As there many NoSQL database system and each one use an API for call, it's important to ensure that user input received and used to build the API call expression does not contain any character that have a special meaning in the target API syntax. The cookie is used to store the user consent for the cookies in the category "Other. lib_foo() is defined in OSLib and hence an unresolved method must be imported. Maven artifacts are stored on Sonatype nexus repository manager (synced to maven central) Find centralized, trusted content and collaborate around the technologies you use most. If this output is redirected to a web user, this may represent a security problem. As the AppSec testing leader, we deliver the unparalleled accuracy, coverage, visibility, and guidance our customers need to build tomorrow's software securely and at speed. I am using that variable to write in a log file. Java developer - Randstad USA seamless and simple for the worlds developers and security teams. Today's leading Static Code Analysis (SCA) solutionswork by compiling a fully query-able database of all aspects of the code analysis. Injection of this type occur when the application uses untrusted user input to build a XPath query using a String and execute it. Step 5: Scroll down under "System Variables" until you see "Path" This will also make your code easier to audit because you won't need to track down the possible values of 'category' when determining whether this page is vulnerable or not. If an exception related to SQL is handled by the catch, then the output might contain sensitive information such as SQL query structure or private information. or if it's a false positive, how can I rewrite the script so it does not happen? It only takes a minute to sign up. Step 4: Click "Advanced System Settings", and click "Environment Variables" Can anyone suggest the proper sanitization/validation process required for the courseType variable in the following getCourses method. Here we escape + sanitize any data sent to user, Use the OWASP Java HTML Sanitizer API to handle sanitizing, Use the OWASP Java Encoder API to handle HTML tag encoding (escaping), "You

user login

is owasp-user01", "", /* Create a sanitizing policy that only allow tag '

' and ''*/, /* Sanitize the output that will be sent to user*/, /* Here use MongoDB as target NoSQL DB */, /* First ensure that the input do no contains any special characters, //Avoid regexp this time in order to made validation code, /* Then perform query on database using API to build expression */, //Use API query builder to create call expression,