提问人:Sayeed Ahmed 提问时间:6/1/2021 更新时间:6/18/2021 访问量:1031
输入验证和表示 - 标头操作:Cookie - C# Cookie - 标头
Input Validation and Representation - Header Manipulation: Cookies- C# Cookies - Header
问:
Fortify 报告了以下问题:输入验证和表示 - 标头操作:Cookie
HttpApplication application = (HttpApplication)source;
if (application.Context.Handler is IRequiresSessionState)
{
string abcCookieIdentity = "abc";
HttpCookie abcCookie = application.Request.Cookies[abcCookieIdentity];
if (abcCookie == null)
{
string mockIdentity = ConfigurationUtility.GetValue("AbcMockIdentity");
if (!string.IsNullOrWhiteSpace(mockIdentity))
{
abcCookie = new HttpCookie(abcCookieIdentity);
abcCookie.Secure = true;
abcCookie.HttpOnly = true;
abcCookie.Value = application.Session.SessionID + "#" + mockIdentity;
application.Response.Cookies.Add(abcCookie);
}
}
if (abcCookie != null)
{
if (application.Session != null)
{
string internalSessionId = application.Session.SessionID;
abcCookie.Secure = true;
string[] cookieValues = abcCookie.Value.Split('#');
if (cookieValues[0].Equals(internalSessionId))
{
IIdentity identity = identity = new GenericI(cookieValues[1]);
IPrincipal principal = new GenericP(identity, new string[] { "Gent" });
Thread.CurrentPrincipal = principal;
application.Context.User = principal;
application.Request.Headers.Add("USER", cookieValues[1]);
application.Response.Cookies.Add(abcCookie);
return;
}
}
}
}
我试图通过添加更多详细信息(如 cookie 过期等)来解决。仍然没有任何效果.. 任何帮助将不胜感激。谢谢!
答:
0赞
Sayeed Ahmed
6/18/2021
#1
我必须在我的代码中使用 Request.Form[“values”]。这解决了问题。
评论