Fortify Cross-site scripting: Persistent issue in Response.Binarywrite

Question

In an existing Asp.Net application, we are using Response.BinaryWrite to render image on an aspx page. This is the required functionality, and below is the C# code-

1. byte[] img = getImage();
2. Response.BinaryWrite(img);

The getImage function reads the image from a folder on server and returns byte array. Fortify scan shows cross-site vulnerability on 2nd line.

I did following validations, but fortify still reports it as cross-site issue -

Validated bytearray to check if the file is of correct format (jpeg or bmp), used this link - Determine file type of an image

Response.BinaryWrite(ValidateFileType(img));
Validated the domain in the file path to check if the file is originating from correct domain.

Is there any specific way to pass the fortify cross-site issue with byte array or can i consider it as false positive?

If you do what you said, consider it as a False Positive. You follow the best practices — SPoint, Apr 02 '19 at 14:16

score 2 · Accepted Answer · answered Apr 09 '19 at 12:50

Had to use a workaround to resolve this, below is the old and new code -

Old Code -

1. byte[] byteImage = getImage();
2. Response.BinaryWrite(byteImage);

New Code (Replaced 2nd line in old code with below block) -

byte[] byteImage = getImage();
var msIn = new MemoryStream(byteImage);
System.Drawing.Image img = System.Drawing.Image.FromStream(msIn);

var msOut = new MemoryStream();
img.Save(msOut, img.RawFormat);
Response.BinaryWrite(msOut.ToArray());

msIn.Dispose();
msOut.Dispose();
Response.Flush();

So, basically converting the byteArray to an Image object, and then writing the image object back to the Response.BinaryWrite stream resolved this, and it passed through Fortify scan. If anyone is looking for a solution, this might help.

Fortify Cross-site scripting: Persistent issue in Response.Binarywrite

1 Answers1