checkmarx cannot see the code in static method
来源: https://stackoverflow.com/questions/62527043/checkmarx-cannot-see-the-code-in-static-method
log-forging
checkmarx cannot see the code in static method
来源: https://stackoverflow.com/questions/62527043/checkmarx-cannot-see-the-code-in-static-method
checkmarx cannot see the code in static method
来源: https://stackoverflow.com/questions/62527043/checkmarx-cannot-see-the-code-in-static-method
log forging fortify fix
问题 I am using Fortify SCA to find the security issues in my application (as a university homework). I have encountered some 'Log Forging' issues which I am not able to get rid off. Basically, I log some values that come as user input from a web interface: logger.warn("current id not valid - " + bean.getRecordId())); and Fortify reports this as a log forging issue, because the getRecordId() returns an user input. I have followed this article, and I am replacing the 'new line' with space, but the
Can't resolve Log Forging Fortify issue
问题 I am having trouble fixing a Log Forging issue in Fortify. The issue, "writes unvalidated user input to the log", is being raised from both of the logging calls in the getLongFromTimestamp() method. public long getLongFromTimestamp(final String value) { LOGGER.info("getLongFromTimestamp(" + cleanLogString(value) + ")"); long longVal = 0; Date tempDate = null; try { tempDate = new SimpleDateFormat(FORMAT_YYYYMMDDHHMMSS, Locale.US).parse(value); } catch (ParseException e) { LOGGER.warn("Failed