How to fix Veracode error:Information Exposure Through Sent Data

Question

Veracode fails the following line of code:

string server = Decryptor.Decrypt(ConfigurationManager.AppSettings["ConnectionPoint"]);

System.Net.HttpWebRequest objRequest = (System.Net.HttpWebRequest)System.Net.WebRequest.Create(server);

Does anyone have any ideas on how to fix that?

score 1 · Answer 1 · edited Oct 05 '16 at 15:24

1

Try to encode the string server as:

string server  = Decryptor.Decrypt(ConfigurationManager.AppSettings["ConnectionPoint"]).HTMLEncode();

edited Oct 05 '16 at 15:24

Anthony Queen

2,348
3
18
21

answered Oct 03 '16 at 11:42

hasitha lakshmi

21
4

score 0 · Answer 2 · answered Apr 13 '20 at 06:02

0

Veracode considers information stored in the config file as sensitive information. So try to store "ConnectionPoint" anywhere other than config file

answered Apr 13 '20 at 06:02

user13298957

1

How to fix Veracode error:Information Exposure Through Sent Data

2 Answers2