=== How to fix it in .NET

include::../../common/fix/code-rationale.adoc[]

==== Noncompliant code example

[source,csharp,diff-id=1,diff-type=noncompliant]
----
public class ExampleController : Controller
{
    public void Run(string binary)
    {
        Process p = new Process();
        p.StartInfo.FileName = binary;
        p.Start();
    }
}
----

==== Compliant solution

[source,csharp,diff-id=1,diff-type=compliant]
----
public class ExampleController : Controller
{
    public void Run(string binary)
    {
        if (binary.Equals("/usr/bin/ls") || binary.Equals("/usr/bin/cat"))
        {
            // only ls and cat commands are authorized
            Process p = new Process();
            p.StartInfo.FileName = binary;
            p.Start();
        }
    }
}
----

=== How does this work?

include::../../common/fix/introduction.adoc[]

include::../../common/fix/pre-approved-list.adoc[]

:sanitizationLib: System.Diagnostics.ProcessStartInfo
include::../../common/fix/sanitize-meta-characters.adoc[]

Here, using the `ProcessStartInfo` structure helps escaping the passed
arguments and internally creates a single string given to the operating system
when `System.Diagnostics.Process.Start()` is called.