How to fix Checkmarx XSS vulnerability for getInputStream

Asked Nov 13 '20 at 18:04

Active Nov 18 '20 at 23:45

Viewed 275 times

This piece of code is not passed by Checkmarx. It complains that the getInputStream() is not sanitized and/or validated. Any idea how to fix it?

protected HttpRequest buildProxyRequestWithEntity(String method, String proxyRequestUrl,
                                                  HttpServletRequest servletRequest) throws IOException {
    HttpEntityEnclosingRequest proxyRequest = new BasicHttpEntityEnclosingRequest(method, proxyRequestUrl);
    proxyRequest
          .setEntity(new InputStreamEntity(servletRequest.getInputStream(), getContentLength(servletRequest)));

    return proxyRequest;
}

edited Nov 18 '20 at 23:45

securecodeninja

2,497
3
16
22

asked Nov 13 '20 at 18:04

Phillips Huynh

1

Does this answer your question? [Checkmarx - How to validate and sanitize HttpServletRequest .getInputStream to pass checkmarx scan](https://stackoverflow.com/questions/64152836/checkmarx-how-to-validate-and-sanitize-httpservletrequest-getinputstream-to-p) – baruchiro Nov 14 '20 at 17:55
No because they're not using servletRequest. – Phillips Huynh Nov 20 '20 at 16:45

How to fix Checkmarx XSS vulnerability for getInputStream

0 Answers0