How to fix Veracode error "Server-Side Request Forgery (SSRF)" when using HttpWebResponse?

Question

After Veracode scanning I got "Server-Side Request Forgery (SSRF)" error pointing on the line #6 when executing the following logic:

private static string RetrieveScript(string file)
{
   1. Uri url = new Uri(file, UriKind.Absolute);

   2. HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
   3. request.Method = "GET";
   4. request.AutomaticDecompression = DecompressionMethods.GZip;

   5. request.PreAuthenticate = true;

   6. using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())

   using (StreamReader reader = new StreamReader(response.GetResponseStream()))
   {
       script = reader.ReadToEnd();
   }

}

This logic calls the above code:

   string[] scripts = path.Split(new string[] { "," }, StringSplitOptions.RemoveEmptyEntries);
    foreach (string script in scripts)
    {
        // We only want to serve resource files for security reasons.
        if (script.ToUpperInvariant().Contains(resoursename))
            content += RetrieveScript(root + script) + Environment.NewLine;
    }

What is the possible fix?

question from:https://stackoverflow.com/questions/65848577/how-to-fix-veracode-error-server-side-request-forgery-ssrf-when-using-httpwe

Answer 1

Waitting for answers