问题
I am using HP Fortify to address the security issues in my application. I have a piece of code as below for which Fortify throws an error.
The Fortify result says:
The method DownloadAttachment() in fileName.cs includes unvalidated data in an HTTP response header on line lineNo. This enables attacks such as cache-poisoning, cross-site scripting, cross-user defacement, page hijacking, cookie manipulation or open redirect.
Code -
public ActionResult DownloadAttachment(string fullFilePath)
{
var bytes = System.IO.File.ReadAllBytes(fullFilePath);
return File(bytes, MimeMapping.GetMimeMapping(fullFilePath), Path.GetFileName(fullFilePath));
}
What is the threat here and how to address this? Any suggestions?
回答1:
HP is right this is a problem but not in the way they are saying -- the threat here is that you've got an action method that will load any file the web server can read and let a visitor download it. This could easily lead to other attacks depending on what someone downloaded and your networking setup.
What you need to do is handle attachments a bit more carefully and a bit less generically -- this could be just taking the file name as a parameter and looking in a given folder for example.
来源:https://stackoverflow.com/questions/28175747/security-violation-fortify-mvc