Veracode Issue - Information exposure through sent data (CWE ID 201)

Question

Following is the piece of code

public void sendEmail(String toEmailAddr, String subject, String body) throws AppException {

    Session session = Session.getDefaultInstance(props, null);
    MimeMessage message = new MimeMessage(session);

    try {
        message.addRecipient(Message.RecipientType.TO, 
            new InternetAddress(toEmailAddr));
        message.setSubject(subject);
        message.setText(body);

        Transport.send(message);

    } catch (MessagingException ex) {
        throw new AppException(
            "Exception Occurred while processing EmailNotification.sendEmail method: ", ex);
    }
}

In the line "Transport.send(message);" I am getting the vera code issue . How to fix the issue.

dinesh kumar m · Answer 1 · 2018-10-25T03:28:05.507

1

Similar questiton asked in veracode form https://community.veracode.com/s/question/0D53400003zJoPDCA0/
This flaw could occur when sensitive data is pulled from your configuration.(guessing toEmailAddr,subject is pulled from config file).
Try encrypting your config data to resolve the issue or flow the steps given in link.

edited Oct 25 '18 at 03:28

answered Oct 25 '18 at 03:22

dinesh kumar m

11
3

Veracode Issue - Information exposure through sent data (CWE ID 201)

1 Answers1