Foundstone.ValidatorFunctions.RuleClass_SQLInjectionDetector C# (CSharp) Méthode

ValidatorFunctions Class Documentation Usage Examples Of Foundstone.ValidatorFunctions::RuleClass_SQLInjectionDetector Afficher le fichier Open project: o2platform/Demos_Files

RuleClass_SQLInjectionDetector() public static méthode

public static RuleClass_SQLInjectionDetector ( string dataToAnalyse ) : bool
dataToAnalyse	string
Résultat	bool

        public static bool RuleClass_SQLInjectionDetector(string dataToAnalyse)
        {
            if (null !=  dataToAnalyse)
            {
                if ( -1 < dataToAnalyse.IndexOf("'"))
                {
                    return false;
                }
            }
            return true;
        }

Usage Example

Exemple #1

Afficher le fichier

Fichier : RequestToValidate.cs Projet : udaykor/Demos_Files

        public ArrayList protectAndMitigateSQLInjections()
        {
            ArrayList listOfRulesProcessed = new ArrayList();

            // Handle Form data
            while (true)
            {
                bool bFoundSQLInjection = false;
                foreach (string sFormKey in HttpRequestToAnalyse.Form)
                {
                    string dataToAnalyse = HttpRequestToAnalyse.Form[sFormKey];

                    if (ValidatorFunctions.RuleClass_SQLInjectionDetector(dataToAnalyse))
                    {
                        // don't show message when no attack is detected
                        // RulesProcessed += "SQLInjectionDetector" + htmlGreen(" [OK] , ");
                    }
                    else
                    {
                        HttpRequestToAnalyse.Form[sFormKey] = HttpRequestToAnalyse.Form[sFormKey].Replace("'", "");
                        listOfRulesProcessed.Add("<b>SQLInjectionDetector</b> " + htmlRed(" [FAILED: SQL INJECTION ATTACK DETECTED (and mitigated)] , "));
                        bFoundSQLInjection = true;
                        break;
                    }
                }
                if (!bFoundSQLInjection)
                {
                    break;
                }
            }
            // Handle Querystring
            while (true)
            {
                bool bFoundSQLInjection = false;
                foreach (string sQuerystringKey in HttpRequestToAnalyse.QueryString)
                {
                    string dataToAnalyse = HttpRequestToAnalyse.QueryString[sQuerystringKey];

                    if (ValidatorFunctions.RuleClass_SQLInjectionDetector(dataToAnalyse))
                    {
                        // don't show message when no attack is detected
                        // RulesProcessed += "SQLInjectionDetector" + htmlGreen(" [OK] , ");
                    }
                    else
                    {
                        //					string strCorrectedValue = HttpRequestToAnalyse.QueryString[sQuerystringKey].Replace("'","");
                        //					//strCorrectedValue = strCorrectedValue.Replace("'","");
                        //					HttpRequestToAnalyse.QueryString.Remove(sQuerystringKey);
                        //					HttpRequestToAnalyse.QueryString.Add(sQuerystringKey,strCorrectedValue);
                        HttpRequestToAnalyse.QueryString[sQuerystringKey] = HttpRequestToAnalyse.QueryString[sQuerystringKey].Replace("'", "");
                        listOfRulesProcessed.Add("<b>SQLInjectionDetector</b> " + htmlRed(" [FAILED: SQL INJECTION ATTACK DETECTED (and mitigated)] , "));
                        bFoundSQLInjection = true;
                        break;
                    }
                }
                if (!bFoundSQLInjection)
                {
                    break;
                }
            }
            return(listOfRulesProcessed);
        }

ValidatorFunctions

RuleClass_CustomValidator

RuleClass_RangeValidator

RuleClass_RegExValidator

RuleClass_RequiredFieldValidator

RuleClass_SQLInjectionDetector

RuleClass_ValidationSummary