'Coverity: Validating tainted source for URL in Java
In a program I am checking with Coverity, part of an URL path used in an HTTP request comes from a tainted source. Coverity correctly complains about "URL manipulation".
However, I cannot figure out how to validate or escape this value so it becomes untainted. I tried with com.coverity.security.Escape, I tried with Spring's UriComponentsBuilder with templates, I tried with URLEscape, nothing works.
Can anybody give a working example how to validate or escape a tainted value so it works as part of the path of an URL?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|