.net - 使用 checkMarx 工具在代码扫描期间遇到 checkMarx 路径遍历问题

问题描述

执行 HttpWebRequest 时出现checkMarx路径遍历问题，

来自 checkmarx 的错误消息： 从 headers 元素获取动态数据。该元素的值随后流经代码并最终用于本地磁盘访问的文件路径中。

我在标头中传递的唯一输入是访问 API 的令牌。有没有办法克服这个问题？

下面是代码，我从 cookie 中获取令牌并将其与 httpRequest 一起传递。

Dim responseString As String = ExecuteURL("www.mysite.com\action")

Private Function ExecuteURL(ByVal url As String) As String

        Dim basicRequest As HttpWebRequest = DirectCast(WebRequest.Create(url), HttpWebRequest)
        basicRequest.ContentType = "application/json; charset=utf-8"
        basicRequest.Method = "GET"

        Dim cookie As HttpCookie = HttpContext.Current.Request.Cookies("token")
        If Not cookie Is Nothing AndAlso Not String.IsNullOrEmpty(cookie.Value) Then
            basicRequest.Headers.Add("Authorization", "service" + cookie.Value)
        End If
        Dim response As HttpWebResponse
        Try
            response = CType(basicRequest.GetResponse(), HttpWebResponse)
            If Not response Is Nothing Then
                Using streamReader As StreamReader = New StreamReader(response.GetResponseStream())
                    Return streamReader.ReadToEnd()
                End Using
            End If
        Catch ex As System.Net.WebException
            Using streamReader As StreamReader = New StreamReader(ex.Response.GetResponseStream())
                Return streamReader.ReadToEnd()
            End Using
        End Try

        Return String.Empty
    End Function

标签： .netvb.netcheckmarx