如何解决 java 中循环条件校验标记问题的未检查输入
how to resolve Unchecked Input for Loop Condition checkmarx issue in java
我遇到了循环条件检查标记问题的未检查输入。
我尝试了推荐的代码处理,但它对我不起作用。
Checkmarx 报告的描述:
Method transformPojoCommon at line 334 of
to_web/src/com/toweb/bd/TrainCategoriesBD.java gets user input from
element TC_TRAIN_CAT_NAME . This element’s value flows through the
code without being validated, and is eventually used in a loop
condition in getParentTrainTypes at line 162 of
to_web/src/com/toweb/dao/TrainCategoriesDAO.java. This constitutes an
Unchecked Input for Loop Condition.
我尝试了以下代码:
valdiateRequestInput(ESAPI.encoder().
canonicalize(request.getParameter(TOWebRequestConstants.TC_OBJID).trim()));
private String valdiateRequestInput(String currentPage) {
try {
currentPage = ESAPI.validator().getValidInput("HTTP parameter value: ", currentPage, "HTTPParameterValue", 2000, true);
} catch (Exception e1) {
log.error("failed to validate HTTP parameter value ", e1);
throw new IllegalArgumentException("failed to validate HTTP parameter value "+currentPage, e1);
}
return currentPage;
}
我已根据 return 类型使用 ESAPI.validator().getValidInteger() 或 ESAPI.validator().getValidDouble() 解决了这些问题。
希望这个解决方案对您也有帮助。
我遇到了循环条件检查标记问题的未检查输入。
我尝试了推荐的代码处理,但它对我不起作用。
Checkmarx 报告的描述:
Method transformPojoCommon at line 334 of to_web/src/com/toweb/bd/TrainCategoriesBD.java gets user input from element TC_TRAIN_CAT_NAME . This element’s value flows through the code without being validated, and is eventually used in a loop condition in getParentTrainTypes at line 162 of to_web/src/com/toweb/dao/TrainCategoriesDAO.java. This constitutes an Unchecked Input for Loop Condition.
我尝试了以下代码:
valdiateRequestInput(ESAPI.encoder().
canonicalize(request.getParameter(TOWebRequestConstants.TC_OBJID).trim()));
private String valdiateRequestInput(String currentPage) {
try {
currentPage = ESAPI.validator().getValidInput("HTTP parameter value: ", currentPage, "HTTPParameterValue", 2000, true);
} catch (Exception e1) {
log.error("failed to validate HTTP parameter value ", e1);
throw new IllegalArgumentException("failed to validate HTTP parameter value "+currentPage, e1);
}
return currentPage;
}
我已根据 return 类型使用 ESAPI.validator().getValidInteger() 或 ESAPI.validator().getValidDouble() 解决了这些问题。
希望这个解决方案对您也有帮助。