I got a 470 on a line in my code and rightfully so as defined by Vera.
Vera says to fix: Apply strict input validation by using whitelists or indirect selection to ensure that the user is only selecting allowable classes or code.
So I created a strict whitelist of what class name reflection can have access to as a Set
I then wrapped the Class.forName in an if (whitelist.contains(className) { Veracode still fires in here with a 470 }
Anyone know what the fix has to look like for Vera not to fire? I feel I have followed their recommended remediation.
Aucun commentaire:
Enregistrer un commentaire