Menu
We have integrated Checkmarx static code analyzer tool in Azure DevOps Pipeline. While running our pipeline, we are getting "Deserialization of Untrusted Data" error with high risk in below lines of code. Could you please help me to resolve the issue?
C# Code:
using System.Text.Json;
string reqBodyParams = await new StreamReader(request.Body).ReadToEndAsync();
var requestData = JsonSerializer.Deserialize<CalcRequestBody>(reqBodyParams);
CalcRequestBody Class:
public class CalcRequestBody
{
public string CalcFormula { get; set; }
public string UserName { get; set; }
}
326
I have finally found the solution for "Deserialization of Untrusted Data" error getting from Checkmarx tool.
using Newtonsoft.Json;
var requestData = JsonConvert.DeserializeObject<CalcRequestBody>(reqBodyParams, new JsonSerializerSettings
{
TypeNameHandling = TypeNameHandling.None
});
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With