Scanning an intentionally vulnerable .NET 6 project with the stand-alone runner does not yield any detection results #269
Description
Environment:
- Version: v5.6.7
- Installation/Running method:
- Visual Studio Extension
- NuGet package
- Standalone tool
- DotNet Core Tool from NuGet
- security-scan4x.zip from GitHub Release section
- Operating System:
- Windows
- Linux
- Mac
Describe the bug
Scanning an intentionally vulnerable .NET 6 project with the stand-alone runner does not yield any detection results.
Repro
Create a .NET 6 Console project, and use the following code in the Program.cs file.
using System.Diagnostics;
using System.Xml;
var rnd = new Random();
byte[] buffer = new byte[16];
rnd.NextBytes(buffer);
var byteString = BitConverter.ToString(buffer);
var doc = new XmlDocument { XmlResolver = null };
doc.Load("/config.xml");
var results = doc.SelectNodes("/Config/Devices/Device[id='" + args[0] + "']");
var p = new Process();
p.StartInfo.FileName = "exportLegacy.exe";
p.StartInfo.Arguments = " -user " + args[0] + " -role user";
p.Start();I would expect some detection results when scanning this project, considering those vulnerabilities are copied directly from the https://security-code-scan.github.io/ page, but instead I get the following output:
C:\Repos\security-spike>security-scan TestLib.sln -f -v
╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬ ╔═╗┌─┐┌┬┐┌─┐ ╔═╗┌─┐┌─┐┌┐┌
╚═╗├┤ │ │ │├┬┘│ │ └┬┘ ║ │ │ ││├┤ ╚═╗│ ├─┤│││
╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ╚═╝└─┘─┴┘└─┘ ╚═╝└─┘┴ ┴┘└┘
.NET tool by Jaroslav Lobačevski v5.6.7
Using MSBuild at 'C:\Program Files\dotnet\sdk\6.0.402\' to load projects.
Loading solution 'TestLib.sln'
Evaluate 0:00.0544717 TestLibCmd.csproj
Build 0:00.0780451 TestLibCmd.csproj
Resolve 0:00.0154553 TestLibCmd.csproj (net6.0)
Finished loading solution 'TestLib.sln'
Starting: C:\Repos\security-spike\TestLibCmd\TestLibCmd.csproj
Completed in 00:00:03
0 warnings