Lia Lucindia
Reputation: 1
C# Additional String Validation For .text
I'm trying to figure out on the proper way for the additional string validation. I have an SQL query below which is compiled on c#, detected by Checkmarkx application that the Row.Cells[2].Text is not properly sanitized/validated.
string qry =
"SELECT * from table_name " +
"WHERE column_name = @variable" +
var cmd = new SqlCommand(qry, con);
cmd.CommandTimeout = 500;
cmd.CommandType = CommandType.Text;
if (!Regex.IsMatch(Row.Cells[2].Text, @"\w{1-35}"))
throw new ArgumentException("Invalid string");
string name = Row.Cells[2].Text; // here is the line at which Cherkmarx detected as un-sanitized/un-validated.
cmd.Parameters.AddWithValue("@variable", name);
cmd.ExecuteNonQuery();
Due to this detection, I have added the Regex.IsMatch functionalities but somehow it is still detected as un-validated. Is there any other way that I can actually sanitized/validated the variable Row.Cells[2].Text through C# so that checkmarx does not detect this as an issue? What am I doing wrong here?
Upvotes: 0
Views: 104
Answers (0)
Related Questions
- How do I remedy "The breakpoint will not currently be hit. No symbols have been loaded for this document." warning?
- What are the correct version numbers for C#?
- What is the difference between String and string in C#?
- Case insensitive 'Contains(string)'
- Filename too long in Git for Windows
- How do I encode and decode a base64 string?
- How do you convert a byte array to a hexadecimal string, and vice versa?
- Multiline string literal in C#
- C# SQL Columns into ComboBox