Skip to content
Permalink
Browse files Browse the repository at this point in the history
Validate order by to prevent SQL injection
  • Loading branch information
dobos committed Feb 15, 2015
1 parent 27f488b commit 16f0390
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 1 deletion.
9 changes: 9 additions & 0 deletions src/Complex.Domino.Lib/Lib/EntityFactory.cs
Expand Up @@ -2,6 +2,7 @@
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Text.RegularExpressions;
using System.Threading.Tasks;
using System.Data;
using System.Data.SqlClient;
Expand All @@ -11,6 +12,8 @@ namespace Complex.Domino.Lib
public abstract class EntityFactory<T> : ContextObject
where T : IDatabaseTableObject, new()
{
private static readonly Regex OrderByRegex = new Regex(@"[a-z]+\s*(asc|desc){0,1}", RegexOptions.IgnoreCase | RegexOptions.Compiled);

private string name;
private bool? readOnly;
private bool? hidden;
Expand Down Expand Up @@ -70,6 +73,12 @@ public IEnumerable<T> Find()

public IEnumerable<T> Find(int max, int from, string orderBy)
{
// Prevent any injection attacks
if (!OrderByRegex.Match(orderBy).Success)
{
Error.AccessDenied();
}

using (var cmd = Context.CreateCommand())
{
string sql = @"
Expand Down
2 changes: 1 addition & 1 deletion src/Complex.Domino.Web/PageBase.cs
Expand Up @@ -97,7 +97,7 @@ protected override void OnLoad(EventArgs e)

if (!bypassAuthentication)
{
// If the user hold a valid cookie but the session is new
// If the user holds a valid cookie but the session is new
// we need to look up user details from the database
if (this.User.Identity.IsAuthenticated && Session[Constants.SessionUser] == null)
{
Expand Down

0 comments on commit 16f0390

Please sign in to comment.