mirror of
https://github.com/github/codeql.git
synced 2025-12-17 17:23:36 +01:00
24 lines
668 B
C#
24 lines
668 B
C#
// semmle-extractor-options: /r:System.Collections.Specialized.dll ${testdir}/../../../../resources/stubs/System.Web.cs
|
|
|
|
using System;
|
|
using System.Web;
|
|
using System.Reflection;
|
|
|
|
public class DLLInjectionHandler : IHttpHandler {
|
|
public void ProcessRequest(HttpContext ctx) {
|
|
string libraryName = ctx.Request.QueryString["libraryName"];
|
|
|
|
// BAD: Load DLL based on user input
|
|
var badDLL = Assembly.LoadFile(libraryName);
|
|
|
|
// GOOD: Load DLL using fixed string
|
|
var goodDLL = Assembly.LoadFile(@"C:\visual studio 2012\Projects\ConsoleApplication1\ConsoleApplication1\DLL.dll");
|
|
}
|
|
|
|
public bool IsReusable {
|
|
get {
|
|
return true;
|
|
}
|
|
}
|
|
}
|