Dec 17, 2019 02:30 AM|amendoza29|LINK
Good Day Everyone
I have a method/function that is sending an email message to the user, but the problem is it's a low finding in Veracode Greenlight or in Veracode source code review, it's been a month since when i start looking for a solution on this, I've found out that
if you have a HTML body and you are replacing it a data, it becomes a risk, but if its a plain html body without replacing any of the text, it's fine, does anyone has a solution on this? see my code below
Dim objMailMsg As MailMessage = New MailMessage("email@example.com", "firstname.lastname@example.org")
Dim readFile As String = ""
Dim tempFile As String = HttpContext.Current.Server.MapPath("~/HTML/EmailNotif1.html")
Using strREader As StreamReader = New StreamReader(HostingEnvironment.MapPath("~/HTML/EmailNotif1.html"))
readFile = strREader.ReadToEnd
Dim myString As String = ""
myString = readFile
myString = myString.Replace("TransacID", GetTransactionID)
myString = myString.Replace("EmailMessage", GetMessage)
myString = myString.Replace("CreatedBy", GetName)
myString = myString.Replace("DateCreated", Date.Now)
Using objSMPTClient As SmtpClient = New SmtpClient
objMailMsg.BodyEncoding = Encoding.UTF8
objMailMsg.Subject = "Transaction Notification"
objMailMsg.Body = myString.ToString
objMailMsg.Priority = MailPriority.High
objMailMsg.IsBodyHtml = True
objSMPTClient.EnableSsl = False