/* goodG2B() - use goodsource and badsink */
private static void GoodG2B(HttpRequest req, HttpResponse resp)
{
string data = CWE89_SQL_Injection__Web_Listen_tcp_CommandText_61b.GoodG2BSource(req, resp);
if (data != null)
{
string[] names = data.Split('-');
int successCount = 0;
SqlCommand badSqlCommand = null;
try
{
using (SqlConnection dbConnection = IO.GetDBConnection())
{
badSqlCommand.Connection = dbConnection;
dbConnection.Open();
for (int i = 0; i < names.Length; i++)
{
/* POTENTIAL FLAW: data concatenated into SQL statement used in CommandText, which could result in SQL Injection */
badSqlCommand.CommandText += "update users set hitcount=hitcount+1 where name='" + names[i] + "';";
}
var affectedRows = badSqlCommand.ExecuteNonQuery();
successCount += affectedRows;
IO.WriteLine("Succeeded in " + successCount + " out of " + names.Length + " queries.");
}
}
catch (SqlException exceptSql)
{
IO.Logger.Log(NLog.LogLevel.Warn, "Error getting database connection", exceptSql);
}
finally
{
try
{
if (badSqlCommand != null)
{
badSqlCommand.Dispose();
}
}
catch (SqlException exceptSql)
{
IO.Logger.Log(NLog.LogLevel.Warn, "Error disposing SqlCommand", exceptSql);
}
}
}
}
