Adobe Experience Manager Sites & More

roberth55706517 · 4/28/20

It looks like Veracode does not like executing queries using the ResourceResolver.findResource() method. ResourceResolver doesn't have a parameterized version. Has anyone been able to resolve this issue? The customer I am working fore requires that all Very High to Low risk assessments are removed.

Jörg_Hoh · 4/30/20

what exactly is Veracode complaining about?

The method signature is

java.util.Iterator<Resource>

findResources(java.lang.String query, java.lang.String language)

So I womder what Veracode is complaining about, all parameters are strongly typed.

View solution in original post

Jörg_Hoh · 4/30/20

what exactly is Veracode complaining about?

The method signature is

java.util.Iterator<Resource>

findResources(java.lang.String query, java.lang.String language)

So I womder what Veracode is complaining about, all parameters are strongly typed.

AshokThota · 3/21/24

Getting veracode CWE-99 issue for the below syntax? what is the exact solution for it Can anyone please help me on this?
resourceResolver.getResource(damPath)

Jörg_Hoh · 3/21/24

CWE-99 is described here (Mitre) as Insufficient input check:

The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.

I assume that you read the provided parameter directly from request parameter, which everyone doing this call can influence.

AshokThota · 3/21/24

Thank you

Adobe Experience Manager Sites & More

Veracode triggering on ResourceResolver.findResource()

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe