Merge pull request #3232 from dipsylala/semgrep-9301

Checks for ProcessStartInfo instantiator
semgrep · Jan 25, 2024 · 327afd7 · 327afd7
2 parents 7d69825 + 64c8bcd
commit 327afd7
Show file tree

Hide file tree

Showing 2 changed files with 79 additions and 0 deletions.
diff --git a/csharp/lang/security/injections/os-command.cs b/csharp/lang/security/injections/os-command.cs
@@ -116,5 +116,65 @@ public void RunConstantAppWithArgs(string args)
             // ok: os-command-injection
             var process = Process.Start(processStartInfo);
         }
+
+        public void RunOsCommandAndArgsWithProcessParam(string command, string arguments)
+        {
+            Process process = new Process
+            {
+                StartInfo = new ProcessStartInfo
+                {
+                    FileName = command,
+                    Arguments = args
+                }
+            };
+
+            // ruleid: os-command-injection
+            process.Start();
+        }
+
+        public void RunOsCommandAndArgsWithProcessParam(string command, string arguments)
+        {
+            Process process = new Process
+            {
+                StartInfo = new ProcessStartInfo
+                {
+                    FileName = "constant",
+                    Arguments = arguments
+                }
+            };
+
+            // ruleid: os-command-injection
+            process.Start();
+        }
+
+        public void RunOsCommandAndArgsWithProcessParam(string command, string arguments)
+        {
+            Process process = new Process
+            {
+                StartInfo = new ProcessStartInfo
+                {
+                    FileName = command,
+                    Arguments = "constant"
+                }
+            };
+
+            // ruleid: os-command-injection
+            process.Start();
+        }
+
+        public void RunOsCommandAndArgsWithProcessParam(string command, string arguments)
+        {
+            Process process = new Process
+            {
+                StartInfo = new ProcessStartInfo
+                {
+                    FileName = "constant",
+                    Arguments = "constant"
+                }
+            };
+
+            // ok: os-command-injection
+            process.Start();
+        }
     }
 }
diff --git a/csharp/lang/security/injections/os-command.yaml b/csharp/lang/security/injections/os-command.yaml
@@ -72,3 +72,22 @@ rules:
       - pattern: |
           Process.Start($PSINFO);
       - focus-metavariable: $PSINFO
+    - patterns:
+        - pattern-inside: |
+            Process $PROC = new Process()
+            {
+              StartInfo = new ProcessStartInfo()
+              {
+                ...
+              }
+            };
+            ...
+        - pattern-either:
+            - pattern-inside: |
+                FileName = $ARG;
+                ...
+            - pattern-inside: |
+                Arguments = $ARG;
+                ...
+        - pattern: |
+            $PROC.Start();