'HttpServletRequest.getHeaderNames() Caused CheckMarx Unchecked Input for Loop Condition
As part of the below method call, headerNames is used in loop, which should be avoided as per checkmarx Unchecked_Input_for_Loop_Condition
private HttpHeaders getHeaders(HttpServletRequest request)
{
HttpHeaders headers = new HttpHeaders();
Enumeration<String> headerNames = request.getHeaderNames();
while (headerNames.hasMoreElements())
{
String headerName = headerNames.nextElement();
headers.set(headerName, request.getHeader(headerName));
}
return headers;
}
I know that for HttpServletRequest.getParameterMap() default maximum parameter count is 10000 as per the https://tomcat.apache.org/tomcat-8.0-doc/config/http.html documentation, and getParameterMap is safe for Unchecked_Input_for_Loop_Condition, however I am not sure about HttpServletRequest.getHeaderNames(), as a very high value could cause the application to get stuck in the loop and to be unable to continue to other operations. Is it safe to use HttpServletRequest.getHeaderNames() as used in the code ? or any pointers to mitigate this issue ?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|