TechQA.

How can I handle the below coverity scan issue Parameter docId receives the tainted data (taint_path_param)

1k views Asked by At

Please find my code snippet.

@RequestMapping(value="/abc" , Method=RequetMethod.GET)
    public void xxx(@Requestparam("docId") final String docId , @Requestparam("archieveId") final String archieveId){
//Code will be here
}

How can I resolve the coverity scan issues which says "TAINTED_PATH_PARAM" Please help!

java coverity coverity-prevent
Original Q&A
1

There are 1 answers

1
Swarit Agarwal On

As per description provided in link

The program does not have control over the values of the input, and so before using this data, the program must sanitise the data to eliminate system crashes, corruption, escalation of privileges, or denial of service.

@Requestparam("docId") final String docId can be taken as tained_source, which might be sinking at one or multiple places.

Solution : Validation of this variable before "sink" with @NotNull or @NotEmpty or spacial characters validation might resolve this issue.

Related Questions in JAVA

Related Questions in COVERITY

Related Questions in COVERITY-PREVENT

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions