Ana Sayfa Keşfet Yardım
Giriş Yap
msc
/
cheatsheets
1
0
Çatalla 0
Dosyalar Sorunlar 0 Değişiklik İstekleri 0 Wiki
Kaynağa Gözat

Added secure-coding_dotNet.md

Marius Schwarz 5 yıl önce
ebeveyn
7504784812
işleme
1eb3ef4b38
1 değiştirilmiş dosya ile 62 ekleme ve 0 silme
Görünümü Böl Farklılık Durumunu Göster
  1. 62 0
      cheatsheets/security/secure-coding/secure-coding_dotNet.md

+ 62 - 0
cheatsheets/security/secure-coding/secure-coding_dotNet.md
Dosyayı Görüntüle 

@@ -0,0 +1,62 @@
 
+---
 
+title: Secure Coding .NET
 
+categories: [cheatsheets]
 
+tags: [topic]
 
+---
 
+
 
+# Secure Coding .NET
 
+
 
+## Path Traversal
 
+
 
+
 
+## ZIP Slip
 
+
 
+* Vulnerable (but common) implementation
 
+* This is also recommended when using the SharpZIP Library
 
+    - [https://github.com/icsharpcode/SharpZipLib/wiki/Unpack-a-Zip-with-full-control-over-the-operation](https://github.com/icsharpcode/SharpZipLib/wiki/Unpack-a-Zip-with-full-control-over-the-operation]
 
+
 
+
 
+
 
+```C#
 
+using (ZipFile zipFile = new ZipFile(filename))  // filename = C:\SomePath\malicious.IFXRep
 
+{
 
+    zipFile.Password = null;
 
+    foreach (object obj in zipFile)
 
+    {
 
+        ZipEntry zipEntry = (ZipEntry)obj; // zipEntry loops every File in the Archive
 
+        if (zipEntry.IsFile)
 
+        {
 
+            string name = zipEntry.Name; // name = ..\..\..\..\..\..\malicous\path\traversal\malicious.exe"
 
+            byte[] buffer = new byte[4096];
 
+            Stream inputStream = zipFile.GetInputStream(zipEntry);
 
+
 
+
 
+            /*
 
+                This is the dangerous part! The Path Traversal and the extraction path are combined.
 
+                -> "C:\EasyApe\extract\<pid>" +  "..\..\..\" = Malicious Path Traversal
 
+                The vulnerability here is in the usage of the library and not in the library itself.
 
+            */
 
+            string path2 = Path.Combine(path, name);
 
+
 
+            string directoryName = Path.GetDirectoryName(path2);
 
+            if (directoryName != null && directoryName.Length > 0)
 
+            {
 
+                    Directory.CreateDirectory(directoryName);
 
+            }
 
+            using (FileStream fileStream = File.Create(path2))
 
+            {
 
+                    StreamUtils.Copy(inputStream, fileStream, buffer);
 
+            }
 
+        }
 
+    }
 
+}
 
+```
 
+
 
+A fast way of doing this correctly:
 
+
 
+```C#
 
+using (FastZip zipFile = new FastZip()) {
 
+    zipFile.ExtractZip(filename, "%APPDATA%\Local\EasyAPEPro\EasyAPE\extract\<pid>\")
 
+}
 
+```
 
+