AWS_Developer
Reputation: 856
How to fix Information Exposure Through Sent Data flaw in Java Web application
I am getting a Veracode Information Exposure via Sent Data flaw. My code is:
String companyName = System.getProperty(EPMIConstants.COMPANY_NAME);
This System.getProperty(EPMIConstants.COMPANY_NAME) gets its value from a JVM argument hardcoded in the server itself.
The variable companyName causes this flaw.
Can someone please tell me how to avoid this flaw?
Upvotes: 1
Views: 7831
Answers (2)
fcerullo
Reputation: 681
I would recommend you to create a rule exception in Veracode so the false positive is not highlighted anymore.
Fabio
Upvotes: 1
fcerullo
Reputation: 681
Have a look at this:
http://cwe.mitre.org/data/definitions/201.html
It looks like this might be a false positive.
Fabio @fcerullo
Upvotes: 0
Related Questions
- How to fix Trust Boundary Violation flaw in Java Web application
- Security flaws in code with veracode tool
- security flaw - veracode report - crlf injection
- How to Solve the java.lang.SecurityException:?
- Trust Boundary Violation - Veracode flaw
- Information Exposure Through Sent Data in Java
- Insecure Object Reference in java web application
- Got SecurityException in Java
- How to avoid Java security exception due to mixed code
- Java Applet Emailing Issue