I am Sitecore developer and in our website we have a form carrying Re-Captcha. When we are validating our solution in Veracode, at GetResponse the CWE 918 flaw is raised. Adding the code below.
public bool IsReCaptchValid()
{
var result = false;
var captchaResponse = Request.Form["g-recaptcha-response"];
var secretKey = ConfigurationManager.AppSettings["SecretKey"];
var apiUrl = "https://www.google.com/recaptcha/api/siteverify?secret={0}&response={1}";
var requestUri = string.Format(apiUrl, secretKey, captchaResponse);
var request = (HttpWebRequest)WebRequest.Create(requestUri);
using(WebResponse response = request.GetResponse())
{
using (StreamReader stream = new StreamReader(response.GetResponseStream()))
{
JObject jResponse = JObject.Parse(stream.ReadToEnd());
var isSuccess = jResponse.Value<bool>("success");
result = (isSuccess) ? true : false;
}
}
return result;
}
The flaw is thrown in the first line of the code, "request.GetResponse()". How to validate the Response? Thanks in advance.