From 73b82493d8a13e6329b4ac0c359ade04676ca8a1 Mon Sep 17 00:00:00 2001 From: Johan Nordberg Date: Sun, 5 May 2024 21:23:33 +0200 Subject: [PATCH] Use AddPerson to show problems in that too --- Ghas/Controllers/PersonController.cs | 13 ++++++++++++- Ghas/Data/Repository.cs | 10 ++-------- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/Ghas/Controllers/PersonController.cs b/Ghas/Controllers/PersonController.cs index 2e0617e..e5fc80e 100644 --- a/Ghas/Controllers/PersonController.cs +++ b/Ghas/Controllers/PersonController.cs @@ -31,17 +31,28 @@ public ActionResult UpdateDescription( { person.Description = description; repository.UpdatePerson(person); + return Ok(person); } return NotFound(); } - [HttpPost("{id}")] + [HttpPut("{id}")] public ActionResult UpdatePerson( [FromBody] Person person) { repository.UpdatePerson(person); + + return Ok(person); + } + + [HttpPost("")] + public ActionResult AddPerson( + [FromBody] Person person) + { + repository.AddPerson(person); + return Ok(person); } } \ No newline at end of file diff --git a/Ghas/Data/Repository.cs b/Ghas/Data/Repository.cs index f731644..4e7a3a0 100644 --- a/Ghas/Data/Repository.cs +++ b/Ghas/Data/Repository.cs @@ -63,14 +63,8 @@ public Person AddPerson(Person person) connection.Open(); - /* - * This is clearly a very bad way to insert data into a database. - * It is vulnerable to SQL injection attacks. - * Yet, CodeQL does not flag this as a security vulnerability. - * This is because CodeQL does not have a built-in taint analysis for SQL queries and Asp.net model binding. - * However, CodeQL does have a taint analysis for HTTP requests. - * This is why CodeQL is able to detect the SQL injection vulnerability in the Ghas/Controllers/PersonController.cs file. - */ + person.Id = Guid.NewGuid().ToString(); + using var command = new SqlCommand( $"INSERT INTO Persons (Id, Name, Age, Description) " + $"VALUES ('{person.Id}', '{person.Name}', {person.Age}, '{person.Description}')",