Previous challenge Home
The vulnerability is Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
csharp
// Vulnerable code
using System.Diagnostics;
public class VulnerableSnippet
{
    public static void ExecuteUserCommand(string userCommand)
    {
        Process process = new Process();
        process.StartInfo.FileName = "cmd.exe";
        process.StartInfo.Arguments = "/C " + userCommand;
        process.Start();
    }
}

class Program
{
    static void Main(string[] args)
    {
        Console.WriteLine("Enter a command:");
        string userCommand = Console.ReadLine();
        VulnerableSnippet.ExecuteUserCommand(userCommand);
    }
}
csharp // Vulnerable code using System.Diagnostics; public class VulnerableSnippet { public static void ExecuteUserCommand(string userCommand) { Process process = new Process(); process.StartInfo.FileName = "cmd.exe"; process.StartInfo.Arguments = "/C " + userCommand; process.Start(); } } class Program { static void Main(string[] args) { Console.WriteLine("Enter a command:"); string userCommand = Console.ReadLine(); VulnerableSnippet.ExecuteUserCommand(userCommand); } } To fix the vulnerability, we need to sanitize the user input by escaping any special characters. In the secure code snippet, a new method called `SanitizeInput` has been added which replaces "&" with "^&" and "|" with "^|". This ensures that if the user tries to inject any additional commands using these characters, they will be treated as plain text and not run as separate commands. Then, the sanitized input is passed to the `Arguments` property of `StartInfo`.
csharp
// Solution how to fix the vulnerable code
using System.Diagnostics;
public class SecureSnippet
{
    public static void ExecuteUserCommand(string userCommand)
    {
        Process process = new Process();
        process.StartInfo.FileName = "cmd.exe";
        process.StartInfo.Arguments = $"/C \"{SanitizeInput(userCommand)}\"";
        process.Start();
    }

    private static string SanitizeInput(string input)
    {
        if (string.IsNullOrEmpty(input)) return string.Empty;
        return input.Replace("&", "^&").Replace("|", "^|");
    }
}

class Program
{
    static void Main(string[] args)
    {
        Console.WriteLine("Enter a command:");
        string userCommand = Console.ReadLine();
        SecureSnippet.ExecuteUserCommand(userCommand);
    }
}