How to fix Information Exposure Through Sent Data flaw in Java Web application

I am getting a Veracode Information Exposure via Sent Data flaw. My code is:

String companyName = System.getProperty(EPMIConstants.COMPANY_NAME);

This System.getProperty(EPMIConstants.COMPANY_NAME) gets its value from a JVM argument hardcoded in the server itself.

The variable companyName causes this flaw.

Can someone please tell me how to avoid this flaw?

I would recommend you to create a rule exception in Veracode so the false positive is not highlighted anymore.

Fabio

Have a look at this:

http://cwe.mitre.org/data/definitions/201.html

It looks like this might be a false positive.

Fabio @fcerullo

来源：https://stackoverflow.com/questions/14999751/how-to-fix-information-exposure-through-sent-data-flaw-in-java-web-application

标签

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!