Code development platform for open source projects from the European Union institutions :large_blue_circle: EU Login authentication by SMS has been phased out. To see alternatives please check here

Skip to content
Snippets Groups Projects
Commit 1df6deb7 authored by Stefanos DOUMPOULAKIS's avatar Stefanos DOUMPOULAKIS
Browse files

fix: addressed vulnerability issues (!328)

mr: !328

issue: n.a.
parents e3ed8f81 5b25314e
No related branches found
No related tags found
No related merge requests found
...@@ -33,7 +33,7 @@ namespace TUGraz.VECTO ...@@ -33,7 +33,7 @@ namespace TUGraz.VECTO
string argumentsString = ""; string argumentsString = "";
if (cmdArguments.Length > 0) { if (cmdArguments.Length > 0) {
foreach (var cmdArgument in cmdArguments) { foreach (var cmdArgument in cmdArguments) {
argumentsString += "\"" + cmdArgument + "\" "; argumentsString += "\"" + SanitizeInput(cmdArgument) + "\" ";
} }
} }
...@@ -59,6 +59,18 @@ namespace TUGraz.VECTO ...@@ -59,6 +59,18 @@ namespace TUGraz.VECTO
} }
} }
public static string SanitizeInput(string input)
{
var disallowedChars = new char[] { '&', ';', '|', '$' };
foreach (var c in disallowedChars)
{
input = input.Replace(c.ToString(), string.Empty);
}
return input;
}
private static void ValidateVersion(string version, params string[] validVersions) private static void ValidateVersion(string version, params string[] validVersions)
{ {
if (!((IList)validVersions).Contains(version)) if (!((IList)validVersions).Contains(version))
......
...@@ -55,7 +55,7 @@ namespace VECTO3GUI2020.Helper ...@@ -55,7 +55,7 @@ namespace VECTO3GUI2020.Helper
} }
} }
argumentsString = argumentsStrBuilder.ToString(); argumentsString = SanitizeInput(argumentsStrBuilder.ToString());
Debug.WriteLine(argumentsString); Debug.WriteLine(argumentsString);
} }
...@@ -69,5 +69,17 @@ namespace VECTO3GUI2020.Helper ...@@ -69,5 +69,17 @@ namespace VECTO3GUI2020.Helper
} }
} }
public static string SanitizeInput(string input)
{
var disallowedChars = new char[] { '&', ';', '|', '$' };
foreach (var c in disallowedChars)
{
input = input.Replace(c.ToString(), string.Empty);
}
return input;
}
} }
} }
...@@ -66,6 +66,7 @@ namespace TUGraz.VectoCommon.Exceptions ...@@ -66,6 +66,7 @@ namespace TUGraz.VectoCommon.Exceptions
} }
} }
[Serializable]
public class VectoXMLException : VectoException public class VectoXMLException : VectoException
{ {
protected VectoXMLException(SerializationInfo info, StreamingContext context) : base(info, context) { } protected VectoXMLException(SerializationInfo info, StreamingContext context) : base(info, context) { }
......
...@@ -27,5 +27,12 @@ namespace TUGraz.VectoCore.Models.BusAuxiliaries.DownstreamModules.Impl.Electric ...@@ -27,5 +27,12 @@ namespace TUGraz.VectoCore.Models.BusAuxiliaries.DownstreamModules.Impl.Electric
public string Source => null; public string Source => null;
#endregion #endregion
public override bool Equals(object obj)
{
var other = obj as SimpleAlternator;
return (other != null) && (other._efficiency == _efficiency);
}
} }
} }
...@@ -209,17 +209,15 @@ namespace TUGraz.VectoCore.OutputData.FileIO ...@@ -209,17 +209,15 @@ namespace TUGraz.VectoCore.OutputData.FileIO
public virtual void WriteReport(ReportType type, Stream data) public virtual void WriteReport(ReportType type, Stream data)
{ {
Stream stream = null; if (type != ReportType.DeclarationReportPdf)
switch (type) { {
case ReportType.DeclarationReportPdf: throw new ArgumentOutOfRangeException($"ReportType is {type}, but {ReportType.DeclarationReportPdf} is expected.");
stream = new FileStream(PDFReportName, FileMode.Create);
break;
default:
throw new ArgumentOutOfRangeException("type");
} }
using (Stream stream = new FileStream(PDFReportName, FileMode.Create))
{
data.CopyToAsync(stream); data.CopyToAsync(stream);
//stream.Write(data); }
} }
} }
} }
\ No newline at end of file
...@@ -127,8 +127,11 @@ namespace TUGraz.VectoCore.Utils ...@@ -127,8 +127,11 @@ namespace TUGraz.VectoCore.Utils
} }
table.Rows.Add(row); table.Rows.Add(row);
} }
var writer = new StreamWriter("statistics_" + runName + ".csv");
using (var writer = new StreamWriter("statistics_" + runName + ".csv"))
{
VectoCSVFile.Write(writer, table); VectoCSVFile.Write(writer, table);
}
} }
public sealed class DataEntry public sealed class DataEntry
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment