== How to fix it in .NET

=== Code examples

The following code uses the `find` command and expects the user to enter the
name of a file to find on the system.

It is vulnerable to arguments injection because untrusted data is inserted
directly into the arguments of a process call without sanitization. +
The application assumes that incoming data always consists of a specific range
of characters and ignores that some characters might force the `find` command
to start a shell.

In this particular case, an attacker may remove files in `/some/folder` with the following string:

----
'*' -exec rm -rf {} \; 
----

==== Noncompliant code example

[source,csharp,diff-id=1,diff-type=noncompliant]
----
public class ExampleController : Controller
{
    public void Run(string args)
    {
        Process p             = new Process();
        p.StartInfo.FileName  = "/usr/bin/find";
        p.StartInfo.Arguments = "/some/folder -iname " + args;
        p.Start();
    }
}
----

==== Compliant solution

[source,csharp,diff-id=1,diff-type=compliant]
----
public class ExampleController : Controller
{
    public void Run(string args)
    {
        Process p            = new Process();
        p.StartInfo.FileName = "/usr/bin/find";
        p.StartInfo.ArgumentList.Add("/some/folder");
        p.StartInfo.ArgumentList.Add("-iname");
        p.StartInfo.ArgumentList.Add(args);
        p.Start();
    }
}
----

=== How does this work?

include::../../common/fix/introduction.adoc[]

Here `ArgumentList` takes care of escaping the passed arguments and internally
creates a single string given to the operating system when `System.Diagnostics.Process.Start()` is
called.