SQL Injection Vulnerability Pattern

Context

You have an application that accesses a database.

Problem

How to discover vulnerable data access code that could lead to unauthorized code execution in the database.

Forces

• Lack of type safe SQL parameters.
• Construction of SQL statements from untrusted input.
• Missing or weak input validation.

Solution

• Dynamic SQL concatenating unvalidated input

SqlDataAdapter myCommand = new SqlDataAdapter(
         "SELECT au_lname, au_fname FROM authors WHERE au_id = '" + 
         SSN.Text + "'", myConnection);

• Stored procedure concatenating unvalidated input

SqlDataAdapter myCommand = new SqlDataAdapter(
                               "LoginStoredProcedure '" + 
                                SSN.Text + "'", myConnection);

• Validating input against a predefined list of bad SQL strings

private bool isUnSafe(string inputSQL, string [] badSQLStrings)
{
  foreach (string badStr in badSQLStrings)
  {
    if (inputSQL.Contains(badStr))
       return true;
  }
  return false;
}