In .NET5+ projects one could use ProcessStartInfo.Arguments

madelson / MedallionShell

A .NET library simplifying the execution and chaining of processes

MIT License

415 stars 32 forks source link

In .NET5+ projects one could use ProcessStartInfo.Arguments #95

Open drauch opened 1 year ago

drauch commented 1 year ago

While I'm on it:

When targeting .NET5+ we could use ProcessStartInfo.ArgumentList to prevent argument injection by user input https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.processstartinfo.argumentlist?view=net-5.0

Of course this would need an #ifdef for older platforms not supporting this new property.

Best regards, D.R.

madelson commented 1 year ago

@drauch yeah the need for #ifdef is why I've avoided this so far but I agree that it would be nice to leverage the native capability.

MedallionShell does encode arguments to prevent injection, though. Do you have reason to believe that the built-in argument encoding is not sufficient?

drauch commented 1 year ago

I haven't checked it to be honest.