checkmarx

Github Integration with Checkmarx

六眼飞鱼酱① 提交于 2021-02-08 03:43:14
问题 I am working on Github integration with Checkmarx, which is used for code safety scan. This method works just fine for the repository hosted on github.com ( External repository ), but does not work on internal repository hosted inside our company (github.XXX.com), in fact the connection always failed (cannot pass the repository authorization on Checkmarx). I have checked both repository (internal and external) settings, they look the same to me. What is the difference between these two

Checkmarx - How to validate and sanitize HttpServletRequest .getInputStream to pass checkmarx scan

萝らか妹 提交于 2021-01-19 06:19:51
问题 Following are checkmarx issue details Unrestricted File Upload Source Object : req (Line No - 39) target Object : getInputStream (Line No -41) public class JWTLoginFilter extends AbstractAuthenticationProcessingFilter { //... 38 public Authentication attemptAuthentication(HttpServletRequest req, HttpServletResponse res) 39 throws AuthenticationException, IOException, ServletException 40 { 41 Entitlements creds = new ObjectMapper().readValue(req.getInputStream(), Entitlements.class); return

Checkmarx - How to validate and sanitize HttpServletRequest .getInputStream to pass checkmarx scan

白昼怎懂夜的黑 提交于 2021-01-19 06:16:58
问题 Following are checkmarx issue details Unrestricted File Upload Source Object : req (Line No - 39) target Object : getInputStream (Line No -41) public class JWTLoginFilter extends AbstractAuthenticationProcessingFilter { //... 38 public Authentication attemptAuthentication(HttpServletRequest req, HttpServletResponse res) 39 throws AuthenticationException, IOException, ServletException 40 { 41 Entitlements creds = new ObjectMapper().readValue(req.getInputStream(), Entitlements.class); return

Checkmarx - How to validate and sanitize HttpServletRequest .getInputStream to pass checkmarx scan

那年仲夏 提交于 2021-01-19 06:15:17
问题 Following are checkmarx issue details Unrestricted File Upload Source Object : req (Line No - 39) target Object : getInputStream (Line No -41) public class JWTLoginFilter extends AbstractAuthenticationProcessingFilter { //... 38 public Authentication attemptAuthentication(HttpServletRequest req, HttpServletResponse res) 39 throws AuthenticationException, IOException, ServletException 40 { 41 Entitlements creds = new ObjectMapper().readValue(req.getInputStream(), Entitlements.class); return

How to fix checkmarx Trust Boundary Violation

孤街醉人 提交于 2020-07-10 10:27:59
问题 I persist a value from user input request. Checkmarx complains there is Trust Boundary Violation . gets user input from element request. This element’s value flows through the code without being properly sanitized or validated and is eventually stored in the server-side Session object I also found this post online. The accepted answer is to validate it. OK, validate and sanitize private String getValidSearchPath(String searchPath) { if (!searchPath.matches("^[0-9a-zA-Z]+$")) { //using regex

How to sanitize and validate user input to pass a Checkmarx scan

自古美人都是妖i 提交于 2020-06-11 20:12:12
问题 I have an endpoint that receives a String from the client as seen below: @GET @Path("/{x}") public Response doSomething(@PathParam("x") String x) { String y = myService.process(x); return Response.status(OK).entity(y).build(); } Checkmarx complains that this element’s value then "flows through the code without being properly sanitized or validated and is eventually displayed to the user in method doSomething" Then I tried this: @GET @Path("/{x}") public Response doSomething(@PathParam("x")

How to sanitize and validate user input to pass a Checkmarx scan

与世无争的帅哥 提交于 2020-06-11 20:12:08
问题 I have an endpoint that receives a String from the client as seen below: @GET @Path("/{x}") public Response doSomething(@PathParam("x") String x) { String y = myService.process(x); return Response.status(OK).entity(y).build(); } Checkmarx complains that this element’s value then "flows through the code without being properly sanitized or validated and is eventually displayed to the user in method doSomething" Then I tried this: @GET @Path("/{x}") public Response doSomething(@PathParam("x")