Link to home
Start Free TrialLog in
Avatar of avi7
avi7

asked on

A cross-site and a file canonicalization problems

Hi. I'm analyzing my code C# with CAT.NET Code Analysis and getting "Sanitize the file path prior to passing it to file system routines" message for File.Move(Path + "\\...

and a cross-site redirection vulnerability “Do not allow off-site redirections to absolute URLs that can be specified by the user” for  Response.Redirect("file:" + Path + "\\...

Is there any solution to these problem?  Thanks!

protected void Button1_Click(object sender, EventArgs e)
{
 if (FileExt == "aa")
 {
   if (ListBox1.SelectedValue == "")
   {
     Response.Redirect("Page1.aspx");
   }
   else
   {
Response.Redirect("file:" + Path + "\\filepath_aa\\" + Status + "\\" + ListBox1.SelectedValue);
   }
 }
 else if (FileExt == "bb")
 {
   if (ListBox1.SelectedValue == "")
   {
     Response.Redirect("Page1.aspx");
   }
   else
   {
Response.Redirect("file:" + Path + "\\filepath_bb\\" + Status + "\\" + ListBox1.SelectedValue);
   }
 }
}

protected void Button2_Click(object sender, EventArgs e)
{
 if (FileExt == "aa")
 {
  if (Status == "New")
  {
   if (ListBox1.SelectedValue == "")
   {
     Response.Redirect("Page1.aspx");
   }
   else
   {
File.Move(Path + "\\filepath_aa\\New\\" + ListBox1.SelectedValue, Path + "\\filepath_aa\\New\\New_Items\\" + ListBox1.SelectedValue);
   }
  }
  else if (Status == "Closed")
  {
   if (ListBox1.SelectedValue == "")
   {
     Response.Redirect("Page1.aspx");
   }
   else
   {
File.Move(Path + "\\filepath_aa\\Closed\\" + ListBox1.SelectedValue, Path + "\\filepath_aa\\Closed\\Closed_Items\\" + ListBox1.SelectedValue);
    }
   }…
ASKER CERTIFIED SOLUTION
Avatar of wdosanjos
wdosanjos
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of avi7
avi7

ASKER

Thanks!