C# 在Veracode中,Google重新验证码响应标记为缺陷CWE 918
我是Sitecore开发人员,在我们的网站上有一个带有重新验证码的表单。在Veracode中验证解决方案时,在GetResponse中会出现CWE 918缺陷。添加下面的代码C# 在Veracode中,Google重新验证码响应标记为缺陷CWE 918,c#,asp.net,rest,sitecore,veracode,C#,Asp.net,Rest,Sitecore,Veracode,我是Sitecore开发人员,在我们的网站上有一个带有重新验证码的表单。在Veracode中验证解决方案时,在GetResponse中会出现CWE 918缺陷。添加下面的代码 public bool IsReCaptchValid() { var result = false; var captchaResponse = Request.Form["g-recaptcha-response"]; var secretKey = Conf
public bool IsReCaptchValid()
{
var result = false;
var captchaResponse = Request.Form["g-recaptcha-response"];
var secretKey = ConfigurationManager.AppSettings["SecretKey"];
var apiUrl = "https://www.google.com/recaptcha/api/siteverify?secret={0}&response={1}";
var requestUri = string.Format(apiUrl, secretKey, captchaResponse);
var request = (HttpWebRequest)WebRequest.Create(requestUri);
using(WebResponse response = request.GetResponse())
{
using (StreamReader stream = new StreamReader(response.GetResponseStream()))
{
JObject jResponse = JObject.Parse(stream.ReadToEnd());
var isSuccess = jResponse.Value<bool>("success");
result = (isSuccess) ? true : false;
}
}
return result;
}
public bool IsReCaptchValid()
{
var结果=假;
var captchaResponse=Request.Form[“g-recaptcha-response”];
var secretKey=ConfigurationManager.AppSettings[“secretKey”];
var apirl=”https://www.google.com/recaptcha/api/siteverify?secret={0}&response={1}”;
var requestUri=string.Format(apirl、secretKey、captchaResponse);
var request=(HttpWebRequest)WebRequest.Create(requestUri);
使用(WebResponse=request.GetResponse())
{
使用(StreamReader stream=newstreamreader(response.GetResponseStream()))
{
JObject jResponse=JObject.Parse(stream.ReadToEnd());
var isSuccess=jResponse.Value(“成功”);
结果=(isSuccess)?真:假;
}
}
返回结果;
}
该漏洞在代码的第一行“request.GetResponse()”中抛出。如何验证响应?提前感谢。请阅读并展示您的尝试。同时展示Veracode对该问题的说明。另外,显示实际构建请求的代码,以便验证它是否有意义或是一条笼统的语句。另外,请参阅。我已经更新了我的代码。