Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Visual Studio 2019 Tricks and Techniques

You're reading from   Visual Studio 2019 Tricks and Techniques A developer's guide to writing better code and maximizing productivity

Arrow left icon
Product type Paperback
Published in Jan 2021
Publisher Packt
ISBN-13 9781800203525
Length 386 pages
Edition 1st Edition
Languages
Arrow right icon
Authors (2):
Arrow left icon
Aaron Cure Aaron Cure
Author Profile Icon Aaron Cure
Aaron Cure
Paul Schroeder Paul Schroeder
Author Profile Icon Paul Schroeder
Paul Schroeder
Arrow right icon
View More author details
Toc

Table of Contents (21) Chapters Close

Preface 1. Section 1: Visual Studio IDE Productivity Essentials
2. Chapter 1: Flavors of Visual Studio FREE CHAPTER 3. Chapter 2: Keyboard Shortcuts 4. Chapter 3: IDE Tips and Tricks 5. Chapter 4: Working with a Repository 6. Chapter 5: Working with Snippets 7. Chapter 6: Database Explorers 8. Chapter 7: Compiling, Debugging, and Versioning 9. Section 2: Customizing Project Templates and Beyond
10. Chapter 8: Introduction to Project and Item Templates 11. Chapter 9: Creating Your Own Templates 12. Chapter 10: Deploying Custom Templates 13. Section 3: Leveraging Extensions for the Win
14. Chapter 11: Overviewing Visual Studio 2019 Extensions 15. Chapter 12: Overviewing VS Code Extensions 16. Chapter 13: CodeMaid is Your Friend 17. Chapter 14: Be Your Team's Hero with CodeGenHero 18. Chapter 15: Secure Code with Puma Scan 19. Other Books You May Enjoy Appendix

Extending Puma Scan with custom sinks

Puma Scan traces data as it flows through the code, from its source (the origin of the data in the system, for example, an HTTP request) to the sink (the output or endpoint for the data, such as to an HTTP response or a database).

Let's modify our code to use a custom extension method, and then add a sink to the SQL injection rule so Puma Scan knows about it:

  1. Open the Controllers/WritingInstrumentController.cs file and comment out the line with FromSqlRaw in it. Also, uncomment the FromSqlWriting method. This method is a simple extension method that just calls FromSqlWriting. When you are done it should look like this:
    //var instrument = await context.Crayons.
        FromSqlRaw("SELECT * FROM Crayons WHERE HTMLColor 
        = '" + Color + "'").FirstOrDefaultAsync();
    var instrument = await context.Crayons.
        FromSqlWriting("SELECT * FROM Crayons...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at £16.99/month. Cancel anytime