Search

Help

Page 3 of 13. Showing 123 results (0.008 seconds)

  1. CodeSonar

    () https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152177 IO.INJ.COMMAND STR02-C. Sanitize data passed to complex … STR02-C. Sanitize data passed to complex subsystems https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152409
    SEI CERT C Coding StandardFeb 08, 2024

  2. IDS01-PL. Use taint mode while being aware of its limitations

    , such as invoking the system() function. Finally, there are a few ways you can sanitize tainted data, thereby removing the taint. The details of how taint mode … output IDS33-PL. Sanitize untrusted data passed across a trust boundary Taint mode also provides a handful of mechanisms to produce untainted data from
    SEI CERT Perl Coding StandardNov 16, 2017

  3. MEM03-C. Clear sensitive information stored in reusable resources

    = NULL; Compliant Solution To prevent information leakage, dynamic memory containing sensitive information should be sanitized before being freed. Sanitization … = (char *)calloc(size+1, sizeof(char)); if (!new_secret) { /* Handle error */ } strcpy(new_secret, secret); /* Process new_secret... */ /* Sanitize memory
    SEI CERT C Coding StandardApr 20, 2023

  4. SEC01-J. Do not allow tainted variables in privileged blocks

    or sanitizing data before performing privileged operations (see IDS00-J. Prevent SQL injection). Noncompliant Code Example This noncompliant code example accepts … to handler } } Compliant Solution (Input Validation) This compliant solution invokes the cleanAFilenameAndPath() method to sanitize malicious inputs. Successful
    SEI CERT Oracle Coding Standard for JavaAug 06, 2021

  5. IDS53-J. Prevent XPath Injection

    sanitization. This attack is similar to SQL injection or XML injection (see IDS00-J. Sanitize untrusted data passed across a trust boundary https://www.securecoding.cert.org/confluence/display/java/IDS00-J.+Sanitize+untrusted+data+passed+across+a+trust+boundary). An attacker can enter valid SQL or XML constructs in the data
    SEI CERT Oracle Coding Standard for JavaJan 10, 2023

  6. IDS54-J. Prevent LDAP injection

    . LDAP injection results from inadequate input sanitization and validation and allows malicious users to glean restricted information using the directory service … the user has access privileges. Compliant Solution This compliant solution uses a whitelist to sanitize user input so that the filter string contains only valid
    SEI CERT Oracle Coding Standard for JavaJan 10, 2023

  7. MITRE CWE

    , Failure to sanitize data into an OS command (aka "OS command injection") ENV03-C https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152420 CWE … http://cwe.mitre.org/data/definitions/78.html, Failure to sanitize data into an OS command (aka "OS command injection") STR03-C
    SEI CERT C Coding StandardMar 22, 2024

  8. MSC11-J. Do not let session information leak within a servlet

    != null) { out.println("Email Address:"); out.println(sanitize(emailAddr)); out.println("<br>Previous Address:"); out.println(sanitize … { doGet(request, response); } // Filter the specified message string for characters // that are sensitive in HTML. public static String sanitize
    SEI CERT Oracle Coding Standard for JavaJul 21, 2017

  9. SonarQube

    https://rules.sonarsource.com/java/RSPEC-2076 IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method … https://rules.sonarsource.com/java/RSPEC-2631 IDS08-J. Sanitize untrusted data included in a regular expression
    SEI CERT Oracle Coding Standard for JavaFeb 08, 2024

  10. IDS16-J. Prevent XML Injection

    is being sent, appropriate methods must be used to sanitize untrusted user input. This compliant solution validates that quantity is an unsigned integer: import … been built, sanitizing input before constructing XML yields better performance. Risk Assessment Failure to sanitize user input before processing or storing
    SEI CERT Oracle Coding Standard for JavaMar 15, 2022