Skip to content

Commit

Permalink
Merge pull request #15629 from egregius313/egregius313/csharp/dataflo…
Browse files Browse the repository at this point in the history
…w/threat-modeling/remove-stored-query-variants

C#: Remove `Stored` variants of queries
  • Loading branch information
egregius313 authored Mar 11, 2024
2 parents 820c145 + 59b14f6 commit 58f2777
Show file tree
Hide file tree
Showing 36 changed files with 274 additions and 508 deletions.

This file was deleted.

34 changes: 0 additions & 34 deletions csharp/ql/src/Security Features/CWE-078/StoredCommandInjection.ql

This file was deleted.

6 changes: 0 additions & 6 deletions csharp/ql/src/Security Features/CWE-079/StoredXSS.qhelp

This file was deleted.

39 changes: 0 additions & 39 deletions csharp/ql/src/Security Features/CWE-079/StoredXSS.ql

This file was deleted.

This file was deleted.

32 changes: 0 additions & 32 deletions csharp/ql/src/Security Features/CWE-089/SecondOrderSqlInjection.ql

This file was deleted.

This file was deleted.

32 changes: 0 additions & 32 deletions csharp/ql/src/Security Features/CWE-090/StoredLDAPInjection.ql

This file was deleted.

This file was deleted.

32 changes: 0 additions & 32 deletions csharp/ql/src/Security Features/CWE-643/StoredXPathInjection.ql

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
category: majorAnalysis
---
* The `Stored` variants of some queries (`cs/stored-command-line-injection`, `cs/web/stored-xss`, `cs/stored-ldap-injection`, `cs/xml/stored-xpath-injection`. `cs/second-order-sql-injection`) have been removed. If you were using these queries, their results can be restored by enabling the `file` and `database` threat models in your threat model configuration.

Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
using System;
using System.Data.SqlClient;
using System.Diagnostics;

namespace System.Web.UI.WebControls
{
Expand Down Expand Up @@ -34,5 +36,22 @@ public void WebCommandInjection()
startInfoProps.WorkingDirectory = userInput;
Process.Start(startInfoProps);
}

public void StoredCommandInjection()
{
using (SqlConnection connection = new SqlConnection(""))
{
connection.Open();
SqlCommand customerCommand = new SqlCommand("SELECT * FROM customers", connection);
SqlDataReader customerReader = customerCommand.ExecuteReader();

while (customerReader.Read())
{
// BAD: Read from database, and use it to directly execute a command
Process.Start("foo.exe", "/c " + customerReader.GetString(1));
}
customerReader.Close();
}
}
}
}
Loading

0 comments on commit 58f2777

Please sign in to comment.