2022-08-03 16:26:11 +02:00
|
|
|
=== How to fix it in .NET
|
|
|
|
|
|
2022-08-05 17:48:23 +02:00
|
|
|
include::../../common/fix/code-rationale.adoc[]
|
2022-08-03 16:26:11 +02:00
|
|
|
|
|
|
|
|
[cols="a"]
|
|
|
|
|
|===
|
|
|
|
|
h| Non-compliant code example
|
|
|
|
|
|
|
|
|
|
|
[source,csharp]
|
|
|
|
|
----
|
|
|
|
|
public class ExampleController : Controller
|
|
|
|
|
{
|
|
|
|
|
public void Run(string binary)
|
|
|
|
|
{
|
|
|
|
|
Process p = new Process();
|
|
|
|
|
p.StartInfo.FileName = binary; // Noncompliant
|
|
|
|
|
p.Start();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
----
|
|
|
|
|
h| Compliant solution
|
|
|
|
|
|
|
|
|
|
|
[source,csharp]
|
|
|
|
|
----
|
|
|
|
|
public class ExampleController : Controller
|
|
|
|
|
{
|
|
|
|
|
public void Run(string binary)
|
|
|
|
|
{
|
|
|
|
|
if (binary.Equals("/usr/bin/ls") \|\| binary.Equals("/usr/bin/cat"))
|
|
|
|
|
{
|
|
|
|
|
// only ls and cat commands are authorized
|
|
|
|
|
Process p = new Process();
|
|
|
|
|
p.StartInfo.FileName = binary;
|
|
|
|
|
p.Start();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
----
|
|
|
|
|
|===
|
|
|
|
|
|
|
|
|
|
=== How does this work?
|
|
|
|
|
|
2022-08-05 17:48:23 +02:00
|
|
|
include::../../common/fix/introduction.adoc[]
|
|
|
|
|
|
|
|
|
|
include::../../common/fix/pre-approved-list.adoc[]
|
