OWASP fix - deserialization_of_untrusted_data readtoend()

See more:

C#

Hi Team,

I am building API with .Net Core 3.0. While running a static scan we are getting "

Deserialization of Untrusted Data

. We are using dynamic object we are not in a possition to use protected object.
Initially, we tried with ReadAllText() still issue not resolved so changed to readtoEnd() with disposable object [using]. Still unable to fix. Please help to close this owasp fix

//deserialize JSON from file
              using (FileStream freader = new FileStream(file, FileMode.Open, FileAccess.Read))
              {
                  using (StreamReader sreader = new StreamReader(freader))
                  {
                      Json = sreader.ReadToEnd();
                  }
              }

What I have tried:

1) Tried with ReadAllText()

//string Json = System.IO.File.ReadAllText(file);
          //var cmsRes = ser.Deserialize<CMSDashboard>(Json);
          JsonSerializerSettings settings = new JsonSerializerSettings
          {
              TypeNameHandling = TypeNameHandling.All
          };
          response = JsonConvert.DeserializeObject<MemberShipKeyDetailResponse>(Json, settings);

2) Tried with ReadtoEnd()

<pre>  //deserialize JSON from file  
                using (FileStream freader = new FileStream(file, FileMode.Open, FileAccess.Read))
                {
                    using (StreamReader sreader = new StreamReader(freader))
                    {
                        Json = sreader.ReadToEnd();
                    }