checkmarx 掃到了一個中風險的 Unsafe_Object_Binding
[HttpPost]
public IActionResult Banned(int id, bool banned)
{
Account account = _dataContext.Accounts.Find(id);
if (account == null)
{
return new ApiResponse(StatusCodes.Status404NotFound, "查無此帳號資料").Result();
}
account.Banned = banned;
_dataContext.Update(account);
_dataContext.SaveChanges();
return new ApiResponse().Result();
}
不給過,只好處理關鍵字
[HttpPost]
public IActionResult Banned(int id, bool banned)
{
Account account = _dataContext.Accounts.Find(id);
if (account == null)
{
return new ApiResponse(StatusCodes.Status404NotFound, "查無此帳號資料").Result();
}
account.Banned = banned;
Savetest(account);
return new ApiResponse().Result();
}
private void Savetest(var account)
{
_dataContext.Update(account);
_dataContext.SaveChanges();
}
好了,給過了
