...
Failure to sanitize user input before processing or storing it can result in injection attacks.
Rule | Severity | Likelihood | Detectable | RepairableRemediation Cost | Priority | Level |
|---|---|---|---|---|---|---|
IDS16-J | High | Probable | Yes | NoMedium | P12 | L1 |
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| The Checker Framework |
| Tainting Checker | Trust and security errors (see Chapter 8) | ||||||
| Fortify | 1.0 | Missing_XML_Validation | Implemented | ||||||
| Klocwork |
| JAVA.SV.XML.INVALID | Implemented | ||||||
| Parasoft Jtest |
| CERT.IDS16.TDXML | Protect against XML data injection |
...