Highest Voted 'veracode' Questions

19

votes

4 answers

How to configure the XML parser to disable external entity resolution in c#

var xDoc = XDocument.Load(fileName); I am using above code in a function to load an XML file. Functionality wise its working fine but it is showing following Veracode Flaw after Veracode check. Description The product processes an XML document…

c# veracode

asked Aug 25 '15 at 11:39

MANISH KUMAR CHOUDHARY

3,144
2
20
30

13

votes

5 answers

How to fix Veracode CWE 117 (Improper Output Neutralization for Logs)

There is an Spring global @ExceptionHandler(Exception.class) method which logs exception like that: @ExceptionHandler(Exception.class) void handleException(Exception ex) { logger.error("Simple error message", ex); ... Veracode scan says that…

java spring logging esapi veracode

asked Jul 06 '17 at 12:44

Vitaliy Borisok

626
2
9
20

9

votes

0 answers

Insufficient Entropy from Veracode when generating random words using java.security.SecureRandom

I have created a class that generates random words (Alphanumerical) using org.apache.commons.lang.RandomStringUtils. public String randomWord(int wordLength) { return RandomStringUtils.random(wordLength, 0, 0, true, true, null, new…

java random entropy veracode

asked Jul 06 '15 at 22:41

D.PETIT

151
1
3

8

votes

1 answer

How to prevent XML eXternal Entity (XXE) attack during .net deserialization

We are doing security analysis of our code using veracode and its showing XXE flaw for below code, specifically where Deserialize() is invoked. How can we prevent serializer from accessing external entities. My attempt below to set XMLresolver to…

c# .net xml veracode

asked Jan 25 '16 at 14:53

user5837579

81
1
2

7

votes

1 answer

XXE: Improper Restriction of XML External Entity Reference With XDocument

So I am running into an issue when I run a security scan on my application. It turns out that I am failing to protect against XXE. Here is a short snippet showing the offending code: static void Main() { string inp =…

c# xml linq-to-xml veracode xxe

asked Sep 19 '17 at 15:16

Bitz

990
7
26

7

votes

2 answers

Veracode XML External Entity Reference (XXE)

I've got the next finding in my veracode report: Improper Restriction of XML External Entity Reference ('XXE') (CWE ID 611) referring the next code bellow ... DocumentBuilderFactory dbf=null; DocumentBuilder db = null; try { …

java security veracode xxe

asked Jun 22 '15 at 11:29

Jose Miguel

295
2
3
17

7

votes

2 answers

"Untrusted initialization" flaw - while creating SQL Connection

I have done the following... private static IDbConnectionProvider CreateSqlConnectionProvider(DbConfig dbConfig) { return new QcDbConnectionProvider(() => { SqlConnectionStringBuilder csBuilder = new…

c# sql-server veracode

asked Jun 11 '15 at 12:02

NJMR

1,710
1
21
38

7

votes

1 answer

Veracode, Debug Symbols, and XCode

I'm attempting to have an iOS application scanned by Veracode: an application security platform. In order for them to scan an .IPA, the .IPA needs to contain debug symbols. For the Archive build-configuration and project/target being used, I've…

ios xcode veracode

asked Aug 06 '14 at 18:55

paiego

3,270
28
37

6

votes

2 answers

Unable to rectify VeraCode CWE ID 918 - (SSRF) in ASP.NET

Long story short, no matter what I try VeraCode continues to flag 8 lines of my code as flaws with CWE 918. This is old code so I'm not sure why it's suddenly being flagged. Here's an example [offending] method with the flagged line in bold public…

asp.net asp.net-mvc veracode ssrf

asked Sep 12 '19 at 18:15

Sirentec

744
9
18

6

votes

1 answer

CWE-ID 100 Fix for MVC5

Our application is being dinged several hundred times CWE-ID 100 "flaws" related to Technology-Specific Input Validation Problems according to Veracode. According to their docs, the remediation is to check the ModelState.IsValid property on a model…

c# asp.net-mvc asp.net-mvc-5 veracode

asked Jun 07 '17 at 16:11

mituw16

4,934
2
18
40

6

votes

2 answers

Handle cross site scripting flaw raised by veracode

We have a legacy web application in ASP.Net and C#, for which we are getting around 400 plus cross site scripting flaw raised by Veracode scan. I have created a sample web application and simulated the issue, and found that whenever we are using any…

c# asp.net veracode

asked Nov 18 '16 at 14:26

Alok

266
1
13

6

votes

2 answers

Veracode Insecure Temporary File error when using java.io.File.createTempFile

I need to create a temporary file and store some data into it. I have written the following code to do so: import org.apache.commons.lang.RandomStringUtils; import java.security.SecureRandom; [...] String random = RandomStringUtils.random(10, 0,…

java file security veracode secure-coding

asked Jul 07 '15 at 01:40

D.PETIT

151
1
3

6

votes

6 answers

How to fix "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')"

After running VeraCode, it reported a following error "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')" in the following code fragment: protected override void InitializeCulture() { //If true then setup…

c# cookies veracode

asked Feb 24 '14 at 16:25

piterskiy

147
1
4
14

5

votes

2 answers

How to neutralize of CRLF Sequences in HTTP Headers

I have gone through this link. [How to fix "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')" But it does not give me the solution. My code is also giving the error "Improper Neutralization of CRLF Sequences in…

java veracode

asked May 07 '14 at 10:07

koushik

103
1
8

4

votes

0 answers

Veracode Scan XSS issue for Response.BinaryWrite() method

While running the veracode scan, a vulnerability has been thrown for the below line: Page.Response.BinaryWrite(stream.GetBuffer()); Where, stream is an object of System.IO.MemoryStream. I have tried the below line of…

c# xss veracode

asked Nov 27 '19 at 12:30

HarshSharma

590
3
6
30

Questions tagged [veracode]