/*
* This reference program was developed in March 2011 as part of CIT599
* Independent Research by Hamda Hasan
* 
* This code implements CWE-078: http://cwe.mitre.org
* This code implements OS Command Injection vulnerability in a "Scope" structure
* The code runs OS Command entered by user without validating the input
*/
using System;
using System.Collections.Generic;
using System.Text;
using System.Diagnostics;

class OS_Command_Injection_scope_78{
    public OS_Command_Injection_scope_78(){
        Console.WriteLine("Please Enter OS command: ");
        string userCommand = Console.ReadLine();
        Console.WriteLine(userCommand);
        if (userCommand.Length != 0)
            excuteCommand(userCommand);
    }
    public void excuteCommand(string cmd) {
	try
	{
        	Process.Start(cmd);
	}
	catch (System.ComponentModel.Win32Exception)
	{
		Console.WriteLine("Error opening file");
	}
    }
    static void Main(string[] args){
        OS_Command_Injection_scope_78 vul78 = new OS_Command_Injection_scope_78();
    }
}