stackoom
  简体   繁体   中英

OS Command Injection from Process.Start

 原文  2014-10-23 20:24:20       c#/ code-injection/ process.start

Question

My application is using Process.Start for opening other application to run. VeraCode reported as OS Command Injection Vulnerable. I would like to get some comment. I can found a lot of information on the web regarding to filter the input or to constraint the program name. However, I am curious to see if there's any other alternatives of using Process.Start?

Edit: Thanks for the comment, here is one of the sample, and yes, it is getting input from users:

    public static void Run(string fileName, string arguments, bool waitForExit)
    {
        Process p = Process.Start(fileName, arguments);

        if (waitForExit)
            p.WaitForExit();
    }

Thanks!

3 answers

solution1
 1  2014-10-23 20:28:51

The Process class is nothing else then a Managed wrapper class the the Native Create Process and its Variations like Create Process As User .

I don't think that there is another way to start a process than this, because every other solution would also call the WinAPI function. ( because this function (or its overloads and Variations) is the only way to start a process in Windows).

Personally, I have not heard anything about a problem with Process.Start please clarify the problem

regards

solution2
 1  2021-06-08 07:51:06

This is a command injection vulnerability because you have not filtered out the users input from the function and directly appended to the process.start() Due to this, the tool has marked it as a vulnerability.

To avoid this issue you should use regex method to filter out the bad characters and depending on what that function is going to do when it gets run.

for eg. you function is created only to check from this path c:/users/docs.txt then that function should not get executed for c:/admin/docs.txt.

This is how you need to validate before sending the user data directly into the process.

For more information refer this awesome link : https://dotnet-security-guard.github.io/SG0001.htm

or https://www.veracode.com/security/dotnet/cwe-78

solution3
 0  2020-11-24 10:57:49

I ran into this as well. You need to set the UseShellExecute property to false. Then Veracode will not consider it a vulnerability.

using (WinProcess myProcess = new WinProcess())
{
    myProcess.StartInfo.FileName = "notepad.exe";
    myProcess.StartInfo.Arguments = Path.GetFileName(fullPath);
    myProcess.StartInfo.UseShellExecute = false;
    myProcess.StartInfo.WorkingDirectory = Path.GetDirectoryName(fullPath);
    myProcess.StartInfo.RedirectStandardOutput = false;
    myProcess.Start();
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Process.Start not executing command Process.Start() get errors from command prompt window Can't run command from Process.Start Specifying command line parameters in Process.start Weird Messages by executing Process.Start command Cannot launch process from Process.Start Process.Start from user machine Log to text file from Process.Start Process.Start from .txt file to textbox Process.Start() file from Resources
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM