heap inspection issue fix by using secure string

gaubansa · gaubansa · commit 91d4b868079c · 2023-05-19T14:50:44.000+05:30
diff --git a/Client/ApiClient.cs b/Client/ApiClient.cs
@@ -24,6 +24,7 @@
 using AuthenticationSdk.util;
 using System.Security.Cryptography.X509Certificates;
 using NLog;
+using System.Security;
 
 namespace CyberSource.Client
 {
@@ -456,11 +457,16 @@ public object CallApi(
             {
                 string clientCertDirectory = Configuration.MerchantConfigDictionaryObj["clientCertDirectory"];
                 string clientCertFile = Configuration.MerchantConfigDictionaryObj["clientCertFile"];
-                string clientCertPassword = Configuration.MerchantConfigDictionaryObj["clientCertPassword"];
+                SecureString clientCertPassword = new SecureString();
+                foreach (char c in Configuration.MerchantConfigDictionaryObj["clientCertPassword"])
+                {
+                    clientCertPassword.AppendChar(c);
+                }
+                clientCertPassword.MakeReadOnly();
                 string fileName = Path.Combine(clientCertDirectory, clientCertFile);
                 // Importing Certificates
                 var certificate = new X509Certificate2(fileName, clientCertPassword);
-                clientCertPassword=string.Empty;
+                clientCertPassword.Dispose();
                 RestClient.Options.ClientCertificates = new X509CertificateCollection { certificate };
             }
 
diff --git a/generator/cybersource-csharp-template/ApiClient.mustache b/generator/cybersource-csharp-template/ApiClient.mustache
@@ -498,11 +498,16 @@ namespace {{packageName}}.Client
             {
                 string clientCertDirectory = Configuration.MerchantConfigDictionaryObj["clientCertDirectory"];
                 string clientCertFile = Configuration.MerchantConfigDictionaryObj["clientCertFile"];
-                string clientCertPassword = Configuration.MerchantConfigDictionaryObj["clientCertPassword"];
+                SecureString clientCertPassword = new SecureString();
+                foreach (char c in Configuration.MerchantConfigDictionaryObj["clientCertPassword"])
+                {
+                    clientCertPassword.AppendChar(c);
+                }
+                clientCertPassword.MakeReadOnly();
                 string fileName = Path.Combine(clientCertDirectory, clientCertFile);
                 // Importing Certificates
                 var certificate = new X509Certificate2(fileName, clientCertPassword);
-                clientCertPassword=string.Empty;
+                clientCertPassword.Dispose();
                 RestClient.Options.ClientCertificates = new X509CertificateCollection { certificate };
             }
 
