How to fix Information Exposure Through Sent Data flaw in Java Web application

Question

I am getting a Veracode Information Exposure via Sent Data flaw. My code is:

String companyName = System.getProperty(EPMIConstants.COMPANY_NAME);

This System.getProperty(EPMIConstants.COMPANY_NAME) gets its value from a JVM argument hardcoded in the server itself.

The variable companyName causes this flaw.

Can someone please tell me how to avoid this flaw?

score 1 · Answer 1 · answered Feb 26 '13 at 13:43

1

I would recommend you to create a rule exception in Veracode so the false positive is not highlighted anymore.

Fabio

answered Feb 26 '13 at 13:43

fcerullo

This issue is resolved now. Could you please tell me how to resolve Encapsulation (Trust Boundary Violation) flaw? – user1782009 Feb 27 '13 at 09:57
@user1782009 how did you resolve this issue? – Prashant Agrawal Jan 06 '23 at 08:33

score 0 · Answer 2 · answered Feb 22 '13 at 13:00

0

Have a look at this:

It looks like this might be a false positive.

Fabio @fcerullo

answered Feb 22 '13 at 13:00

fcerullo

Thanks for the reply but i already i have gone through all the theory part related to this. Wherever i searched on internet i got only theory. No practical implementation. Someone please help on this how to resolve this issue. – user1782009 Feb 25 '13 at 06:24

2 Answers2