---
title: Enforce trust boundaries
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > Code Security > Static Code Analysis (SAST) > SAST
  Rules > Enforce trust boundaries
---

# Enforce trust boundaries

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ().
{% /alert %}

{% /callout %}

## Metadata{% #metadata %}

**ID:** `java-security/trust-boundaries`

**Language:** Java

**Severity:** Error

**Category:** Security

**CWE**: [501](https://cwe.mitre.org/data/definitions/501.html)

## Description{% #description %}

The "Enforce trust boundaries" rule is a critical security principle that ensures all data crossing the trust boundary of an application is properly validated. Trust boundaries can be defined as the points in a program where data is transferred from a trusted to an untrusted source or vice versa.

This rule helps prevent various security vulnerabilities such as SQL injection, cross-site scripting (XSS), and remote code execution which could occur if untrusted data is not correctly validated or sanitized.

Good coding practices to avoid violating this rule include validating all incoming data, encoding data that will be output, and using parameterized queries or prepared statements for database interactions. For instance, in the provided compliant code sample, the cookie value is URL decoded and then HTML encoded before it is output to the user, ensuring that any potentially malicious script tags are not executed. Additionally, the use of HttpOnly cookies can prevent client-side script from accessing sensitive data.

## Non-Compliant Code Examples{% #non-compliant-code-examples %}

```java
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class NonCompliant {
    public void doPost(HttpServletRequest request, HttpServletResponse response) {
        String param = "<default>";
        java.util.Enumeration<String> headers = request.getHeaders("X-Some-Header");

        if (headers != null && headers.hasMoreElements()) {
            param = headers.nextElement();
        }
        param = java.net.URLDecoder.decode(param, "UTF-8");

        request.getSession().setAttribute(param, "<value>>");
    }
}
```

## Compliant Code Examples{% #compliant-code-examples %}

```java
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class Compliant {
    public void doPost(HttpServletRequest request, HttpServletResponse response) {
        // Safe: using hardcoded value instead of user input
        request.getSession().setAttribute("role", "user");
    }
}
```
  Seamless integrations. Try Datadog Code SecurityDatadog Code Security 
{% icon name="icon-external-link" /%}