locked
Resource Injection- Cloud Deployment RRS feed

  • Question

  • Hi All,

    We are moving our application to Cloud. We have found following vulnerable code. We have tried removing those vulnerabilty by validating the input string. I have shared my code snippet below. Please suggest what needs to be done in order to remove the vulnerable code.

    string strDrName = Common.IsValidStr(strDirName+"\\" +fn); // validate function….

                            if (strDrName != "")

                            {

                                System.IO.Directory.CreateDirectory(strDrName);//here is the error…

                                fName = strDirName + "\\" + DateTime.Now.ToString("MMddyyyyhhmmss") + fn;

                            }

                            else

                            {

                                fName = "";

                                fn = "";

                            }

            public static string IsValidStr………………this is the function for validating URL

                (string strpath)

            {

                string strret = "";

                try

                {

                    string[] chars = new string[] { ".docx", ".xlsx", ".doc", ".xls", ".ppt", ".dxt", ".pdf", ".txt" };

                    for (int a = 0; a < chars.Length; a++)

                    {

                        if (strpath.Contains(chars[a]))

                        {

                            strret = strpath;

                            break;

                        }

                        else

                        {

                            strret = ""; ;

                        }

                    }

                }

                catch

                {

                    return "";

                }

                return strret;

            }

    Wednesday, March 6, 2013 4:57 AM

All replies

  • this is probably not the right forum for this. Have you tried at one of the MSDN forums? Are you talking about Azure here? or simple code question for visual studio?

    Kristian (Virtualization and some coffee: http://kristiannese.blogspot.com )

    Wednesday, March 20, 2013 8:16 PM