Open yerald-mora opened 5 days ago
Hi Yerald,
Thank you for bringing this to our attention. I have thoroughly tested the changes on my end, and everything appears to be functioning correctly without setting 'encryptOltpPayload' property in property file. Are you able to recreate the problem ? If yes please share details with us.
Looking forward to your response.
Thanks & Regards, Sushama Ghadage
From: yerald-mora @.> Sent: Saturday, October 19, 2024 5:07 AM To: Vantiv/cnp-sdk-for-dotnet @.> Cc: Subscribed @.***> Subject: [Vantiv/cnp-sdk-for-dotnet] Unsafe Dictionary access introduced in pr #72? (Issue #73)
Cnp.Sdk.CnpOnline has the method private cnpOnlineResponse SendToCnp(cnpOnlineRequest request), this class receives a dictionary in the constructor that contains configurations, the changes merged in PR #72https://github.com/Vantiv/cnp-sdk-for-dotnet/pull/72 adds a direct access to a new configuration in that method:
if (_config["encryptOltpPayload"] == "true")
{
String payloadTobeEncrypted = ReplaceXMLTxnWithEncryptedPayload(xmlRequest);
xmlResponse = _communication.HttpPost(payloadTobeEncrypted);
}
So, if the configuration is not set by the caller a KeyNotFoundException is generated, so an unsafe access is being performed in the dictionary what will led to client's systems to get break when this method gets called.
— Reply to this email directly, view it on GitHubhttps://github.com/Vantiv/cnp-sdk-for-dotnet/issues/73, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AALKCBZLT6VGI3NGJLINI2TZ4GLU3AVCNFSM6AAAAABQG3ZRDSVHI2DSMVQWIX3LMV43ASLTON2WKOZSGU4TQNJVHA4TGNA. You are receiving this because you are subscribed to this thread.
Cnp.Sdk.CnpOnline has the method
private cnpOnlineResponse SendToCnp(cnpOnlineRequest request)
, this class receives a dictionary in the constructor that contains configurations, the changes merged in PR #72 adds a direct access to a new configuration in that method:So, if the configuration is not set by the caller a KeyNotFoundException is generated, so an unsafe access is being performed in the dictionary what will led to client's systems to get break when this method gets called.