Here in my application I have class testapp in that I have some methods and main method. When I'm using veracode tool its showing flaw at main method saying Veracode CWE-489:Leftover Debug Code. In my psvm main method I have some Syso lines only.
public class testapp {
public static void main(String[] args) {
System.out.println("Test_One");
System.out.println("Test_Two");
System.out.println("Test_Three");
System.out.println("Test_Four");
System.out.println("Test_Five");
}
void dotest() {
}
void runtest() {
}
}
Can anybody guide me how to fix this issue.
The Veracode engine is looking for the presence of the main() function for this vulnerability within the Java code. All you can do in essence is remove it.
The check within Veracode SAST for this issue is controlled by the fact that for a Java Enterprise web application, you shouldn't have a main function as per the spec for a J2EE app.
As long as you don't have any CWE-470 Unsafe Reflection issues in the app that are exploitable from the outside or that the app server is insecurely configured then you shouldn't need to worry about this.
Related
I have a projects that contains modules that represents the layers (dao, service, controllers, models). I am using #ComponentScan but steel when I access the rest api that my controllers provide I get 404 error. From what i was Reading both my main class and my controllers should be in the same package or to tell #ComponentScan() which packages to scan. I tried it all but it does not recognize the classes inside my modules - I think this is the main problem but I’m not sure. I would like to get some help and understand why this in happening. Thank you
#EnableMongoAuditing
#SpringBootApplication
#ComponentScan({"com.vimalesh"})
#EnableWebFlux
#EnableReactiveMongoRepositories("com.vimalesh.data.repository")
public class FundsApplication {
public static void main(String[] args) {
SpringApplication.run(FundsApplication.class, args);
}
}
Mention the package name that you want to scan like above.
Thanks
We have a Xamarin.iOS project that shares a code backend with a WPF project that has been going through a refactor. All the shared code libraries have been converted to be .net standard.
The Xamarin project builds, but the simulator throws an exception on startup as such :
Foundation.MonoTouchException has been thrown
Objective-C exception thrown. Name: NSInternalInconsistencyException Reason: Unable to instantiate the UIApplication delegate instance. No class named AppDelegate is loaded.
Just for testing purposes, I added an empty UIApplicationDelegate to Main.cs and I'll still get the exception (only now referring to TestDelegate).
Main.cs
using Foundation;
using UIKit;
namespace App.IOS
{
public class Application
{
static void Main (string[] args)
{
UIApplication.Main (args, null, nameof(AppDelegate));
}
}
}
Appdelegate.cs (very large file, so just the declarations here).
namespace App.IOS
{
public class MiniSetup
{
public static readonly MiniSetup Instance = new MiniSetup ();
public void EnsureInit()
{
//Setting up Binding and Dependency Injection Here.
}
}
[Register (nameof(AppDelegate))]
public partial class AppDelegate : UIApplicationDelegate
{
public override bool FinishedLaunching (UIApplication app, NSDictionary options)
{
//Invoke Minisetup here
}
public override void WillEnterForeground (UIApplication application)
{
//snip
}
public override void DidEnterBackground (UIApplication
application)
{
//snip
}
// snip other code for setting UI controls and other app logic.
}
It seems apparent that I've goofed up the project in some way, but I haven't found any leads as to where to look for a solution. Any ideas on how to troubleshoot this?
Two classed needed, the UIApplicationDelegate subclass and the class that defines the Main entry point that calls UIApplication.Main will the Xamarin.iOS registered name that you used on the UIApplicationDelegate subclass.
Basic/Minimum UIApplicationDelegate:
[Register("AppDelegate")]
public class AppDelegate : UIApplicationDelegate
{
public override UIWindow Window
{
get;
set;
}
}
Basic/Minimum Main entry point:
public class Application
{
static void Main(string[] args)
{
UIApplication.Main(args, null, "AppDelegate");
}
}
I don't have a smoking gun here, but near as I was able to figure out, an incompatible (with xamarin) reference or nuget package was added to the IOS project. While the native code was throwing a native assembly, I'd imagine that AppDelegate was actually throwing a NotSupportedException or an AssemblyLoader Exception or similar.
So removing all references and nuget packages, then re-adding just the bare minimum seems to have resolved this issue.
Set the Build Action property of AppDelegate.cs to Compile.
Rebuild your solutions then restart your IDE.
Nothing stands out as a problem in the code you have posted.
However, you can try the following :
AppDelegate code is missing a 'Window' property. If you have just not added it to your code snippet in the question for brevity, fine. If not, do add it to your app delegate. Both Xamarin and Apple mention this in their documentation for ApDelegate and Storyboards.
public override UIWindow Window { get; set; }
Make sure the Build action for you AppDelegate is set to Compile and not mistakenly changed to none or any other value. This is highly unlikely, but because you mentioned you're going through a huge refactor, this could have been changed accidentally.
Similar problems were reported with different Xamarin.iOS versions before. So try running you project with a different xamarin version setup.
Although, i presume, you've tried this multiple times before posting the question, i'd mention : try a complete clean and rebuild. (Manually delete the bin' andobj` folders in your iOS project folder, clean the trash, and then do a rebuild just to be sure. Also, try out a full machine restart, remember you're using a Microsoft product!)
I also found this weird line in the same Xamarin documentation, although i am not sure how this can be checked, because the storyboards do not have an owner/AppDelegate reference.
Application's that are launched from a XIB or storyboard use the
UIApplicationDelegate specified in the XIB or storyboard.
Hope either of these steps helps you out. Good luck.
For me it was some missing reference in the iOS project.
Make sure that whatever the Shared and the iOS projects reference at least the same packages.
I am working on WEB API project. I want to implement global error handling and i choose ELMAH for that.
On googling i found i can implement ELMAH in WEB API with Elmah.Contrib.WebApi package.
So i installed the package Elmah.Contrib.WebApi and as written in author's github site i registered it.
so my global.asax looks like following.
protected void Application_Start()
{
GlobalConfiguration.Configure(WebApiConfig.Register);
GlobalConfiguration.Configuration.Filters.Add(new ElmahHandleErrorApiAttribute());
GlobalConfiguration.Configuration.MessageHandlers.Add(new MessageLoggingHandler());
}
but it does not seem to work. i also tried to find documentation on how to implement this package in project but could not find it.
can someone help me so i can get work that pacakge?
If you are using Web API 2, you should use the new exception logger:
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
...
config.Services.Add(typeof(IExceptionLogger), new ElmahExceptionLogger());
...
}
}
Also shown in this post:
http://blog.elmah.io/logging-to-elmah-io-from-web-api/
(without the elmah.io package if you are using another log store)
We are currently using autofac in our mvc web app.
Build() or Update() can only be called once on a ContainerBuilder
Every 1-4 days we get the error noted above. It's driving me crazy. I've been trying to see why it would be doing this but I can't pinpoint the issue.
Can someone point me in the right direction.
I encountered the same thing in my application (.Net Core 3.1)
I wanted to get the Container and resolve registered services.
In .Net Core 3.1 you can't simply change Startup.ConfigureServices method to return IServiceProvider as it was in previous versions
So, to get the services you need in your Startup void Configure(IApplicationBuilder app) method call app.ApplicationServices.GetAutofacRoot() this will return ILifetimeScope instance you can use to resolve services
Note. Consider that saving this instance globally is not the best practice
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
//app middleware registrations
//...
//
ILifetimeScope autofacRoot = app.ApplicationServices.GetAutofacRoot();
var repository = autofacRoot.Resolve<IRepository>();
}
Unless you have start-up processes that require HttpApplication resources, I would recommend removing application initialization to a static constructor or a completely separate singleton. I have seen similar issues with Application_Start(), you need a structure that is guaranteed to be called just once.
I'm currently evaluating WebAPI and NancyFx for a new project about to start. I've managed to get Nancy to self host from a test assembly (by itself it uses asp.net hosting).
Is there any way to do the same with Web API? I would like to keep the web api project hosted on IIS, but i would like to spin it up from my test assembly, so i can run tests against it.
I have found some blogposts on how to use Autofac to scan controllers from another assembly (seems a little backwards only to get hosting from another assembly to work, but if it can be done, i guess that would be an option), but i would like to keep using Structuremap ioc for this project.
Managed to get it working with help from Mark Jones link. This is what i ended up with in my test assembly.
private static HttpSelfHostServer _server;
[BeforeTestRun]
public static void Setup()
{
var config = new HttpSelfHostConfiguration(Settings.TestUri);
WebApiConfig.Register(config); //map routes
IocConfig.Bootstrap(config); //configure dependency injection
_server = new HttpSelfHostServer(config);
_server.OpenAsync().Wait();
}
[AfterTestRun]
public static void TearDown()
{
_server.CloseAsync().Wait();
}