0

Getting the below exception in the checkmarks,

Method update at line 108 of com.ibm.vch.vch-*\UpdateServiceImpl.java gets user input from element toByteArray . This element’s value flows through the code without being validated, and is eventually used in a loop condition in updateCustomFieldMapping at line 154 of *\FieldUtils.java. This constitutes an Unchecked Input for Loop Condition.

InputStream activityXML = new JaxbSerializer().marshal(resource.getActivity());
    line--- > 108           byte[] xmlData = IOUtils.toByteArray(activityXML);
                entity.setXmlData(xmlData);

Is there validation i can perform at line 108? Thanks in advance.

Edited :

private static String update**Mapping(String str, Element cusFieldsElement) {
        Pattern p = Pattern.compile(IELD_PATTERN);
        Matcher m = p.matcher(xmlStr);
        while (m.find()) {
            String b = m.group();
            String xPath = b.substring(2, b.length() - 1);
            if (xPath != null) {
                String id = xPath.substring(xPath.lastIndexOf(".") + 1);
                String name = fetchFieldNameFrId(id, cusFieldsElement);
                if (name != null) {
                    String updatedId = "${"
                            + CustomFieldUtils.constructCustomFieldID("/" + Constants.PARAMETERS + "/",
                                    name) + "}";
                    updatedId = StringEscapeUtils.escapeXml10(updatedId);
                    xmlStr = xmlStr.replace(b, updatedId);
                }
            }
        }
        return xmlStr;
    }
Anu
  • 37
  • 1
  • 7
  • 1
    That is not an exception. Exceptions are Java language elements that indicate a method could not complete successfully. – VGR Aug 03 '22 at 14:38
  • 2
    I think we need method `updateCustomFieldMapping` containing line 154 to know what happen. BTW, not sure if your company allow you to expose the source code, better to mask at least the package name. – samabcde Aug 03 '22 at 14:38
  • Thanks Sam, opps i missed hiding package part thank you very much here. i have updated the code snippet. – Anu Aug 04 '22 at 04:46
  • Parsing XML with regular expressions [is a really bad idea](https://stackoverflow.com/questions/701166/can-you-provide-some-examples-of-why-it-is-hard-to-parse-xml-and-html-with-a-reg). Use [XPath](https://docs.oracle.com/en/java/javase/18/docs/api/java.xml/javax/xml/xpath/package-summary.html) instead. (Naming a variable ‘xPath’ does not constitute using XPath.) – VGR Aug 04 '22 at 14:07

0 Answers0