asked on
A cross-site and a file canonicalization problems
Hi. I'm analyzing my code C# with CAT.NET Code Analysis and getting "Sanitize the file path prior to passing it to file system routines" message for File.Move(Path + "\\...
and a cross-site redirection vulnerability “Do not allow off-site redirections to absolute URLs that can be specified by the user” for Response.Redirect("file:" + Path + "\\...
Is there any solution to these problem? Thanks!
protected void Button1_Click(object sender, EventArgs e)
{
if (FileExt == "aa")
{
if (ListBox1.SelectedValue == "")
{
Response.Redirect("Page1.a
}
else
{
Response.Redirect("file:" + Path + "\\filepath_aa\\" + Status + "\\" + ListBox1.SelectedValue);
}
}
else if (FileExt == "bb")
{
if (ListBox1.SelectedValue == "")
{
Response.Redirect("Page1.a
}
else
{
Response.Redirect("file:" + Path + "\\filepath_bb\\" + Status + "\\" + ListBox1.SelectedValue);
}
}
}
protected void Button2_Click(object sender, EventArgs e)
{
if (FileExt == "aa")
{
if (Status == "New")
{
if (ListBox1.SelectedValue == "")
{
Response.Redirect("Page1.a
}
else
{
File.Move(Path + "\\filepath_aa\\New\\" + ListBox1.SelectedValue, Path + "\\filepath_aa\\New\\New_I
}
}
else if (Status == "Closed")
{
if (ListBox1.SelectedValue == "")
{
Response.Redirect("Page1.a
}
else
{
File.Move(Path + "\\filepath_aa\\Closed\\" + ListBox1.SelectedValue, Path + "\\filepath_aa\\Closed\\Cl
}
}…
and a cross-site redirection vulnerability “Do not allow off-site redirections to absolute URLs that can be specified by the user” for Response.Redirect("file:" + Path + "\\...
Is there any solution to these problem? Thanks!
protected void Button1_Click(object sender, EventArgs e)
{
if (FileExt == "aa")
{
if (ListBox1.SelectedValue == "")
{
Response.Redirect("Page1.a
}
else
{
Response.Redirect("file:" + Path + "\\filepath_aa\\" + Status + "\\" + ListBox1.SelectedValue);
}
}
else if (FileExt == "bb")
{
if (ListBox1.SelectedValue == "")
{
Response.Redirect("Page1.a
}
else
{
Response.Redirect("file:" + Path + "\\filepath_bb\\" + Status + "\\" + ListBox1.SelectedValue);
}
}
}
protected void Button2_Click(object sender, EventArgs e)
{
if (FileExt == "aa")
{
if (Status == "New")
{
if (ListBox1.SelectedValue == "")
{
Response.Redirect("Page1.a
}
else
{
File.Move(Path + "\\filepath_aa\\New\\" + ListBox1.SelectedValue, Path + "\\filepath_aa\\New\\New_I
}
}
else if (Status == "Closed")
{
if (ListBox1.SelectedValue == "")
{
Response.Redirect("Page1.a
}
else
{
File.Move(Path + "\\filepath_aa\\Closed\\" + ListBox1.SelectedValue, Path + "\\filepath_aa\\Closed\\Cl
}
}…
C#
Last Comment
avi7
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a questionASKER
Thanks!
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck