Writing Secure Code is not secure?

2010年6月29日
Consider the following code snippet, that checks the file name extension is in a list of allowed extensions:
 
using System.Text.RegularExpressions;

static bool IsOKExtension(string Filename) {
        Regex r =
    new Regex(@"txt|rtf|gif|jpg|bmp$",
    RegexOptions.IgnoreCase);
        return r.Match(Filename).Success;
}
Is this code correct? I tried:
 
public static void Main()
{
    Console.WriteLine(IsOKExtension("txt")); // true
    Console.WriteLine(IsOKExtension("bmp")); // true
    Console.WriteLine(IsOKExtension("txtabc")); // true
    Console.WriteLine(IsOKExtension("yellowdog")); // false
}
What a pity… Huh, maybe the code is corrected in a future release of the book, anyway I’m not to say it’s a bad book.

留下您的评论