protected override void beforeWriteNodeLogic(bool Creating, bool OverrideUniqueValidation)
{
if (CswSqlAnalysis.doesSqlContainDmlOrDdl(SQL.Text))
{
throw (new CswDniException("Invalid sql: " + SQL.Text));
}
}//beforeWriteNode()
public void DoesSqlContainDmlOrDdlTest()
{
string[] ValidSql =
{
"select * from nodes",
"select count(*) from jct_nodes_props",
"select * from (select nodetypeid from nodetypes)",
"select * from nodes where pendingupdate = '1'"
};
string[] InvalidSql =
{
"truncate table nodes",
"alter user nbt identified by nbt account unlock",
"delete from object_class_props where objectclassid > 1",
"update table nodes set nodename = 'node'",
"lock(nodes)"
};
foreach (string StringToValidate in ValidSql)
{
Assert.IsFalse(CswSqlAnalysis.doesSqlContainDmlOrDdl(StringToValidate), "The following SQL was incorrectly considered invalid:\n\n" + StringToValidate + "\n");
}
foreach (string StringToValidate in InvalidSql)
{
Assert.IsTrue(CswSqlAnalysis.doesSqlContainDmlOrDdl(StringToValidate), "The following SQL was incorrectly considered valid:\n\n" + StringToValidate + "\n");
}
}
/// <summary>
/// Extract report parameters for a report
/// </summary>
/// <param name="UserNode">Use this user for matching parameter values</param>
/// <param name="SourceNode">Use this node for matching parameter values</param>
/// <returns></returns>
public Dictionary <string, string> ExtractReportParams(CswNbtObjClassUser UserNode = null, CswNbtNode SourceNode = null)
{
Dictionary <string, string> reportParams = new Dictionary <string, string>();
MatchCollection matchedParams = null;
if (false == string.IsNullOrEmpty(WebService.Text))
{
matchedParams = Regex.Matches(WebService.Text, @"\{([\s\w0-9])+\}");
}
else if (false == string.IsNullOrEmpty(SQL.Text))
{
matchedParams = Regex.Matches(SQL.Text, @"\{([\s\w0-9])+\}");
}
foreach (Match match in matchedParams)
{
string paramName = match.Value.Replace('{', ' ').Replace('}', ' ').Trim(); //remove the '{' and '}' and whitespace
string replacementVal = "";
if (null != UserNode)
{
if (paramName == ControlledParams.UserId ||
paramName == ControlledParams.NodeId)
{
replacementVal = UserNode.Node.NodeId.PrimaryKey.ToString();
}
else if (paramName == ControlledParams.RoleId)
{
replacementVal = UserNode.RoleId.PrimaryKey.ToString();
}
else
{
CswNbtMetaDataNodeTypeProp userNTP = UserNode.NodeType.getNodeTypeProp(paramName);
if (null != userNTP)
{
replacementVal = UserNode.Node.Properties[userNTP].Gestalt;
}
}
} // if( null != UserNode )
if (null != SourceNode)
{
CswNbtMetaDataNodeTypeProp sourceNTP = SourceNode.getNodeType().getNodeTypeProp(paramName);
if (null != sourceNTP)
{
replacementVal = SourceNode.Properties[sourceNTP].Gestalt;
}
}
if (false == string.IsNullOrEmpty(SQL.Text))
{
if (CswSqlAnalysis.doesSqlContainDmlOrDdl(replacementVal))
{
throw (new CswDniException("Parameter contains sql: " + paramName));
}
}
if (false == reportParams.ContainsKey(paramName))
{
reportParams.Add(paramName, replacementVal);
}
}
return(reportParams);
}
