github
diff --git a/‎csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll
Lines changed: 1 addition & 1 deletion b/‎csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll
Lines changed: 1 addition & 1 deletion
diff --git a/‎csharp/ql/lib/semmle/code/csharp/frameworks/Sql.qll
Lines changed: 33 additions & 4 deletions b/‎csharp/ql/lib/semmle/code/csharp/frameworks/Sql.qll
Lines changed: 33 additions & 4 deletions
diff --git a/‎csharp/ql/lib/semmle/code/csharp/frameworks/system/IO.qll
Lines changed: 30 additions & 0 deletions b/‎csharp/ql/lib/semmle/code/csharp/frameworks/system/IO.qll
Lines changed: 30 additions & 0 deletions
diff --git a/‎csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Stored.qll
Lines changed: 6 additions & 0 deletions b/‎csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Stored.qll
Lines changed: 6 additions & 0 deletions
diff --git a/‎csharp/ql/src/change-notes/2022-08-10-sqlinjection-queries.md
Lines changed: 5 additions & 0 deletions b/‎csharp/ql/src/change-notes/2022-08-10-sqlinjection-queries.md
Lines changed: 5 additions & 0 deletions
diff --git a/‎csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
Lines changed: 19 additions & 2 deletions b/‎csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
Lines changed: 19 additions & 2 deletions
diff --git a/‎csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected
Lines changed: 19 additions & 2 deletions b/‎csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected
Lines changed: 19 additions & 2 deletions
diff --git a/‎csharp/ql/test/query-tests/Security Features/CWE-089/SecondOrderSqlInjection.cs
Lines changed: 28 additions & 1 deletion b/‎csharp/ql/test/query-tests/Security Features/CWE-089/SecondOrderSqlInjection.cs
Lines changed: 28 additions & 1 deletion
@@ -383,7 +383,7 @@ module CsvValidation {
     or
     exists(string row, string kind | sourceModel(row) |
       kind = row.splitAt(";", 7) and
-      not kind = "local" and
+      not kind = ["local", "file"] and
       msg = "Invalid kind \"" + kind + "\" in source model."
     )
   }
 
@@ -39,7 +39,8 @@ class IDbCommandConstructionSqlExpr extends SqlExpr, ObjectCreation {
           .hasQualifiedName([
               // Known sealed classes:
               "System.Data.SqlClient.SqlCommand", "System.Data.Odbc.OdbcCommand",
-              "System.Data.OleDb.OleDbCommand", "System.Data.EntityClient.EntityCommand"
+              "System.Data.OleDb.OleDbCommand", "System.Data.EntityClient.EntityCommand",
+              "System.Data.SQLite.SQLiteCommand"
             ])
     )
   }
@@ -67,18 +68,46 @@ private class IDbCommandConstructionSinkModelCsv extends SinkModelCsv {
         // EntityCommand
         "System.Data.EntityClient;EntityCommand;false;EntityCommand;(System.String);;Argument[0];sql;manual",
         "System.Data.EntityClient;EntityCommand;false;EntityCommand;(System.String,System.Data.EntityClient.EntityConnection);;Argument[0];sql;manual",
-        "System.Data.EntityClient;EntityCommand;false;EntityCommand;(System.String,System.Data.EntityClient.EntityConnection,System.Data.EntityClient.EntityTransaction);;Argument[0];sql;manual"
+        "System.Data.EntityClient;EntityCommand;false;EntityCommand;(System.String,System.Data.EntityClient.EntityConnection,System.Data.EntityClient.EntityTransaction);;Argument[0];sql;manual",
+        // SQLiteCommand
+        "System.Data.SQLite;SQLiteCommand;false;SQLiteCommand;(System.String);;Argument[0];sql;manual",
+        "System.Data.SQLite;SQLiteCommand;false;SQLiteCommand;(System.String,System.Data.SQLite.SQLiteConnection);;Argument[0];sql;manual",
+        "System.Data.SQLite;SQLiteCommand;false;SQLiteCommand;(System.String,System.Data.SQLite.SQLiteConnection,System.Data.SQLite.SQLiteTransaction);;Argument[0];sql;manual",
       ]
   }
 }
 
-/** A construction of an `SqlDataAdapter` object. */
+/** Data flow for SqlCommand and friends. */
+private class SqlCommandSummaryModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        // SqlCommand
+        "System.Data.SqlClient;SqlCommand;false;SqlCommand;(System.String);;Argument[0];Argument[Qualifier];taint;manual",
+        "System.Data.SqlClient;SqlCommand;false;SqlCommand;(System.String,System.Data.SqlClient.SqlConnection);;Argument[0];Argument[Qualifier];taint;manual",
+        "System.Data.SqlClient;SqlCommand;false;SqlCommand;(System.String,System.Data.SqlClient.SqlConnection,System.Data.SqlClient.SqlTransaction);;Argument[0];Argument[Qualifier];taint;manual",
+        // SQLiteCommand.
+        "System.Data.SQLite;SQLiteCommand;false;SQLiteCommand;(System.String);;Argument[0];Argument[Qualifier];taint;manual",
+        "System.Data.SQLite;SQLiteCommand;false;SQLiteCommand;(System.String,System.Data.SQLite.SQLiteConnection);;Argument[0];Argument[Qualifier];taint;manual",
+        "System.Data.SQLite;SQLiteCommand;false;SQLiteCommand;(System.String,System.Data.SQLite.SQLiteConnection,System.Data.SQLite.SQLiteTransaction);;Argument[0];Argument[Qualifier];taint;manual",
+      ]
+  }
+}
+
+/** A construction of an `Adapter` object. */
 private class SqlDataAdapterConstructionSinkModelCsv extends SinkModelCsv {
   override predicate row(string row) {
     row =
       [
+        // SqlDataAdapter
+        "System.Data.SqlClient;SqlDataAdapter;false;SqlDataAdapter;(System.Data.SqlClient.SqlCommand);;Argument[0];sql;manual",
         "System.Data.SqlClient;SqlDataAdapter;false;SqlDataAdapter;(System.String,System.String);;Argument[0];sql;manual",
-        "System.Data.SqlClient;SqlDataAdapter;false;SqlDataAdapter;(System.String,System.Data.SqlClient.SqlConnection);;Argument[0];sql;manual"
+        "System.Data.SqlClient;SqlDataAdapter;false;SqlDataAdapter;(System.String,System.Data.SqlClient.SqlConnection);;Argument[0];sql;manual",
+        // SQLiteDataAdapter
+        "System.Data.SQLite;SQLiteDataAdapter;false;SQLiteDataAdapter;(System.Data.SQLite.SQLiteCommand);;Argument[0];sql;manual",
+        "System.Data.SQLite;SQLiteDataAdapter;false;SQLiteDataAdapter;(System.String,System.Data.SQLite.SQLiteConnection);;Argument[0];sql;manual",
+        "System.Data.SQLite;SQLiteDataAdapter;false;SQLiteDataAdapter;(System.String,System.String);;Argument[0];sql;manual",
+        "System.Data.SQLite;SQLiteDataAdapter;false;SQLiteDataAdapter;(System.String,System.String,System.Boolean);;Argument[0];sql;manual",
       ]
   }
 }
 
@@ -179,6 +179,7 @@ class SystemIOMemoryStreamClass extends SystemIOClass {
   }
 }
 
+/** Data flow for `System.IO.MemoryStream`. */
 private class SystemIOMemoryStreamFlowModelCsv extends SummaryModelCsv {
   override predicate row(string row) {
     row =
@@ -192,3 +193,32 @@ private class SystemIOMemoryStreamFlowModelCsv extends SummaryModelCsv {
       ]
   }
 }
+
+/** Sources for `System.IO.FileStream`. */
+private class SystemIOFileStreamSourceModelCsv extends SourceModelCsv {
+  override predicate row(string row) {
+    row = "System.IO;FileStream;false;FileStream;;;Argument[Qualifier];file;manual"
+  }
+}
+
+/** Data flow for `System.IO.FileStream`. */
+private class SystemIOFileStreamSummaryModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare,System.Int32,System.IO.FileOptions);;Argument[0];Argument[Qualifier];taint;manual",
+        "System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare,System.Int32);;Argument[0];Argument[Qualifier];taint;manual",
+        "System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare);;Argument[0];Argument[Qualifier];taint;manual",
+        "System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare,System.Int32,System.Boolean);;Argument[0];Argument[Qualifier];taint;manual",
+        "System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess);;Argument[0];Argument[Qualifier];taint;manual",
+        "System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode);;Argument[0];Argument[Qualifier];taint;manual",
+      ]
+  }
+}
+
+/** Data flow for `System.IO.StreamReader`. */
+private class SystemIOStreamSummaryModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row = "System.IO;StreamReader;false;StreamReader;;;Argument[0];Argument[Qualifier];taint;manual"
+  }
+}
@@ -3,6 +3,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.dataflow.ExternalFlow
 private import semmle.code.csharp.frameworks.system.data.Common
 private import semmle.code.csharp.frameworks.system.data.Entity
 private import semmle.code.csharp.frameworks.EntityFramework
@@ -55,3 +56,8 @@ class ORMMappedProperty extends StoredFlowSource {
     this instanceof NHibernate::StoredFlowSource
   }
 }
+
+/** A file stream source is considered a stored flow source. */
+class FileStreamStoredFlowSource extends StoredFlowSource {
+  FileStreamStoredFlowSource() { sourceNode(this, "file") }
+}
@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+* Added better support for the SQLite framework in the SQL injection query.
+* File streams are now considered stored flow sources. Eg. reading query elements from a file can lead to a Second Order SQL injection alert.
@@ -3542,6 +3542,12 @@
 | System.IO;FileStream;false;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);;Argument[Qualifier];Argument[0].Element;taint;manual |
 | System.IO;FileStream;false;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);;Argument[0].Element;Argument[Qualifier];taint;manual |
 | System.IO;FileStream;false;CopyToAsync;(System.IO.Stream,System.Int32,System.Threading.CancellationToken);;Argument[Qualifier];Argument[0];taint;manual |
+| System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare,System.Int32);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare,System.Int32,System.Boolean);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare,System.Int32,System.IO.FileOptions);;Argument[0];Argument[Qualifier];taint;manual |
 | System.IO;FileStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[0];ReturnValue;taint;generated |
 | System.IO;FileStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[Qualifier];Argument[0].Element;taint;manual |
 | System.IO;FileStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[Qualifier];Argument[0].Element;taint;manual |
@@ -3668,8 +3674,19 @@
 | System.IO;StreamReader;false;ReadLineAsync;();;Argument[Qualifier];ReturnValue;taint;manual |
 | System.IO;StreamReader;false;ReadToEnd;();;Argument[Qualifier];ReturnValue;taint;manual |
 | System.IO;StreamReader;false;ReadToEndAsync;();;Argument[Qualifier];ReturnValue;taint;manual |
-| System.IO;StreamReader;false;StreamReader;(System.IO.Stream,System.Text.Encoding,System.Boolean,System.Int32,System.Boolean);;Argument[0];Argument[Qualifier];taint;generated |
-| System.IO;StreamReader;false;StreamReader;(System.IO.Stream,System.Text.Encoding,System.Boolean,System.Int32,System.Boolean);;Argument[1];Argument[Qualifier];taint;generated |
+| System.IO;StreamReader;false;StreamReader;(System.IO.Stream);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;StreamReader;false;StreamReader;(System.IO.Stream,System.Boolean);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;StreamReader;false;StreamReader;(System.IO.Stream,System.Text.Encoding);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;StreamReader;false;StreamReader;(System.IO.Stream,System.Text.Encoding,System.Boolean);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;StreamReader;false;StreamReader;(System.IO.Stream,System.Text.Encoding,System.Boolean,System.Int32);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;StreamReader;false;StreamReader;(System.IO.Stream,System.Text.Encoding,System.Boolean,System.Int32,System.Boolean);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;StreamReader;false;StreamReader;(System.String);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;StreamReader;false;StreamReader;(System.String,System.Boolean);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;StreamReader;false;StreamReader;(System.String,System.IO.FileStreamOptions);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;StreamReader;false;StreamReader;(System.String,System.Text.Encoding);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;StreamReader;false;StreamReader;(System.String,System.Text.Encoding,System.Boolean);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;StreamReader;false;StreamReader;(System.String,System.Text.Encoding,System.Boolean,System.IO.FileStreamOptions);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;StreamReader;false;StreamReader;(System.String,System.Text.Encoding,System.Boolean,System.Int32);;Argument[0];Argument[Qualifier];taint;manual |
 | System.IO;StreamReader;false;get_BaseStream;();;Argument[Qualifier];ReturnValue;taint;generated |
 | System.IO;StreamReader;false;get_CurrentEncoding;();;Argument[Qualifier];ReturnValue;taint;generated |
 | System.IO;StreamWriter;false;StreamWriter;(System.IO.Stream,System.Text.Encoding,System.Int32,System.Boolean);;Argument[0];Argument[Qualifier];taint;generated |
 
@@ -2714,6 +2714,12 @@
 | System.IO;FileNotFoundException;false;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);;Argument[Qualifier];Argument[0];taint;generated |
 | System.IO;FileNotFoundException;false;ToString;();;Argument[Qualifier];ReturnValue;taint;generated |
 | System.IO;FileNotFoundException;false;get_Message;();;Argument[Qualifier];ReturnValue;taint;generated |
+| System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare,System.Int32);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare,System.Int32,System.Boolean);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare,System.Int32,System.IO.FileOptions);;Argument[0];Argument[Qualifier];taint;manual |
 | System.IO;FileStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[0];ReturnValue;taint;generated |
 | System.IO;FileStream;false;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);;Argument[1];ReturnValue;taint;generated |
 | System.IO;FileStream;false;ReadAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);;Argument[Qualifier];ReturnValue;taint;generated |
@@ -2815,8 +2821,19 @@
 | System.IO;Stream;true;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[Qualifier];Argument[0].Element;taint;manual |
 | System.IO;Stream;true;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[Qualifier];taint;manual |
 | System.IO;Stream;true;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[0].Element;Argument[Qualifier];taint;manual |
-| System.IO;StreamReader;false;StreamReader;(System.IO.Stream,System.Text.Encoding,System.Boolean,System.Int32,System.Boolean);;Argument[0];Argument[Qualifier];taint;generated |
-| System.IO;StreamReader;false;StreamReader;(System.IO.Stream,System.Text.Encoding,System.Boolean,System.Int32,System.Boolean);;Argument[1];Argument[Qualifier];taint;generated |
+| System.IO;StreamReader;false;StreamReader;(System.IO.Stream);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;StreamReader;false;StreamReader;(System.IO.Stream,System.Boolean);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;StreamReader;false;StreamReader;(System.IO.Stream,System.Text.Encoding);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;StreamReader;false;StreamReader;(System.IO.Stream,System.Text.Encoding,System.Boolean);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;StreamReader;false;StreamReader;(System.IO.Stream,System.Text.Encoding,System.Boolean,System.Int32);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;StreamReader;false;StreamReader;(System.IO.Stream,System.Text.Encoding,System.Boolean,System.Int32,System.Boolean);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;StreamReader;false;StreamReader;(System.String);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;StreamReader;false;StreamReader;(System.String,System.Boolean);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;StreamReader;false;StreamReader;(System.String,System.IO.FileStreamOptions);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;StreamReader;false;StreamReader;(System.String,System.Text.Encoding);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;StreamReader;false;StreamReader;(System.String,System.Text.Encoding,System.Boolean);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;StreamReader;false;StreamReader;(System.String,System.Text.Encoding,System.Boolean,System.IO.FileStreamOptions);;Argument[0];Argument[Qualifier];taint;manual |
+| System.IO;StreamReader;false;StreamReader;(System.String,System.Text.Encoding,System.Boolean,System.Int32);;Argument[0];Argument[Qualifier];taint;manual |
 | System.IO;StreamReader;false;get_BaseStream;();;Argument[Qualifier];ReturnValue;taint;generated |
 | System.IO;StreamReader;false;get_CurrentEncoding;();;Argument[Qualifier];ReturnValue;taint;generated |
 | System.IO;StreamWriter;false;StreamWriter;(System.IO.Stream,System.Text.Encoding,System.Int32,System.Boolean);;Argument[0];Argument[Qualifier];taint;generated |
 
@@ -4,10 +4,14 @@
 namespace Test
 {
 
+    using System.Data.SQLite;
+    using System.IO;
+    using System.Text;
+
     class SecondOrderSqlInjection
     {
 
-        public void processRequest()
+        public void ProcessRequest()
         {
             using (SqlConnection connection = new SqlConnection(""))
             {
@@ -23,5 +27,28 @@ public void processRequest()
                 customerReader.Close();
             }
         }
+
+        public void RunSQLFromFile()
+        {
+            using (FileStream fs = new FileStream("myfile.txt", FileMode.Open))
+            {
+                using (StreamReader sr = new StreamReader(fs, Encoding.UTF8))
+                {
+                    var sql = String.Empty;
+                    while ((sql = sr.ReadLine()) != null)
+                    {
+                        sql = sql.Trim();
+                        if (sql.StartsWith("--"))
+                            continue;
+                        using (var connection = new SQLiteConnection(""))
+                        {
+                            var cmd = new SQLiteCommand(sql, connection);
+                            cmd.ExecuteScalar();
+                        }
+                    }
+                }
+            }
+        }
+
     }
 }
Original file line number	Diff line number	Diff line change
`@@ -383,7 +383,7 @@ module CsvValidation {`
`383`	`383`	`or`
`384`	`384`	`exists(string row, string kind \| sourceModel(row) \|`
`385`	`385`	`kind = row.splitAt(";", 7) and`
`386`		`- not kind = "local" and`
	`386`	`+ not kind = ["local", "file"] and`
`387`	`387`	`msg = "Invalid kind \"" + kind + "\" in source model."`
`388`	`388`	`)`
`389`	`389`	`}`
Original file line number	Diff line number	Diff line change
`@@ -4,10 +4,14 @@`
`4`	`4`	`namespace Test`
`5`	`5`	`{`
`6`	`6`
	`7`	`+ using System.Data.SQLite;`
	`8`	`+ using System.IO;`
	`9`	`+ using System.Text;`
	`10`	`+`
`7`	`11`	`class SecondOrderSqlInjection`
`8`	`12`	`{`
`9`	`13`
`10`		`- public void processRequest()`
	`14`	`+ public void ProcessRequest()`
`11`	`15`	`{`
`12`	`16`	`using (SqlConnection connection = new SqlConnection(""))`
`13`	`17`	`{`
`@@ -23,5 +27,28 @@ public void processRequest()`
`23`	`27`	`customerReader.Close();`
`24`	`28`	`}`
`25`	`29`	`}`
	`30`	`+`
	`31`	`+ public void RunSQLFromFile()`
	`32`	`+ {`
	`33`	`+ using (FileStream fs = new FileStream("myfile.txt", FileMode.Open))`
	`34`	`+ {`
	`35`	`+ using (StreamReader sr = new StreamReader(fs, Encoding.UTF8))`
	`36`	`+ {`
	`37`	`+ var sql = String.Empty;`
	`38`	`+ while ((sql = sr.ReadLine()) != null)`
	`39`	`+ {`
	`40`	`+ sql = sql.Trim();`
	`41`	`+ if (sql.StartsWith("--"))`
	`42`	`+ continue;`
	`43`	`+ using (var connection = new SQLiteConnection(""))`
	`44`	`+ {`
	`45`	`+ var cmd = new SQLiteCommand(sql, connection);`
	`46`	`+ cmd.ExecuteScalar();`
	`47`	`+ }`
	`48`	`+ }`
	`49`	`+ }`
	`50`	`+ }`
	`51`	`+ }`
	`52`	`+`
`26`	`53`	`}`
`27`	`54`	`}`