the-web-application-hackers-handbook

720 Chapter 19 n Finding Vulnerabilities in Source Code
as a mapping from string names to object values, which can be accessed using
the APIs listed in Table 19-5.
Table 19-5: APIs Used to Interact with the User’s Session on the ASP.NET Platform
API
Add
Item
Keys
DESCRIPTION
Adds a new item to the session collection.
Gets or sets the value of a named item in the collection.
Return the names of all items in the collection.
GetEnumerator
CopyTo
Copies the collection of values to an array.
Potentially Dangerous APIs
This section describes some common ASP.NET APIs that can introduce security
vulnerabilities if used in an unsafe manner.
File Access
System.IO.File is the main class used to access files in ASP.NET. All of its
relevant methods are static, and it has no public constructor.
The 37 methods of this class all take a filename as a parameter. Path traversal
vulnerabilities may exist in every instance where user-controllable data is passed
in without checking for dot-dot-slash sequences. For example, the following
code opens a file in the root of the C:\ drive on Windows:
string userinput = “..\\boot.ini”;
FileStream fs = File.Open(“C:\\temp\\” + userinput,
FileMode.OpenOrCreate);
The following classes are most commonly used to read and write file
contents:
n System.IO.FileStream
n System.IO.StreamReader
n System.IO.StreamWriter
They have various constructors that take a file path as a parameter. These
may introduce path traversal vulnerabilities if user-controllable data is passed.
For example:
string userinput = “..\\foo.txt”;
FileStream fs = new FileStream(“F:\\tmp\\” + userinput,
FileMode.OpenOrCreate);