Hi Team,
I am building API with .Net Core 3.0. While running a static scan we are getting "
Deserialization of Untrusted Data
. We are using dynamic object we are not in a possition to use protected object.
Initially, we tried with ReadAllText() still issue not resolved so changed to readtoEnd() with disposable object [using]. Still unable to fix. Please help to close this owasp fix
using (FileStream freader = new FileStream(file, FileMode.Open, FileAccess.Read))
{
using (StreamReader sreader = new StreamReader(freader))
{
Json = sreader.ReadToEnd();
}
}
What I have tried:
1) Tried with ReadAllText()
JsonSerializerSettings settings = new JsonSerializerSettings
{
TypeNameHandling = TypeNameHandling.All
};
response = JsonConvert.DeserializeObject<MemberShipKeyDetailResponse>(Json, settings);
2) Tried with ReadtoEnd()
<pre>
using (FileStream freader = new FileStream(file, FileMode.Open, FileAccess.Read))
{
using (StreamReader sreader = new StreamReader(freader))
{
Json = sreader.ReadToEnd();
}