Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

In .NET5+ projects one could use ProcessStartInfo.Arguments #95

Open
drauch opened this issue Feb 17, 2023 · 2 comments
Open

In .NET5+ projects one could use ProcessStartInfo.Arguments #95

drauch opened this issue Feb 17, 2023 · 2 comments
Labels
enhancement
Milestone
1.7

Comments

@drauch
Copy link

drauch commented Feb 17, 2023

While I'm on it:

When targeting .NET5+ we could use ProcessStartInfo.ArgumentList to prevent argument injection by user input https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.processstartinfo.argumentlist?view=net-5.0

Of course this would need an #ifdef for older platforms not supporting this new property.

Best regards,
D.R.
@madelson
Copy link
Owner

madelson commented Feb 18, 2023
edited
Loading

@drauch yeah the need for #ifdef is why I've avoided this so far but I agree that it would be nice to leverage the native capability.

MedallionShell does encode arguments to prevent injection, though. Do you have reason to believe that the built-in argument encoding is not sufficient?

@drauch
Copy link
Author

drauch commented Feb 19, 2023

I haven't checked it to be honest.

madelson added a commit that referenced this issue Feb 25, 2023
@madelson
Leverage native ProcessStartInfo.ArgumentList API instead of string-b…
879dbbd 
…ased

API on newer frameworks.

fix #95
@madelson madelson added this to the 1.7 milestone Feb 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
1.7
Development

No branches or pull requests
2 participants
@madelson @drauch