This method that downloads files is being flagged as a possible path traversel security flaw, I've tried a few things, but nothing solves, my last alternative is to use reflection to hide the type and the checkmarx scan no longer identifies how being a method that handles file download
I understand that I would have to use reflection in the ReadAllBytes method and maybe change the return
I'm having trouble implementing the Index code via reflection
public ActionResult Index(string fileName)
{
string rootPath = System.Configuration.ConfigurationManager.AppSettings.Get("FinalUploadFolder");
byte[] fileBytes = System.IO.File.ReadAllBytes(string.Format(Path.Combine(rootPath, fileName.ToString())));
return File(fileBytes, System.Net.Mime.MediaTypeNames.Application.Octet, fileName.ToString());
}
Aucun commentaire:
Enregistrer un commentaire