Zach
Reputation: 1321
How can I safely execute powershell script from C# with user entered string parameters?
I want to use System.Management.Automation, to run a simple powershell command, with a parameter specified by the user (a string of text representing a comment). It seems like this could be a security issue as there could be a way to inject code into this input.
So is there any way I can make this secure, and ONLY allow them to specify string inputs?
Upvotes: 1
Views: 179
Answers (1)
Pireax
Reputation: 113
The functions AddArgument and AddParameter directly change the parameter value. This means that if anyone tried to inject another command in the same string it won't work, the parameter just gets set to that string. Kind of the same thing as Parameterized Queries.
Upvotes: 3
Related Questions
- How to recursively delete an entire directory with PowerShell 2.0?
- How do I generate a stream from a string?
- How can I pass an argument to a PowerShell script?
- How to run a PowerShell script
- How can I convert String to Int?
- Prompt for user input in PowerShell
- How can I check if a string is null or empty in PowerShell?
- Why not inherit from List<T>?
- How do I pass multiple parameters into a function in PowerShell?
- How do you execute an arbitrary native command from a string?