CSharp Security Vulnerability Egrep Cheatsheet

These are a set of “suspicious” nodejs patterns that might reveal vulnerabilities.

# Returns instances where anti xss measures are deployed
egrep -r --include "*.cs" -e "(AntiXssEncoder|Server\.HtmlEncode|Html.Encode)" .

# Returns possible command injection areas
egrep -r --include "*.cs" -e "(Process|Process\.Start)\(" .

# Returns possible xss scenarios (string concatention in HTML/XML)
egrep -r --include "*.cs" -e "<.*>\"\s*\+.*\+\s*\"<.*>" .

# Returns places where anti csrf measure are deployed
egrep -r --include "*.cs" -e "ValidateAntiForgeryToken" .

# Returns places where raw sql statements are executed
egrep -r --include "*.cs" -e "(ExecuteNonQuery|SqlCommand)\(" .