Reputation: 73
Fixing CWE ID 117 in Rabbitmq client Library
My software uses RabbitMQ for communication. However, Veracode has flagged CWE 117 (Improper output neutralization for logs) from the amqp-client library.
I have tried to upgrade to the latest version (4.11.3), but Veracode still does not let me pass. I cannot upgrade further as my software are written in Java 7, and the client do not have any plans to upgrade to Java 8.
Is there any things I can do in my software code to get rid of CWE 117 issue?
Upvotes: 0
Views: 196
Answers (1)
Reputation: 786
The lines in question log peer certificate chain information when peer verification fails, at DEBUG level. I don't think it poses any practical risk as most applications do not run with debug logging enabled. In any case, mitigation is as easy as using a more restrictive log level, e.g. INFO.
Upvotes: 1
Related Questions
- Exception with creating a RabbitMQ server with the C# library
- rabbitmq-alerts: stream error: stream ID 95; INTERNAL_ERROR when install rabbitmq using helm
- Rabbitmq channel error on connection
- Queues with random GUID being generated in RabbitMQ server
- RabbitMQ 3.1.3 and the missing timestamp header
- RabbitMQ - upgraded to a new version and got a lot of "PRECONDITION_FAILED unknown delivery tag 1"
- RabbitMQ badmatch error
- RabbitMQ plugin configuration failure
- How do I fix this rabbitmq/celery error?
- RabbitMQ AMQP protocol mismatch