C# (CSharp) testcases.CWE94_Improper_Control_of_Generation_of_Code CWE94_Improper_Control_of_Generation_of_Code__Get_Cookies_Web_61b.BadSource Examples

Example #1

        public override void Bad(HttpRequest req, HttpResponse resp)
        {
            string        data       = CWE94_Improper_Control_of_Generation_of_Code__Get_Cookies_Web_61b.BadSource(req, resp);
            StringBuilder sourceCode = new StringBuilder("");

            sourceCode.Append("public class Calculator \n{\n");
            sourceCode.Append("\tpublic int Sum()\n\t{\n");
            sourceCode.Append("\t\treturn (10 + " + data.ToString() + ");\n");
            sourceCode.Append("\t}\n");
            sourceCode.Append("}\n");
            /* POTENTIAL FLAW: Compile sourceCode containing unvalidated user input */
            CodeDomProvider    provider   = CodeDomProvider.CreateProvider("CSharp");
            CompilerParameters cp         = new CompilerParameters();
            CompilerResults    cr         = provider.CompileAssemblyFromSource(cp, sourceCode.ToString());
            Assembly           a          = cr.CompiledAssembly;
            object             calculator = a.CreateInstance("Calculator");
            Type       calculatorType     = calculator.GetType();
            MethodInfo mi = calculatorType.GetMethod("Sum");
            int        s  = (int)mi.Invoke(calculator, new object[] {});

            IO.WriteLine("Result: " + s.ToString());
        }