pa_One
Reputation: 35
How can I handle the below coverity scan issue Parameter docId receives the tainted data (taint_path_param)
Please find my code snippet.
@RequestMapping(value="/abc" , Method=RequetMethod.GET)
public void xxx(@Requestparam("docId") final String docId , @Requestparam("archieveId") final String archieveId){
//Code will be here
}
How can I resolve the coverity scan issues which says "TAINTED_PATH_PARAM" Please help!
Upvotes: 0
Views: 1175
Answers (1)
Swarit Agarwal
Reputation: 2648
As per description provided in link
The program does not have control over the values of the input, and so before using this data, the program must sanitise the data to eliminate system crashes, corruption, escalation of privileges, or denial of service.
@Requestparam("docId") final String docId can be taken as tained_source, which might be sinking at one or multiple places.
Solution : Validation of this variable before "sink" with @NotNull or @NotEmpty or spacial characters validation might resolve this issue.
Upvotes: 0
Related Questions
- How do I ignore JAVA tests in Coverity Connect analysis result?
- How to JavaDoc a record without warnings from -Xdoclint?
- TAINTED_SOURCE - os_command_sink
- Security tool scan issue, Found reliance on default encoding: new String(byte[])
- Coverity. Configure to ignore certain sections of the source code
- Mockito causes false positives in Coverity?
- How to treat uncovered files as having 0 coverage with SonarQube generic coverage XML?
- How do I ignore /usr/include in Coverity Scan?
- Unaccounted lines of code in coverity scan
- Malicious code vulnerability - Field should be package protected