/// <summary> /// Extreme injection completely takes over the Where clause /// </summary> static void TesterUnit3() { var data = new TestData(); var dataSource = new BlackBoxDataSource <Person>(); dataSource.DataSource = data.Persons; /* * the DynamicClass types generated for you custom types only have properties. Though you can have a delegate-typed property (like a Func). * System.Linq.DynamicExpression parsing doesn't understand that such delegate-typed properties can be called directly like a method. * So you have to use the delegate Invoke to activate the delegate. */ dataSource.Where = @"@0.IsMatch.Invoke(it)"; dataSource.WhereParameters = new { tester = Activator.CreateInstance(DynamicLinqCustomTypes <Person> .IsMatch) //@0 .SetIsMatch(new Func <Person, bool>(person => { return(Regex.IsMatch(person.Name, "^(?i)(?:bob|bobby|will(iam|y)?|glen)$") && ( person.Id < 3 || (person.Id > 25 && person.Visits > 200) )); })) }; //should return two records, bob and glen var query = dataSource.Select(); Console.WriteLine($"\nClause: '{dataSource.Where}'"); Console.WriteLine(SerializeObject(query)); }
/// <summary> /// A traditional WHERE clause with injected types /// </summary> static void TesterUnit2() { var data = new TestData(); var dataSource = new BlackBoxDataSource <Person>(); dataSource.DataSource = data.Persons; /* * the DynamicClass types generated for you custom types only have properties. Though you can have a delegate-typed property (like a Func). * System.Linq.DynamicExpression parsing doesn't understand that such delegate-typed properties can be called directly like a method. * So you have to use the delegate Invoke to activate the delegate. */ dataSource.Where = @"@1.Compare.Invoke(@0.Name,it.Name) == 0 and it.Name == ""Bob"" and ((Id > 3 and Visits > 50) or Id < 3)"; dataSource.WhereParameters = new { data.Bob, //@0 tester = Activator.CreateInstance(DynamicLinqCustomTypes <string> .Compare) //@1 .SetCompare(new Func <string, string, int>((s1, s2) => string.Compare(s1, s2, true))) }; //should return one record, bob var query = dataSource.Select(); Console.WriteLine($"\nClause: '{dataSource.Where}'"); Console.WriteLine(SerializeObject(query)); }
/// <summary> /// A traditional WHERE clause with injected types to support collections /// </summary> static void TesterUnit5() { var data = new TestData(); var dataSource = new BlackBoxDataSource <Person>(); dataSource.DataSource = data.Persons; /* * the DynamicClass types generated for you custom types only have properties. Though you can have a delegate-typed property (like a Func). * System.Linq.DynamicExpression parsing doesn't understand that such delegate-typed properties can be called directly like a method. * So you have to use the delegate Invoke to activate the delegate. */ dataSource.Where = @"@1.IsMatch.Invoke(@0,it) and it.Name == ""Bob"" and ((Id > 3 and Visits > 50) or Id < 3)"; dataSource.WhereParameters = new { collection = new[] { data.Bob, data.Michael, data.Glen }, //@0 tester = Activator.CreateInstance(DynamicLinqCustomTypes <Person> .IEnumerableIsMatch) //@1 .SetIEnumerableIsMatch(new Func <IEnumerable <Person>, Person, bool>((persons, person) => persons.Contains(person))) }; //should return one record, bob var query = dataSource.Select(); Console.WriteLine($"\nClause: '{dataSource.Where}'"); Console.WriteLine(SerializeObject(query)); }
/// <summary> /// A traditional WHERE clause with no tricks /// </summary> static void TesterUnit1() { //Where param @0 var data = new TestData(); var dataSource = new BlackBoxDataSource <Person>(); dataSource.DataSource = data.Persons; dataSource.Where = @"@0.Name == it.Name and it.Name == ""Bob"" and ((Id > 3 and Visits > 50) or Id < 3)"; dataSource.WhereParameters = new { data.Bob //@0 }; //should return one record, bob var query = dataSource.Select(); Console.WriteLine($"\nClause: '{dataSource.Where}'"); Console.WriteLine(SerializeObject(query)); }