Exemple #1
0
        public static void Main(string[] args)
        {
            string            sqltext = @"SELECT e.last_name AS name,
                                e.commission_pct comm,
                                e.salary * 12 ""Annual Salary""
                                FROM scott.employees AS e
                                WHERE e.salary > 1000 or 1=1
                                ORDER BY
                                e.first_name,
                                e.last_name;";
            TAntiSQLInjection anti    = new TAntiSQLInjection(Common.GetEDbVendor(args));

            List <string> argList = new List <string>(args);
            int           index   = argList.IndexOf("/f");

            FileInfo file = null;

            if (index != -1 && args.Length > index + 1)
            {
                file = new FileInfo(args[index + 1]);
            }

            if (file == null ? anti.isInjected(sqltext) : anti.isInjected(file))
            {
                Console.WriteLine("SQL injected found:");
                for (int i = 0; i < anti.SqlInjections.Count; i++)
                {
                    Console.WriteLine("type: " + anti.SqlInjections[i].Type + ", description: " + anti.SqlInjections[i].Description);
                }
            }
            else
            {
                Console.WriteLine("Not injected");
            }
        }
 public piggybackedExpr(TAntiSQLInjection outerInstance)
 {
     this.outerInstance = outerInstance;
 }