CheckMarx 报告抛出The application stores sensitive personal data Write on the client, in an insecure manner
法典
var httpWebRequest = (HttpWebRequest)WebRequest.Create(requestUrl);
httpWebRequest.Headers.Clear();
httpWebRequest.ContentType = "application/json"; // set the conetnt type as application/json
httpWebRequest.Method = "POST"; // make the post request
//create the auth tocken on base of user id
// and add the auth tocken to the http web request.
httpWebRequest.Headers.Add("Authorization", CreateToken(userid));
using (var streamWriter = new StreamWriter(httpWebRequest.GetRequestStream()))
{
// make the idm request
var request = new RequestClass{uid = userid, pwd = password, appKey = "XX1"};
//serialize the request object
char[] arayChar = JsonConvert.SerializeObject(request).ToCharArray();
SecureString json = new SecureString();
foreach (var item in arayChar)
{
json.AppendChar(item);
}
// write the serialized json over request stream
// and flush the stream.
var result = SecureStringToString(json);
streamWriter.Write(result);
streamWriter.Flush();
streamWriter.Close();
}
我在streamWriter.Write(result);上收到此错误。
错误消息为:The application stores sensitive personal data Write on the client, in an insecure manner.
这是一个误报。StreamWriter类可用于写入文件,但在这种情况下,它会写入 HTTP 请求正文的内存中流。因此,此代码不会在客户端上存储数据。
告诉检查器忽略此行,或将代码更改为不使用 StreamWriter。您可能仍然希望使用HttpClient,并使用更方便的方法来创建HTTP请求。