如何修复CWE 829-包含不受信任的控制范围的功能
[英]How to fix CWE 829 - Inclusion of Functionality from Untrusted Control Sphere
问题描述
As part of veracode scan i got CWE 829 -Inclusion of Functionality from Untrusted Control Sphere error thrown. 
作为veracode扫描的一部分,我收到了CWE 829-包含来自不受信任的控制范围错误的功能。
Below I have pasted my Java code and in line#3 i'm getting this vulnerability. 下面,我粘贴了Java代码,在第3行中,我遇到了此漏洞。
I didn't find much about this issue. 关于这个问题,我发现不多。 Can some one assist me if you have faced this kind of issue earlier? 如果您之前遇到过此类问题,可以有人帮助我吗?
import java.applet.Applet;
import java.awt.Graphics;
public class ShowVariables extends Applet { //Error shown in thos line
int age = 35;
double salary = 25000.34;
long distance_to_the_moon = 235678;
public void paint(Graphics g) {
g.drawString("employees age: " + age, 5, 25);
g.drawString("Employess salary: " + salary, 5, 45);
g.drawString("Distance to the moon: " + distance_to_the_moon, 5, 65);
}
}
1 个解决方案
解决方案1
0 2019-07-24 07:15:19
It seems like a false-positive since CWE-829 is related with including in your code content from external domain: 由于CWE-829与包含来自外部域的代码内容有关,因此这似乎是错误的肯定:
https://cwe.mitre.org/top25/index.html#CWE-829 https://cwe.mitre.org/top25/index.html#CWE-829
https://cwe.mitre.org/data/definitions/829.html https://cwe.mitre.org/data/definitions/829.html
While you only use functions and classes from java library. 虽然您仅使用Java库中的函数和类。
Try to mitigate the flaw as per instruction on Verascode website: 尝试按照Verascode网站上的说明减轻此漏洞:
https://help.veracode.com/reader/DGHxSJy3Gn3gtuSIN2jkRQ/~p4MSKOS8F8X8h0KwFTKoQ https://help.veracode.com/reader/DGHxSJy3Gn3gtuSIN2jkRQ/~p4MSKOS8F8X8h0KwFTKoQ
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.