diff --git a/Src/Asp.NetCore2/SqlSeverTest/UserTestCases/UnitTest/Main.cs b/Src/Asp.NetCore2/SqlSeverTest/UserTestCases/UnitTest/Main.cs
index 3a4b54e98..bddd51c3f 100644
--- a/Src/Asp.NetCore2/SqlSeverTest/UserTestCases/UnitTest/Main.cs
+++ b/Src/Asp.NetCore2/SqlSeverTest/UserTestCases/UnitTest/Main.cs
@@ -164,6 +164,7 @@ namespace OrmTest
Queryable();
Queryable2();
QueryableAsync();
+ SecurityParameterHandling();
//Thread();
//Thread2();
//Thread3();
diff --git a/Src/Asp.NetCore2/SqlSeverTest/UserTestCases/UnitTest/USecurityParameterHandling.cs b/Src/Asp.NetCore2/SqlSeverTest/UserTestCases/UnitTest/USecurityParameterHandling.cs
new file mode 100644
index 000000000..b8696a06b
--- /dev/null
+++ b/Src/Asp.NetCore2/SqlSeverTest/UserTestCases/UnitTest/USecurityParameterHandling.cs
@@ -0,0 +1,563 @@
+using SqlSugar;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace OrmTest
+{
+ ///
+ /// Security Parameter Handling Test Suite
+ /// Tests SQL injection prevention, parameter escaping, and special character handling
+ /// Ensures that SqlSugar properly sanitizes and parameterizes user input to prevent SQL injection attacks
+ ///
+ public partial class NewUnitTest
+ {
+ ///
+ /// Main entry point for security parameter handling tests
+ /// Executes all 4 test functions covering 20+ attack vectors
+ ///
+ public static void SecurityParameterHandling()
+ {
+ Console.WriteLine("=== Starting Security Parameter Handling Tests ===");
+
+ // Test 1: Basic SQL injection attack vectors
+ TestBasicSQLInjectionVectors();
+
+ // Test 2: Advanced SQL injection techniques
+ TestAdvancedSQLInjectionTechniques();
+
+ // Test 3: Special character escaping and handling
+ TestSpecialCharacterEscaping();
+
+ // Test 4: Parameter validation and edge cases
+ TestParameterValidationEdgeCases();
+
+ Console.WriteLine("=== All Security Parameter Handling Tests Passed ===");
+ }
+
+ ///
+ /// Test Function 1: Basic SQL Injection Attack Vectors
+ /// Tests common SQL injection patterns including:
+ /// - Single quote injection
+ /// - Comment-based injection
+ /// - UNION-based injection
+ /// - Boolean-based blind injection
+ /// - Tautology-based injection
+ ///
+ private static void TestBasicSQLInjectionVectors()
+ {
+ Console.WriteLine("\n--- Test 1: Basic SQL Injection Vectors ---");
+ var db = Db;
+
+ // Initialize test table
+ db.CodeFirst.InitTables();
+ db.DbMaintenance.TruncateTable();
+
+ // Insert test data
+ var testData = new List
+ {
+ new SecurityTestEntity { Id = 1, Username = "admin", Password = "password123", Email = "admin@test.com" },
+ new SecurityTestEntity { Id = 2, Username = "user1", Password = "pass456", Email = "user1@test.com" },
+ new SecurityTestEntity { Id = 3, Username = "user2", Password = "pass789", Email = "user2@test.com" }
+ };
+ db.Insertable(testData).ExecuteCommand();
+
+ // Attack Vector 1: Single quote injection attempt
+ // Malicious input: ' OR '1'='1
+ string maliciousUsername1 = "' OR '1'='1";
+ var result1 = db.Queryable()
+ .Where(x => x.Username == maliciousUsername1)
+ .ToList();
+ if (result1.Count != 0)
+ {
+ throw new Exception("Security Test Failed: Single quote injection not properly handled");
+ }
+ Console.WriteLine("✓ Attack Vector 1 Blocked: Single quote injection");
+
+ // Attack Vector 2: Comment-based injection
+ // Malicious input: admin'--
+ string maliciousUsername2 = "admin'--";
+ var result2 = db.Queryable()
+ .Where(x => x.Username == maliciousUsername2)
+ .ToList();
+ if (result2.Count != 0)
+ {
+ throw new Exception("Security Test Failed: Comment-based injection not properly handled");
+ }
+ Console.WriteLine("✓ Attack Vector 2 Blocked: Comment-based injection");
+
+ // Attack Vector 3: UNION-based injection
+ // Malicious input: ' UNION SELECT NULL, NULL, NULL--
+ string maliciousUsername3 = "' UNION SELECT NULL, NULL, NULL--";
+ var result3 = db.Queryable()
+ .Where(x => x.Username == maliciousUsername3)
+ .ToList();
+ if (result3.Count != 0)
+ {
+ throw new Exception("Security Test Failed: UNION-based injection not properly handled");
+ }
+ Console.WriteLine("✓ Attack Vector 3 Blocked: UNION-based injection");
+
+ // Attack Vector 4: Boolean-based blind injection
+ // Malicious input: ' OR 1=1--
+ string maliciousUsername4 = "' OR 1=1--";
+ var result4 = db.Queryable()
+ .Where(x => x.Username == maliciousUsername4)
+ .ToList();
+ if (result4.Count != 0)
+ {
+ throw new Exception("Security Test Failed: Boolean-based injection not properly handled");
+ }
+ Console.WriteLine("✓ Attack Vector 4 Blocked: Boolean-based blind injection");
+
+ // Attack Vector 5: Tautology-based injection
+ // Malicious input: admin' OR 'a'='a
+ string maliciousUsername5 = "admin' OR 'a'='a";
+ var result5 = db.Queryable()
+ .Where(x => x.Username == maliciousUsername5)
+ .ToList();
+ if (result5.Count != 0)
+ {
+ throw new Exception("Security Test Failed: Tautology-based injection not properly handled");
+ }
+ Console.WriteLine("✓ Attack Vector 5 Blocked: Tautology-based injection");
+
+ // Attack Vector 6: Stacked queries injection
+ // Malicious input: '; DROP TABLE SecurityTestEntity--
+ string maliciousUsername6 = "'; DROP TABLE SecurityTestEntity--";
+ var result6 = db.Queryable()
+ .Where(x => x.Username == maliciousUsername6)
+ .ToList();
+ if (result6.Count != 0)
+ {
+ throw new Exception("Security Test Failed: Stacked queries injection not properly handled");
+ }
+ // Verify table still exists
+ var tableExists = db.DbMaintenance.IsAnyTable("SecurityTestEntity", false);
+ if (!tableExists)
+ {
+ throw new Exception("Security Test Failed: Table was dropped by injection attack");
+ }
+ Console.WriteLine("✓ Attack Vector 6 Blocked: Stacked queries injection");
+
+ db.DbMaintenance.TruncateTable();
+ Console.WriteLine("Test 1 Completed Successfully\n");
+ }
+
+ ///
+ /// Test Function 2: Advanced SQL Injection Techniques
+ /// Tests sophisticated attack patterns including:
+ /// - Time-based blind injection
+ /// - Error-based injection
+ /// - Second-order injection
+ /// - Encoded injection attempts
+ /// - Hex encoding attacks
+ ///
+ private static void TestAdvancedSQLInjectionTechniques()
+ {
+ Console.WriteLine("\n--- Test 2: Advanced SQL Injection Techniques ---");
+ var db = Db;
+
+ db.CodeFirst.InitTables();
+ db.DbMaintenance.TruncateTable();
+
+ var testData = new List
+ {
+ new SecurityTestEntity { Id = 1, Username = "testuser", Password = "testpass", Email = "test@example.com" }
+ };
+ db.Insertable(testData).ExecuteCommand();
+
+ // Attack Vector 7: Time-based blind injection
+ // Malicious input: '; WAITFOR DELAY '00:00:05'--
+ string maliciousInput7 = "'; WAITFOR DELAY '00:00:05'--";
+ var startTime = DateTime.Now;
+ var result7 = db.Queryable()
+ .Where(x => x.Username == maliciousInput7)
+ .ToList();
+ var elapsed = (DateTime.Now - startTime).TotalSeconds;
+ if (elapsed > 3 || result7.Count != 0)
+ {
+ throw new Exception("Security Test Failed: Time-based injection not properly handled");
+ }
+ Console.WriteLine("✓ Attack Vector 7 Blocked: Time-based blind injection");
+
+ // Attack Vector 8: Error-based injection
+ // Malicious input: ' AND 1=CONVERT(int, (SELECT @@version))--
+ string maliciousInput8 = "' AND 1=CONVERT(int, (SELECT @@version))--";
+ var result8 = db.Queryable()
+ .Where(x => x.Username == maliciousInput8)
+ .ToList();
+ if (result8.Count != 0)
+ {
+ throw new Exception("Security Test Failed: Error-based injection not properly handled");
+ }
+ Console.WriteLine("✓ Attack Vector 8 Blocked: Error-based injection");
+
+ // Attack Vector 9: Second-order injection (stored malicious data)
+ // Insert malicious data and then query it
+ string maliciousData9 = "'; DELETE FROM SecurityTestEntity--";
+ db.Insertable(new SecurityTestEntity
+ {
+ Id = 2,
+ Username = maliciousData9,
+ Password = "pass",
+ Email = "mal@test.com"
+ }).ExecuteCommand();
+
+ var storedData = db.Queryable()
+ .Where(x => x.Username == maliciousData9)
+ .First();
+ if (storedData == null || storedData.Username != maliciousData9)
+ {
+ throw new Exception("Security Test Failed: Second-order injection data not stored correctly");
+ }
+ Console.WriteLine("✓ Attack Vector 9 Blocked: Second-order injection");
+
+ // Attack Vector 10: URL encoded injection
+ // Malicious input: %27%20OR%20%271%27%3D%271 (decoded: ' OR '1'='1)
+ string maliciousInput10 = "%27%20OR%20%271%27%3D%271";
+ var result10 = db.Queryable()
+ .Where(x => x.Username == maliciousInput10)
+ .ToList();
+ if (result10.Count != 0)
+ {
+ throw new Exception("Security Test Failed: URL encoded injection not properly handled");
+ }
+ Console.WriteLine("✓ Attack Vector 10 Blocked: URL encoded injection");
+
+ // Attack Vector 11: Hex encoding attack
+ // Malicious input: 0x27204F52202731273D2731 (hex for ' OR '1'='1)
+ string maliciousInput11 = "0x27204F52202731273D2731";
+ var result11 = db.Queryable()
+ .Where(x => x.Username == maliciousInput11)
+ .ToList();
+ if (result11.Count != 0)
+ {
+ throw new Exception("Security Test Failed: Hex encoding attack not properly handled");
+ }
+ Console.WriteLine("✓ Attack Vector 11 Blocked: Hex encoding attack");
+
+ // Attack Vector 12: Batch query injection
+ // Malicious input: '; SELECT * FROM SecurityTestEntity; --
+ string maliciousInput12 = "'; SELECT * FROM SecurityTestEntity; --";
+ var result12 = db.Queryable()
+ .Where(x => x.Username == maliciousInput12)
+ .ToList();
+ if (result12.Count != 0)
+ {
+ throw new Exception("Security Test Failed: Batch query injection not properly handled");
+ }
+ Console.WriteLine("✓ Attack Vector 12 Blocked: Batch query injection");
+
+ db.DbMaintenance.TruncateTable();
+ Console.WriteLine("Test 2 Completed Successfully\n");
+ }
+
+ ///
+ /// Test Function 3: Special Character Escaping and Handling
+ /// Tests proper handling of special characters including:
+ /// - Quotes (single and double)
+ /// - Backslashes
+ /// - Null bytes
+ /// - Unicode characters
+ /// - Control characters
+ /// - Wildcards
+ ///
+ private static void TestSpecialCharacterEscaping()
+ {
+ Console.WriteLine("\n--- Test 3: Special Character Escaping ---");
+ var db = Db;
+
+ db.CodeFirst.InitTables();
+ db.DbMaintenance.TruncateTable();
+
+ // Attack Vector 13: Multiple single quotes
+ string specialChar13 = "test''user''name";
+ db.Insertable(new SecurityTestEntity
+ {
+ Id = 1,
+ Username = specialChar13,
+ Password = "pass",
+ Email = "test@test.com"
+ }).ExecuteCommand();
+ var result13 = db.Queryable()
+ .Where(x => x.Username == specialChar13)
+ .First();
+ if (result13 == null || result13.Username != specialChar13)
+ {
+ throw new Exception("Security Test Failed: Multiple single quotes not handled correctly");
+ }
+ Console.WriteLine("✓ Attack Vector 13 Handled: Multiple single quotes");
+
+ // Attack Vector 14: Backslashes
+ string specialChar14 = "test\\user\\name";
+ db.Insertable(new SecurityTestEntity
+ {
+ Id = 2,
+ Username = specialChar14,
+ Password = "pass",
+ Email = "test@test.com"
+ }).ExecuteCommand();
+ var result14 = db.Queryable()
+ .Where(x => x.Username == specialChar14)
+ .First();
+ if (result14 == null || result14.Username != specialChar14)
+ {
+ throw new Exception("Security Test Failed: Backslashes not handled correctly");
+ }
+ Console.WriteLine("✓ Attack Vector 14 Handled: Backslashes");
+
+ // Attack Vector 15: Double quotes
+ string specialChar15 = "test\"user\"name";
+ db.Insertable(new SecurityTestEntity
+ {
+ Id = 3,
+ Username = specialChar15,
+ Password = "pass",
+ Email = "test@test.com"
+ }).ExecuteCommand();
+ var result15 = db.Queryable()
+ .Where(x => x.Username == specialChar15)
+ .First();
+ if (result15 == null || result15.Username != specialChar15)
+ {
+ throw new Exception("Security Test Failed: Double quotes not handled correctly");
+ }
+ Console.WriteLine("✓ Attack Vector 15 Handled: Double quotes");
+
+ // Attack Vector 16: Percent sign (LIKE wildcard)
+ string specialChar16 = "test%user%name";
+ db.Insertable(new SecurityTestEntity
+ {
+ Id = 4,
+ Username = specialChar16,
+ Password = "pass",
+ Email = "test@test.com"
+ }).ExecuteCommand();
+ var result16 = db.Queryable()
+ .Where(x => x.Username == specialChar16)
+ .First();
+ if (result16 == null || result16.Username != specialChar16)
+ {
+ throw new Exception("Security Test Failed: Percent signs not handled correctly");
+ }
+ Console.WriteLine("✓ Attack Vector 16 Handled: Percent signs (wildcards)");
+
+ // Attack Vector 17: Underscore (LIKE wildcard)
+ string specialChar17 = "test_user_name";
+ db.Insertable(new SecurityTestEntity
+ {
+ Id = 5,
+ Username = specialChar17,
+ Password = "pass",
+ Email = "test@test.com"
+ }).ExecuteCommand();
+ var result17 = db.Queryable()
+ .Where(x => x.Username == specialChar17)
+ .First();
+ if (result17 == null || result17.Username != specialChar17)
+ {
+ throw new Exception("Security Test Failed: Underscores not handled correctly");
+ }
+ Console.WriteLine("✓ Attack Vector 17 Handled: Underscores (wildcards)");
+
+ // Attack Vector 18: Unicode characters
+ string specialChar18 = "测试用户名";
+ db.Insertable(new SecurityTestEntity
+ {
+ Id = 6,
+ Username = specialChar18,
+ Password = "pass",
+ Email = "test@test.com"
+ }).ExecuteCommand();
+ var result18 = db.Queryable()
+ .Where(x => x.Username == specialChar18)
+ .First();
+ if (result18 == null || result18.Username != specialChar18)
+ {
+ throw new Exception("Security Test Failed: Unicode characters not handled correctly");
+ }
+ Console.WriteLine("✓ Attack Vector 18 Handled: Unicode characters");
+
+ // Attack Vector 19: Semicolons
+ string specialChar19 = "test;user;name";
+ db.Insertable(new SecurityTestEntity
+ {
+ Id = 7,
+ Username = specialChar19,
+ Password = "pass",
+ Email = "test@test.com"
+ }).ExecuteCommand();
+ var result19 = db.Queryable()
+ .Where(x => x.Username == specialChar19)
+ .First();
+ if (result19 == null || result19.Username != specialChar19)
+ {
+ throw new Exception("Security Test Failed: Semicolons not handled correctly");
+ }
+ Console.WriteLine("✓ Attack Vector 19 Handled: Semicolons");
+
+ db.DbMaintenance.TruncateTable();
+ Console.WriteLine("Test 3 Completed Successfully\n");
+ }
+
+ ///
+ /// Test Function 4: Parameter Validation and Edge Cases
+ /// Tests edge cases and boundary conditions including:
+ /// - Null values
+ /// - Empty strings
+ /// - Very long strings
+ /// - Mixed attack vectors
+ /// - Case sensitivity
+ ///
+ private static void TestParameterValidationEdgeCases()
+ {
+ Console.WriteLine("\n--- Test 4: Parameter Validation Edge Cases ---");
+ var db = Db;
+
+ db.CodeFirst.InitTables();
+ db.DbMaintenance.TruncateTable();
+
+ // Attack Vector 20: Empty string
+ string emptyString = "";
+ db.Insertable(new SecurityTestEntity
+ {
+ Id = 1,
+ Username = emptyString,
+ Password = "pass",
+ Email = "test@test.com"
+ }).ExecuteCommand();
+ var result20 = db.Queryable()
+ .Where(x => x.Username == emptyString)
+ .First();
+ if (result20 == null || result20.Username != emptyString)
+ {
+ throw new Exception("Security Test Failed: Empty string not handled correctly");
+ }
+ Console.WriteLine("✓ Attack Vector 20 Handled: Empty string");
+
+ // Attack Vector 21: Very long string with injection attempt
+ string longString = new string('a', 1000) + "' OR '1'='1";
+ db.Insertable(new SecurityTestEntity
+ {
+ Id = 2,
+ Username = longString,
+ Password = "pass",
+ Email = "test@test.com"
+ }).ExecuteCommand();
+ var result21 = db.Queryable()
+ .Where(x => x.Username == longString)
+ .First();
+ if (result21 == null || result21.Username != longString)
+ {
+ throw new Exception("Security Test Failed: Very long string not handled correctly");
+ }
+ Console.WriteLine("✓ Attack Vector 21 Handled: Very long string with injection");
+
+ // Attack Vector 22: Mixed case SQL keywords
+ string mixedCase = "' Or '1'='1";
+ var result22 = db.Queryable()
+ .Where(x => x.Username == mixedCase)
+ .ToList();
+ if (result22.Count != 0)
+ {
+ throw new Exception("Security Test Failed: Mixed case SQL keywords not handled correctly");
+ }
+ Console.WriteLine("✓ Attack Vector 22 Blocked: Mixed case SQL keywords");
+
+ // Attack Vector 23: Multiple attack vectors combined
+ string combined = "'; DROP TABLE SecurityTestEntity; SELECT * FROM SecurityTestEntity WHERE '1'='1";
+ var result23 = db.Queryable()
+ .Where(x => x.Username == combined)
+ .ToList();
+ if (result23.Count != 0)
+ {
+ throw new Exception("Security Test Failed: Combined attack vectors not handled correctly");
+ }
+ var tableStillExists = db.DbMaintenance.IsAnyTable("SecurityTestEntity", false);
+ if (!tableStillExists)
+ {
+ throw new Exception("Security Test Failed: Table was affected by combined attack");
+ }
+ Console.WriteLine("✓ Attack Vector 23 Blocked: Multiple combined attack vectors");
+
+ // Attack Vector 24: Whitespace variations
+ string whitespace = " ' OR '1'='1 ";
+ var result24 = db.Queryable()
+ .Where(x => x.Username == whitespace)
+ .ToList();
+ if (result24.Count != 0)
+ {
+ throw new Exception("Security Test Failed: Whitespace variations not handled correctly");
+ }
+ Console.WriteLine("✓ Attack Vector 24 Blocked: Whitespace variations");
+
+ // Attack Vector 25: Line breaks and tabs
+ string lineBreaks = "test\r\n\t' OR '1'='1";
+ db.Insertable(new SecurityTestEntity
+ {
+ Id = 3,
+ Username = lineBreaks,
+ Password = "pass",
+ Email = "test@test.com"
+ }).ExecuteCommand();
+ var result25 = db.Queryable()
+ .Where(x => x.Username == lineBreaks)
+ .First();
+ if (result25 == null || result25.Username != lineBreaks)
+ {
+ throw new Exception("Security Test Failed: Line breaks and tabs not handled correctly");
+ }
+ Console.WriteLine("✓ Attack Vector 25 Handled: Line breaks and tabs");
+
+ // Attack Vector 26: Parameter with LIKE pattern injection
+ string likePattern = "%' OR '1'='1' OR username LIKE '%";
+ var result26 = db.Queryable()
+ .Where(x => x.Username.Contains(likePattern))
+ .ToList();
+ // Should not return all records
+ if (result26.Count > 1)
+ {
+ throw new Exception("Security Test Failed: LIKE pattern injection not handled correctly");
+ }
+ Console.WriteLine("✓ Attack Vector 26 Blocked: LIKE pattern injection");
+
+ db.DbMaintenance.TruncateTable();
+ Console.WriteLine("Test 4 Completed Successfully\n");
+ }
+
+ ///
+ /// Test entity class for security testing
+ /// Represents a typical user table with common fields that are often targeted in SQL injection attacks
+ ///
+ [SugarTable("SecurityTestEntity")]
+ public class SecurityTestEntity
+ {
+ ///
+ /// Primary key identifier
+ ///
+ [SugarColumn(IsPrimaryKey = true)]
+ public int Id { get; set; }
+
+ ///
+ /// Username field - commonly targeted for SQL injection
+ ///
+ [SugarColumn(Length = 2000)]
+ public string Username { get; set; }
+
+ ///
+ /// Password field - sensitive data that must be protected
+ ///
+ [SugarColumn(Length = 200)]
+ public string Password { get; set; }
+
+ ///
+ /// Email field - another common injection target
+ ///
+ [SugarColumn(Length = 200)]
+ public string Email { get; set; }
+ }
+ }
+}