes.Controllers
{
public class SQLIController : Controller
{
// testing normal: /sqli?name=Andrew
// testing exploit: /sqli?name=1%27%20or%20%271%27==%271
// testing exploit: /sqli?name=Octopus%27%20or%20%271%27==%271
[HttpGet("sqli")]
public IActionResult Get(string name)
{
SQLiteConnection conn = new SQLiteConnection("Data Source=Chinook_Sqlite.sqlite");
conn.Open();

SQLiteCommand cmd = new SQLiteCommand(conn);
cmd.CommandText = "select * from Employee where FirstName == '" + name + "';";
string clause = "";
List<string> list = new List<string>();
if (name.StartsWith("Octopus"))
{
list.Add("FirstName == '" + name + "';");
}
else
{
list.Add("FirstName == 'Andrew';");
}

SQLiteConnection conn2 = new SQLiteConnection("Data Source=Chinook_Sqlite.sqlite");
conn2.Open();

SQLiteDataReader reader = cmd.ExecuteReader();
SQLiteCommand cmd2 = new SQLiteCommand(conn2);
string whereClause = "where " + string.Join(" OR ", list);

cmd2.CommandText = "select * from Employee " + whereClause;

Check failure

Code scanning / CodeQL

SQL query built from user-controlled sources

Query might include code from [this ASP.NET Core MVC action method parameter](1).
Fixed Show fixed Hide fixed

Check failure

Code scanning / SonarCloud

Database queries should not be vulnerable to injection attacks High

Change this code to not construct SQL queries directly from user-controlled data. See more on SonarCloud
Console.WriteLine(cmd2.CommandText);
SQLiteDataReader reader = cmd2.ExecuteReader();


List<string> res = new List<string>();
Expand All @@ -40,4 +55,4 @@
return Ok(res);
}
}
}
}