CheckMarx report throws The application stores sensitive personal data Write on the client, in an insecure manner
Code
var httpWebRequest = (HttpWebRequest)WebRequest.Create(requestUrl);
httpWebRequest.Headers.Clear();
httpWebRequest.ContentType = "application/json"; // set the conetnt type as application/json
httpWebRequest.Method = "POST"; // make the post request
//create the auth tocken on base of user id
// and add the auth tocken to the http web request.
httpWebRequest.Headers.Add("Authorization", CreateToken(userid));
using (var streamWriter = new StreamWriter(httpWebRequest.GetRequestStream()))
{
// make the idm request
var request = new RequestClass{uid = userid, pwd = password, appKey = "XX1"};
//serialize the request object
char[] arayChar = JsonConvert.SerializeObject(request).ToCharArray();
SecureString json = new SecureString();
foreach (var item in arayChar)
{
json.AppendChar(item);
}
// write the serialized json over request stream
// and flush the stream.
var result = SecureStringToString(json);
streamWriter.Write(result);
streamWriter.Flush();
streamWriter.Close();
}
I am getting this error on streamWriter.Write(result);.
Error message is: The application stores sensitive personal data Write on the client, in an insecure manner.
It's a false positive. The StreamWriter class can be used to write files, but in this case it writes into the in-memory stream of an HTTP request body. So this code does not store data on the client.
Tell the inspector to ignore this line, or change the code to not use a StreamWriter. You might want to use HttpClient anyway, with more convenient methods to create HTTP requests.