asp.net-mvchttpclientveracode

Veracode insertion of sensitive information into sent data (CWE 201) using HttpClient.GetAsync()


I have a MVC application. I have a generic method that does HttpClient GetAsync in which there is a low veracode flaw on this line

 HttpResponseMessage response = client.GetAsync(client.BaseAddress).Result;

Here is he Method.

 public static async Task<R?> SendSync<R>(string url)
        {
            HttpClient client = new HttpClient();
            R? value = default;

            client.BaseAddress = new Uri(url);

            client.DefaultRequestHeaders.Accept.Clear();
            client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

            HttpResponseMessage response = client.GetAsync(client.BaseAddress).Result;

            if (response.IsSuccessStatusCode)
                value = await response.Content.ReadAsJsonAsync<R>();
            return value;
        }

How can I solve it?

thanks


Solution

  • I solve this

    Once I have set this line

    client.BaseAddress = new Uri(url);
    

    the line

    HttpResponseMessage response = await client.GetAsync(client.BaseAddress);
    

    can we replaced with this

     HttpResponseMessage response = await client.GetAsync("");