The method StartProcess() in WindowsApiManager.cs calls set_Arguments() to execute a command. This call might allow an attacker to inject malicious commands.
Getting the above issue while I am trying to pass file name and arguments to the start process.
I have tried with reguler expressions and path manipulation techniques but the fortify issue is still coming. If I hard code the file name and arguments to start the process then fortify issue is not coming
Please help me to resolve this.
Below is my code
var cProcess = new Process
{
StartInfo =
{
FileName = sr, Arguments = arguments, WindowStyle = ProcessWindowStyle.Minimized,
UseShellExecute = false
}
};
cProcess.Start();
return cProcess;