fix: addressed vulnerability issues

Tools/VECTOStart/StarterHelper.cs

@@ -33,7 +33,7 @@ namespace TUGraz.VECTO
 				string argumentsString = "";
 				if (cmdArguments.Length > 0) {
 					foreach (var cmdArgument in cmdArguments) {
-						argumentsString += "\"" +  cmdArgument + "\" ";
+						argumentsString += "\"" +  SanitizeInput(cmdArgument) + "\" ";
 					}
 				}
 
@@ -59,7 +59,19 @@ namespace TUGraz.VECTO
 			}
 		}
 
-		private static void ValidateVersion(string version, params string[] validVersions)
+        public static string SanitizeInput(string input)
+        {
+            var disallowedChars = new char[] { '&', ';', '|', '$' };
+
+            foreach (var c in disallowedChars)
+            {
+                input = input.Replace(c.ToString(), string.Empty);
+            }
+
+            return input;
+        }
+
+        private static void ValidateVersion(string version, params string[] validVersions)
 		{
 			if (!((IList)validVersions).Contains(version))
 				throw new Exception($"Invalid .NET Version supplied. Only the following values are valid: {string.Join(", ", validVersions)}");

VECTO3GUI2020/Helper/ProcessHelper.cs

@@ -55,7 +55,7 @@ namespace VECTO3GUI2020.Helper
 					}
 				}
 
-				argumentsString = argumentsStrBuilder.ToString();
+				argumentsString = SanitizeInput(argumentsStrBuilder.ToString());
 				Debug.WriteLine(argumentsString);
 			}
 
@@ -69,5 +69,17 @@ namespace VECTO3GUI2020.Helper
 			}
 		}
 
-	}
+        public static string SanitizeInput(string input)
+        {
+            var disallowedChars = new char[] { '&', ';', '|', '$' };
+
+            foreach (var c in disallowedChars)
+            {
+                input = input.Replace(c.ToString(), string.Empty);
+            }
+
+            return input;
+        }
+
+    }
 }

VectoCommon/VectoCommon/Exceptions/VectoExceptions.cs

@@ -66,7 +66,8 @@ namespace TUGraz.VectoCommon.Exceptions
 		}
 	}
 
-	public class VectoXMLException : VectoException
+    [Serializable]
+    public class VectoXMLException : VectoException
 	{
 		protected VectoXMLException(SerializationInfo info, StreamingContext context) : base(info, context) { }
 		public VectoXMLException(string message) : base(message) { }

VectoCore/VectoCore/Models/BusAuxiliaries/DownstreamModules/Impl/Electrics/SimpleAlternator.cs

@@ -26,6 +26,13 @@ namespace TUGraz.VectoCore.Models.BusAuxiliaries.DownstreamModules.Impl.Electric
 
 		public string Source => null;
 
-		#endregion
-	}
+        #endregion
+
+        public override bool Equals(object obj)
+        {
+			var other = obj as SimpleAlternator;
+            return (other != null) && (other._efficiency == _efficiency);
+        }
+
+    }
 }

VectoCore/VectoCore/OutputData/FileIO/FileOutputWriter.cs

@@ -209,17 +209,15 @@ namespace TUGraz.VectoCore.OutputData.FileIO
 
 		public virtual void WriteReport(ReportType type, Stream data)
 		{
-			Stream stream = null;
-			switch (type) {
-				case ReportType.DeclarationReportPdf:
-					stream = new FileStream(PDFReportName, FileMode.Create);
-					break;
-				default:
+			if (type != ReportType.DeclarationReportPdf)
+			{
+                throw new ArgumentOutOfRangeException($"ReportType is {type}, but {ReportType.DeclarationReportPdf} is expected.");
+            }
 
-					throw new ArgumentOutOfRangeException("type");
-			}
-			data.CopyToAsync(stream);
-			//stream.Write(data);
+			using (Stream stream = new FileStream(PDFReportName, FileMode.Create))
+			{
+                data.CopyToAsync(stream);
+            }
 		}
 	}
 }
\ No newline at end of file

VectoCore/VectoCore/Utils/IterationStatistics.cs

@@ -127,8 +127,11 @@ namespace TUGraz.VectoCore.Utils
 				}
 				table.Rows.Add(row);
 			}
-			var writer = new StreamWriter("statistics_" + runName + ".csv");
-			VectoCSVFile.Write(writer, table);
+
+			using (var writer = new StreamWriter("statistics_" + runName + ".csv"))
+			{
+                VectoCSVFile.Write(writer, table);
+            }
 		}
 
 		public sealed class DataEntry