'How to resolve "Deserialization of Untrusted Data" error reported by Checkmarx
We have integrated Checkmarx static code analyzer tool in Azure DevOps Pipeline. While running our pipeline, we are getting "Deserialization of Untrusted Data" error with high risk in below lines of code. Could you please help me to resolve the issue?
C# Code:
using System.Text.Json;
string reqBodyParams = await new StreamReader(request.Body).ReadToEndAsync();
var requestData = JsonSerializer.Deserialize<CalcRequestBody>(reqBodyParams);
CalcRequestBody Class:
public class CalcRequestBody
{
public string CalcFormula { get; set; }
public string UserName { get; set; }
}
Solution 1:[1]
I have finally found the solution for "Deserialization of Untrusted Data" error getting from Checkmarx tool.
using Newtonsoft.Json;
var requestData = JsonConvert.DeserializeObject<CalcRequestBody>(reqBodyParams, new JsonSerializerSettings
{
TypeNameHandling = TypeNameHandling.None
});
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 |