Example 4: Validation in depth
When you scan the Example 4 code, the first scan includes
three AppScan®
Source
traces with
a root at the corresponding trace routines. Assume the selection of
the FileInputStream.read
method in trace1
and
the addition of the validate
routine. The section
following the sample source code describes the effects of each scope
for the validation routine.
public class TestCase_IOT_UserValidation {
ResultSet resultSet;
FileInputStream fileInputStream;
PrintWriter printWriter;
byte[] buffer;
public static void main(String[] args) throws Exception {
TestCase_IOT_UserValidation testCase = new TestCase_IOT_UserValidation();
testCase.trace1();
TestCase_IOT_UserValidation testCase2 = new TestCase_IOT_UserValidation();
testCase2.trace2();
TestCase_IOT_UserValidation testCase3 = new TestCase_IOT_UserValidation();
testCase3.trace3();
}
private void trace1() throws Exception {
String source = getVulnerableSource1();
source = validate(source);
writeToVulnerableSink(source);
}
private void trace2() throws Exception {
String source = getVulnerableSource2();
source = validate(source);
writeToVulnerableSink(source);
}
private void trace3() throws Exception {
String source = getVulnerableSource3();
source = validate(source);
writeToVulnerableSink(source);
}
public String getVulnerableSource1() throws Exception {
fileInputStream.read(buffer);
return new String(buffer);
}
public String getVulnerableSource2() throws Exception {
fileInputStream.read(buffer);
return new String(buffer);
}
public String getVulnerableSource3() throws Exception {
return resultSet.getString("x");
}
public void writeToVulnerableSink(String str) throws Exception {
printWriter.write(str);
}
private String validate(String source) throws Exception {
// validate
return source;
}
}
Call site specific validation routine - input for
this call to FileInputStream.read
Create
a call site specific validation routine when the validation only fits
in a very narrow context or where the input method is too generic
to supply one validation routine. When you Apply to this
call to FileInputStream.read in the trace1
method, trace1
does
not appear as a finding after the next scan because its call stack
includes a call to the validate
method. However, trace2
is
still reported even though it calls validate
, because
the scope of the validation routine is tied to the trace1
call
site. The trace3
method also calls validate
,
but it continues to be reported because it uses ResultSet.getString
as
a source.
API specific validation routine - input for any call
to FileInputStream.read
Create an API specific
validation routine when the validation is only applicable for a particular
source. When you Apply to any call to FileInputStream.read method,
both the trace1
and trace2
methods
are clear of findings on the next scan because they include a call
to the validate
method. However, the trace3
method
continues to exist even though it calls validate
because
it uses ResultSet.getString
as a source.