...
| Code Block | ||
|---|---|---|
| ||
public String sanitizeUser(String username) {
return Pattern.matches("[A-Za-z0-9_]+", username))
? username : "unauthorized user";
} |
...
Rule | Severity | Likelihood | Detectable | Repairable | Priority | Level |
|---|---|---|---|---|---|---|
IDS03-J | Medium | Probable | No | No | P4 | L3 |
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| The Checker Framework |
| Tainting Checker | Trust and security errors (see Chapter 8) | ||||||
| CodeSonar |
| JAVA.IO.TAINT.LOG | Tainted log | ||||||
| Fortify | Log_Forging | Implemented | |||||||
| Klocwork |
| SVLOG_FORGING | Implemented | ||||||
| Parasoft Jtest |
| CERT.IDS03.TDLOG | Protect against log forging |
...