When adding vulnerability to list, existing gridview selections get wiped out

Question

User-718146471 posted

Hey guys, I am using a little AJAX modal dialog work here and here is what I am finding strange. I enter the data for the new vulnerability and that's all fine and dandy. When I click the Add button (plus sign) it inserts it fine, however any previous choices I had get lost. What I am trying to do is add the new vulnerability, allow myself to keep adding more, and then when I hit the close link, display the new ones and keep my selections. Here is my code, anyone offering any kind of help would be appreciated!  Thanks again all!

--------------------------------------------------------------------------------------

Edit: I suspect I may not be calling out to the view state that maintains the gridview selections but I am not sure where in the code that would come from. It is definitely on the code side of things that is causing the problem.

Answer 1

User-271186128 posted

Hi bbcompent1,

According to your description, I have carefully analyzed your code in NewRequest.aspx.cs. Problems may arises in “btnInsertVuln” click event.

In the “btnInsertVuln” click event, you will insert the new records into the database and use the GetVulnerabilities() method to re-query the database and get all of the vulnerabilities. However, when you use the GetVulnerabilities() method, the data stored in viewstate is initialized, the value of “type” is  set to “0”. So, when you call BindGrid() method to bind gridview, the selected item in “ddlType” DropDownList  is "--SELECT--". Perhaps, you may have done some operations before click insert button. However, after you click the insert button, the value before you set is covered by initial value.

If you want to maintain the value you set, you could try to remove the flowing code from “btnInsertVuln” event.

Vulnerabilities = GetVulnerabilities();

However, after that, what we should pay special attention is that when we click insert button to  insert data to database, the new data is not shown in gridview(Because the Gridview datasource is ViewState(Vulnerabilities)), So, it is necessary for you to insert the new records into the ViewState(Vulnerabilities), then call the databind method to rebind the GridView.

Hope this can help you. If you have any question and confusion about the problem. Please don't hesitate to let me know  .

Best regards,
Dillion

Answer 2

User-718146471 posted

Dillon et al, I have narrowed it down to one piece of code that is giving me fits. The error I get on the page is "Sequence contains no elements". Please help me sort this out.

Error page:

Server Error in '/' Application.

Sequence contains no elements 
Description: An unhandled exception occurred during the execution of the current web request. Please 
review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.InvalidOperationException: Sequence contains no elements

Source Error: 

Line 182:            List<VulnerabilityToSystem> repo = Vulnerabilities;
Line 183:            VulnerabilityToSystem dup = new VulnerabilityToSystem();
Line 184:            dup = (VulnerabilityToSystem)(from d in repo
Line 185:                                          where d.TempId == gid
Line 186:                                          select d).First();
  
Source File:  C:\Web Projects\Code\NewRequest.aspx.cs    Line:  184 

Stack Trace: 

[InvalidOperationException: Sequence contains no elements]
   System.Linq.Enumerable.First(IEnumerable`1 source) +415
   AuditSystem.GridViewDemo.AddNewRecordById(Int32 id, String VulnName, String VulnRef) in 
C:\Web Projects\Code\NewRequest.aspx.cs:184
   AuditSystem.GridViewDemo.addVuln_Command(Object sender, CommandEventArgs e) in 
C:\Web Projects\Code\NewRequest.aspx.cs:126
   System.Web.UI.WebControls.LinkButton.OnCommand(CommandEventArgs e) +140
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, 
   Boolean includeStagesAfterAsyncPoint) +6016

  


Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.6.1055.0 

Code behind class:

        private void AddNewRecordById(int id, string VulnName, string VulnRef)
        {
            Guid gid = Guid.NewGuid();
            List<VulnerabilityToSystem> repo = Vulnerabilities;
            VulnerabilityToSystem dup = new VulnerabilityToSystem();
            dup = (VulnerabilityToSystem)(from d in repo
                                          where d.TempId == gid
                                          select d).First();
            dup.VulnerabilityId = id;
            dup.Vuln_Name = VulnName.ToString();
            dup.Vuln_Reference = VulnRef.ToString();

            repo.Insert(id, dup);
            Vulnerabilities = repo;
        }

Answer 3

User-271186128 posted

Hi bbcompent1,

I suggest you could use the Count method to check the LINQ query result contains value before using the First() method.

int count = (from d in repo where d.TempId == gid select d).Count()

I suppose the issue is related to the Guid. It is new.

Besides, I suggest you could try to use FirstOrDefault() method, instead of First(). Because, if the query result is nothing, it will return a default value or null.

Best regards,
Dillion

Answer 4

User-718146471 posted

Ok, I tried the modified code and it gave me this error:

Object reference not set to an instance of an object. 
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace 
for more information about the error and where it originated in the code. 

Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

Source Error: 

Line 150:            dup = (VulnerabilityToSystem)(from d in repo
Line 151:                                          where d.TempId == gid
Line 152:                                          select d).FirstOrDefault();
Line 153:            dup.VulnerabilityId = id+1;
Line 154:            dup.Vuln_Name = VulnName.ToString();
 

What do you recommend next?

Answer 5

User475983607 posted

Edit: I suspect I may not be calling out to the view state that maintains the gridview selections but I am not sure where in the code that would come from. It is definitely on the code side of things that is causing the problem.

ViewState is an ASP page life cycle process.  JQuery AJAX does not affect ViewState since the AJAX request does not invoke the page life cycle.  An Update Panel is a better choice as it does invoke the page life cycle.

Other than that it could be a syncing issue between the DB and ViewState.

I believe I originally set you up with the ViewState logic because I needed a way to simulate a DB.  I guess ViewState became part of the solution.  I would switch from ViewState to the DB.  IIRC, that should be fairly painless however you might have to rethink the processing.

Answer 6

User-718146471 posted

Ok, because I think we went with the mock & view state because of the needing to add duplicate items in the event I have a vulnerability that is suspicious and exploitable. Is there some way I can inject the new record into the mock and call back the View State items? I suppose I could try it, though I am certain you understand my concerns.

Answer 7

User-718146471 posted

I believe I originally set you up with the ViewState logic because I needed a way to simulate a DB.  I guess ViewState became part of the solution.  I would switch from ViewState to the DB.  IIRC, that should be fairly painless however you might have to rethink the processing.

The ViewState became part of the solution because as you may recall I had to find a way to make it so I could duplicate a row in the event we had a vulnerability that was found in two separate folders, for example SQL Injection. In some cases, this injection is exploitable, in others suspicious. In cases where we have both in one application, we needed to have a way to put both on the same form in separate rows due to the fact there would most likely be different number of occurrences. I figured injecting the new row into the mock and call back the viewstate would be the most simplified way to do this without having to reinvent the wheel. What are your thoughts?

Answer 8

User-718146471 posted

Hey all, no worries! I figured it out after fighting with it for a while. Here is the code in case someone else needs help.

        protected void addVuln_Command (object sender, CommandEventArgs e)
        {
            int id = 0;
            TextBox VulnName = ((TextBox)dvAddVuln.FindControl("TextBox1"));
            TextBox VulnSummary = ((TextBox)dvAddVuln.FindControl("TextBox2"));
            TextBox VulnDetails = ((TextBox)dvAddVuln.FindControl("TextBox3"));
            TextBox VulnRef = ((TextBox)dvAddVuln.FindControl("TextBox4"));
            TextBox VulnNotes = ((TextBox)dvAddVuln.FindControl("TextBox5"));
            if (!string.IsNullOrEmpty(e.CommandArgument.ToString()))
            {
                if (int.TryParse(e.CommandArgument.ToString(), out id))
                {
                    AddNewRecordById(id, VulnName.Text.ToString(), VulnRef.Text.ToString(), 0);
                    InsertVulnToDB(VulnName.Text.ToString(), VulnSummary.Text.ToString(), VulnDetails.Text.ToString(),VulnRef.Text.ToString(), VulnNotes.Text.ToString());
                    BindGrid();
                }
            }
        }

        private void InsertVulnToDB(string VulnName, string VulnSumm, string VulnDetails, string VulnRef, string VulnNotes)
        {
            SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnStr"].ConnectionString);
            string MyCommand = "insert into Vulnerabilities (Vuln_Name, Vuln_Short_Descr, Vuln_Long_Descr, Vuln_Reference, Vuln_Notes) values (@VulnName, @VulnSumm, @VulnDetails, @VulnRef, @VulnNotes)";
            SqlCommand cmd = new SqlCommand(MyCommand, conn);

            conn.Open();
            //cmd.Parameters.Add("@blah",SqlDbType.VarChar,-1).Value = "some large text";
            cmd.Parameters.Add("@VulnName", SqlDbType.VarChar, -1).Value = VulnName.ToString();
            cmd.Parameters.Add("@VulnSumm", SqlDbType.VarChar, -1).Value = VulnSumm.ToString();
            cmd.Parameters.Add("@VulnDetails", SqlDbType.VarChar, -1).Value = VulnDetails.ToString();
            cmd.Parameters.Add("@VulnRef", SqlDbType.VarChar, -1).Value = VulnRef.ToString();
            cmd.Parameters.Add("@VulnNotes", SqlDbType.VarChar, -1).Value = VulnNotes.ToString();
            cmd.ExecuteNonQuery();
        }

        protected void AddNewRecordById(int id, string VulnName, string VulnRef, int ddlType)
        {
            // suspicious and exploitable
            List<VulnerabilityToSystem> repo = Vulnerabilities;
            VulnerabilityToSystem Ins = new VulnerabilityToSystem();
            Ins = (VulnerabilityToSystem)(new VulnerabilityToSystem()
                                          {
                                              cbVulnName = false,
                                              VulnerabilityToSystemId = -1,
                                              VulnerabilityId = -1,
                                              TempId = Guid.NewGuid(),
                                              Vuln_Name = VulnName,
                                              Vuln_Reference = VulnRef,
                                              type = ddlType.ToString()
                                          });
            repo.Add(Ins);
            Vulnerabilities = repo;

        }