MsgBox(Ex.Message) how to best handle this for a code audit
Can someone help me out. I am trying to rewrite some VB .NET code from a code audit. Below is the marvelous audit messages produced by SourceForge. Can someone show me how to best rewrite the code, in order to resolve the error messages. These are two separate audit messages that point to the same code
Abstract:
The function setEnvtProperties() in frmImmediateUpdate.vb reveals system data or debugging information by calling MsgBox on line 7. The information revealed by MsgBox could help an adversary form a plan of attack.
Explanation: An internal information leak occurs when system data or debugging information is sent to a local file, console, or screen via printing or logging.
Abstract: The method setEnvtProperties() in frmImmediateUpdate.vb ignores the value returned by MsgBox on line 7, which could cause the program to overlook
unexpected states and conditions.
Explanation:
It is not uncommon for programmers to misunderstand Read() and related methods that are part of many System.IO classes. Most errors and unusual events in .NET
result in an exception being thrown. (This is one of the advantages that .NET has over languages like C: Exceptions make it easier for programmers to
think about what can go wrong.) But the stream and reaer classes do not consider it to be unusual or exceptional if only a small amount of data becomes available)
1 Private Sub setEnvtProperties()
2 Try
3 Dim strFilter As String = String.Format("Client='{0}
4 Dim dv As New DataView(p_tblFacetsDataba
5 lblServerVal.Text = dv(0)("CroixServer")
6 Catch ex as Exception
7 MsgBox(ex.Message)
8 End Try
9 End Sub
Abstract:
The function setEnvtProperties() in frmImmediateUpdate.vb reveals system data or debugging information by calling MsgBox on line 7. The information revealed by MsgBox could help an adversary form a plan of attack.
Explanation: An internal information leak occurs when system data or debugging information is sent to a local file, console, or screen via printing or logging.
Abstract: The method setEnvtProperties() in frmImmediateUpdate.vb ignores the value returned by MsgBox on line 7, which could cause the program to overlook
unexpected states and conditions.
Explanation:
It is not uncommon for programmers to misunderstand Read() and related methods that are part of many System.IO classes. Most errors and unusual events in .NET
result in an exception being thrown. (This is one of the advantages that .NET has over languages like C: Exceptions make it easier for programmers to
think about what can go wrong.) But the stream and reaer classes do not consider it to be unusual or exceptional if only a small amount of data becomes available)
1 Private Sub setEnvtProperties()
2 Try
3 Dim strFilter As String = String.Format("Client='{0}
4 Dim dv As New DataView(p_tblFacetsDataba
5 lblServerVal.Text = dv(0)("CroixServer")
6 Catch ex as Exception
7 MsgBox(ex.Message)
8 End Try
9 End Sub
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER