Page_load method may leak server-side conditional values, enabling user tracking from another website

Question

I am getting Cross Site History Manipulation issue on a Checkmarx scan of my solution.

The issue I am getting is: Method Page_Load at line 40 of xyz\abc.aspx.cs may leak server-side conditional values, enabling user tracking from another website. This may constitute a Privacy Violation. THIS IS THE CODE AND I AM GETTING THE ERROR ON LINE (*)

protected void Page_Load(object sender, EventArgs e)
    {
        try
        {
            lblErrorMsg.Text = "";
            lblErrorMsg.Visible = false;

            if (!IsPostBack)
            {
                //Code to get the content page name.
                string[] strPageInfo = HttpContext.Current.Request.ServerVariables.GetValues("PATH_INFO");
                string strPage = strPageInfo[0].Substring(strPageInfo[0].LastIndexOf('/') + 1, ((strPageInfo[0].Length - strPageInfo[0].LastIndexOf("/")) - 1)).ToLower();

                msg.MessageText = "Verifying access";
                oLogger.LogInfo(msg, "Verifying access");

                //firstly, check whether the logged-in user is authorized to view the page
                ManageAuthorization.CheckAccess(strPage, out BoolAccess);

                if (BoolAccess)
                {
                    msg.MessageText = "Authorized to perform operations";
                    oLogger.LogInfo(msg, "Authorized to perform operations");
                }
                else
                {
                    ////display unauthorized screen
                    msg.MessageText = "Unauthorized to perform operations";
                    oLogger.LogWarning(msg, "Unauthorized to perform operations");
                    RNGCryptoServiceProvider provider = new RNGCryptoServiceProvider();
                    var byteArray = new byte[4];
                    var randomInteger = BitConverter.ToUInt32(byteArray, 0);
                    Response.Redirect(String.Format("../Default/Unauthorized.aspx?r={0}",randomInteger),true);
                }
            }
        }
        catch (Exception ex)
        {
            msg.MessageText = "Error while loading the page, Exception is:" + ex.Message;
            oLogger.LogMessage(LogCategory.Error, msg);
        }
    }

I am not getting any proper answer how can I fix this, please can anybody help. Thanks in advance :)

score 2 · Accepted Answer · answered Sep 24 '20 at 16:01

2

Checkmarx is marking this as a vulnerability because a threat agent could potentially compromise the browser's SOP and may leak user information through activity inference.

To remediate this, you need to add a random value in your Redirects:

msg.MessageText = "Unauthorized to perform operations";
oLogger.LogWarning(msg, "Unauthorized to perform operations");

RNGCryptoServiceProvider provider = new RNGCryptoServiceProvider();
var byteArray = new byte[4];
provider.GetBytes(byteArray);
var randomInteger = BitConverter.ToUInt32(byteArray, 0);

Response.Redirect(String.Format("../Default/Unauthorized.aspx?r={0}", randomInteger), true);

answered Sep 24 '20 at 16:01

securecodeninja

2,497
3
16
22

I will try this solution and check if my issue is resolved, but one question does the random token get appended to the url? Because in that case the url might change and it won't redirect properly. For eg. If i want user to redirect to google.com and by adding a random value if it redirects to google.com1 then it won't be a correct url. Maybe the question is very silly but i don't have idea about this. Thanks :) – Priyanka Sep 25 '20 at 17:14
we're not changing the url, we're just adding a querystring parameter that your app doesn't care about. give it a parameter name different from what I provided If your code does process the query string parameter "r". – securecodeninja Sep 26 '20 at 02:19
My code processed the query string parameter but unfortunately it is still giving the error, **method Page_load may leak server-side conditional values, enabling user tracking from another website. This may constitute a Privacy Violation** – Priyanka Sep 26 '20 at 03:56
I have edited my question and added the page_load method , this error I am getting is also under cross site history manipulation according to checkmarx. I added the solution you provide yesterday as well. – Priyanka Sep 26 '20 at 04:12
I am dealing with Checkmarx for the first time and the dashboard shows its a cross site history manipulation therefore I mentioned , it may be different but is there a way to tackle the issue I am getting now. If you have any idea please help me out. :) – Priyanka Sep 26 '20 at 05:09
i take back my previous comments. the description you shared are indeed under the cross-site history manipulation so this is still under that vuln. it seems Checkmarx is not able to see the fix for some reason and I'm trying to figure that out. That fix usually works like a charm – securecodeninja Sep 26 '20 at 05:17
you are missing a line of code from my answer. You missed adding this provider.GetBytes(byteArray); – securecodeninja Sep 26 '20 at 18:19
Ok i will add it and try again – Priyanka Sep 27 '20 at 15:45
After adding the line it worked, the vulnerability is removed, thank you so much for the help!! :) – Priyanka Sep 28 '20 at 03:47

Page_load method may leak server-side conditional values, enabling user tracking from another website

1 Answers1