diff --git a/SqlTester/Webtester/Pages/Index.cshtml b/SqlTester/Webtester/Pages/Index.cshtml index b5f0c15..2034549 100644 --- a/SqlTester/Webtester/Pages/Index.cshtml +++ b/SqlTester/Webtester/Pages/Index.cshtml @@ -7,4 +7,8 @@

Welcome

Learn about building Web apps with ASP.NET Core.

+
+ +
+
diff --git a/SqlTester/Webtester/Pages/Index.cshtml.cs b/SqlTester/Webtester/Pages/Index.cshtml.cs index 6f1662c..b483748 100644 --- a/SqlTester/Webtester/Pages/Index.cshtml.cs +++ b/SqlTester/Webtester/Pages/Index.cshtml.cs @@ -1,21 +1,76 @@ using EonaCat.Sql; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.RazorPages; +using System.Text.Json; namespace Webtester.Pages { public class IndexModel : PageModel { private readonly ILogger _logger; + private static bool getDone; public IndexModel(ILogger logger) { _logger = logger; } - public void OnGet() + public void OnGet(string test) { - TestsqlServer(); + if (test != null) + { + TestInjection(test); + } + } + + [HttpPost] + public void OnPost(string test) + { + if (!getDone) + { + Console.Clear(); + Console.WriteLine("Testing for injections:"); + getDone = true; + } + TestInjection(test); + } + + private void TestInjection(string text) + { + var result = SqlHelper.ExecuteQuery( + new Microsoft.Data.SqlClient.SqlConnection(@"Server=localhost;Database=NorthWind;User Id=sa;Password=jeroen;TrustServerCertificate=Yes;"), + $"SELECT * FROM Customers WHERE Country = @0", true, text); + + if (!result.HasResult) + { + if (result.IsExecutedToDatabase) + { + WriteAsync("[EXECUTED TO DATABASE] No valid result!"); + } + else + { + WriteAsync("No valid result!"); + } + } + else if (result.IsExecutedToDatabase) + { + if (result.HasRows) + { + WriteAsync("VALID: " + JsonSerializer.Serialize(result.DataSet)); + } + WriteAsync($"The SQL input was '{text}'"); + } + + if (result.HasException) + { + WriteAsync("Exception found: " + result.Exception); + } + } + + private async Task WriteAsync(string v) + { + System.IO.File.AppendAllText("test.txt", DateTime.Now.ToShortDateString() + ":" + DateTime.Now.ToShortTimeString() + ": " + v); + Console.WriteLine(v); } private static async void TestsqlServer() @@ -52,7 +107,6 @@ namespace Webtester.Pages Console.WriteLine(result.Exception); } } - Console.ReadLine(); } } } \ No newline at end of file diff --git a/SqlTester/Webtester/Program.cs b/SqlTester/Webtester/Program.cs index bc275e4..b7249a0 100644 --- a/SqlTester/Webtester/Program.cs +++ b/SqlTester/Webtester/Program.cs @@ -1,3 +1,5 @@ +using Webtester.Pages; + var builder = WebApplication.CreateBuilder(args); // Add services to the container. diff --git a/SqlTester/Webtester/Webtester.csproj b/SqlTester/Webtester/Webtester.csproj index 5e24477..5b59e37 100644 --- a/SqlTester/Webtester/Webtester.csproj +++ b/SqlTester/Webtester/Webtester.csproj @@ -12,7 +12,7 @@ - ..\..\..\EonaCat.Sql\bin\Release\net6.0\EonaCat.Sql.dll + ..\..\..\EonaCat.Sql\bin\Debug\net6.0\EonaCat.Sql.dll