avi7
asked on
A cross-site and a file canonicalization problems
Hi. I'm analyzing my code C# with CAT.NET Code Analysis and getting "Sanitize the file path prior to passing it to file system routines" message for File.Move(Path + "\\...
and a cross-site redirection vulnerability “Do not allow off-site redirections to absolute URLs that can be specified by the user” for Response.Redirect("file:" + Path + "\\...
Is there any solution to these problem? Thanks!
protected void Button1_Click(object sender, EventArgs e)
{
if (FileExt == "aa")
{
if (ListBox1.SelectedValue == "")
{
Response.Redirect("Page1.a spx");
}
else
{
Response.Redirect("file:" + Path + "\\filepath_aa\\" + Status + "\\" + ListBox1.SelectedValue);
}
}
else if (FileExt == "bb")
{
if (ListBox1.SelectedValue == "")
{
Response.Redirect("Page1.a spx");
}
else
{
Response.Redirect("file:" + Path + "\\filepath_bb\\" + Status + "\\" + ListBox1.SelectedValue);
}
}
}
protected void Button2_Click(object sender, EventArgs e)
{
if (FileExt == "aa")
{
if (Status == "New")
{
if (ListBox1.SelectedValue == "")
{
Response.Redirect("Page1.a spx");
}
else
{
File.Move(Path + "\\filepath_aa\\New\\" + ListBox1.SelectedValue, Path + "\\filepath_aa\\New\\New_I tems\\" + ListBox1.SelectedValue);
}
}
else if (Status == "Closed")
{
if (ListBox1.SelectedValue == "")
{
Response.Redirect("Page1.a spx");
}
else
{
File.Move(Path + "\\filepath_aa\\Closed\\" + ListBox1.SelectedValue, Path + "\\filepath_aa\\Closed\\Cl osed_Items \\" + ListBox1.SelectedValue);
}
}…
and a cross-site redirection vulnerability “Do not allow off-site redirections to absolute URLs that can be specified by the user” for Response.Redirect("file:" + Path + "\\...
Is there any solution to these problem? Thanks!
protected void Button1_Click(object sender, EventArgs e)
{
if (FileExt == "aa")
{
if (ListBox1.SelectedValue == "")
{
Response.Redirect("Page1.a
}
else
{
Response.Redirect("file:" + Path + "\\filepath_aa\\" + Status + "\\" + ListBox1.SelectedValue);
}
}
else if (FileExt == "bb")
{
if (ListBox1.SelectedValue == "")
{
Response.Redirect("Page1.a
}
else
{
Response.Redirect("file:" + Path + "\\filepath_bb\\" + Status + "\\" + ListBox1.SelectedValue);
}
}
}
protected void Button2_Click(object sender, EventArgs e)
{
if (FileExt == "aa")
{
if (Status == "New")
{
if (ListBox1.SelectedValue == "")
{
Response.Redirect("Page1.a
}
else
{
File.Move(Path + "\\filepath_aa\\New\\" + ListBox1.SelectedValue, Path + "\\filepath_aa\\New\\New_I
}
}
else if (Status == "Closed")
{
if (ListBox1.SelectedValue == "")
{
Response.Redirect("Page1.a
}
else
{
File.Move(Path + "\\filepath_aa\\Closed\\" + ListBox1.SelectedValue, Path + "\\filepath_aa\\Closed\\Cl
}
}…
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER