codeql/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.cs at d8eeae781be7b3949327ca75b3e3d24dadf3c6fd · github/codeql · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
using System.Data.SqlClient;
using System.Web;

public class ResourceInjectionHandler : IHttpHandler
{
    public void ProcessRequest(HttpContext ctx)
    {
        string userName = ctx.Request.QueryString["userName"];
        string connectionString = "server=(local);user id=" + userName + ";password= pass;";
        // BAD: Direct use of user input in a connection string for the constructor
        SqlConnection sqlConnection = new SqlConnection(connectionString);
        // BAD: Direct use of user input assigned to a connection string property
        sqlConnection.ConnectionString = connectionString;
        // GOOD: Use SqlConnectionStringBuilder
        SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder();
        builder["Data Source"] = "(local)";
        builder["integrated Security"] = true;
        builder["user id"] = userName;
        SqlConnection sqlConnectionGood = new SqlConnection(builder.ConnectionString);
    }

    public bool IsReusable
    {
        get
        {
            return true;
        }
    }
}