Following are checkmarx issue details Unrestricted File Upload Source Object : req (Line No – 39) target Object : getInputStream (Line No -41) request objects get highlighted in checkmarx tool – How do I properly validate, filter, escape, and/or encode user-controllable input to pass a Checkmarx scan? Answer This worked for me – checkmarx pass this high vulnerability I used
Tag: checkmarx
Checkmarx Java fix for Log Forging -sanitizing user input
Can anyone suggest the proper sanitization/validation process required for the courseType variable in the following getCourses method. I am using that variable to write in a log file. I’ve tried HtmlUtils.HtmlEscape() but didn’t get expected results. Thanks! Answer it seems like the Checkmarx tool is correct in this case. A “Log Forging” vulnerability means that an attacker could engineer logs