How to fix Trust Boundary Violation flaw in Java Web application
29,422
Solution 1
Simply use a regular expression to validate the userName according to the rules your usernames follow:
if(userName.matches("[0-9a-zA-Z_]+")
session.setAttribute(Constant.USERNAME, userName);
Solution 2
VeraCode will require you to file a mitigation with them. They will schedule a consultation with you and there you can show them the code fix(s) implemented and they will then mark the mitigation approved.
Yes, I know this is late but others may trip through and it needs to be pointed out.
Author by
user1782009
Updated on January 14, 2021Comments
-
user1782009 over 3 years
I am receiving a Trust Boundary Violation from Veracode. My code is
userName= req.getParameter(Constant.USERNAME); session.setAttribute(Constant.USERNAME, userName); //At this line i am getting Trust Boundry Violation flaw.
How can I validate
userName
to avoid a trust boundary violation flaw? -
John Smith over 11 yearsthis matches a name only containing alphanumeric letters and underline. you should also write an else block that results in some error for the user.
-
user1782009 over 11 yearsThanks for the reply. I applied this validation but still i am getting trust boundary vioaltion on the same line. Is there any other way to put value in something rather than in session because whereever i am getting this flaw at those places i am putting some value in session only. Please help me on this...
-
Vitaly Osipov about 11 yearsThis signature is among the more meaningless ones. Tell your scanner folks this is nonsense and ask them to prove otherwise ;)
-
John Smith almost 11 yearscorrect, after adding validation, the error from VeraCode is simply wrong.