您好我使用Fortify工具扫描了一个应用程序,在生成的报告中,我通过以下方法获得了路径操作问题。
注意:在报告中,它没有显示错误行号。任何人都可以建议我如何重新获得它?
private MimeMessage prepareMessage(EmailMessage req) throws EmailProviderException {
long start=System.currentTimeMillis(),finish=0;
try {
MimeMessage message = emailSender.createMimeMessage();
// create a multipart message
MimeMessageHelper helper = new MimeMessageHelper(message, true);
// set email addresses
helper.setFrom(convertAddress(req.getFromAddress()));
helper.setTo(convertAddress(req.getToAddress()));
helper.setCc(convertAddress(req.getCcAddress()));
helper.setBcc(convertAddress(req.getBccAddress()));
// set subject and body
helper.setSubject(req.getEmailSubject());
String emailBody = req.getEmailBody();
String emailMime = req.getEmailMimeType();
MimeBodyPart messagePart = new MimeBodyPart();
DataSource bodyDataSource = new ByteArrayDataSource(emailBody, emailMime);
messagePart.setDataHandler(new DataHandler(bodyDataSource));
helper.getMimeMultipart().addBodyPart(messagePart);
// add attachments
List<EmailAttachment> lAttach = req.getEmailAttachment();
if (lAttach != null) {
for (EmailAttachment attachMnt: lAttach) {
DataSource dSource = new ByteArrayDataSource(attachMnt
.getContent(), attachMnt
.getMimeType());
helper.addAttachment(attachMnt.getFileName(), dSource);
}
}
finish=System.currentTimeMillis();
statsLogger.info(new FedExLogEntry("prepareMessage took {0}ms",new Object[]{finish-start}));
return message;
} catch (Exception e) {
// covers MessagingException, IllegalStateException, IOException, MailException
String emsg = new StringBuilder("Unable to prepare smtp message.")
.append("\n").append(req.toString()).toString();
logger.warn(emsg, e);
throw new EmailProviderException(emsg, e);
}
}
答案 0 :(得分:0)
嗯。如果Fortify在尝试向您显示存在问题的正确行时遇到问题,那么当它扫描并将结果呈现给您的FPR时,fortify可能会遇到解析错误。您可以尝试的一件事是在不同的构建ID下重新扫描您的应用程序并生成新的FPR。除此之外,我不知道。抱歉。 我建议的其他方法是检查您的日志文件,看看在翻译/扫描过程中是否有任何错误或警告。
但是在查看了您的代码示例后,我认为Fortify正在污染参数req并标记当它尝试将文件添加为附件时发生的操作。很可能你的水槽将会在
helper.addAttachment(attachMnt.getFileName(), dSource);
您希望在尝试将附件保存到磁盘之前验证附件的文件名。