Code Injection Critical

The product generates code segment using external input without proper validation or sanitization, which can modify syntax or behaviour of the intended code segment.

Detector ID

csharp/code-injection@v1.0

Category

Security

Common Weakness Enumeration (CWE)

CWE-94

Tags

# injection # owasp-top10 # top25-cwes

Noncompliant example

1[HttpPost]
2[ValidateInput(false)]
3public ActionResult Index(string inert, string razorTpl)
4{
5    // Noncompliant: user controlled string is directly passed to `Razor.Parse`.
6    ViewBag.RenderedTemplate = Razor.Parse(razorTpl);
7    ViewBag.Template = razorTpl;
8    return View();
9}

Compliant example

1[HttpPost]
2[ValidateInput(false)]
3public ActionResult Index2(string inter, string razorTpl)
4{
5    string razorTpl2 = someFunction(razorTpl);
6    // Compliant: user controlled string is not directly passed to `Razor.Parse`.
7    ViewBag.RenderedTemplate = Razor.Parse(razorTpl2);
8    ViewBag.Template = razorTpl;
9    return View();
10}