Unsafe Dictionary access introduced in pr #72? #73
Comments
|
Hi Yerald,
Thank you for bringing this to our attention. I have thoroughly tested the changes on my end, and everything appears to be functioning correctly without setting 'encryptOltpPayload' property in property file.
Are you able to recreate the problem ? If yes please share details with us.
Looking forward to your response.
Thanks & Regards,
Sushama Ghadage
…________________________________
From: yerald-mora ***@***.***>
Sent: Saturday, October 19, 2024 5:07 AM
To: Vantiv/cnp-sdk-for-dotnet ***@***.***>
Cc: Subscribed ***@***.***>
Subject: [Vantiv/cnp-sdk-for-dotnet] Unsafe Dictionary access introduced in pr #72? (Issue #73)
Cnp.Sdk.CnpOnline has the method private cnpOnlineResponse SendToCnp(cnpOnlineRequest request), this class receives a dictionary in the constructor that contains configurations, the changes merged in PR #72<#72> adds a direct access to a new configuration in that method:
if (_config["encryptOltpPayload"] == "true")
{
String payloadTobeEncrypted = ReplaceXMLTxnWithEncryptedPayload(xmlRequest);
xmlResponse = _communication.HttpPost(payloadTobeEncrypted);
}
So, if the configuration is not set by the caller a KeyNotFoundException is generated, so an unsafe access is being performed in the dictionary what will led to client's systems to get break when this method gets called.
—
Reply to this email directly, view it on GitHub<#73>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AALKCBZLT6VGI3NGJLINI2TZ4GLU3AVCNFSM6AAAAABQG3ZRDSVHI2DSMVQWIX3LMV43ASLTON2WKOZSGU4TQNJVHA4TGNA>.
You are receiving this because you are subscribed to this thread.
|
|
I am seeing the same issue (using v40.0.1). The app crashes if these config settings are not present:
|
|
Hi PhilRCB,
We fixed below issue for unsafe Dictionary access and released new version 12.40.2.
Please check it and let us know anything else needs to be done.
Thanks & Regards,
Sushama Ghadage.
From: PhilRCB ***@***.***>
Sent: 16 November 2024 04:15
To: Vantiv/cnp-sdk-for-dotnet ***@***.***>
Cc: WP_DL sdksupport (WP) (WP) ***@***.***>; Comment ***@***.***>
Subject: Re: [Vantiv/cnp-sdk-for-dotnet] Unsafe Dictionary access introduced in pr #72? (Issue #73)
I am seeing the same issue (using v40.0.1). The app crashes if these config settings are not present:
* a new config setting "encryptOltpPayload" referenced in SendToCnp method
* and also a new config setting "oltpEncryptionKeySequence" referenced in ReplaceXMLTxnWithEncryptedPayload method.
Is there any documentation on these new settings? I have not been able to find any yet?
(We set the content of _config programmatically rather than using a config file so I assume we have to modify our code to add these new values -- but I need to know what they should contain.)
Thanks!
-
Reply to this email directly, view it on GitHub<#73 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AALKCB65H7QGIL3NJNWVXRT2AZ2PJAVCNFSM6AAAAABQG3ZRDSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIOBQGA3TANJZG4>.
You are receiving this because you commented.Message ID: ***@***.***>
The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Cnp.Sdk.CnpOnline has the method
private cnpOnlineResponse SendToCnp(cnpOnlineRequest request), this class receives a dictionary in the constructor that contains configurations, the changes merged in PR #72 adds a direct access to a new configuration in that method:So, if the configuration is not set by the caller a KeyNotFoundException is generated, so an unsafe access is being performed in the dictionary what will led to client's systems to get break when this method gets called.
The text was updated successfully, but these errors were encountered: