EonaCat
/
EonaCat.Testers
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Updated

This commit is contained in:
EonaCat 2022-01-28 19:05:11 +01:00
parent 4562012db9
commit 3b3670af19
4 changed files with 64 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
SqlTester/Webtester/Pages/Index.cshtml
View File

@ -7,4 +7,8 @@
<div class="text-center"> <div class="text-center">
<h1 class="display-4">Welcome</h1> <h1 class="display-4">Welcome</h1>
<p>Learn about <a href="https://docs.microsoft.com/aspnet/core">building Web apps with ASP.NET Core</a>.</p> <p>Learn about <a href="https://docs.microsoft.com/aspnet/core">building Web apps with ASP.NET Core</a>.</p>
<form method=post>
<input type="text" width="200" name="test" id="sql1" />
</form>
</div> </div>

60
SqlTester/Webtester/Pages/Index.cshtml.cs
View File

@ -1,21 +1,76 @@
using EonaCat.Sql; using EonaCat.Sql;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.RazorPages; using Microsoft.AspNetCore.Mvc.RazorPages;
using System.Text.Json;
namespace Webtester.Pages namespace Webtester.Pages
{ {
public class IndexModel : PageModel public class IndexModel : PageModel
{ {
private readonly ILogger<IndexModel> _logger; private readonly ILogger<IndexModel> _logger;
private static bool getDone;
public IndexModel(ILogger<IndexModel> logger) public IndexModel(ILogger<IndexModel> logger)
{ {
_logger = logger; _logger = logger;
} }
public void OnGet() public void OnGet(string test)
{ {
TestsqlServer(); if (test != null)
{
TestInjection(test);
}
}
[HttpPost]
public void OnPost(string test)
{
if (!getDone)
{
Console.Clear();
Console.WriteLine("Testing for injections:");
getDone = true;
}
TestInjection(test);
}
private void TestInjection(string text)
{
var result = SqlHelper.ExecuteQuery(
new Microsoft.Data.SqlClient.SqlConnection(@"Server=localhost;Database=NorthWind;User Id=sa;Password=jeroen;TrustServerCertificate=Yes;"),
$"SELECT * FROM Customers WHERE Country = @0", true, text);
if (!result.HasResult)
{
if (result.IsExecutedToDatabase)
{
WriteAsync("[EXECUTED TO DATABASE] No valid result!");
}
else
{
WriteAsync("No valid result!");
}
}
else if (result.IsExecutedToDatabase)
{
if (result.HasRows)
{
WriteAsync("VALID: " + JsonSerializer.Serialize(result.DataSet));
}
WriteAsync($"The SQL input was '{text}'");
}
if (result.HasException)
{
WriteAsync("Exception found: " + result.Exception);
}
}
private async Task WriteAsync(string v)
{
System.IO.File.AppendAllText("test.txt", DateTime.Now.ToShortDateString() + ":" + DateTime.Now.ToShortTimeString() + ": " + v);
Console.WriteLine(v);
} }
private static async void TestsqlServer() private static async void TestsqlServer()
@ -52,7 +107,6 @@ namespace Webtester.Pages
Console.WriteLine(result.Exception); Console.WriteLine(result.Exception);
} }
} }
Console.ReadLine();
} }
} }
} }

2
SqlTester/Webtester/Program.cs
View File

@ -1,3 +1,5 @@
using Webtester.Pages;
var builder = WebApplication.CreateBuilder(args); var builder = WebApplication.CreateBuilder(args);
// Add services to the container. // Add services to the container.

2
SqlTester/Webtester/Webtester.csproj
View File

@ -12,7 +12,7 @@
<ItemGroup> <ItemGroup>
<Reference Include="EonaCat.Sql"> <Reference Include="EonaCat.Sql">
<HintPath>..\..\..\EonaCat.Sql\bin\Release\net6.0\EonaCat.Sql.dll</HintPath> <HintPath>..\..\..\EonaCat.Sql\bin\Debug\net6.0\EonaCat.Sql.dll</HintPath>
</Reference> </Reference>
</ItemGroup> </ItemGroup>