我有以下代码，如果我正确阅读了该主题的其他主题，则不会导致Veracode扫描标记CWE 117，但确实如此。对于Java / C＃，还有其他一些“答案”，但对于VB.NET，我还没有找到任何答案。

我的代码是这样的：

    Public Function WriteToEventLog(ByVal Entry As String,Optional ByVal AppName As String = "adCoreLibrary",Optional ByVal EventType As EventLogEntryType = Nothing,Optional ByVal LogName As String = "Application",Optional ByVal EventID As Integer = 0,Optional ByVal TaskCategory As TaskCategory = 0) As Boolean

    Dim objEventLog As New EventLog()

    Try
        ' We will try and create our own event log but if not,use the optional default 
        If Not EventLog.SourceExists(AppName) Then
            EventLog.CreateEventSource(AppName,LogName)
        End If

        ' Initialise event log
        objEventLog.BeginInit()

        ' Set the source
        objEventLog.Source = AppName

        ' Write entry
        If Entry IsNot Nothing Then
            ' THE FOLLOWING LINE IS BEING FLAGGED AS CWE-117 NON-COMPLIANT
            objEventLog.WriteEntry(Entry.Replace(vbLf,"_"c).Replace(vbCr,"_"c).Replace(vbTab,"_"c),EventType,EventID,CShort(TaskCategory))
        End If


        ' End initialisation
        objEventLog.EndInit()

        Return True
        Exit Function

    Catch ex As Exception
        If CType(My.Settings.adLogMode,LogMode) <> adCoreLogging.LogMode.Empty Then
            My.Application.Log.WriteEntry("An error occured when trying to write to the Windows Event Log: " & ex.Message.ToString)
            Return False
        End If
    Finally
    End Try

    ' If we get here,we've had a problem
    Return False

End Function

有人可以告诉我我在做什么错吗？

解决方法

Dim newEntry As String = HttpUtility.HtmlEncode(Entry)
objEventLog.WriteEntry(newEntry,EventType,EventID,CShort(TaskCategory))