=== How to fix it in .NET
The following code is vulnerable to XPath injections because untrusted data is
concatenated in an XPath query without prior validation.

==== Non-compliant code example

[source,csharp,diff-id=1,diff-type=noncompliant]
----
public class ExampleController : Controller
{
    [HttpGet]
    public IActionResult Authenticate(string user, string pass)
    {
        XmlDocument doc = new XmlDocument();
        
        String expression = "/users/user[@name='" + user + "' and @pass='" + pass + "']";

        return Json(doc.SelectSingleNode(expression) != null);
    }

}
----

==== Compliant solution

[source,csharp,diff-id=1,diff-type=compliant]
----
public class ExampleController : Controller
{
    [HttpGet]
    public IActionResult Authenticate(string user, string pass)
    {
        XmlDocument doc = new XmlDocument();
        if (!Regex.IsMatch(user, "^[a-zA-Z]+$") \|\| !Regex.IsMatch(pass, "^[a-zA-Z]+$"))
        {
            return BadRequest();
        }

        String expression = "/users/user[@name='" + user + "' and @pass='" + pass + "']";

        return Json(doc.SelectSingleNode(expression) != null);
    }
}
----

=== How does this work?

include::../../common/fix/validation.adoc[]

In the example, a validation mechanism is applied to untrusted input to ensure
it is strictly composed of alphabetic characters.