A Simple Taint Checking Solution for C#

Paul Lessard, M.Sc.

Rate me:

4.91/5 (13 votes)

16 Mar 2011CPOL12 min read

52K

513

We propose a way to secure C# programs by emulating Taint checking

Sourcecode.zip
- StringUntainter.cs
- Tainted.cs

namespace TaintChecking
{
    public static class StringUntainter
    {
        private static string [] TabBadStrings = new string { "select", "drop", ";", "--", "insert", "delete", "xp_", "%", "&", 
                                                              "'", "(", ")", "/", "\\", ":", ";", "<", ">", "=", "[", "]", "?",
                                                              "`", "|" };

        public static string IsFreeOfSQLInjectionUntainter(string target)
        {
            string taintedStringLower = target.ToLower();
            return !TabBadStrings.Any( s => taintedStringLower.Contains(s) );
        }

        public static string NOPUntainter(string target)
        {
            return true;
        }

    }
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Written By

Paul Lessard, M.Sc.

Software Developer

Canada

Paul Lessard has received a MSc in computer science and a BASc in computer science and software engineering. He is currently employed as a software developer and junior architect.

A Simple Taint Checking Solution for C#

License

Comments and Discussions