Page 3 of 13. Showing 123 results (0.008 seconds)
CodeSonar
() https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152177 IO.INJ.COMMAND STR02-C. Sanitize data passed to complex … STR02-C. Sanitize data passed to complex subsystems https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152409IDS01-PL. Use taint mode while being aware of its limitations
, such as invoking the system() function. Finally, there are a few ways you can sanitize tainted data, thereby removing the taint. The details of how taint mode … output IDS33-PL. Sanitize untrusted data passed across a trust boundary Taint mode also provides a handful of mechanisms to produce untainted data fromMEM03-C. Clear sensitive information stored in reusable resources
= NULL; Compliant Solution To prevent information leakage, dynamic memory containing sensitive information should be sanitized before being freed. Sanitization … = (char *)calloc(size+1, sizeof(char)); if (!new_secret) { /* Handle error */ } strcpy(new_secret, secret); /* Process new_secret... */ /* Sanitize memorySEC01-J. Do not allow tainted variables in privileged blocks
or sanitizing data before performing privileged operations (see IDS00-J. Prevent SQL injection). Noncompliant Code Example This noncompliant code example accepts … to handler } } Compliant Solution (Input Validation) This compliant solution invokes the cleanAFilenameAndPath() method to sanitize malicious inputs. SuccessfulIDS53-J. Prevent XPath Injection
sanitization. This attack is similar to SQL injection or XML injection (see IDS00-J. Sanitize untrusted data passed across a trust boundary https://www.securecoding.cert.org/confluence/display/java/IDS00-J.+Sanitize+untrusted+data+passed+across+a+trust+boundary). An attacker can enter valid SQL or XML constructs in the dataIDS54-J. Prevent LDAP injection
. LDAP injection results from inadequate input sanitization and validation and allows malicious users to glean restricted information using the directory service … the user has access privileges. Compliant Solution This compliant solution uses a whitelist to sanitize user input so that the filter string contains only validMITRE CWE
, Failure to sanitize data into an OS command (aka "OS command injection") ENV03-C https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152420 CWE … http://cwe.mitre.org/data/definitions/78.html, Failure to sanitize data into an OS command (aka "OS command injection") STR03-CMSC11-J. Do not let session information leak within a servlet
!= null) { out.println("Email Address:"); out.println(sanitize(emailAddr)); out.println("<br>Previous Address:"); out.println(sanitize … { doGet(request, response); } // Filter the specified message string for characters // that are sensitive in HTML. public static String sanitizeSonarQube
https://rules.sonarsource.com/java/RSPEC-2076 IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method … https://rules.sonarsource.com/java/RSPEC-2631 IDS08-J. Sanitize untrusted data included in a regular expressionIDS16-J. Prevent XML Injection
is being sent, appropriate methods must be used to sanitize untrusted user input. This compliant solution validates that quantity is an unsigned integer: import … been built, sanitizing input before constructing XML yields better performance. Risk Assessment Failure to sanitize user input before processing or storing