rspec/rules/S2076/csharp/rule.adoc

include::../description.adoc[]

== Noncompliant Code Example

----
using System.Diagnostics;
using Microsoft.AspNetCore.Mvc;

namespace WebApplicationDotNetCore.Controllers
{
    public class RSPEC2076OSCommandInjectionNoncompliantController : Controller
    {
        public IActionResult Index()
        {
            return View();
        }

        public IActionResult Run(string binary)
        {
            // If the value "/sbin/shutdown" is passed as binary and the web server is running as root,
            // then the machine running the web server will be shut down and become unavailable for future requests

            Process p = new Process();
            p.StartInfo.FileName = binary; // Noncompliant
            p.StartInfo.RedirectStandardOutput = true;
            p.Start();
            string output = p.StandardOutput.ReadToEnd();
            p.Dispose();
            return Content(output);
        }
    }
}
----

== Compliant Solution

----
using System.Diagnostics;
using System.Text.RegularExpressions;
using Microsoft.AspNetCore.Mvc;

namespace WebApplicationDotNetCore.Controllers
{
    public class RSPEC2076OSCommandInjectionCompliantControllerController : Controller
    {
        public IActionResult Index()
        {
            return View();
        }

        public IActionResult Run(string binary)
        {
            // Restrict to binaries within the current working directory whose name only contains letters
            if (binary == null || !Regex.IsMatch(binary, "^[a-zA-Z]+$"))
            {
                return BadRequest();
            }

            Process p = new Process();
            p.StartInfo.FileName = binary; // Now safe
            p.StartInfo.RedirectStandardOutput = true;
            p.Start();
            string output = p.StandardOutput.ReadToEnd();
            p.Dispose();
            return Content(output);
        }
    }
}
----

include::../see.adoc[]
Add rules 2000-2999 2020-06-30 12:48:07 +02:00			`include::../description.adoc[]`

			`== Noncompliant Code Example`

			`----`
			`using System.Diagnostics;`
			`using Microsoft.AspNetCore.Mvc;`

			`namespace WebApplicationDotNetCore.Controllers`
			`{`
			`public class RSPEC2076OSCommandInjectionNoncompliantController : Controller`
			`{`
			`public IActionResult Index()`
			`{`
			`return View();`
			`}`

			`public IActionResult Run(string binary)`
			`{`
			`// If the value "/sbin/shutdown" is passed as binary and the web server is running as root,`
			`// then the machine running the web server will be shut down and become unavailable for future requests`

			`Process p = new Process();`
			`p.StartInfo.FileName = binary; // Noncompliant`
			`p.StartInfo.RedirectStandardOutput = true;`
			`p.Start();`
			`string output = p.StandardOutput.ReadToEnd();`
			`p.Dispose();`
			`return Content(output);`
			`}`
			`}`
			`}`
			`----`

			`== Compliant Solution`

			`----`
			`using System.Diagnostics;`
			`using System.Text.RegularExpressions;`
			`using Microsoft.AspNetCore.Mvc;`

			`namespace WebApplicationDotNetCore.Controllers`
			`{`
			`public class RSPEC2076OSCommandInjectionCompliantControllerController : Controller`
			`{`
			`public IActionResult Index()`
			`{`
			`return View();`
			`}`

			`public IActionResult Run(string binary)`
			`{`
			`// Restrict to binaries within the current working directory whose name only contains letters`
			`if (binary == null \|\| !Regex.IsMatch(binary, "^[a-zA-Z]+$"))`
			`{`
			`return BadRequest();`
			`}`

			`Process p = new Process();`
			`p.StartInfo.FileName = binary; // Now safe`
			`p.StartInfo.RedirectStandardOutput = true;`
			`p.Start();`
			`string output = p.StandardOutput.ReadToEnd();`
			`p.Dispose();`
			`return Content(output);`
			`}`
			`}`
			`}`
			`----`

			`include::../see.adoc[]`