C#: Add testcase for unsanitized filename used in Filestream.

michaelnebel · michaelnebel · commit 5c47ae3f9886 · 2022-08-10T14:49:20.000+02:00
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjectionSqlite.cs b/csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjectionSqlite.cs
@@ -4,6 +4,8 @@ namespace TestSqlite
 {
     using System.Data;
     using System.Data.SQLite;
+    using System.IO;
+    using System.Text;
     using System.Web.UI.WebControls;
 
     class SqlInjection
@@ -42,6 +44,26 @@ public void InjectUntrustedData()
             adapter = new SQLiteDataAdapter(cmd);
             result = new DataSet();
             adapter.Fill(result);
+
+            // BAD: untrusted data as filename is not sanitized.
+            using (FileStream fs = new FileStream(untrustedData.Text, FileMode.Open))
+            {
+                using (StreamReader sr = new StreamReader(fs, Encoding.UTF8))
+                {
+                    var sql = String.Empty;
+                    while ((sql = sr.ReadLine()) != null)
+                    {
+                        sql = sql.Trim();
+                        if (sql.StartsWith("--"))
+                            continue;
+                        using (var connection = new SQLiteConnection(""))
+                        {
+                            cmd = new SQLiteCommand(sql, connection);
+                            cmd.ExecuteScalar();
+                        }
+                    }
+                }
+            }
         }
     }
 }
