Trust Boundary Violation - while triggering veracode

Question

Question by nidhinmp · Jun 29, 2017 at 06:51 AM · java veracode esapi

Trust Boundary Violation - while triggering veracode

Enumeration params = req.getParameterNames();
                String sPrefix = "prefix_";
                while (params.hasMoreElements())
                {
                    String paramName = (String) params.nextElement();
                    if (paramName.startsWith(sPrefix))
                    {
                        String value = (Tool.getValue(req.getParameter(paramName)));
                        try {
                        session.setAttribute(ESAPI.validator().getValidInput("SafeCheckString",paramName,"SafeCheckString",1024,true), ESAPI.validator().getValidInput("SafeCheckString",value,"SafeCheckString",1024,true));//flaw
                        }
                        catch (ValidationException e) 
                        {
                            ServiceHandler.writeException("Validation Exception occured while validating Input",e);
                        } catch (IntrusionException e) 
                        {
                            ServiceHandler.writeException("Intrusion Exception  occured while validating Input",e);
                        }
                    }
                }



I'm getting trust boundary violation in the code (session.setAttribute(....) while triggering veracode.
How can i solve this.
Currently we have few trust boundary violation (CWE ID 501) flaws in our application. The recommended solution to fix this was to validate the input against a regex. Thus, we used ESAPI.validator.getValidInput() API. but the flaws are still not getting mitigated.

0

10 |1500 characters needed characters left characters exceeded

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Answer 1 · 2017-08-08T07:07:36Z

REFINITIV

Answer by mark.raynes · Aug 08, 2017 at 07:07 AM

Hello @nidhinmp,

Is this question still open for you? Can you provide some more context on what you are trying to do please?

Regards,

Mark

2 · Share

10 |1500 characters needed characters left characters exceeded

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Answer 2 · 2017-08-08T12:08:38Z

Answer by nidhinmp · Aug 08, 2017 at 12:08 PM

@mark.raynes

it was mitigated..

--thank you

0 Show 1 · Share

10 |1500 characters needed characters left characters exceeded

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

riteshroymoulick007 · Apr 10 at 07:36 AM 0

Share

@nidhinmp how was it mitigated? can you please reply. I am facing the same issue. -- thanks in advance.

Answer 3 · 2020-04-10T07:39:51Z

Answer by riteshroymoulick007 · Apr 10 at 07:39 AM

Please share some code/suggestion to remediate this veracode flaw.

0 · Share

10 |1500 characters needed characters left characters exceeded

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Trust Boundary Violation - while triggering veracode

3 Replies

Watch this question