Consider specifying the full path to the executable file when spawning processes CS-S1002
Security
Critical
a08
owasp top 10
cwe-426
cwe-427
The Process class allows you to spawn and stop local system processes. However, it is recommended that you always specify the full path to the executable file. Failing to do so causes the program to search for the executable in its working directory and may pose a security risk by executing a similarly named executable should the attacker find a leverage.
Bad Practice
using var process = new Process();
myProcess.StartInfo.FileName = "foo";
Recommended
using var process = new Process();
myProcess.StartInfo.FileName = "/bin/foo";