Trust Boundary Violation - while triggering veracode

nidhinmp

Enumeration params = req.getParameterNames();
                String sPrefix = "prefix_";
                while (params.hasMoreElements())
                {
                    String paramName = (String) params.nextElement();
                    if (paramName.startsWith(sPrefix))
                    {
                        String value = (Tool.getValue(req.getParameter(paramName)));
                        try {
                        session.setAttribute(ESAPI.validator().getValidInput("SafeCheckString",paramName,"SafeCheckString",1024,true), ESAPI.validator().getValidInput("SafeCheckString",value,"SafeCheckString",1024,true));//flaw
                        }
                        catch (ValidationException e) 
                        {
                            ServiceHandler.writeException("Validation Exception occured while validating Input",e);
                        } catch (IntrusionException e) 
                        {
                            ServiceHandler.writeException("Intrusion Exception  occured while validating Input",e);
                        }
                    }
                }



I'm getting trust boundary violation in the code (session.setAttribute(....) while triggering veracode.
How can i solve this.
Currently we have few trust boundary violation (CWE ID 501) flaws in our application. The recommended solution to fix this was to validate the input against a regex. Thus, we used ESAPI.validator.getValidInput() API. but the flaws are still not getting mitigated.

mark.raynes

Hello @nidhinmp,

Is this question still open for you? Can you provide some more context on what you are trying to do please?

Regards,

Mark

nidhinmp

@mark.raynes

it was mitigated..

--thank you

riteshroymoulick007

@nidhinmp how was it mitigated? can you please reply. I am facing the same issue. -- thanks in advance.

riteshroymoulick007

Please share some code/suggestion to remediate this veracode flaw.