How to fix Veracode error "Server-Side Request Forgery (SSRF)" when using HttpWebResponse?

Question

Welcome To Ask or Share your Answers For Others

How to fix Veracode error "Server-Side Request Forgery (SSRF)" when using HttpWebResponse?

asked Oct 7, 2021 in Technique[技术] by 深蓝 (71.8m points)

How to fix Veracode error "Server-Side Request Forgery (SSRF)" when using HttpWebResponse?

After Veracode scanning I got "Server-Side Request Forgery (SSRF)" error pointing on the line #6 when executing the following logic:

private static string RetrieveScript(string file)
{
   1. Uri url = new Uri(file, UriKind.Absolute);

   2. HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
   3. request.Method = "GET";
   4. request.AutomaticDecompression = DecompressionMethods.GZip;

   5. request.PreAuthenticate = true;

   6. using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())

   using (StreamReader reader = new StreamReader(response.GetResponseStream()))
   {
       script = reader.ReadToEnd();
   }

}

This logic calls the above code:

   string[] scripts = path.Split(new string[] { "," }, StringSplitOptions.RemoveEmptyEntries);
    foreach (string script in scripts)
    {
        // We only want to serve resource files for security reasons.
        if (script.ToUpperInvariant().Contains(resoursename))
            content += RetrieveScript(root + script) + Environment.NewLine;
    }

What is the possible fix?

question from:https://stackoverflow.com/questions/65848577/how-to-fix-veracode-error-server-side-request-forgery-ssrf-when-using-httpwe

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

Categories

How to fix Veracode error "Server-Side Request Forgery (SSRF)" when using HttpWebResponse?

How to fix Veracode error "Server-Side Request Forgery (SSRF)" when using HttpWebResponse?

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags