Enumeration params = req.getParameterNames();
String sPrefix = "prefix_";
while (params.hasMoreElements())
{
String paramName = (String) params.nextElement();
if (paramName.startsWith(sPrefix))
{
String value = (Tool.getValue(req.getParameter(paramName)));
try {
session.setAttribute(ESAPI.validator().getValidInput("SafeCheckString",paramName,"SafeCheckString",1024,true), ESAPI.validator().getValidInput("SafeCheckString",value,"SafeCheckString",1024,true));//flaw
}
catch (ValidationException e)
{
ServiceHandler.writeException("Validation Exception occured while validating Input",e);
} catch (IntrusionException e)
{
ServiceHandler.writeException("Intrusion Exception occured while validating Input",e);
}
}
}
I'm getting trust boundary violation in the code (session.setAttribute(....) while triggering veracode.
How can i solve this.
Currently we have few trust boundary violation (CWE ID 501) flaws in our application. The recommended solution to fix this was to validate the input against a regex. Thus, we used ESAPI.validator.getValidInput() API. but the flaws are still not getting mitigated.
1
●1 ●1 ●2
Trust Boundary Violation - while triggering veracode
Hello @nidhinmp,
Kindly confirm, which of our APIs on this portal are you using, so I can route your question to the appropriate area?
Thank,
-AHS
As the question is posted under Block Chain forum, I referred it to Rob Lundie Hill, David Upton and Mark Raynes.
31
●0 ●0 ●1
Hello @nidhinmp,
Is this question still open for you? Can you provide some more context on what you are trying to do please?
Regards,
Mark
1
●1 ●1 ●2
@mark.raynes
it was mitigated..
--thank you
@nidhinmp how was it mitigated? can you please reply. I am facing the same issue. -- thanks in advance.
