我曾面临减少其他人代码中SQL注入的任务,但是我用来扫描我的代码的工具并未说明注入的位置,因为它只是指出了方法。以下面的代码为例]
public static CommandStatus<int> CreateTable(SqlConnection connection, String tableName, SQLColumn[] columns)
{
string colSQL = columns.Select(f => f.ToString()).Aggregate((f1, f2) => f1 + ",\n" + f2);
if(columns.FirstOrDefault(e => e.IsPK()) != null){
string constraint = GenerateTableConstraint(tableName, columns.FirstOrDefault(e => e.IsPK()).ColumnName());
colSQL += constraint;
}
string sql = "CREATE TABLE " + ParseTableName(tableName) + " (" + colSQL + ") ON [PRIMARY]";
SqlCommand cmd = new SqlCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = sql;
cmd.Connection = connection;
cmd.CommandTimeout = GetTimeout();
try
{
int result = cmd.ExecuteNonQuery();
return new CommandStatus<int>(result);
}
catch (Exception e)
{
return new CommandStatus<int>("Failed to create tableName " + tableName + " [SQL: " + sql + "]:" + e.Message, e);
}
}
colSQL的输出是
"[RecordID] [NVARCHAR](255) NULL,\n[Address1] [NVARCHAR](255) NULL,\n[Address2] [NVARCHAR](255) NULL,\n[Address3] [NVARCHAR](255) NULL,\n[Address4] [NVARCHAR](255) NULL,\n[Address5] [NVARCHAR](255) NULL,\n[MongoId] [NVARCHAR](100) NOT NULL"
SQLColumns []列只是以下的数组
Record
nvarchar(255)
null
我对注入的理解是,用“ []”括住字符串可以保证安全。如果不是这种情况,我将如何使该方法免费进行SQL注入。
CA3001:SQL注入漏洞的审阅代码https://docs.microsoft.com/en-us/visualstudio/code-quality/ca3001?view=vs-2019