以下是 checkmarx 报告已说明 XSS 风险的代码。
public string MasterPage(string name)
{
var img = string.Empty;
SqlConnection dataConnection1 = new SqlConnection(conn);
SqlCommand dataCommand2 = dataConnection1.CreateCommand();
// dataCommand2.CommandText = "select Uid from Usrtable where Uname = @Uname";
dataCommand2.CommandText = "select Uimage from Usrtable where Uname = @Uname";
dataCommand2.Parameters.AddWithValue("@Uname", name.ToString());
dataConnection1.Open();
// int id = (int)(dataCommand2.ExecuteScalar());
img =(string) dataCommand2.ExecuteScalar();
dataConnection1.Close();
}
用户界面
<asp:Image ID="Image1" Runat="server" />
aspx.cs
var img = logic.MasterLogic(name);
Image1.ImageUrl = @"images" + "/" + img.ToString();//images is a folder.Getting img from database table. img is the image path saved in the db.The report points at this line for vulnerability.
Image2.ImageUrl = @"images" + "/" + img.ToString();
string clientname = Session["clientname"].ToString();
Client.Text = Session["clientname"].ToString();
报告称:数据类文件从数据库中获取数据,用于 ExecuteScalar 元素。然后,该元素的值在没有经过适当过滤或编码的情况下流经代码,并最终在方法 Page_Load(aspx.cs) 中显示给用户