c# - Checkmarx issue: The application stores sensitive personal data Write on the client, in an insecure manner

Question

CheckMarx report throws The application stores sensitive personal data Write on the client, in an insecure manner

Code

var httpWebRequest = (HttpWebRequest)WebRequest.Create(requestUrl);
httpWebRequest.Headers.Clear();
httpWebRequest.ContentType = "application/json";    // set the conetnt type as application/json
httpWebRequest.Method = "POST";  // make the post request
//create the auth tocken on base of user id
// and add the auth tocken to the http web request.
httpWebRequest.Headers.Add("Authorization", CreateToken(userid));  

using (var streamWriter = new StreamWriter(httpWebRequest.GetRequestStream()))
{
    // make the idm request
    var request = new RequestClass{uid = userid, pwd = password, appKey = "XX1"};
    //serialize the request object
    char[] arayChar = JsonConvert.SerializeObject(request).ToCharArray();
    SecureString json = new SecureString();

    foreach (var item in arayChar)
    {
        json.AppendChar(item);
    }
    // write the serialized json over request stream
    // and flush the stream.
    var result = SecureStringToString(json);

    streamWriter.Write(result); 
    streamWriter.Flush();
    streamWriter.Close();
}

I am getting this error on streamWriter.Write(result);.

Error message is: The application stores sensitive personal data Write on the client, in an insecure manner.

score 1 · Accepted Answer

这是一个误报。该类StreamWriter可用于写入文件，但在这种情况下，它会写入 HTTP 请求正文的内存流。所以这段代码不会在客户端存储数据。

告诉检查员忽略这一行，或将代码更改为不使用 StreamWriter。无论如何，您可能都想使用 HttpClient，使用更方便的方法来创建 HTTP 请求。

c# - Checkmarx issue: The application stores sensitive personal data Write on the client, in an insecure manner

1 回答 1

Related

Reference