Fix critical bugs: SQL injection, compilation errors, memory leaks, and security issues

- SQL Injection: Converted all SQL string concatenation to parameterized queries
  in SQLInteraction.cs (TransferData, TableExists, UpdateTableDesign, UpdateMetadata)
- Compilation: Fixed HealthChecker.cs (removed _logger, wrong property refs) and
  RetryPolicy.cs (removed _logger) — both now use static Logger
- Security: Removed password from console log output, removed tracked config
  files with production credentials from Git, updated .gitignore
- Runtime: Fixed IndexOutOfRange in GetActualFields (bounds check before access),
  transaction corruption (fail fast on error), SPOUser disposal (added using blocks)
- Resource leaks: Added IDisposable to SQLInteraction, proper rollback/cleanup
- Thread safety: Lock in ConfigHelper is now actually used (double-check locking)
- Minor: CAML date format (ISO 8601 T/Z), CorrelationId (full GUID), ContentTypeId
  (.StringValue), RetryPolicy (n+2 attempts), GetFieldValue (class constraint removed),
  dead code removal, OperationStatistics >= fix, Logger.LogError redundancy
- Net8 fix: Pre-existing errors (SharePointOptions syntax, LinqExtensions namespace
  conflict, Zip overload, IList CSOM API mismatch, SPOUser conditional compilation,
  added System.Data.SqlClient package)

Author: kill74

.gitignore

@@ -365,5 +365,5 @@ MigrationBackup/
 # Fody - auto-generated XML schema
 FodyWeavers.xsd
 
-git rm --cached UserConfig.xml "UserConfig(BackUp).xml"
-git commit -m "Remove UserConfig files from tracking"
+# User-specific configuration files with sensitive credentials
+**/XmlConfig/UserConfig*.xml

SPOtoSQL-Net8/ConsoleApp1Net8/Application.cs

@@ -401,7 +401,7 @@ private static string MaskSensitiveData(string value, int visibleChars = 3)
         if (value.Length <= visibleChars)
             return new string('*', value.Length);
 
-        return value[..visibleChars] + new string('*', Math.Min(6, value.Length - visibleChars));
+        return value[..visibleChars] + new string('*', value.Length - visibleChars);
     }
 
     /// <summary>

SPOtoSQL-Net8/ConsoleApp1Net8/Configuration/SharePointOptions.cs

@@ -41,7 +41,7 @@ public record SharePointOptions
     /// Maximum retry attempts for transient failures.
     /// </summary>
     [Range(0, 10, ErrorMessage = "Max retries must be between 0 and 10")]
-    public int MaxRetries { get; init} = 3;
+    public int MaxRetries { get; init; } = 3;
 
     /// <summary>
     /// Initial retry delay in milliseconds.

SPOtoSQL-Net8/ConsoleApp1Net8/ConsoleApp1Net8.csproj

@@ -39,6 +39,7 @@
     <PackageReference Include="Polly" Version="8.4.2" />
     <PackageReference Include="Microsoft.Extensions.Diagnostics.HealthChecks" Version="8.0.8" />
     <PackageReference Include="Microsoft.Extensions.Http.Polly" Version="8.0.8" />
+    <PackageReference Include="System.Data.SqlClient" Version="4.8.6" />
   </ItemGroup>
 
   <ItemGroup>
@@ -63,7 +64,6 @@
     <Compile Include="..\..\SPOtoSQL-Snapshots\ConsoleApp1\Sharepoint\DataQualityBase.cs" />
     <Compile Include="..\..\SPOtoSQL-Snapshots\ConsoleApp1\Sharepoint\CamlQueryBuilder.cs" />
     <Compile Include="..\..\SPOtoSQL-Snapshots\ConsoleApp1\Sharepoint\Context.cs" />
-    <Compile Include="..\..\SPOtoSQL-Snapshots\ConsoleApp1\Sharepoint\GetallLists.cs" />
     <Compile Include="..\..\SPOtoSQL-Snapshots\ConsoleApp1\Sharepoint\HealthChecker.cs" />
     <Compile Include="..\..\SPOtoSQL-Snapshots\ConsoleApp1\Sharepoint\InvoiceRequestDQ.cs" />
     <Compile Include="..\..\SPOtoSQL-Snapshots\ConsoleApp1\Sharepoint\OperationContext.cs" />

SPOtoSQL-Net8/ConsoleApp1Net8/GlobalUsings.cs

@@ -9,3 +9,7 @@
 global using Microsoft.Extensions.Options;
 global using Microsoft.Extensions.Configuration;
 global using Microsoft.Extensions.Hosting;
+global using Bring.SPODataQuality;
+global using Bring.Sharepoint;
+global using Bring.Sqlserver;
+global using Bring.XmlConfig;

SPOtoSQL-Net8/ConsoleApp1Net8/Utilities/LinqExtensions.cs

@@ -1,4 +1,5 @@
-namespace Bring.Utilities;
+namespace Bring.Utilities
+{
 
 /// <summary>
 /// Demonstrates modern LINQ features introduced in .NET 6+ for SharePoint and SQL sync operations.
@@ -708,8 +709,7 @@ public static IEnumerable<TResult> DemoZip<T1, T2, T3, TResult>(
         IEnumerable<T3> third,
         Func<T1, T2, T3, TResult> resultSelector)
     {
-        // Modern .NET 6+ supports 3+ sequences
-        return first.Zip(second, third, resultSelector);
+        return first.Zip(second, third).Select(t => resultSelector(t.First, t.Second, t.Third));
     }
 
     #endregion
@@ -803,6 +803,8 @@ public static List<T> GetRecentChanges<T>(List<T> items, Func<T, DateTime> modif
     #endregion
 }
 
+}
+
 /// <summary>
 /// Example models for demonstrating LINQ features in SharePoint sync context.
 /// </summary>

SPOtoSQL-Snapshots/ConsoleApp1/ConsoleLogger/Logger.cs

@@ -38,13 +38,10 @@ public static void Log(int level, string message)
         /// </summary>
         public static void LogError(string message, Exception ex = null)
         {
-            if (VerboseLevel >= 1)
+            Log(1, message);
+            if (ex != null && VerboseLevel >= 3)
             {
-                Log(1, message);
-                if (ex != null && VerboseLevel >= 3)
-                {
-                    Log(3, $"Exception Details: {ex.GetType().Name}: {ex.Message}");
-                }
+                Log(3, $"Exception Details: {ex.GetType().Name}: {ex.Message}");
             }
         }
 

SPOtoSQL-Snapshots/ConsoleApp1/SPODataQuality/RefreshSPOLists.cs

@@ -81,8 +81,6 @@ private static void RunMainWorkflow()
                 {
                     Logger.Log(1, "DEBUG: SPOUser created");
 
-                    var list1 = new SPOList { SPOUser = spoUser };
-                    var list2 = new SPOList { SPOUser = spoUser };
                     Logger.Log(3, "DEBUG: SPOList objects configured");
 
                     ProcessCommandLineArguments();
@@ -274,33 +272,28 @@ public static void GetAllLists()
             Logger.Log(1, "DEBUG: Entering GetAllLists");
             try
             {
-                // Get SharePoint credentials
                 var (username, password) = ConfigurationReader.GetSharePointCredentials();
-                SPOUser spoUser = new SPOUser(username, password);
-                // Set up a context for the SharePoint site named "seed"
-                Context context = new Context()
+                using (SPOUser spoUser = new SPOUser(username, password))
                 {
-                    Site = "seed",
-                    SPOUser = spoUser
-                };
-                // Iterate through all lists in the SharePoint site
-                foreach (Microsoft.SharePoint.Client.List allList in context.GetAllLists())
-                {
-                    try
+                    Context context = new Context()
                     {
-                        Logger.Log(1, "DEBUG: Loading list - " + allList.Title);
-                        // Load the IsSystemList property to determine if the list is a system list
-                        context.Ctx.Load<IList>(allList, new Expression<Func<Microsoft.SharePoint.Client.List, object>>[1]
-                        {
-                             l => (object) l.IsSystemList
-                        });
-                        context.Ctx.ExecuteQuery(); // Execute the query to retrieve the data
-                        Logger.Log(2, "List Name: " + allList.Title + "; is: " + allList.IsSystemList.ToString());
-                    }
-                    catch (Exception ex)
+                        Site = "seed",
+                        SPOUser = spoUser
+                    };
+                    foreach (Microsoft.SharePoint.Client.List allList in context.GetAllLists())
                     {
-                        Console.WriteLine("ERROR: Failed to load or display list '" + allList.Title + "'.");
-                        Console.WriteLine("Exception: " + ex.Message);
+                        try
+                        {
+                            Logger.Log(1, "DEBUG: Loading list - " + allList.Title);
+                            context.Ctx.Load(allList, l => l.IsSystemList);
+                            context.Ctx.ExecuteQuery();
+                            Logger.Log(2, "List Name: " + allList.Title + "; is: " + allList.IsSystemList.ToString());
+                        }
+                        catch (Exception ex)
+                        {
+                            Console.WriteLine("ERROR: Failed to load or display list '" + allList.Title + "'.");
+                            Console.WriteLine("Exception: " + ex.Message);
+                        }
                     }
                 }
             }
@@ -522,25 +515,25 @@ private static void RefreshListsSPO(SPOList sourceList, SPOList destList)
                 int index1 = 0;
                 int index2 = 0;
 
-                // Match fields by title and store their internal names
                 foreach (Field field1 in fields1)
                 {
-                    Field field2;
-                    do
+                    bool found = false;
+                    while (index2 < fields2.Count)
                     {
-                        field2 = fields2[index2];
+                        Field field2 = fields2[index2];
                         if (field1.Title == field2.Title)
                         {
-                            strArray[index1, 0] = field2.InternalName; // Destination field
-                            strArray[index1, 1] = field1.InternalName; // Source field
+                            strArray[index1, 0] = field2.InternalName;
+                            strArray[index1, 1] = field1.InternalName;
+                            found = true;
                             Logger.Log(1, "DEBUG: Match found - " + field1.Title);
                         }
                         ++index2;
+                        if (found) break;
                     }
-                    while (field1.Title != field2.Title && index2 < fields2.Count);
 
                     ++index1;
-                    index2 = 0; // Reset index2 for the next field
+                    index2 = 0;
                 }
 
                 return strArray; // Return the field mappings

SPOtoSQL-Snapshots/ConsoleApp1/Sharepoint/CamlQueryBuilder.cs

@@ -59,20 +59,20 @@ public static string BuildDateRangeQuery(string fieldName, DateTime from, DateTi
       if (to < from)
         throw new ArgumentException("'to' date must be greater than or equal to 'from' date.");
 
-      var fromValue = EscapeXmlValue(from.ToString("yyyy-MM-dd HH:mm:ss"));
-      var toValue = EscapeXmlValue(to.ToString("yyyy-MM-dd HH:mm:ss"));
+      var fromValue = EscapeXmlValue(from.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ"));
+      var toValue = EscapeXmlValue(to.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ"));
 
       return $@"<View>
     <Query>
         <Where>
             <And>
                 <Geq>
                     <FieldRef Name='{EscapeXmlValue(fieldName)}' />
-                    <Value Type='DateTime'>{fromValue}</Value>
+                    <Value Type='DateTime' IncludeTimeValue='TRUE'>{fromValue}</Value>
                 </Geq>
                 <Leq>
                     <FieldRef Name='{EscapeXmlValue(fieldName)}' />
-                    <Value Type='DateTime'>{toValue}</Value>
+                    <Value Type='DateTime' IncludeTimeValue='TRUE'>{toValue}</Value>
                 </Leq>
             </And>
         </Where>

SPOtoSQL-Snapshots/ConsoleApp1/Sharepoint/DataQualityBase.cs

@@ -134,18 +134,18 @@ protected void ProcessListItemsInBatches(SPOList list, Action<ListItem> processo
         /// <param name="item">The list item.</param>
         /// <param name="fieldName">The internal field name.</param>
         /// <returns>The field value, or default if null or not found.</returns>
-        protected T GetFieldValue<T>(ListItem item, string fieldName) where T : class
+        protected T GetFieldValue<T>(ListItem item, string fieldName)
         {
             try
             {
-                if (item == null) return null;
+                if (item == null) return default;
                 if (item[fieldName] is T value) return value;
-                return null;
+                return default;
             }
             catch (Exception ex)
             {
                 Logger.LogDebug($"Failed to retrieve field '{fieldName}' from item: {ex.Message}");
-                return null;
+                return default;
             }
         }