CWE-99: Improper Control of Resource Identifiers ('Resource Injection'):

Forum|Forum|1 year ago
March 26, 2024
1 reply
1706 views

From My servlet getting ResourceResolver object and passing as a parameter to service class method, Getting veracode issue at my service class method stating at CWE-99 Resource Injection Issue with syntax resourceResolver.getResource(oldDocsPath); Please find the below screen shots from servlet to service class. Tried with @Scriptvariable , @SlingObject, @3214626 but veera code scan not clearing the issue. Can anyone please provide solution for the below.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

M

Mahesh_Gunaje

Level 7

Hi @ashokthota

Whether migrateDocuments method of ContentMigrationService class is called properly from your servlet ?
I hope you have used @Reference annotation in your servlet class.

In the method: migrateDocuments have you checked resourceResolver object is null or not?

A

AshokThotaAuthor

Level 2

In the method: migrateDocuments have you checked resourceResolver object is null or not?

--> validated with null check also but same issue

A

AshokThotaAuthor

Level 2

Hi @ashokthota

For testing purpose, can you try in sling servlet as well in service class.

resource=resourceResolver.getResource(resourcePath+"/jcr:content");
					if(resource !=null) {
						ValueMap properties = resource.getValueMap();
						String pageTitle = properties.get("testval", String.class);
					}

make sure that resourcePath should be a valid path, which is present in your jcr node.

Tried but still issue persists

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded