-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathTest.cs
More file actions
23 lines (18 loc) · 813 Bytes
/
Test.cs
File metadata and controls
23 lines (18 loc) · 813 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
// semmle-extractor-options: /nostdlib /noconfig /r:${env.windir}\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll /r:${env.windir}\Microsoft.NET\Framework64\v4.0.30319\System.Web.dll /r:${env.windir}\Microsoft.NET\Framework64\v4.0.30319\System.dll
using System;
using System.Web;
using System.Reflection;
public class DLLInjectionHandler : IHttpHandler {
public void ProcessRequest(HttpContext ctx) {
string libraryName = ctx.Request.QueryString["libraryName"];
// BAD: Load DLL based on user input [NOT DETECTED]
var badDLL = Assembly.LoadFile(libraryName);
// GOOD: Load DLL using fixed string
var goodDLL = Assembly.LoadFile(@"C:\visual studio 2012\Projects\ConsoleApplication1\ConsoleApplication1\DLL.dll");
}
public bool IsReusable {
get {
return true;
}
}
}