TechQA.

Fortify issue sends unvalidated data to a web browser

13.3k views Asked by At

I am creating response as below:

    @Override
    public Response post(String html,String headers) {
        HttpEntity<String> requestPayload = new HttpEntity<String>(html,headers);
        ResponseEntity<String> responseEntity = null;
        responseEntity = restTemplate.postForEntity(uri, requestPayload,String.class);
        String responseString = responseEntity.getBody().toString();
        return Response.ok().entity(responseString).build();
    }

Fortify is complaining

The method sends unvalidated data to a web browser on line xx, which can result in the browser executing malicious code.

Any idea how can I fix this?

java jersey fortify
Original Q&A
2

There are 2 answers

0
Hemachandra On

You need to tell the spring controller that what format of data you would need to send a response from the back end.

For GET Request this needs to be added in controller. i.e., 

produces = MediaType.APPLICATION_JSON_VALUE
@RequestMapping(value = "/Patient/{patientID}/_history/{versionId}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)

For POST request produces & consumes needs to be added

@RequestMapping(value = "/Patient", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE)

@Override
@RequestMapping(value = "/Patient/{patientID}/_history/{versionId}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity<PhoenixResponse> getResourceByVersionId(@PathVariable String patientID, @PathVariable String versionId) {
    return super.getResourceByVersionId(patientID, versionId);
}
0
Nilo On

In PHP I had same problem I changed the code from :

 $output = array(
        "draw" =>  (isset($requestData['draw']) ? $requestData['draw']:1),
        "recordsTotal" => intval($totalData),
        "recordsFiltered" => intval($filteredData),
        "data" => $data
    );

    echo json_encode($output);

To:

if (isset ( $requestData ['draw'] )) {
            $draw = $requestData ['draw'];
        } else {
            $draw = 1;
        }
$output = array (
            "draw" => intval ( $requestData ['draw'] ),
            "recordsTotal" => intval ( $totalData ),
            "recordsFiltered" => intval ( $filteredData ),
            "data" => $data
    );
    echo json_encode ( $output );

and I solve the problem :-) I hope that this help someone!

Related Questions in JAVA

Related Questions in JERSEY

Related Questions in FORTIFY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions