You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Veracode scan finds a medium security flaw in this file for the function ServiceDefinition on line / around 261.
There is little verification of the strings passed.
This is a static scan which just looks at the code itself.
Environment Information
Operating System: TOD
GORM Version: TODO
Grails Version (if using Grails): TODO
JDK Version: TODO
Example Application
Information from the Veracode scan:
A call uses reflection in an unsafe manner. An attacker can specify the class name to be instantiated, which may create unexpected control flow paths through the application. Depending on how reflection is being used, the attack vector may allow the attacker to bypass security checks or otherwise cause the application to behave in an unexpected manner. Even if the object does not implement the specified interface and a ClassCastException is thrown, the constructor of the untrusted class name will have already executed.
Veracode recommends: Validate the class name against a combination of white and black lists to ensure that only expected behavior is produced.
The text was updated successfully, but these errors were encountered:
Task List
Veracode scan finds a medium security flaw in this file for the function ServiceDefinition on line / around 261.
There is little verification of the strings passed.
This is a static scan which just looks at the code itself.
Environment Information
Example Application
Information from the Veracode scan:
A call uses reflection in an unsafe manner. An attacker can specify the class name to be instantiated, which may create unexpected control flow paths through the application. Depending on how reflection is being used, the attack vector may allow the attacker to bypass security checks or otherwise cause the application to behave in an unexpected manner. Even if the object does not implement the specified interface and a ClassCastException is thrown, the constructor of the untrusted class name will have already executed.
Veracode recommends: Validate the class name against a combination of white and black lists to ensure that only expected behavior is produced.
The text was updated successfully, but these errors were encountered: