Files
codeql/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/Test.cs
2026-07-07 14:09:48 +01:00

22 lines
576 B
C#

using System;
using System.Web;
using System.Reflection;
public class DLLInjectionHandler : IHttpHandler {
public void ProcessRequest(HttpContext ctx) {
string libraryName = ctx.Request.QueryString["libraryName"]; // $ Source=r1
// BAD: Load DLL based on user input
var badDLL = Assembly.LoadFile(libraryName); // $ Alert=r1
// GOOD: Load DLL using fixed string
var goodDLL = Assembly.LoadFile(@"C:\visual studio 2012\Projects\ConsoleApplication1\ConsoleApplication1\DLL.dll");
}
public bool IsReusable {
get {
return true;
}
}
}