checkmarx

Checkmarx Java fix for Log Forging -sanitizing user input

血红的双手。 提交于 2020-05-14 07:36:31
问题 Can anyone suggest the proper sanitization/validation process required for the courseType variable in the following getCourses method. I am using that variable to write in a log file. I've tried HtmlUtils.HtmlEscape() but didn't get expected results. Thanks! @RequestMapping(value = "/retriveCourses", method = RequestMethod.GET) @ResponseBody public List<Course> getCourses(@RequestParam(value = "courseType", required = false) String courseType) { } 回答1: it seems like the Checkmarx tool is

Checkmarx scan through commandline is throwing errors

会有一股神秘感。 提交于 2020-03-05 04:59:05
问题 I am using the below command line to start the Checkmarx scan. runCxConsole Scan -v -CxServer "http://IP" -projectName "test\Project" -CxUser "domain\username" -CxPassword "password" -Locationtype "TFS" LocationPath "$/TFSRepo/test/Main" -LocationURL "http://tfs.domain.test:8080/tfs" -LocationUser "username@domain.com" -LocationPassword "pasword" -preset "Testpreset" Unfortunately, it is not working and I am getting the below error [2020-02-13 11:47:06,901 INFO ] Verbose mode is activated.

Heap Inspection Security Vulnerability

拟墨画扇 提交于 2020-01-12 14:37:18
问题 I have run my java app against the checkmarx tool for security vulnerability and it is constantly giving an issue - Heap Inspection, for my password field for which I use a character array. It doesnt give any more explanation than just pointing out the declaration of the password field. private char[] passwordLength; Could anyone help me out here, what more can I look for resolving this? 回答1: Heap Inspection is about sensitive information stored in the machine memory unencrypted, so that if

Heap Inspection Security Vulnerability

半世苍凉 提交于 2020-01-12 14:34:34
问题 I have run my java app against the checkmarx tool for security vulnerability and it is constantly giving an issue - Heap Inspection, for my password field for which I use a character array. It doesnt give any more explanation than just pointing out the declaration of the password field. private char[] passwordLength; Could anyone help me out here, what more can I look for resolving this? 回答1: Heap Inspection is about sensitive information stored in the machine memory unencrypted, so that if

Prevent Cross site scripting attack in asp.net C#

早过忘川 提交于 2020-01-06 20:59:49
问题 Below is the code for which I got checkmarx report stating that its vulnerable to stored XSS.it says the data layer gets data from the database, for the dt element. This element’s value then flows through the code without being properly filtered or encoded and is eventually displayed to the user in aspx page. <asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False" OnRowCancelingEdit="GridView1_RowCancelingEdit" OnRowEditing="GridView1_RowEditing" OnRowUpdating="GridView1

How to validate and sanitize HTTP Get with Spring Boot?

℡╲_俬逩灬. 提交于 2019-12-24 00:39:28
问题 I keep getting this annoying error from Checkmarx code scanner, Method getTotalValue at line 220 of src\java\com\example\PeopleController.java gets user input for the personName element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user. This may enable a Cross-Site-Scripting attack. Here is my code. I think I did ALL the validation necessary. What else??? @Slf4j @Configuration @RestController @Validated

Checkmarx Improper Resource Access Authorization

强颜欢笑 提交于 2019-12-11 18:00:00
问题 I am using the Checkmarx security tool to scan my code, it is saying that when I execute executeUpdate() commands to the database that is "Improper Resource Access Authorization." Various Googling with no success. int rowInserted = preparedStatement.executeUpdate(); 回答1: Add some code that performs access control checks that makes use of words like " admin ", " authoriz " or " allowed " if (user.equals("admin")){ int rowInserted = preparedStatement.executeUpdate(); } 来源: https://stackoverflow

Heap Inspection Security Vulnerability

帅比萌擦擦* 提交于 2019-12-04 04:45:30
I have run my java app against the checkmarx tool for security vulnerability and it is constantly giving an issue - Heap Inspection, for my password field for which I use a character array. It doesnt give any more explanation than just pointing out the declaration of the password field. private char[] passwordLength; Could anyone help me out here, what more can I look for resolving this? Heap Inspection is about sensitive information stored in the machine memory unencrypted, so that if an attacker performs a memory dump (for example, the Heartbleed bug), that information is compromised. Thus,
订阅 checkmarx