我们的客户端使用 Veracode 扫描工具来扫描 ASP.NET 应用程序。除了以下问题,我们已经解决了许多缺陷。
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
(CWE ID 113)(1 flaw) in the line
HttpContext.Current.Response.AddHeader("Content-Disposition", contentDisposition);
这是对应的代码:
public static void DownloadFile(string fileName, byte[] dByteData, bool isNoOpen = false)
{
byte[] fileContents = new byte[] { };
string contentDisposition = string.Empty;
fileContents = dByteData;
if (string.IsNullOrWhiteSpace(fileName))
{
return;
}
fileName = fileName.Replace("\n", "").Replace("\r", "");
string contentType = "application/*.".Replace("\n", "").Replace("\r", "");
contentDisposition = "attachment; filename=\"" + HttpContext.Current.Server.UrlPathEncode(fileName) + "\"";//While Downloading file - file name comes with junk characters
contentDisposition= contentDisposition.Replace("\n", "").Replace("\r", "");
HttpContext.Current.Response.Buffer = true;
HttpContext.Current.Response.Clear();
HttpContext.Current.Response.ClearContent();
HttpContext.Current.Response.ClearHeaders();
HttpContext.Current.Response.Charset = "";
HttpContext.Current.Response.ContentType = contentType;
if (isNoOpen)
{
HttpContext.Current.Response.AddHeader("X-Download-Options", "noopen");
}
HttpContext.Current.Response.AddHeader("Content-Disposition", contentDisposition);
HttpContext.Current.Response.AddHeader("Content-Length", fileContents.Length.ToString());
HttpContext.Current.Response.BinaryWrite(fileContents.ToArray());
HttpContext.Current.Response.End();
HttpContext.Current.Response.Flush();
HttpContext.Current.ApplicationInstance.CompleteRequest();
}
文件名或路径的外部控制 (CWE ID 73)
if (File.Exists(filePath))
{
File.Delete(filePath);
}
它显示错误File.Delete
。我们已经尝试清理文件路径并且也使用过Path.GetFullpath
,但只是徒劳无功。