rspec/rules/S6399/common/fix/code-rationale.adoc

The following code is an example of an overly simple authentication function:
The role of a user is set in an XML file and the default user role is `user`. +
This example code is vulnerable to an XML injection vulnerability because it
builds an XML string from user input without prior sanitation or validation.

In this particular case, the query can be exploited with the following string: 

----
attacker</username><role>admin</role></user>
<user><username>foo
----

By adapting and inserting this string into the `username` field, an attacker
would be able to log in as an admin.
Create rule S6399(C#): XML operations should not be vulnerable to injection attacks (#2860) You can preview this rule [here](https://sonarsource.github.io/rspec/#/rspec/S6399/csharp) (updated a few minutes after each push). ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: daniel-teuchert-sonarsource <daniel-teuchert-sonarsource@users.noreply.github.com> Co-authored-by: Daniel Teuchert <daniel.teuchert@sonarsource.com> Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com> Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com> 2023-08-18 11:31:42 +02:00			`The following code is an example of an overly simple authentication function:`
			The role of a user is set in an XML file and the default user role is `user`. +
			`This example code is vulnerable to an XML injection vulnerability because it`
Modify rule S6399: Switch text to progressive education format (APPSEC-425) (#1522) 2023-01-31 14:16:30 +01:00			`builds an XML string from user input without prior sanitation or validation.`
Create rule S6399(C#): XML operations should not be vulnerable to injection attacks (#2860) You can preview this rule [here](https://sonarsource.github.io/rspec/#/rspec/S6399/csharp) (updated a few minutes after each push). ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: daniel-teuchert-sonarsource <daniel-teuchert-sonarsource@users.noreply.github.com> Co-authored-by: Daniel Teuchert <daniel.teuchert@sonarsource.com> Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com> Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com> 2023-08-18 11:31:42 +02:00
			`In this particular case, the query can be exploited with the following string:`

			`----`
			`attacker</username><role>admin</role></user>`
			`<user><username>foo`
			`----`

			By adapting and inserting this string into the `username` field, an attacker
			`would be able to log in as an admin.`