Hi, there:
I got some vulnerablity issue when using IBM AppScan to scan our
Java web application and need some solution:
1.CWE 20 - Improper Input Validation for below source code:
request.getSession().setAttribute("objStr", obj);
2. CWE 511 - Logic/Time ( Malicious Trigger) for date compare like: currDate.compare(processDate) or currDate.equal(processDate)
3. CWE 73 - External control of file or path for source code like:
String todayDate = getTodaysDate();
String currTime= getCurrentTime();
String path = fileToRead+".done_"+ todayDate + currTime;
File file=new File (path); -- CWE 73
Thanks in advance.