Exemple #1
0
        static void Main(string[] args)
        {
            Console.OutputEncoding = Encoding.UTF8;
            string sql = "";
            string path = args[0].Replace("|_|", " ");
            using(TextReader tr = new StreamReader(path))
            {
                sql = tr.ReadToEnd();
            }
            Regex regex1 = new Regex(@"\[?sys\]?\.\[?databases\]?", RegexOptions.IgnoreCase);
            Regex regex2 = new Regex(@"\[?sys\]?\.\[?sysdatabases\]?", RegexOptions.IgnoreCase);
            if (!string.IsNullOrEmpty(sql) && (regex1.IsMatch(sql) || regex2.IsMatch(sql)))
            {
                Console.Error.WriteLine("[sys].[databases] and [sys].[sysdatabases] are not allowed to be used in code due to security reasons");
                return;
            }
            regex1 = new Regex(@"begin\s+tran", RegexOptions.IgnoreCase);
            regex2 = new Regex(@"commit", RegexOptions.IgnoreCase);
            var regex3 = new Regex(@"rollback", RegexOptions.IgnoreCase);
            if (!string.IsNullOrEmpty(sql) && (regex1.IsMatch(sql) || regex2.IsMatch(sql) || regex3.IsMatch(sql)))
            {
                Console.Error.WriteLine("Transaction related keywords (begin tran, commit and rollback) are not permitted in code due to security reasons");
                return;
            }

            Job job = new Job(sql, path);
            Thread t = new Thread(job.DoWork);
            t.Start();
            t.Join(10000);
            if (t.ThreadState != ThreadState.Stopped)
            {
                t.Abort();
                Console.Error.WriteLine("Job taking too long. Aborted.");
            }
        }
Exemple #2
0
        static void Main(string[] args)
        {
            Console.OutputEncoding = Encoding.UTF8;
            string sql = "";
            string path = args[0].Replace("|_|", " ");
            using (TextReader tr = new StreamReader(path))
            {
                sql = tr.ReadToEnd();
            }
            //Regex regex1 = new Regex(@"drop\s+database", RegexOptions.IgnoreCase);
            if (!string.IsNullOrEmpty(sql) && sql.ToLower().Contains("drop") && sql.ToLower().Contains("database") && sql.ToLower().Contains("rextester"))
            {
                Console.Error.WriteLine("The following words are not allowed to appear together in one script: drop database rextester");
                return;
            }
            //var regex1 = new Regex(@"start\s+transaction", RegexOptions.IgnoreCase);
            //var regex2 = new Regex(@"commit", RegexOptions.IgnoreCase);
            //var regex3 = new Regex(@"rollback", RegexOptions.IgnoreCase);
            //if (!string.IsNullOrEmpty(sql) && (regex1.IsMatch(sql) || regex2.IsMatch(sql) || regex3.IsMatch(sql)))
            //{
            //    Console.Error.WriteLine("Transaction related keywords (start transaction, commit and rollback) are not permitted in code due to security reasons");
            //    return;
            //}

            Job job = new Job(sql, path);
            Thread t = new Thread(job.DoWork);
            t.Start();
            t.Join(10000);
            if (t.ThreadState != ThreadState.Stopped)
            {
                t.Abort();
                Console.Error.WriteLine("Job taking too long. Aborted.");
            }
        }