How to resolve problem to Microsoft.CodeAnalysis.CSharp.Scripting.CSharpScript-CodePudding

[HttpGet("vulnerability")]
public IActionResult vulnerability(string input)
{
  object content = 0;
  try
  {
    content = new Microsoft.CodeAnalysis.CSharp.Scripting.CSharpScript(input).EvaluateAsync().Result;
  }
  catch (Exception)
  {
    content = "";
  }
  return View("Example", new { vuln = content });
}

I'm going to implement a "code injection" vulnerability in .net core.

The vulnerable configuration takes input to input and tries to execute it as an eval. Yes) Input: 1 1 Result screen: 2

by the way

Microsoft.CodeAnalysis.CSharp.Scripting.CSharpScript(input).EvaluateAsync().Result;

An error occurs in the portion. Occurrence Error - CS0712

EvaluateAsync() Microsoft.CodeAnalysis.CSharp.Scripting.CSharpScript(input).EvaluateAsync().Result;

An error occurs in the portion. CS0712

EvaluateAsync() Occurrence Error - CS1501

How can I solve this?

I tried to solve the problem by referring to the official document.

CodePudding user response：

Your code should like below:

    [HttpGet("vulnerability")]
    public async Task<IActionResult> vulnerability(string input)
    {
        object content = 0;
        try
        {
            content =  await CSharpScript.EvaluateAsync(input);
        }
        catch (Exception)
        {
            content = "";
        }
        return Ok(new { vuln = content });
    }

And the test result: