File tree Expand file tree Collapse file tree 3 files changed +3
-3
lines changed
csharp/ql/src/Security Features/CWE-022/examples Expand file tree Collapse file tree 3 files changed +3
-3
lines changed Original file line number Diff line number Diff line change @@ -6,7 +6,7 @@ public class TaintedPathHandler : IHttpHandler
66{
77 public void ProcessRequest ( HttpContext ctx )
88 {
9- String filename = ctx . Request . QueryString [ "path" ] ;
9+ string filename = ctx . Request . QueryString [ "path" ] ;
1010 // BAD: This could read any file on the filesystem.
1111 ctx . Response . Write ( File . ReadAllText ( filename ) ) ;
1212 }
Original file line number Diff line number Diff line change @@ -6,7 +6,7 @@ public class TaintedPathHandler : IHttpHandler
66{
77 public void ProcessRequest ( HttpContext ctx )
88 {
9- String filename = ctx . Request . QueryString [ "path" ] ;
9+ string filename = ctx . Request . QueryString [ "path" ] ;
1010
1111 string publicFolder = Path . GetFullPath ( "/home/" + user + "/public" ) ;
1212 string filePath = Path . GetFullPath ( Path . Combine ( publicFolder , filename ) ) ;
Original file line number Diff line number Diff line change @@ -6,7 +6,7 @@ public class TaintedPathHandler : IHttpHandler
66{
77 public void ProcessRequest ( HttpContext ctx )
88 {
9- String filename = ctx . Request . QueryString [ "path" ] ;
9+ string filename = ctx . Request . QueryString [ "path" ] ;
1010 // GOOD: ensure that the filename has no path separators or parent directory references
1111 if ( filename . Contains ( ".." ) || filename . Contains ( "/" ) || filename . Contains ( "\\ " ) )
1212 {
You can’t perform that action at this time.
0 commit comments