You can annotate Veracode custom cleanser functions in your code to mitigate findings that the Veracode Static Analysis normally finds.
Security Leads can specify the default mitigation state for findings with custom cleansers.
Custom cleanser functions must be designed to consume non-validated or unmitigated data and return validated or mitigated data. Ensure all data paths that can reach the finding pass through your custom cleanser or an approved cleanser. If any unmitigated input reaches the finding, it is still reported.
Custom cleanser functions can facilitate how you manage your results by minimizing false positives and accelerating the review process. Sanitizing or cleansing user input to remove the risk of attack addresses many common security issues. Open-source and commercial cleansing functions exist, but many developers at large organizations implement their own enterprise cleansing libraries, which Veracode may not recognize.
These cleansing functions provide application security managers and their teams a safe way to avoid and fix security findings. For developers, using cleansing functions can lower noise in reports by reducing the number of findings that a development team has to review.
|File Path Injection||73|