Veracode 报告了我的代码存在以下问题:
cweid201
信息泄露:通过发送数据暴露信息
在以下 2 种情况下要解决的问题
1)错误是针对该行给出的
memoryStream.Write(byteArray, 0, byteArray.Length);
代码片段是:
byte[] byteArray = Convert.FromBase64String(compressedString);
using (MemoryStream memoryStream = new MemoryStream(byteArray)) {
memoryStream.Write(byteArray, 0, byteArray.Length);
memoryStream.Position = 0;
using (GZipInputStream gzipInputStream = new GZipInputStream(memoryStream)) {
using (StreamReader streamReader = new StreamReader(gzipInputStream)) {
return streamReader.ReadToEnd();
}
}
}
2)错误是针对该行给出的
textWriter.WriteLine(readLine);
代码片段是:
textWriter = new StreamWriter(path);
string readLine;
while ((readLine = streamReader.ReadLine()) != null) {
textWriter.WriteLine(readLine);
}
谁能解释我如何解决上述情况下的问题?