Command Injection

Nagarani Ch 7 months ago

The method StartProcess() in WindowsApiManager.cs calls set_Arguments() to execute a command. This call might allow an attacker to inject malicious commands.

Getting the above issue while I am trying to pass file name and arguments to the start process.

I have tried with reguler expressions and path manipulation techniques but the fortify issue is still coming. If I hard code the file name and arguments to start the process then fortify issue is not coming

Please help me to resolve this.

0 Nagarani Ch
7 months ago

Below is my code

var cProcess = new Process
{
StartInfo =
{
FileName = sr, Arguments = arguments, WindowStyle = ProcessWindowStyle.Minimized,
UseShellExecute = false
}
};
cProcess.Start();
return cProcess;

And I am getting below Fortify error

Command Injection
(Input Validation and Representation, Semantic)

The method StartProcess() in WindowsApiManager.cs calls set_Arguments() to execute a command. This call might allow an attacker to inject malicious commands.
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Menu

Fortify

Command Injection

Resources