如何解决 java 中循环条件校验标记问题的未检查输入

how to resolve Unchecked Input for Loop Condition checkmarx issue in java

我遇到了循环条件检查标记问题的未检查输入。
我尝试了推荐的代码处理,但它对我不起作用。

Checkmarx 报告的描述:

Method transformPojoCommon at line 334 of
to_web/src/com/toweb/bd/TrainCategoriesBD.java gets user input from
element TC_TRAIN_CAT_NAME . This element’s value flows through the
code without being validated, and is eventually used in a loop
condition in getParentTrainTypes at line 162 of
to_web/src/com/toweb/dao/TrainCategoriesDAO.java. This constitutes an
Unchecked Input for Loop Condition.

我尝试了以下代码:

valdiateRequestInput(ESAPI.encoder().
   canonicalize(request.getParameter(TOWebRequestConstants.TC_OBJID).trim()));

private String valdiateRequestInput(String currentPage) {
    try {
        currentPage = ESAPI.validator().getValidInput("HTTP parameter value: ", currentPage, "HTTPParameterValue", 2000, true);
    } catch (Exception e1) {
        log.error("failed to validate HTTP parameter value ", e1);
        throw new IllegalArgumentException("failed to validate HTTP parameter value "+currentPage, e1);
    }
    return currentPage;
}

我已根据 return 类型使用 ESAPI.validator().getValidInteger() 或 ESAPI.validator().getValidDouble() 解决了这些问题。

希望这个解决方案对您也有帮助。