/*
* This reference program was developed in March 2011 as part of CIT599
* Independent Research by Hamda Hasan
* 
* This code implements CWE-078: http://cwe.mitre.org
* This code implements OS Command Injection vulnerability in a "Loop" structure
* The code runs OS Command entered by user without validating the input
*/
using System;
using System.Collections.Generic;
using System.Text;
using System.Diagnostics;

class OS_Command_Injection_loop_78
{
    public OS_Command_Injection_loop_78(){
        Console.WriteLine("Enter OS command: ");
        string userCommand = Console.ReadLine();
        for (int i = 0; i < 2; i++){
            Console.WriteLine(userCommand);
            if (userCommand.Length != 0)
		try
		{
                	Process.Start(userCommand);
		}
	    	catch (System.ComponentModel.Win32Exception)
		{
			Console.WriteLine("Error opening file");
		}
        }
    }
    static void Main(string[] args){
        OS_Command_Injection_loop_78 vul78 = new OS_Command_Injection_loop_78();
    }
}