Utility.cs in DataAccessLayer, SqlInjection --> DetectSqlInjection(string whereClause) returns always true

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?
1. Run DetectSqlInjection with any whereClause
2.
3.

What is the expected output? What do you see instead?
True or False

What version of .netTiers and CodeSmith are you using?
Latest version

Please provide any additional information below.
Remove last "|" from regSystemThreats

Replace

private static readonly System.Text.RegularExpressions.Regex 
regSystemThreats =  new System.Text.RegularExpressions.Regex(@"\s?;\s?|\s?
drop\s|\s?grant\s|^'|\s?--|\s?union\s|\s?delete\s|\s?truncate\s|\s?
sysobjects\s?|\s?xp_.*?|\s?syslogins\s?|\s?sysremote\s?|\s?sysusers\s?|\s?
sysxlogins\s?|\s?sysdatabases\s?|\s?aspnet_.*?|\s?exec\s?|", 
System.Text.RegularExpressions.RegexOptions.Compiled | 
System.Text.RegularExpressions.RegexOptions.IgnoreCase); 

With

private static readonly System.Text.RegularExpressions.Regex 
regSystemThreats =  new System.Text.RegularExpressions.Regex(@"\s?;\s?|\s?
drop\s|\s?grant\s|^'|\s?--|\s?union\s|\s?delete\s|\s?truncate\s|\s?
sysobjects\s?|\s?xp_.*?|\s?syslogins\s?|\s?sysremote\s?|\s?sysusers\s?|\s?
sysxlogins\s?|\s?sysdatabases\s?|\s?aspnet_.*?|\s?exec\s?", 
System.Text.RegularExpressions.RegexOptions.Compiled | 
System.Text.RegularExpressions.RegexOptions.IgnoreCase);

Original issue reported on code.google.com by fred.the...@gmail.com on 13 Aug 2008 at 6:52

GoogleCodeExporter commented 9 years ago

Original comment by jmhin...@gmail.com on 6 Oct 2008 at 1:56

Changed state: Accepted

GoogleCodeExporter commented 9 years ago

Original comment by jmhin...@gmail.com on 6 Oct 2008 at 6:17

Changed state: Started

GoogleCodeExporter commented 9 years ago

Fixed in rev v2.3.0.764

Original comment by jmhin...@gmail.com on 7 Oct 2008 at 3:58

Changed state: Fixed

netTiers / netTiers

Utility.cs in DataAccessLayer, SqlInjection --> DetectSqlInjection(string whereClause) returns always true #89