Help to find Reg-ex usage errors.

Question

Hello, I want to cach input, which seems to be like SQL injection. I know now, that Reg-ex usage for finding SQL-injections is not a best way, but i simply need to do some researcha about it and I'm asking for help to fix some errors. So I wrote the method:

public static bool IsInjection(string inputText)
{


    bool isInj = false;


    string regexForTypicalInj = @"/\w*((\%27)|(\'))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ix";
    Regex reT = new Regex(regexForTypicalInj);
    if (reT.IsMatch(inputText))
        isInj = true;


    string regexForUnion = @"/((\%27)|(\'))union/ix";
    Regex reUn = new Regex(regexForUnion);
    if (reUn.IsMatch(inputText))
        isInj = true;



    string regexForSelect = @"/((\%27)|(\'))select/ix";
    Regex reS = new Regex(regexForSelect);
    if (reS.IsMatch(inputText))
        isInj = true;

    string regexForInsert = @"/((\%27)|(\'))insert/ix";
    Regex reI = new Regex(regexForInsert);
    if (reI.IsMatch(inputText))
        isInj = true;

    string regexForUpdate = @"/((\%27)|(\'))update/ix";
    Regex reU = new Regex(regexForUpdate);
    if (reU.IsMatch(inputText))
        isInj = true;

    string regexForDelete = @"/((\%27)|(\'))delete/ix";
    Regex reDel = new Regex(regexForDelete);
    if (reDel.IsMatch(inputText))
        isInj = true;

    string regexForDrop = @"/((\%27)|(\'))drop/ix";
    Regex reDr = new Regex(regexForDrop);
    if (reDr.IsMatch(inputText))
        isInj = true;

    string regexForAlter = @"/((\%27)|(\'))alter/ix";
    Regex reA = new Regex(regexForAlter);
    if (reA.IsMatch(inputText))
        isInj = true;

    string regexForCreate = @"/((\%27)|(\'))create/ix";
    Regex reC = new Regex(regexForCreate);
    if (reC.IsMatch(inputText))
        isInj = true;

    return isInj;

}

"inputText" - here comes tring type text from some textBoxes. But seems I have done some mistakes, becouse my code do not detects simple sql- injections. What i do wrong? I guess theres something wrong in defining Regex expressions or something with comparing two values. Please help me just to fix some of these Reg-ex'es to get work. Thanks

Answer 1

I am not sure what you were trying to match that wasn't working but here are a few suggestions for your queries.

Your first expression,

string regexForTypicalInj = @"/\w*((\%27)|(\'))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ix";

seems to be intended to catch a single quote followed by "or". I would make sure to handle the case when there is space after the single quote and before the "or". Also, you shouldn't need to escape the % or ' characters. With those changes it becomes,

string regexForTypicalInj = @"/\w*((%27)|')\s*(o|(%6F)|(%4F))(r|(%72)|(%52))/ix";

The rest of the expressions, I would add the space allowance and also include the url-encoded characters as well. Doing that they become,

string regexForUnion = @"/((%27)|')\s*(u|%75|%55)(n|%6E|%4E)(i|%69|%49)(o|%6F|%4F)(n|%6E|%4E)/ix";
string regexForSelect = @"/((%27)|')\s*(s|%73|%53)(e|%65|%45)(l|%6C|%4C)(e|%65|%45)(c|%63|%43)(t|%74|%54)/ix";
string regexForInsert = @"/((%27)|')\s*(i|%69|%49)(n|%6E|%4E)(s|%73|%53)(e|%65|%45)(r|%72|%52)(t|%74|%54)/ix";
string regexForUpdate = @"/((%27)|')\s*(u|%75|%55)(p|%70|%50)(d|%64|%44)(a|%61|%41)(t|%74|%54)(e|%65|%45)/ix";
string regexForDelete = @"/((%27)|')\s*(d|%64|%44)(e|%65|%45)(l|%6C|%4C)(e|%65|%45)(t|%74|%54)(e|%65|%45)/ix";
string regexForDrop = @"/((%27)|')\s*(d|%64|%44)(r|%72|%52)(o|%6F|%4F)(p|%70|%50)/ix";
string regexForAlter = @"/((%27)|')\s*(a|%61|%41)(l|%6C|%4C)(t|%74|%54)(e|%65|%45)(r|%72|%52)/ix";
string regexForCreate = @"/((%27)|')\s*(c|%63|%43)(r|%72|%52)(e|%65|%45)(a|%61|%41)(t|%74|%54)(e|%65|%45)/ix";

One other suggestion for the code in general: For each if statement I would suggest replacing isInj = true; with return true; so that you don't waste time doing unnecessary comparisons. In reality it probably won't make any performance difference but it could if you were calling that function really often.