如何解决修复VB.NET中的Veracode CWE ID 117日志的输出不正确中和
我有以下代码,如果我正确阅读了该主题的其他主题,则不会导致Veracode扫描标记CWE 117,但确实如此。对于Java / C#,还有其他一些“答案”,但对于VB.NET,我还没有找到任何答案。
我的代码是这样的:
Public Function WritetoEventLog(ByVal Entry As String,Optional ByVal AppName As String = "adCoreLibrary",Optional ByVal EventType As EventLogEntryType = nothing,Optional ByVal LogName As String = "Application",Optional ByVal EventID As Integer = 0,Optional ByVal TaskCategory As TaskCategory = 0) As Boolean
Dim objEventLog As New EventLog()
Try
' We will try and create our own event log but if not,use the optional default
If Not EventLog.sourceExists(AppName) Then
EventLog.CreateEventSource(AppName,LogName)
End If
' Initialise event log
objEventLog.BeginInit()
' Set the source
objEventLog.source = AppName
' Write entry
If Entry IsNot nothing Then
' THE FOLLOWING LINE IS BEING FLAGGED AS CWE-117 NON-COMPLIANT
objEventLog.WriteEntry(Entry.Replace(vbLf,"_"c).Replace(vbCr,"_"c).Replace(vbTab,"_"c),EventType,EventID,CShort(TaskCategory))
End If
' End initialisation
objEventLog.EndInit()
Return True
Exit Function
Catch ex As Exception
If CType(My.Settings.adLogMode,LogMode) <> adCoreLogging.LogMode.Empty Then
My.Application.Log.WriteEntry("An error occured when trying to write to the Windows Event Log: " & ex.Message.ToString)
Return False
End If
Finally
End Try
' If we get here,we've had a problem
Return False
End Function
有人可以告诉我我在做什么错吗?
解决方法
好吧,对于那些偶然发现此问题的人。。。。我得出了答案。
在导入System.Web之后,我不得不用有问题的行替换以下内容:
Dim newEntry As String = HttpUtility.HtmlEncode(Entry)
objEventLog.WriteEntry(newEntry,EventType,EventID,CShort(TaskCategory))
我不知道为什么Veracode允许这样做,因为从本质上讲,这仍然是同一回事,但是我们确实存在。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
