Change this code to not log user-controlled data

SonarQube Server / Community Build
1

Why SonarQube still showing vulnerability after doing code change based on SonarQube suggestion. Some places I used same suggestion, there the vulnerability rectified. Here it is still showing vulnerability. Can someone please help us to fix this.

if (description != null && loggedInUserName != null)
            {
                loggedInUserName = loggedInUserName.Replace('\n', '_').Replace('\r', '_').Replace('\t', '_');
                description = description.Replace('\n', '_').Replace('\r', '_').Replace('\t', '_');
                log.Info(" Username: " + loggedInUserName + " " + description);
            }
2

Why SonarQube still showing vulnerability after doing code change based on SonarQube suggestion. Some places I used same suggestion, there the vulnerability rectified. Here it is still showing vulnerability. Can someone please help us to fix this.

if (submittalFileName == null || !Regex.IsMatch(submittalFileName, "^[a-zA-Z0-9._-]+$")) 
                {
                    throw new Exception(errorMessage);
                }
                context.Response.AddHeader("Content-Disposition", "attachment;filename=" + submittalFileName + "");
3

Hi,

Welcome to the community!

I’ve combined your topics because they seem functionally the same. If they’re not, then you have my apologies & we can re-split them if you like.

What language is this? And what version of SonarQube are you using?

 
Thx,
Ann

4

Hi,

it’s a C# language and SonarQube version is below.

  • Enterprise Edition
  • Version 8.9.7 (build 52159)
5

Hi,

Your version is past EOL. You should upgrade to either the latest version or the current LTS at your earliest convenience. Your upgrade path is:

8.9.7 → 9.9.2 → 10.2.1 (last step optional)

You may find these resources helpful:

If you have questions about upgrading, feel free to open a new thread for that here.

If your error persists after upgrade, please come back to us.

 
Thx,
Ann