CWE-99: Improper Control of Resource Identifiers ('Resource Injection'): | Community
Skip to main content
A
AshokThota
Level 2
March 26, 2024
Question

CWE-99: Improper Control of Resource Identifiers ('Resource Injection'):

  • March 26, 2024
  • 1 reply
  • 1706 views

From My servlet getting ResourceResolver object and passing as a parameter to service class method, Getting veracode issue at my service class method stating at CWE-99 Resource Injection Issue with syntax resourceResolver.getResource(oldDocsPath); Please find the below screen shots from servlet to  service class. Tried with @Scriptvariable , @SlingObject, @3214626 but veera code scan not clearing the issue. Can anyone please provide solution for the below.

 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

1 reply

M
Mahesh_Gunaje
Level 7
March 26, 2024

Hi @ashokthota 

 

Whether migrateDocuments method of ContentMigrationService class is called properly from your servlet ?
I hope you have used @Reference annotation in your servlet class.

In the method: migrateDocuments have you checked resourceResolver object is null or not?

A
AshokThotaAuthor
Level 2
March 26, 2024

Whether migrateDocuments method of ContentMigrationService class is called properly from your servlet ?

---> Yes this is calling properly not having any issues with this.
I hope you have used @3214626 annotation in your servlet class.

---> Yes

In the method: migrateDocuments have you checked resourceResolver object is null or not?

--> Not checking in migrateDocuments method whether its null nor not, Now I'm validating with Null check will keep you post this

Thanks for your reply 🙂 

    Terms & ConditionsAccessibility statement

    Loading footer...