Command Injection in Aspnet (Csharp)

Command Injection occurs when an application passes untrusted input directly to a system shell or process builder. In an ASP.NET context using C#, this commonly arises in controller actions or services that invoke Process.Start, System.Diagnostics.Process, or helper methods like System.Web.Hosting.HostingEnvironment to run utilities. When user-controlled data such as a filename, IP address, or query parameter is concatenated into the command string without validation, an attacker can append additional commands using shell metacharacters like &, |, or &&.

For example, a diagnostic endpoint that pings a user-supplied host is risky if implemented as:

var host = Request.Query["host"];
var psi = new ProcessStartInfo
{
    FileName = "ping",
    Arguments = $"-n 2 {host}",
    UseShellExecute = false
};
Process.Start(psi);

An attacker sending ?host=example.com&ipconfig (on Windows) or ?host=localhost;id (on Unix) can cause the system to execute unintended commands. middleBrick detects this pattern during black-box scanning by injecting probe payloads and observing unexpected outputs or side effects, classifying the issue under Input Validation and Unsafe Consumption checks.

ASP.NET applications also risk injection through misused libraries that build shell commands dynamically, such as invoking ffmpeg or convert with user-provided filenames. If the runtime identity has elevated privileges, successful injection can lead to data exfiltration or system compromise. middleBrick’s LLM/AI Security checks ensure that endpoints using AI tooling do not inadvertently expose command-building logic via model outputs or logs.

Because middleBrick requires no credentials and scans the unauthenticated attack surface in 5–15 seconds, it can quickly surface these flaws without disrupting operations. Findings include severity, mapped to OWASP API Top 10 and PCI-DSS, with remediation guidance that favors whitelisting and process isolation over ad-hoc filtering.

To remediate Command Injection in ASP.NET with C#, avoid passing untrusted input directly to shell commands. Prefer built-in libraries that operate on structured data rather than spawning processes. When process invocation is unavoidable, use ProcessStartInfo with explicit file paths and strict argument validation, and never set UseShellExecute to true.

1. Use a whitelist approach for allowed values:

var allowedHosts = new HashSet<string> { "8.8.8.8", "1.1.1.1", "localhost" };
var host = Request.Query["host"];
if (!allowedHosts.Contains(host)) {
    return Results.BadRequest("Invalid host");
}
var psi = new ProcessStartInfo
{
    FileName = @"C:\Windows\System32\ping.exe",
    Arguments = $"-n 2 {host}",
    UseShellExecute = false,
    RedirectStandardOutput = true
};
using var process = Process.Start(psi);
string result = process.StandardOutput.ReadToEnd();

2. Avoid shell metacharacters entirely by using the overload that does not invoke a shell. On Unix-like systems, prefer the argument-based form:

var psi = new ProcessStartInfo
{
    FileName = "/bin/ping",
    Arguments = $"-c 2 {host}",
    UseShellExecute = false
};
Process.Start(psi);

3. If you must accept file paths from users, normalize and validate them against a base directory, and do not allow path traversal sequences:

var baseDir = Path.GetFullPath(AppContext.BaseDirectory + "/uploads");
var userFile = Request.Query["file"];
var fullPath = Path.GetFullPath(Path.Combine(baseDir, userFile));
if (!fullPath.StartsWith(baseDir, StringComparison.OrdinalIgnoreCase)) {
    return Results.Forbid();
}
// Use FileInfo or StreamReader on fullPath instead of shell commands

4. For operations like image conversion, consider using managed libraries (e.g., ImageSharp) instead of invoking external binaries. If external tools are required, sanitize input with strict regex patterns and escape arguments properly.

middleBrick’s GitHub Action can be added to CI/CD pipelines to fail builds if a scan detects command injection patterns, ensuring fixes are applied before deployment. The Web Dashboard and MCP Server integrations help track remediation progress across versions.