How to fix Request.QueryString open redirect issue in asp.net RRS feed

  • Question

  • User42464830 posted
    I am trying to fix the open redirect issue from fortify for the below lines of code:
        public string Reference
                string reference = null;
                if (Request.QueryString["reference"] != null)
                    reference = Request.QueryString["reference"].ToString();
                return reference;

    Tried to set some validation while using it like:

       if (Int32.TryParse(this.StatusCode.ToString(), out int val) && !string.IsNullOrEmpty(this.Reference))
                            this.Reference, val, this.Recurring ? 1 : 0),

    But it is still not resolved. Please let me know if anyone knows the fix for this.

    Here is what fortify says: In this case, the URL the client will be redirected to is accepted at get_QueryString() in fsomepage.aspx.cs at line 356.

    Tuesday, April 20, 2021 11:52 AM

All replies