-2

I have this code:

 public ActionResult Test(string password)
 {
     return Json(TestMethod(password));
 }

 public bool TestMethod (string password)
 {
    return true;
 }

But in "return Json(TestMethod(password));" I get a Privacy Violation vulnerability.

Is this due to the fact that I call the method TestMethod in Json()?

AndrewVA
  • 145
  • 2
  • 16
  • 1
    Where do you get this message? This isn't a compiler message. Most likely though, whatever tool you have sees that you have a `password` symbol in the constructor of `JsonResult` and assumes that there may be a problem – Panagiotis Kanavos Nov 11 '15 at 14:02
  • http://stackoverflow.com/a/28718745/2181514 – freedomn-m Nov 11 '15 at 14:15

1 Answers1

0

Actually I think this is due to the variable being called password.

Its picking up rules from

https://www.owasp.org/index.php/Privacy_Violation

You are exposing a password without encryption or hashing.

Lee Dale
  • 1,136
  • 9
  • 20
  • Why would that be a privary violation? What does that even mean? It isn't a compiler message – Panagiotis Kanavos Nov 11 '15 at 14:02
  • If I will call TestMethod with password before and than return result in Json - is it fix my problem? Like this "var res = TestMethod(password); return Json(res);" – AndrewVA Nov 11 '15 at 14:14