CX Portability_Flaw_Locale_Dependent_Comparison @ root/search.jsp [master]

[jbruinaud]

Portability_Flaw_Locale_Dependent_Comparison issue exists @ root/search.jsp in branch master

The application handles input strings in a locale-unspecific manner. In particular, root\search.jsp's if calls toLowerCase at line 13 to manipulate the string. The resulting string is compared with indexOf by if, at root\search.jsp:13.

Severity: Low

CWE:474

Checkmarx

Training Recommended Fix

Lines: 13

---

Code (Line #13):

        if (query.replaceAll("\\s", "").toLowerCase().indexOf("<script>alert(\"xss\")</script>") >= 0) {

---