Skip to main content

Veracode CRLF Error

CRLF Injection (1 flaw) 
The acronym CRLF stands for "Carriage Return. Line Feed" and refers to the sequence of characters used to denote the end
of a line of text. CRLF injection vulnerabilities occur when data enters an application from an untrusted source and is not
properly validated before being used. For example. if an attacker is able to inject a CRLF into a log file, he could append
falsified log entries, thereby misleading administrators or cover traces of the attack. if an atlacker is able to inject CRLFS Into
an HTTP response header, he can use this ability to catry out other atlacks such as cache poisoning CRLF vulnerabilities
primarily affect dala integrity.

Apply robust inpul filtering for all user-supplied dala valdation.routines when possible. Use output
fillers to sanitize ail output denved from user supplled inpat. replacing non alchanumenc. characters with their HTML entity
Associated Flaws by CWE ID.
Improper Output Neutralization for Logs (CWE ID 117)(1 flaw)

Solution :

Log. info(ESAPI.encoder(). encodeForHTML(message)). 


Popular posts from this blog

Angular cli ng command is not working

Problem : angular cli command  ng is not working

'ng' is not recognized as an internal or external command,
operable program or batch file.

Solution :

update .npmrc file at C:\Users\{USERNAME}
with the below line


warning: LF will be replaced by CRLF in

Problem :

The file will have its original line endings in your working directory


step1) open .gitconfig file

step2) paste the below code

autocrlf = false
[filter "lfs"]
required = true
clean = git-lfs clean -- %f
smudge = git-lfs smudge -- %f
process = git-lfs filter-process

How to remove entity in jhipster and create fresh entities

Problem Statement : Not able to delete jhipster entity and wanted to entities freshly

Solution :

Step 1) Open command prompt and point to the jhipster project root

Step 2) Run  jhipster remove-entity

Step 3) Run jhipster

Step 4) Then import new jdl  using below command

jhipster import-jdl jhipster-jdl.jh

Step 5 ) Then Run  mvnw

Still Problem  : One of the entity may not load data and shows 500 error

Drop the tables in h2 database and let and do mvnw again.

To connect to local database Goto -> Administration -->Database --> Connect