From 920d36753a70bdeb88156113402014b156a0cd76 Mon Sep 17 00:00:00 2001
From: "ARTECH\\sgrampone" <sgrampone@genexus.com>
Date: Mon, 7 Jun 2021 16:30:17 -0300
Subject: [PATCH] Avoid false negative on WhiteList with multiple points on
 path

---
 .../Utils/ExtensionsWhiteList.cs              | 22 -------------------
 .../SecurityAPICommons/Utils/SecurityUtils.cs | 17 +++++++++-----
 2 files changed, 11 insertions(+), 28 deletions(-)

diff --git a/dotnet/dotnetframework/SecurityAPICommons/Utils/ExtensionsWhiteList.cs b/dotnet/dotnetframework/SecurityAPICommons/Utils/ExtensionsWhiteList.cs
index 55526b0..578c095 100644
--- a/dotnet/dotnetframework/SecurityAPICommons/Utils/ExtensionsWhiteList.cs
+++ b/dotnet/dotnetframework/SecurityAPICommons/Utils/ExtensionsWhiteList.cs
@@ -28,10 +28,6 @@ public void SetExtension(string value)
 		[SecuritySafeCritical]
 		public bool IsValid(string path)
 		{
-			if (!IsValidName(path))
-			{
-				return false;
-			}
 			string ext = SecurityUtils.getFileExtension(path);
 			for (int i = 0; i < this.whitelist.Count; i++)
 			{
@@ -53,23 +49,5 @@ public bool IsEmpty()
 			return false;
 		}
 
-		private bool IsValidName(string path)
-		{
-			int counter = 0;
-			int i = 0;
-			while (i < path.Length && counter <= 2)
-			{
-				if (path[i] == '.')
-				{
-					counter++;
-				}
-				i++;
-			}
-			if (counter >= 2)
-			{
-				return false;
-			}
-			return true;
-		}
 	}
 }
diff --git a/dotnet/dotnetframework/SecurityAPICommons/Utils/SecurityUtils.cs b/dotnet/dotnetframework/SecurityAPICommons/Utils/SecurityUtils.cs
index a3a711e..0e910b5 100644
--- a/dotnet/dotnetframework/SecurityAPICommons/Utils/SecurityUtils.cs
+++ b/dotnet/dotnetframework/SecurityAPICommons/Utils/SecurityUtils.cs
@@ -2,6 +2,7 @@
 using Org.BouncyCastle.Utilities.Encoders;
 using SecurityAPICommons.Commons;
 using System;
+using System.IO;
 using System.Security;
 
 namespace SecurityAPICommons.Utils
@@ -49,13 +50,17 @@ public static bool extensionIs(string path, string ext)
         [SecuritySafeCritical]
         public static string getFileExtension(string path)
         {
-
-            int lastIndexOf = path.LastIndexOf(".");
-            if (lastIndexOf == -1)
-            {
-                return ""; // empty extension
+            string fileName =  Path.GetFileName(path);
+            string extension;
+			try
+			{
+                extension = Path.GetExtension(fileName);
             }
-            return path.Substring(lastIndexOf);
+             catch(Exception)
+			{
+                extension = "";
+			}
+            return extension;
         }
 
 		[SecuritySafeCritical]