Discover Refinitiv
MyRefinitiv Refinitiv Perspectives Careers
Created with Sketch.
All APIs Questions & Answers  Register |  Login
Ask a question
  • Questions
  • Tags
  • Badges
  • Unanswered
Search:
  • Home /
  • Block Chain /
avatar image
Question by nidhinmp · Jun 29, 2017 at 06:51 AM · javablockchainesapi

Trust Boundary Violation - while triggering veracode

Enumeration params = req.getParameterNames();
                String sPrefix = "prefix_";
                while (params.hasMoreElements())
                {
                    String paramName = (String) params.nextElement();
                    if (paramName.startsWith(sPrefix))
                    {
                        String value = (Tool.getValue(req.getParameter(paramName)));
                        try {
                        session.setAttribute(ESAPI.validator().getValidInput("SafeCheckString",paramName,"SafeCheckString",1024,true), ESAPI.validator().getValidInput("SafeCheckString",value,"SafeCheckString",1024,true));//flaw
                        }
                        catch (ValidationException e) 
                        {
                            ServiceHandler.writeException("Validation Exception occured while validating Input",e);
                        } catch (IntrusionException e) 
                        {
                            ServiceHandler.writeException("Intrusion Exception  occured while validating Input",e);
                        }
                    }
                }



I'm getting trust boundary violation in the code (session.setAttribute(....) while triggering veracode.
How can i solve this.
Currently we have few trust boundary violation (CWE ID 501) flaws in our application. The recommended solution to fix this was to validate the input against a regex. Thus, we used ESAPI.validator.getValidInput() API. but the flaws are still not getting mitigated.

People who like this

0 Show 0
Comment
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

3 Replies

  • Sort: 
avatar image
REFINITIV
Answer by mark.raynes · Aug 08, 2017 at 07:07 AM

Hello @nidhinmp,

Is this question still open for you? Can you provide some more context on what you are trying to do please?

Regards,

Mark

Comment
Deniz.Dalkilic
nidhinmp

People who like this

2 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
Answer by nidhinmp · Aug 08, 2017 at 12:08 PM

@mark.raynes

it was mitigated..

--thank you

Comment

People who like this

0 Show 1 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
riteshroymoulick007 · Apr 10, 2020 at 07:36 AM 0
Share

@nidhinmp how was it mitigated? can you please reply. I am facing the same issue. -- thanks in advance.

avatar image
Answer by riteshroymoulick007 · Apr 10, 2020 at 07:39 AM

Please share some code/suggestion to remediate this veracode flaw.

Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Watch this question

Add to watch list
Add to your watch list to receive emailed updates for this question. Too many emails? Change your settings >
10 People are following this question.

Related Questions

May I get some idea regarding how i get queue size of nodes in AODV, NS2?

How can I access the BlockOne IQ for Ethereum Oracle Smart Contract?

  • Copyright
  • Cookie Policy
  • Privacy Statement
  • Terms of Use
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Spaces
  • Alpha
  • App Studio
  • Block Chain
  • Bot Platform
  • Connected Risk APIs
  • DSS
  • Data Fusion
  • Data Model Discovery
  • Datastream
  • Eikon COM
  • Eikon Data APIs
  • Electronic Trading
    • Generic FIX
    • Local Bank Node API
    • Trading API
  • Elektron
    • EMA
    • ETA
    • WebSocket API
  • Intelligent Tagging
  • Legal One
  • Messenger Bot
  • Messenger Side by Side
  • ONESOURCE
    • Indirect Tax
  • Open Calais
  • Open PermID
    • Entity Search
  • Org ID
  • PAM
    • PAM - Logging
  • ProView
  • ProView Internal
  • Product Insight
  • Project Tracking
  • RDMS
  • Refinitiv Data Platform
    • Refinitiv Data Platform Libraries
  • Rose's Space
  • Screening
    • Qual-ID API
    • Screening Deployed
    • Screening Online
    • World-Check One
    • World-Check One Zero Footprint
  • Side by Side Integration API
  • TR Knowledge Graph
  • TREP APIs
    • CAT
    • DACS Station
    • Open DACS
    • RFA
    • UPA
  • TREP Infrastructure
  • TRKD
  • TRTH
  • Thomson One Smart
  • Transactions
    • REDI API
  • Velocity Analytics
  • Wealth Management Web Services
  • Workspace SDK
    • Element Framework
    • Grid
  • World-Check Data File
  • 中文论坛
  • Explore
  • Tags
  • Questions
  • Badges