From 72d085b94d7e4f70e58a9598cdb37764a8d797dd Mon Sep 17 00:00:00 2001 From: Varun Sharma Date: Tue, 9 May 2023 22:34:03 -0700 Subject: [PATCH 1/2] Create commandinjection.cs --- commandinjection.cs | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 commandinjection.cs diff --git a/commandinjection.cs b/commandinjection.cs new file mode 100644 index 0000000..de32b25 --- /dev/null +++ b/commandinjection.cs @@ -0,0 +1,35 @@ +using System.Diagnostics; + +namespace Injections +{ + public class OsCommandInjection + { + public void RunOsCommand(string command) + { + // ruleid: os-command-injection + var process = Process.Start(command); + } + + + public void RunOsCommandWithProcessParam(string command) + { + Process process = new Process(); + + process.StartInfo.FileName = command; + // ruleid: os-command-injection + process.Start(); + } + + public void RunConstantAppWithArgs(string args) + { + ProcessStartInfo processStartInfo = new ProcessStartInfo() + { + FileName = "constant", + Arguments = "constant" + }; + + // ok: os-command-injection + var process = Process.Start(processStartInfo); + } + } +} From 2e0308351144c994080433d7b31a85771da2ed27 Mon Sep 17 00:00:00 2001 From: Varun Sharma Date: Tue, 9 May 2023 23:32:56 -0700 Subject: [PATCH 2/2] Update commandinjection.cs --- commandinjection.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/commandinjection.cs b/commandinjection.cs index de32b25..55ad1cd 100644 --- a/commandinjection.cs +++ b/commandinjection.cs @@ -10,7 +10,7 @@ public void RunOsCommand(string command) var process = Process.Start(command); } - + // public void RunOsCommandWithProcessParam(string command) { Process process = new Process();