search

docusign / docusign-esign-csharp-client

The Official Docusign C# Client Library used to interact with the eSignature REST API. Send, sign, and approve documents using this client.
https://developers.docusign.com/docs/esign-rest-api/sdks/csharp/
MIT License
129 stars 159 forks source link

ASP.NET 6.0 Downloading completed document is not working on newest package 6.0.0 #389

Closed gagyn closed 1 year ago

gagyn commented 1 year ago

I'm downloading file using method:

var stream = await envelopesApi.GetDocumentAsync("<api account ID>", envelopeId, envelopeDocumentId);

Then I'm saving the stream on my disk.

using var fileStream = new FileStream("signed_pdf.pdf", FileMode.Create, FileAccess.Write);
stream.CopyTo(fileStream);
Console.ReadKey();

But when I try to open this freshly saved file, I'm getting an error (tried to open it with Edge browser and Acrobat Reader - both we same result). The PDF file is probably broken.

The code on my side is correct I believe, because when I install the older version of DocuSign nuget package (5.12.0) everything is fine.

Here are two files, one saved using newest package, and second saved using 5.12.0 (take a look on the difference in size - both comes from the same envelope and same document): image

I tried to spot the bug in code, but didn't have time to debug it, so I just guess that it can be somewhere here in DocuSignClient class:

image

As previous version was just returning MemoryStream:

image

bbarry commented 1 year ago

That code: https://github.com/docusign/docusign-esign-csharp-client/blob/e23718c14dd7482de90bfe55e9cbd245f182868e/sdk/src/DocuSign.eSign/Client/DocuSignClient.cs#L326

is very wrong...

It is potentially writing unencrypted PII to a temp path. Whether or not it is the cause of this issue it should be reverted asap as a security vulnerability.

In the event that this library is being used in an environment where something else has access to the file system, unrelated parties could gain access to sensitive information related to an authorized individual.

edit: even worse, it leaves the files around in the temp folder even after the application exits, filling up the drive.

kenharris commented 1 year ago

Thanks for these reports. Our team will be engaged in evaluating the issues mentioned here.

gagyn commented 1 year ago

Thanks! It would be nice to have it sorted soon 🙂 Can you also please look into my PR? :)

kenharris commented 1 year ago

Hi, yes our team will also take a look at your PR; thanks for your contribution.

kenharris commented 1 year ago

Just a quick update, our team has included potential fixes for both of these issues in the next release. I don't yet have an ETA on that release at this time though.

skyflyer commented 1 year ago

Hello guys!

Any updates on the release date of the updated library?

kenharris commented 1 year ago

Hi @skyflyer - v6.1.0 was released today and should contain a fix for the issue.

skyflyer commented 1 year ago

@kenharris thanks for the update!