Code development platform for open source projects from the European Union institutions :large_blue_circle: EU Login authentication by SMS has been phased out. To see alternatives please check here

Skip to content
Snippets Groups Projects
Commit 1df6deb7 authored by Stefanos DOUMPOULAKIS's avatar Stefanos DOUMPOULAKIS
Browse files

fix: addressed vulnerability issues (!328)

mr: !328

issue: n.a.
parents e3ed8f81 5b25314e
Branches amdm2/develop
Tags
No related merge requests found
......@@ -33,7 +33,7 @@ namespace TUGraz.VECTO
string argumentsString = "";
if (cmdArguments.Length > 0) {
foreach (var cmdArgument in cmdArguments) {
argumentsString += "\"" + cmdArgument + "\" ";
argumentsString += "\"" + SanitizeInput(cmdArgument) + "\" ";
}
}
......@@ -59,6 +59,18 @@ namespace TUGraz.VECTO
}
}
public static string SanitizeInput(string input)
{
var disallowedChars = new char[] { '&', ';', '|', '$' };
foreach (var c in disallowedChars)
{
input = input.Replace(c.ToString(), string.Empty);
}
return input;
}
private static void ValidateVersion(string version, params string[] validVersions)
{
if (!((IList)validVersions).Contains(version))
......
......@@ -55,7 +55,7 @@ namespace VECTO3GUI2020.Helper
}
}
argumentsString = argumentsStrBuilder.ToString();
argumentsString = SanitizeInput(argumentsStrBuilder.ToString());
Debug.WriteLine(argumentsString);
}
......@@ -69,5 +69,17 @@ namespace VECTO3GUI2020.Helper
}
}
public static string SanitizeInput(string input)
{
var disallowedChars = new char[] { '&', ';', '|', '$' };
foreach (var c in disallowedChars)
{
input = input.Replace(c.ToString(), string.Empty);
}
return input;
}
}
}
......@@ -66,6 +66,7 @@ namespace TUGraz.VectoCommon.Exceptions
}
}
[Serializable]
public class VectoXMLException : VectoException
{
protected VectoXMLException(SerializationInfo info, StreamingContext context) : base(info, context) { }
......
......@@ -27,5 +27,12 @@ namespace TUGraz.VectoCore.Models.BusAuxiliaries.DownstreamModules.Impl.Electric
public string Source => null;
#endregion
public override bool Equals(object obj)
{
var other = obj as SimpleAlternator;
return (other != null) && (other._efficiency == _efficiency);
}
}
}
......@@ -209,17 +209,15 @@ namespace TUGraz.VectoCore.OutputData.FileIO
public virtual void WriteReport(ReportType type, Stream data)
{
Stream stream = null;
switch (type) {
case ReportType.DeclarationReportPdf:
stream = new FileStream(PDFReportName, FileMode.Create);
break;
default:
throw new ArgumentOutOfRangeException("type");
if (type != ReportType.DeclarationReportPdf)
{
throw new ArgumentOutOfRangeException($"ReportType is {type}, but {ReportType.DeclarationReportPdf} is expected.");
}
using (Stream stream = new FileStream(PDFReportName, FileMode.Create))
{
data.CopyToAsync(stream);
//stream.Write(data);
}
}
}
}
\ No newline at end of file
......@@ -127,8 +127,11 @@ namespace TUGraz.VectoCore.Utils
}
table.Rows.Add(row);
}
var writer = new StreamWriter("statistics_" + runName + ".csv");
using (var writer = new StreamWriter("statistics_" + runName + ".csv"))
{
VectoCSVFile.Write(writer, table);
}
}
public sealed class DataEntry
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment