kachan
Reputation: 21
Trust Boundary Violation - Veracode flaw
I'm getting trust boundary violation in the code that i'm testing. The code adds forms in session and it is getting flawed as trust boundary violation
Inside Struts Action class execute method
{
EditForm editform = new EditForm ();
All the values are set either from databse or from request params and then the form is added to session as below
**request.getSession(false).setAttribute("EDIT_FORM", editform );**
}
I'm getting violation on the code shown as bold.
How can i fix this? I'm not sure where to add the validation. It is a new form that is created inside Action class execute methods and the vaues are populated from request and db
Upvotes: 1
Views: 7883
Answers (1)
Jose Miguel
Reputation: 445
You should try esapy library, try something like :
- ESAPI.getValidInput(...)
Before setting attribute. I've found this flaw asociate to Object type variable and that's the worst thing ever, because you cannot validate it as you can't know the type.
Upvotes: 1
Related Questions
- How to solve a Trust Boundary Violation issue?
- How to fix Trust Boundary Violation flaw in Java Web application
- Security flaws in code with veracode tool
- Trust boundary violation even after validation check in java webapp
- security flaw - veracode report - crlf injection
- How to fix Information Exposure Through Sent Data flaw in Java Web application
- Trust Boundary Violation flaw in Java project
- Veracode vulnerable Cryptographic issue
- Java security vulnerability OS Injection Veracode
- How to resolve CWE 117 Issue