I have an endpoint that receives a String from the client as seen below:
@GET
@Path("/{x}")
public Response doSomething(@PathParam("x") String x) {
String y = myService.process(x);
return Response.status(OK).entity(y).build();
}
Checkmarx complains that this element’s value then "flows through the code without being properly sanitized or validated and is eventually displayed to the user in method doSomething"
Then I tried this:
@GET
@Path("/{x}")
public Response doSomething(@PathParam("x") String x) {
if (StringUtils.trimToNull(x) == null || x.length() > 100) {
throw new RuntimeException();
}
x = x.replace("'", "").replace("`", "").replace("\\", "").replace("\"", "")
String y = myService.process(x);
y = y.replace("'", "").replace("`", "").replace("\\", "").replace("\"", "")
return Response.status(OK).entity(y).build();
}
But it still considers this a high severity vulnerability.
How do I properly sanitize or validate to pass a Checkmarx scan?
HtmlUtils from spring-web got the job done with:
HtmlUtils.htmlEscape(x)
Maven dependency:
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>5.1.7.RELEASE</version>
</dependency>