How To Fix Veracode CRLF Injection Issue.

In this tutorial we will learn how to fix CRLF Injection Risk. We will see how to sanitize and neutralize all user-supplied data or properly encoded output in HTTP headers that would otherwise be visible to users in order to prevent the injection of CRLF sequences and their consequences.

Solution : (Code Snippet)

public String getUserDetails(String name){

LOGGER.info(“In method getUserName, userName : {}, CommonUtil.neutalizedText(name);
return “userDetails”;
}

public class CommonUtil {

public static String neutalizedText(String msg){
return StringEscapeUtils.escapeJava(msg);
}

}