Command Injection

The way you handle user input in lines 178-195 of Dashboard.xaml.cs is vulnerable to command injection.

```
switch (ruleType)
                {
                    case "IP":
                        psScript = $"New-NetFirewallRule -DisplayName '{ruleName}' -Direction Outbound -RemoteAddress '{ruleValue}' -Action {action} -Enabled True -Profile Any";
                        break;

                    case "Port":
                        psScript = $"New-NetFirewallRule -DisplayName '{ruleName}' -Direction Outbound -Protocol TCP -RemotePort {ruleValue} -Action {action} -Enabled True -Profile Any";
                        break;

                    case "Application":
                        psScript = $"New-NetFirewallRule -DisplayName '{ruleName}' -Direction Outbound -Program '{ruleValue}' -Action {action} -Enabled True -Profile Any";
                        break;

                    default:
                        MessageBox.Show("Unsupported rule type.");
                        return;
                }
```

<img width="2233" height="665" alt="Image" src="https://github.com/user-attachments/assets/b2de65bd-5009-4676-9529-940a9d1289eb" />



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Command Injection #2

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Command Injection #2

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions