-
|
I set about writing a query to detect when user input ends up in a GetType call (c#) https://gist.github.com/mwest67/a715df2fec879563255c0d3c2ad25449. the query detects a path right to the GetType call but when I convert from a PartialPathGraph it doesnt find a path. I seem to have fixed it by writing it as in https://gist.github.com/mwest67/70d766988065c6c58d448b9783ccb0ff I would appreciate it if I could get some feed back on if this is the best way to write this query |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 4 replies
-
|
Your second gist looks better, as the sink is not the I don't understand |
Beta Was this translation helpful? Give feedback.
-
|
Yeah because that is the pattern i'm looking for usercontrolled data that get parsed and then passed to GetType (just like in the old DotNetNuke bug). I know more work would need to be done to encapsulate different parsers etc |
Beta Was this translation helpful? Give feedback.
-
|
It sounds like you need two data flow configurations then: One for flow from user-controlled data to a parse call, and one for flow from the parse call to an argument of |
Beta Was this translation helpful? Give feedback.
-
it rings a bell 😄 |
Beta Was this translation helpful? Give feedback.
-
|
Seems like this got resolved, so marking this reply as an accepted answer 😊 |
Beta Was this translation helpful? Give feedback.
Your second gist looks better, as the sink is not the
GetType()call itself, but rather the argument toGetType().I don't understand
isSource: It is defined as all remote entry points that are directly passed toXmlDocument.Load, is that the intention?