51 lines
1.2 KiB
Plaintext
51 lines
1.2 KiB
Plaintext
=== How to fix it in .NET
|
|
|
|
include::../../common/fix/code-rationale.adoc[]
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,csharp,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
public class ExampleController : Controller
|
|
{
|
|
public void Run(string binary)
|
|
{
|
|
Process p = new Process();
|
|
p.StartInfo.FileName = binary;
|
|
p.Start();
|
|
}
|
|
}
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
[source,csharp,diff-id=1,diff-type=compliant]
|
|
----
|
|
public class ExampleController : Controller
|
|
{
|
|
public void Run(string binary)
|
|
{
|
|
if (binary.Equals("/usr/bin/ls") || binary.Equals("/usr/bin/cat"))
|
|
{
|
|
// only ls and cat commands are authorized
|
|
Process p = new Process();
|
|
p.StartInfo.FileName = binary;
|
|
p.Start();
|
|
}
|
|
}
|
|
}
|
|
----
|
|
|
|
=== How does this work?
|
|
|
|
include::../../common/fix/introduction.adoc[]
|
|
|
|
include::../../common/fix/pre-approved-list.adoc[]
|
|
|
|
:sanitizationLib: System.Diagnostics.ProcessStartInfo
|
|
include::../../common/fix/sanitize-meta-characters.adoc[]
|
|
|
|
Here, using the `ProcessStartInfo` structure helps escaping the passed
|
|
arguments and internally creates a single string given to the operating system
|
|
when `System.Diagnostics.Process.Start()` is called.
|