C# CODE Получение выпуска выпуска SQL от отчета об инструменте SCA Fortify SCA ⇐ C#

[Anonymous]

Эта строка кода < /p>
using (objCmd = new SqlCommand(SPname1, objConn))
< /code>
имеет помещение как инъекция SQL: < /p>
public DataSet GetTableByStoredProc(string strProcName, ArrayList alParams) //copy with using()-DataSet updated for appscan 21022025 01
{
DataSet dataSet = new DataSet();
Hashtable hstOutParameter = new Hashtable();

SqlConnection objConn = new SqlConnection();
SqlCommand objCmd = new SqlCommand();
SqlDataAdapter objDataAdapter = null;

string SPname1 = Sanitizer.GetSafeHtmlFragment(strProcName);

try
{
GetConnection(ref objConn);

using (objCmd = new SqlCommand(SPname1, objConn))
{
objCmd.CommandType = CommandType.StoredProcedure;
objCmd.CommandTimeout = 7200;

if (alParams.Capacity > 0)
{
objCmd.Parameters.AddRange(AddDBParameter(ref alParams).ToArray());
}

// objDataAdapter = new SqlDataAdapter(objCmd);
using (objDataAdapter = new SqlDataAdapter(objCmd))
{
objDataAdapter.Fill(SanitizeDataTable(dataSet));
GetDBParameterValuesSpecific(objCmd, ref alParams);
}
}

return dataSet;
}
catch (Exception ex)
{
throw ex;
}
finally
{
objConn.Dispose();
objCmd.Dispose();
}
}


Подробнее здесь: https://stackoverflow.com/questions/794 ... ool-report