Improving Web Application Security: Threats and - CGISecurity

Chapter 7: Building Secure Assemblies 165using System.IO;public static string ReadFile(string filename){// Obtain a canonicalized and valid filenamestring name = Path.GetFullPath(filename);// Now open the file}As part of the canonicalization process, GetFullPath performs the following checks:●●●●●It checks that the file name does not contain any invalid characters, as defined byPath.InvalidPathChars.It checks that the file name represents a file and not an another device type such asa physical drive, a named pipe, a mail slot or a DOS device such as LPT1, COM1,AUX, and other devices.It checks that the combined path and file name is not too long.It removes redundant characters such as trailing dots.It rejects file names that use the //?/ format.Constrain File I/O Within Your Application’s ContextAfter you know you have a valid file system file name, you often need to check that itis valid in your application’s context. For example, you may need to check that it iswithin the directory hierarchy of your application and to make sure your code cannotaccess arbitrary files on the file system. For more information about how to use codeaccess security to constrain file I/O, see “File I/O” in Chapter 8, “Code AccessSecurity in Practice.”Event LogWhen you write event-logging code, consider the threats of tampering andinformation disclosure. For example, can an attacker retrieve sensitive data byaccessing the event logs? Can an attacker cover tracks by deleting the logs or erasingparticular records?Direct access to the event logs using system administration tools such as the EventViewer is restricted by Windows security. Your main concern should be to ensure thatthe event logging code you write cannot be used by a malicious user forunauthorizedaccess to the event log.