Reputation: 345
How to fix the Veracode Flaw: CWE-489: Leftover Debug Code?
Here in my application I have class testapp in that I have some methods and main method. When I'm using veracode tool its showing flaw at main method saying Veracode CWE-489:Leftover Debug Code. In my psvm main method I have some Syso lines only.
public class testapp {
public static void main(String[] args) {
System.out.println("Test_One");
System.out.println("Test_Two");
System.out.println("Test_Three");
System.out.println("Test_Four");
System.out.println("Test_Five");
}
void dotest() {
}
void runtest() {
}
}
Can anybody guide me how to fix this issue.
Upvotes: 0
Views: 3160
Answers (1)
Reputation: 11
The Veracode engine is looking for the presence of the main() function for this vulnerability within the Java code. All you can do in essence is remove it.
The check within Veracode SAST for this issue is controlled by the fact that for a Java Enterprise web application, you shouldn't have a main function as per the spec for a J2EE app.
As long as you don't have any CWE-470 Unsafe Reflection issues in the app that are exploitable from the outside or that the app server is insecurely configured then you shouldn't need to worry about this.
Upvotes: 1
Related Questions
- How to fix Veracode CWE 117 (Improper Output Neutralization for Logs)
- Veracode flaw CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')
- Veracode issue CWE 915
- Did anyone worked on CWE 601 veracode flaws
- How to fix SQL Injection veracode issue- CWE 564
- Veracode CWE 501 Flaw Trust Boundary Violation In JSP File
- Veracode CWE ID 259
- Why does veracode consider $(document) a flaw?