Tainted_source JAVA
I analyzed the code of some services in java with Coverity and they throw the following security problems in the controller: "tainted_source: entering this function as a framework entry point. parameter bodyparams is tainted because it comes from an http request." What is the correct way to deal with this type of parameter?
The output shown in your question is only one portion of the complete finding. It shows why service_id is considered to be "tainted" (i.e., under potential control of an attacker), but does not show what happens to the tainted data, and hence we can't know what the code is trying to do or how to fix it.
In the Coverity GUI there is an "events panel" in the lower-right corner that can be used to navigate to the rest of the finding. By clicking on the events in that panel you should be able to see what happens to service_id, and there is sometimes a recommendation from the tool about how to fix it.
Disclosure: I used to work for Coverity/Synopsys.
- Keep numbers which appear in both columns, in J lang
- Differentiation in J
- How to reshape an array with an arbitrary size in one dimension?
- Why is Insert (fold) right associative
- Write 4 : 'x&{.&.;: y' tacitly
- Alignment issue when printing formatted prime numbers in J language
- How can I define a verb in J that applies a different verb alternately to each atom in a list?
- How to get user input in the J programming language
- How to unbox a list of boxed lists of differing lengths in J?
- How can I fix 'noun result was required' error in J?
- In j, how can I define a verb locally in one scope and pass it to a defined adverb?
- Convert boxed array to normal array?
- Read column of CSV file as array
- Replace atom in array of strings
- What does the dyad `=` do to boxed strings?
- Index of minimum element using J
- How can I take the outer product of string vectors in J?
- Building an array of verbs in J
- Reading in multidigit command line parameter
- Amend with bond to new data shows unexpected behaviour
- How to turn a table or matrix into a (flat) list in J
- How to run dissect in J?
- How to define selection using index function in J
- How to exit the J console?
- Find 4-neighbors using J
- Writing custom verbs in J
- How do I negate a selector in J lang?
- How to use arbitrary selector in interchange in J lang?
- different result once square root is added inside tacit
- Sum of arrays with repeated indices