64f9977e49
You can preview this rule [here](https://sonarsource.github.io/rspec/#/rspec/S6399/csharp) (updated a few minutes after each push). ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: daniel-teuchert-sonarsource <daniel-teuchert-sonarsource@users.noreply.github.com> Co-authored-by: Daniel Teuchert <daniel.teuchert@sonarsource.com> Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com> Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>
14 lines
583 B
Plaintext
14 lines
583 B
Plaintext
The following code is an example of an overly simple authentication function:
|
|
The role of a user is set in an XML file and the default user role is `user`. +
|
|
This example code is vulnerable to an XML injection vulnerability because it
|
|
builds an XML string from user input without prior sanitation or validation.
|
|
|
|
In this particular case, the query can be exploited with the following string:
|
|
|
|
----
|
|
attacker</username><role>admin</role></user>
|
|
<user><username>foo
|
|
----
|
|
|
|
By adapting and inserting this string into the `username` field, an attacker
|
|
would be able to log in as an admin. |