webclient - Veracode fails with the following error: Insertion of Sensitive Information Into Sent Data when using AppSettings
问题描述
I have the following logic for a WebClient
:
var wc = new WebClient();
wc.QueryString.Add("ID", id);
wc.QueryString.Add("fyear", $"{y}");
wc.QueryString.Add("fmonth", $"{m}");
wc.QueryString.Add("fday", $"{d}");
wc.QueryString.Add("SType", $"{tID}");
wc.UseDefaultCredentials = true;
sPdf = wc.DownloadData(Configuration.GetURLString);
The line the scan is pointing out to is:
sPdf = wc.DownloadData(Configuration.GetURLString);
GetURLString
is defined as following:
public static string GetURLString
=> ConfigurationManager.AppSettings["GenURLString"] ?? "";
I made a change to sPdf = wc.DownloadData(new Uri(Configuration.GetURLString));
but it failed in the run time, so the change was rolled back.
What is another way to mitigate that issue?
解决方案
推荐阅读
- python - CSV 类型错误,csv_reader 不可调用?不会工作
- java - JavaFX 导出和 VM 参数
- azure - 如何将 Azure 资源组从一个 azure 帐户移动到另一个 azure 帐户?
- ruby - RSpec“允许”静默终止“它”块
- javascript - Vue,将多个参数/参数传递给函数
- javascript - 按两个项目过滤 react-instantsearch
- xcode - IBUIColor.m 中的断言失败 - Xamarin.iOS
- java - JPQL 查询从一对一关系中选择实体,其中它的相对具有匹配特定条件的字段
- javascript - 删除类不会停止 IE11 中的关键帧动画
- python - 从现有行生成新的 Dataframe 列