问题
I have a web form application and also an Web Api application hosted in different servers. For all CRUD operations the Web Form application uses the API. To call the API from web form app I have created a generic API requesting method using WebRequest Class. Things are working fine but when we scan the code using Veracode I am getting SSRF Server Side Request Forgery issue. I googled and some folks said to add validation to the request uri, I tried all the validations but Veracode is throwing error still. Please help me on this.
WebRequest request = WebRequest.Create(baseaddress+"/"+apiurl);
request.Method = "GET";
request.ContentType = "application/json";
WebResponse response = request.GetResponse(); // Veracode shows SSRF issue here
来源:https://stackoverflow.com/questions/58391775/how-to-prevent-ssrf-in-net