SQL Injection Vulnerability Pattern
From Guidance Share
Jump to navigationJump to search
Context
You have an application that accesses a database.
Problem
How to discover vulnerable data access code that could lead to unauthorized code execution in the database.
Forces
- Lack of type safe SQL parameters.
- Construction of SQL statements from untrusted input.
- Missing or weak input validation.
Solution
- Dynamic SQL concatenating unvalidated input
SqlDataAdapter myCommand = new SqlDataAdapter( "SELECT au_lname, au_fname FROM authors WHERE au_id = '" + SSN.Text + "'", myConnection);
- Stored procedure concatenating unvalidated input
SqlDataAdapter myCommand = new SqlDataAdapter( "LoginStoredProcedure '" + SSN.Text + "'", myConnection);
- Validating input against a predefined list of bad SQL strings
private bool isUnSafe(string inputSQL, string [] badSQLStrings) { foreach (string badStr in badSQLStrings) { if (inputSQL.Contains(badStr)) return true; } return false; }