45 lines
824 B
Plaintext
45 lines
824 B
Plaintext
=== How to fix it in .NET
|
|
|
|
[cols="a"]
|
|
|===
|
|
h| Non-compliant code example
|
|
|
|
|
[source,csharp]
|
|
----
|
|
public class ExampleController : Controller
|
|
{
|
|
private static string TargetDirectory;
|
|
|
|
public void Run(string binary)
|
|
{
|
|
Process p = new Process();
|
|
p.StartInfo.FileName = binary; // Noncompliant
|
|
p.Start();
|
|
}
|
|
}
|
|
----
|
|
h| Compliant solution
|
|
|
|
|
[source,csharp]
|
|
----
|
|
public class ExampleController : Controller
|
|
{
|
|
private static string TargetDirectory;
|
|
|
|
public void Run(string binary)
|
|
{
|
|
if (binary.Equals("/usr/bin/ls") || binary.Equals("/usr/bin/cat"))
|
|
{
|
|
// only ls and cat commands are authorized
|
|
Process p = new Process();
|
|
p.StartInfo.FileName = binary;
|
|
p.Start();
|
|
}
|
|
}
|
|
}
|
|
----
|
|
|===
|
|
|
|
=== How does this work?
|
|
|