Highest Voted 'veracode' Questions

2

votes

3 answers

Improper Neutralization of CRLF Sequences in HTTP Headers

I ran Veracode scan on my project and it gave me CWE ID 113 issue under HTTP response splitting. I tried to resolve the issue with there recommendations but it did not work. e.g. try { String selNhid = req.getParameter("selNhid"); …

java xss veracode

asked Apr 16 '19 at 10:20

Pavan Divekar

449
2
14

2

votes

0 answers

Veracode CWE 404 - Improper release of resources

I have a code block that looks like this: using (MemoryStream outputZip = new MemoryStream()) { using (ZipOutputStream zipstream = new ZipOutputStream(outputZip)) { zipstream.Password = req.password; zipstream.SetLevel(3); …

c# resources using veracode

asked Jan 16 '18 at 17:03

VinnyGuitara

605
8
26

2

votes

1 answer

How to translate CURL -F @filename to nodejs

I have to translate a working curl request in nodejs javascript. I did succeed with previous similar queries that didn't implied file transfer. curl --compressed -u $username:$password https://analysiscenter.veracode.com/api/5.0/uploadfile.do -F…

javascript node.js curl veracode node-fetch

asked Jan 16 '18 at 10:17

Antoine Drouhin

63
6

2

votes

1 answer

Improper Neutralization of CRLF Sequences ('CRLF Injection') in Mailadress in JAVA

This code: InternetAddress[] myAdrs = getAdrs(message.getToAddresses()); for (int i = 0; i < myAdrs.length; i++) { String s = myAdrs[i].getAddress(); s =…

java jakarta-mail veracode crlf-vulnerability

asked Nov 28 '17 at 19:17

Dan

41
2
7

2

votes

2 answers

Java security vulnerability OS Injection Veracode

I receive a Veracode error when running the static scan: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE ID 78) The application calls a process with an argument that I receive from the frontend (the…

java security operating-system veracode

asked Nov 10 '17 at 08:51

Sorin Penteleiciuc

653
1
10
26

2

votes

4 answers

Pass Veracode CWE 117 (Improper Output Neutralization for Logs) only with replaceAll("\r", "_").replaceAll("\n", "_")

I read on some forums the myth that it is enough to pass the Veracode CWE 117 (Improper Output Neutralization for Logs) issue by doing something like this. Can somebody confirm if this is the case or not ? message.replaceAll("\r",…

amazon-web-services java logging audit veracode

asked Oct 04 '17 at 12:11

Sorin Penteleiciuc

653
1
10
26

2

votes

1 answer

Improper Neutralization of CRLF Sequences in HTTP Headers (CWE ID 113)

Anyone have idea on how to fix this veracode issue (CWE 113) I already tried below link but its not working. Fix for CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Below is the function where I have…

c# asp.net veracode

asked Aug 08 '17 at 13:00

Keppy

471
1
7
23

2

votes

1 answer

Veracode throws "Technology-Specific Input Validation Problems (CWE ID 100)" for a public string property in C#

Veracode throws "Technology-Specific Input Validation Problems (CWE ID 100)" for a public string property in C#. These are the formats I have tried already, and all give same flaw. Option: 1 public string MyProperty { get; set; } Option: 2 …

c# veracode

asked May 31 '17 at 15:51

fluidguid

1,511
14
25

2

votes

1 answer

Veracode Issue - Information exposure through sent data (CWE ID 201)

Following is the piece of code public void sendEmail(String toEmailAddr, String subject, String body) throws AppException { Session session = Session.getDefaultInstance(props, null); MimeMessage message = new MimeMessage(session); try…

java veracode

asked Mar 24 '17 at 21:00

user1669692

119
1
3
16

2

votes

2 answers

External Control of System or Configuration Setting

(Sorry, if this is a dumb question....) Veracode reports my website has a security issue which relates to use connection string from web.config. Here is my code. Public Function ExecuteScalar(ByVal sql As String) As Object Dim obj As Object =…

asp.net-mvc security database-connection connection-string veracode

asked Nov 28 '16 at 04:56

NoName

877
12
28

2

votes

1 answer

Avoiding scanning third party libraries through Veracode's static scan

I'm fixing flaws from my application's Veracode static scan result, and I'm realizing that it is analyzing third party libraries in addition to my source code. For instance, it's looking at the Apache Commons libraries and it is finding flaws inside…

static-analysis veracode

asked May 07 '15 at 10:53

Jose Miguel

355
2
6
18

2

votes

1 answer

MVC Security Violation - Improperly Controlled Modification of Dynamically-Determined Object Attributes

We are developing an MVC 5 Application and while we ran security scan using Veracode we are getting the below flaw saying "Improperly Controlled Modification of Dynamically-Determined Object Attributes" And added this link as reference to…

asp.net-mvc http-post veracode

asked Mar 20 '15 at 10:49

Peru

2,871
5
37
66

2

votes

5 answers

Veracode issue in JSP

I am getting veracode issue in the below line The issue is on <%=viewBean.getStudName()%> Here, the issue reported is "Improper Neutralization of Script-Related…

java html jsp veracode

asked Oct 30 '14 at 07:00

Kalaiyarasan

17
1
4

2

votes

2 answers

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

I am trying to get the server details for my webservice application Remote Host Name: <%= request.getRemoteHost() + ":" + request.getRemotePort()%> I recently run the veracode and I am having…

html jsp veracode

asked Aug 06 '14 at 22:36

user3915942

27
1
5

2

votes

2 answers

How to resolve : Plaintext Storage of a Password

I have submitted my JAVA EAR to Veracode Security tool and got an issue of Plaintext Storage of a Password on the following code: ApplicationProperties app = new ApplicationProperties(fileProp); String sqlServerPassword =…

java jdbc security veracode

asked Apr 23 '13 at 08:45

user1782009

299
4
15
32

Questions tagged [veracode]