Checkmarx 问题:应用程序存储敏感的个人数据 以不安全的方式写入客户端
Checkmarx issue: The application stores sensitive personal data Write on the client, in an insecure manner
CheckMarx 报告抛出 The application stores sensitive personal data Write on the client, in an insecure manner
代码
var httpWebRequest = (HttpWebRequest)WebRequest.Create(requestUrl);
httpWebRequest.Headers.Clear();
httpWebRequest.ContentType = "application/json"; // set the conetnt type as application/json
httpWebRequest.Method = "POST"; // make the post request
//create the auth tocken on base of user id
// and add the auth tocken to the http web request.
httpWebRequest.Headers.Add("Authorization", CreateToken(userid));
using (var streamWriter = new StreamWriter(httpWebRequest.GetRequestStream()))
{
// make the idm request
var request = new RequestClass{uid = userid, pwd = password, appKey = "XX1"};
//serialize the request object
char[] arayChar = JsonConvert.SerializeObject(request).ToCharArray();
SecureString json = new SecureString();
foreach (var item in arayChar)
{
json.AppendChar(item);
}
// write the serialized json over request stream
// and flush the stream.
var result = SecureStringToString(json);
streamWriter.Write(result);
streamWriter.Flush();
streamWriter.Close();
}
我在 streamWriter.Write(result); 上收到此错误。
错误信息是:The application stores sensitive personal data Write on the client, in an insecure manner.
这是误报。 StreamWriter class 可用于写入文件,但在本例中它写入 HTTP 请求正文的 in-memory 流。所以这段代码并没有在客户端存储数据。
告诉检查员忽略此行,或更改代码以不使用 StreamWriter。无论如何,您可能想要使用 HttpClient,使用更方便的方法来创建 HTTP 请求。
CheckMarx 报告抛出 The application stores sensitive personal data Write on the client, in an insecure manner
代码
var httpWebRequest = (HttpWebRequest)WebRequest.Create(requestUrl);
httpWebRequest.Headers.Clear();
httpWebRequest.ContentType = "application/json"; // set the conetnt type as application/json
httpWebRequest.Method = "POST"; // make the post request
//create the auth tocken on base of user id
// and add the auth tocken to the http web request.
httpWebRequest.Headers.Add("Authorization", CreateToken(userid));
using (var streamWriter = new StreamWriter(httpWebRequest.GetRequestStream()))
{
// make the idm request
var request = new RequestClass{uid = userid, pwd = password, appKey = "XX1"};
//serialize the request object
char[] arayChar = JsonConvert.SerializeObject(request).ToCharArray();
SecureString json = new SecureString();
foreach (var item in arayChar)
{
json.AppendChar(item);
}
// write the serialized json over request stream
// and flush the stream.
var result = SecureStringToString(json);
streamWriter.Write(result);
streamWriter.Flush();
streamWriter.Close();
}
我在 streamWriter.Write(result); 上收到此错误。
错误信息是:The application stores sensitive personal data Write on the client, in an insecure manner.
这是误报。 StreamWriter class 可用于写入文件,但在本例中它写入 HTTP 请求正文的 in-memory 流。所以这段代码并没有在客户端存储数据。
告诉检查员忽略此行,或更改代码以不使用 StreamWriter。无论如何,您可能想要使用 HttpClient,使用更方便的方法来创建 HTTP 请求。