/* goodB2G() - use badsource and goodsink */
public static void GoodB2GSink(CWE89_SQL_Injection__Web_QueryString_Web_ExecuteScalar_67a.Container dataContainer, HttpRequest req, HttpResponse resp)
{
string data = dataContainer.containerOne;
try
{
using (SqlConnection dbConnection = IO.GetDBConnection())
{
dbConnection.Open();
using (SqlCommand goodSqlCommand = new SqlCommand(null, dbConnection))
{
/* FIX: Use prepared statement and concatenate ExecuteScalar() (properly) */
SqlParameter nameParam = new SqlParameter("@name", SqlDbType.VarChar, 100);
nameParam.Value = data;
goodSqlCommand.CommandText += "select * from users where name=@name";
goodSqlCommand.Prepare();
object firstCol = goodSqlCommand.ExecuteScalar();
if (firstCol != null)
{
IO.WriteLine(firstCol.ToString()); /* Use ResultSet in some way */
}
}
}
}
catch (SqlException exceptSql)
{
IO.Logger.Log(NLog.LogLevel.Warn, "Error getting database connection", exceptSql);
}
}
/* goodG2B() - use goodsource and badsink */
public static void GoodG2BSink(CWE89_SQL_Injection__Web_QueryString_Web_ExecuteScalar_67a.Container dataContainer, HttpRequest req, HttpResponse resp)
{
string data = dataContainer.containerOne;
try
{
using (SqlConnection dbConnection = IO.GetDBConnection())
{
dbConnection.Open();
using (SqlCommand badSqlCommand = new SqlCommand(null, dbConnection))
{
/* POTENTIAL FLAW: data concatenated into SQL statement used in ExecuteScalar(), which could result in SQL Injection */
badSqlCommand.CommandText = "select * from users where name='" + data + "'";
object firstCol = badSqlCommand.ExecuteScalar();
if (firstCol != null)
{
IO.WriteLine(firstCol.ToString()); /* Use ResultSet in some way */
}
}
}
}
catch (SqlException exceptSql)
{
IO.Logger.Log(NLog.LogLevel.Warn, "Error getting database connection", exceptSql);
}
}
