question

Upvotes
1 1 1 2

Trust Boundary Violation - while triggering veracode

Enumeration params = req.getParameterNames();
                String sPrefix = "prefix_";
                while (params.hasMoreElements())
                {
                    String paramName = (String) params.nextElement();
                    if (paramName.startsWith(sPrefix))
                    {
                        String value = (Tool.getValue(req.getParameter(paramName)));
                        try {
                        session.setAttribute(ESAPI.validator().getValidInput("SafeCheckString",paramName,"SafeCheckString",1024,true), ESAPI.validator().getValidInput("SafeCheckString",value,"SafeCheckString",1024,true));//flaw
                        }
                        catch (ValidationException e) 
                        {
                            ServiceHandler.writeException("Validation Exception occured while validating Input",e);
                        } catch (IntrusionException e) 
                        {
                            ServiceHandler.writeException("Intrusion Exception  occured while validating Input",e);
                        }
                    }
                }



I'm getting trust boundary violation in the code (session.setAttribute(....) while triggering veracode.
How can i solve this.
Currently we have few trust boundary violation (CWE ID 501) flaws in our application. The recommended solution to fix this was to validate the input against a regex. Thus, we used ESAPI.validator.getValidInput() API. but the flaws are still not getting mitigated.
javablockchainesapi
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
31 0 0 1

Hello @nidhinmp,

Is this question still open for you? Can you provide some more context on what you are trying to do please?

Regards,

Mark

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
1 1 1 2

@mark.raynes

it was mitigated..

--thank you

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

@nidhinmp how was it mitigated? can you please reply. I am facing the same issue. -- thanks in advance.

Upvotes
1 0 0 0

Please share some code/suggestion to remediate this veracode flaw.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.