Highest Voted 'veracode' Questions

0

votes

2 answers

Security violation --External Control of File Name or Path possible

Am having a image Gallery and am rendering the image in following ways //Displaying the image and my…

c# asp.net-mvc security veracode

asked Dec 05 '13 at 13:34

Peru

2,871
5
37
66

0

votes

1 answer

XSS flaw on BinaryWrite

To open pdf file in browser at client side I am using following server side C# code context.Response.BinaryWrite(byteArray); Now the problem is Veracode is giving XSS flaw(CWE ID 80) on this line. Can anyone help me how to resolve this flaw?

c# .net security veracode

asked Sep 12 '13 at 12:40

Kandarp Shah

15
9

0

votes

1 answer

XSS Error : How to prevent this?

I have a situation here: I have a page which is using to show data from DB, in which the content has some special characters as Registered Trademark .I am using java, jsp, jstl in my code. The registered trademark symbol is displayed as : ®…

java jsp jstl xss veracode

asked Jul 15 '13 at 09:59

The Dark Knight

5,455
11
54
95

0

votes

1 answer

Does veracode plugin have full scan capability in offline mode

We are considering using veracode plugin in our IDE(eclipe). But our development environment is "offline" - meaning no internet access. Does veracode plugin function (scan and show security bugs) in 'offline' mode?

eclipse offline veracode

asked Jul 04 '13 at 08:00

ring bearer

20,383
7
59
72

0

votes

1 answer

Directory traversal Issue c#

I have a C# application where I am uploading an image and storing it in a directory. I am checking the file so to allow one image formats before uploading. When I am testing my module with Veracode it shows Directory traversal Issues CWE ID 73.. I…

c# asp.net security testing veracode

asked Jul 01 '13 at 20:09

Edi 0

212
5
22

0

votes

1 answer

How to avoid XSS in this c:out?

Normally i scan my code changes using veracode to detect security vulnerabilities. Now there is a string in DB which i am collecting in a string called custFunctionality and previously i was displaying this in jsp as : out.println(<%=…

jsp jstl security xss veracode

asked Jun 27 '13 at 09:26

The Dark Knight

5,455
11
54
95

0

votes

3 answers

How to resolve Improper Resource Shutdown or Release issue

I submitted my code for Veraocode Security Testing tool and i got this Improper Resource Shutdown or Release at the below code: //This function is used to print trace in the in the LogFile for debugging purpose PrintWriter f; try {…

java security veracode

asked Apr 10 '13 at 11:45

user1782009

299
4
15
32

0

votes

1 answer

What are Special Elements for windows referred to in CWE-78 Neutralization of Special Elements used in an OS Command Veracode

I have code that has been flagged as vulnerable to CWE-78 by Veracode static analysis. In all of the whitepapers I find on the vulnerability, they mention special elements, but none of them actually say what the special elements are. On the…

veracode

asked Mar 08 '13 at 20:34

user1082202

157
1
2
10

0

votes

2 answers

How to fix Information Exposure Through Sent Data flaw in Java Web application

I am getting a Veracode Information Exposure via Sent Data flaw. My code is: String companyName = System.getProperty(EPMIConstants.COMPANY_NAME); This System.getProperty(EPMIConstants.COMPANY_NAME) gets its value from a JVM argument hardcoded…

java security veracode

asked Feb 21 '13 at 10:19

user1782009

299
4
15
32

-1

votes

1 answer

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

I am trying to run some SSH commands on server from my application, I am getting CWE-78 Can someone help in mitigating the same Error:- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): Details: This…

java unix ssh java-8 veracode

asked Aug 14 '23 at 06:33

Shalini Gupta

47
5

-1

votes

1 answer

Cryptographic algorithm violation in vera code report

Using DisgestUils.md5Hex to generate 32 digits random number in java. It's being captured as Violation in veracode report. Could you please advise how do I generate 32 digits number in java which should not capture in veracode report.

java md5 veracode

asked May 19 '21 at 09:59

Dinesh

15
4

-1

votes

1 answer

How to automate veracode scans

Hey I am looking to use a jenkins pipeline to automatically run a vercode application scan. I know how to launch the scan manually using a few sets of commands. I was just going to add these commands to a script and run them, but maybe there is a…

veracode

asked Oct 23 '20 at 16:56

Evan Gertis

1,796
2
25
59

-1

votes

1 answer

How to add a link "parent/child" between 2 certain already created work item - Azure Boards

Currently, we use Veracode in our ci enviroment(Azure Pipelines) for security check. Veracode has a azuredevops plugin, that creates flaws as work items(either bug, task etc) in azure boards. However, we created a certain epic, "Security Issues",…

azure azure-devops veracode workitem azure-boards

asked Oct 08 '20 at 17:54

Ricardo Lima

39
4

-1

votes

1 answer

Improper Neutralization of Special Elements in Data Query Logic for Mongoose Create in Veracode

I am using mongoose create function to add to my collection. I am taking data from request body and passing it to create function like this - const someVariable = req.body; await userModelName.create(someVariable); On veracode, it showing Improper…

mongodb mongoose veracode

asked Sep 22 '20 at 11:25

Estarossa

21
4

-1

votes

2 answers

Veracode Issue : Improper Output Neutralization for Logs

LOGGER.debug("response" + SecurityUtils.htmlEscape(result.toString())); Veracode Issue: Improper Output Neutralization for Logs Why veracode still detects a bug in the above line?

logging veracode

asked Dec 18 '19 at 12:56

Chaithra S

31
1

Questions tagged [veracode]