Не удалось выяснить Xss-уязвимость в коде asp.net mvc - PullRequest
0 голосов
/ 16 апреля 2019

Здравствуйте, ребята, я застрял с проблемой Veracode около недели и не смог найти ничего работающего

[HttpPost]
     [ValidateInput(true)]
     [ValidateAntiForgeryToken]

        public ActionResult BusinesscaseAttachment([Bind(Include = "BusinessCaseId,SelectedOrgHierarchyLevelInNewUpload")]BusinessCaseViewModel businessCaseViewModel)
        {
            businessCaseViewModel.BusinessCaseId = Convert.ToInt32(Sanitizer.GetSafeHtmlFragment(Convert.ToString(businessCaseViewModel.BusinessCaseId)));
            businessCaseViewModel.SelectedOrgHierarchyLevelInNewUpload= Convert.ToInt32(Sanitizer.GetSafeHtmlFragment(Convert.ToString(businessCaseViewModel.SelectedOrgHierarchyLevelInNewUpload)));
            HttpPostedFileBase file = Request.Files[0];
            if (!ModelState.IsValid)//Changes 9/4/2019  vulnarability Testing Changes new added
            {
                ModelState.Clear();
            }



            string id =Sanitizer.GetSafeHtmlFragment(businessCaseViewModel.BusinessCaseId.ToString());/*Changes 11/4/2019 vulnarability Testing Changes*/
            ViewBag.IsAttachementTab = true;

            int loggedInUserID = Request.Cookies != null ? Convert.ToInt32(Sanitizer.GetSafeHtmlFragment(Request.Cookies[Constant.Home.UserId].Value)) : -1;
            if (Request.QueryString != null)
            {
                if (Request.QueryString["id"] != null)
                {
                    id = Server.HtmlEncode(Request.QueryString["id"].ToString());
                }
            }

            if (file == null)
            {
                ViewBag.ErrorMessage = Microsoft.Security.Application.Encoder.JavaScriptEncode(Common.ErrorLog.ViewBagErrorMessage.Failure(Pricing360.Resources.Pricing360_en.FileUploadFailure), false);
            }

            if (file == null)
            {
                ViewBag.ErrorMessage = Microsoft.Security.Application.Encoder.JavaScriptEncode(Common.ErrorLog.ViewBagErrorMessage.Failure(Pricing360.Resources.Pricing360_en.FileUploadFailure), false);
            }

            else
            {
                int ourfilesize = file.ContentLength;
                string contentType = Path.GetExtension(Sanitizer.GetSafeHtmlFragment(file.FileName)).ToLower();/*changes 12/4/2019 vulnarability Testing Changes*/
                bool validFileType = false;

                string[] ValidFileType = { ".pdf", ".xls", ".xlsx", ".doc", ".docx", ".ppt", ".pptx", ".jpg", ".png", ".gif", ".docm", ".sla", ".slax", ".xlam", ".jpeg" };

                //size should be less than 5 mb and valid file type
                validFileType = ValidFileType.Contains(contentType);

                if (!validFileType)
                    ViewBag.ErrorMessage = Microsoft.Security.Application.Encoder.JavaScriptEncode(MessageEnum.MsgFileSaveFailed_Type.ToString(), false);
                else if (ourfilesize > 5000000)
                    ViewBag.ErrorMessage = Microsoft.Security.Application.Encoder.JavaScriptEncode(MessageEnum.MsgFileSaveFailed_Size.ToString(), false);
                else
                {
                    try
                    {
                        string filename = System.IO.Path.GetFileName(Sanitizer.GetSafeHtmlFragment(file.FileName));/*changes 12/4/2019 vulnarability Testing Changes*/
                        //string FilePath = Server.MapPath("~/Uploads/BusinessCase/" + DateTime.Now.ToFileTime().ToString() + filename);
                        string FilePath = Sanitizer.GetSafeHtmlFragment(Server.MapPath("~/Uploads/BusinessCase/" + Sanitizer.GetSafeHtmlFragment(filename)));
                        string RelativePath = FilePath.Replace(Sanitizer.GetSafeHtmlFragment(Request.ServerVariables["APPL_PHYSICAL_PATH"]), String.Empty);

                        bool isAllowedToSave = false;
                        int selectedOrgHierarchyLevel = Convert.ToInt32(Sanitizer.GetSafeHtmlFragment(Convert.ToString(businessCaseViewModel.SelectedOrgHierarchyLevelInNewUpload)));
                        DTO.Attachment attachment = new DTO.Attachment();

                        attachment.BusinessCaseId = Convert.ToInt32(Sanitizer.GetSafeHtmlFragment(id));
                            attachment.FileName = Sanitizer.GetSafeHtmlFragment(filename);
                            attachment.FilePath = Sanitizer.GetSafeHtmlFragment(RelativePath);
                            attachment.FileType = Sanitizer.GetSafeHtmlFragment(contentType);
                            attachment.OrgHierarchyAccessLevel = selectedOrgHierarchyLevel;
                            attachment.UserId = loggedInUserID;


                        string result = Sanitizer.GetSafeHtmlFragment( objBusinessCaseRepo.SaveBusinessCaseAttachment(attachment));

                        if (!string.IsNullOrEmpty(result))
                        {
                            var result1 = result.Split('^');

                            if (result1 != null && result1.Length > 0)
                            {
                                if (Convert.ToString(result1[0]).ToLower() == "success")
                                {
                                    isAllowedToSave = true;
                                    ViewBag.ErrorMessage = Microsoft.Security.Application.Encoder.JavaScriptEncode(MessageEnum.MsgSuccess.ToString(), false);
                                }
                                else
                                {
                                    MessageEnum message = MessageEnum.None;
                                    var result2 = Sanitizer.GetSafeHtmlFragment( result1[1].ToString());
                                    Enum.TryParse<MessageEnum>(Convert.ToString(result2), out message);

                                    ViewBag.ErrorMessage = Microsoft.Security.Application.Encoder.JavaScriptEncode(message.ToString(), false);

                                    isAllowedToSave = false;
                                }
                            }
                        }

                        if (isAllowedToSave)
                            file.SaveAs(FilePath);

                    }
                    catch (Exception)
                    {
                        ViewBag.ErrorMessage = Microsoft.Security.Application.Encoder.JavaScriptEncode(MessageEnum.MsgFailed.ToString(),false);
                    }
                }
            }


            return RedirectToAction("tabs", "BusinessCase", new { bid = id, msg =ViewBag.ErrorMessage });
        }

Это мое действие, и после теста безопасности с использованием Veracode он говорит об Xss-уязвимости в этом действии.Я не мог понять, где это. Любая помощь будет оценена. Я попробовал Antixss getsafeHtmlFragment, чтобы получить безопасные данные почти по всем входным значениям. Все еще проблема не решается.

...