我收到“循环条件检查”问题的“未经检查的输入”。
我尝试了推荐的代码处理,但对我不起作用。
Checkmarx报告的描述:
Method transformPojoCommon at line 334 of
to_web/src/com/toweb/bd/TrainCategoriesBD.java gets user input from
element TC_TRAIN_CAT_NAME . This element’s value flows through the
code without being validated, and is eventually used in a loop
condition in getParentTrainTypes at line 162 of
to_web/src/com/toweb/dao/TrainCategoriesDAO.java. This constitutes an
Unchecked Input for Loop Condition.
我尝试下面的代码:
valdiateRequestInput(ESAPI.encoder().
canonicalize(request.getParameter(TOWebRequestConstants.TC_OBJID).trim()));
private String valdiateRequestInput(String currentPage) {
try {
currentPage = ESAPI.validator().getValidInput("HTTP parameter value: ", currentPage, "HTTPParameterValue", 2000, true);
} catch (Exception e1) {
log.error("failed to validate HTTP parameter value ", e1);
throw new IllegalArgumentException("failed to validate HTTP parameter value "+currentPage, e1);
}
return currentPage;
}
最佳答案
Checkmarx Report
请查看checkmarx报告。
谢谢你的帮助。
关于java - 如何解决java中循环条件checkmarx的未经检查的输入,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/61632871/