add a definition of user

erik-krogh · erik-krogh · commit 4e176236e77b · 2024-02-06T09:21:35.000+01:00
diff --git a/csharp/ql/src/Security Features/CWE-022/examples/TaintedPathGoodFolder.cs b/csharp/ql/src/Security Features/CWE-022/examples/TaintedPathGoodFolder.cs
@@ -8,6 +8,7 @@ public void ProcessRequest(HttpContext ctx)
     {
         string filename = ctx.Request.QueryString["path"];
         
+        string user = ctx.User.Identity.Name;
         string publicFolder = Path.GetFullPath("/home/" + user + "/public");
         string filePath = Path.GetFullPath(Path.Combine(publicFolder, filename));
 

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@ public void ProcessRequest(HttpContext ctx)`
`8`	`8`	`{`
`9`	`9`	`string filename = ctx.Request.QueryString["path"];`
`10`	`10`
	`11`	`+ string user = ctx.User.Identity.Name;`
`11`	`12`	`string publicFolder = Path.GetFullPath("/home/" + user + "/public");`
`12`	`13`	`string filePath = Path.GetFullPath(Path.Combine(publicFolder, filename));`
`13`	`14`