问题描述
在 Veracode 扫描后,我在执行以下逻辑时在第 6 行看到“服务器端请求伪造 (SSRF)”错误:
private static string RetrieveScript(string file)
{
1. Uri url = new Uri(file,UriKind.Absolute);
2. HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
3. request.Method = "GET";
4. request.AutomaticDecompression = DecompressionMethods.GZip;
5. request.PreAuthenticate = true;
6. using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
using (StreamReader reader = new StreamReader(response.GetResponseStream()))
{
script = reader.ReadToEnd();
}
}
string[] scripts = path.Split(new string[] { "," },StringSplitOptions.RemoveEmptyEntries);
foreach (string script in scripts)
{
// We only want to serve resource files for security reasons.
if (script.toupperInvariant().Contains(resoursename))
content += RetrieveScript(root + script) + Environment.NewLine;
}
可能的修复方法是什么?
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)