It looks like Veracode does not like executing queries using the ResourceResolver.findResource() method. ResourceResolver doesn't have a parameterized version. Has anyone been able to resolve this issue? The customer I am working fore requires that all Very High to Low risk assessments are removed.
Solved! Go to Solution.
Views
Replies
Total Likes
what exactly is Veracode complaining about?
The method signature is
java.util.Iterator<Resource> | findResources(java.lang.String query, java.lang.String language) |
So I womder what Veracode is complaining about, all parameters are strongly typed.
what exactly is Veracode complaining about?
The method signature is
java.util.Iterator<Resource> | findResources(java.lang.String query, java.lang.String language) |
So I womder what Veracode is complaining about, all parameters are strongly typed.
Getting veracode CWE-99 issue for the below syntax? what is the exact solution for it Can anyone please help me on this?
resourceResolver.getResource(damPath)
CWE-99 is described here (Mitre) as Insufficient input check:
The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.
Thank you
Views
Likes
Replies