在Veracode报告中,某些Java文件中出现错误CWE 93。在静态扫描实例中,某些代码是
MimeMessage msg = new MimeMessage(session);
msg.setFrom(new InternetAddress(msmtpfrom)); 2。msg.setRecipients(Message.RecipientType.TO, address);
我该如何解决?
预先感谢
答案 0 :(得分:0)
只需用空字符串(“”)替换字符串变量(如msmtpfrom,address)中的CRLF出现。看一下具有相关答案的类似问题:How to fix "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')"