search

mgonzalezcx / WebGoat

WebGoat is a deliberately insecure application
https://webgoat.github.io/WebGoat/
Other
0 stars 0 forks source link

CX Unsafe_Object_Binding @ webgoat-container/src/main/java/org/owasp/webgoat/users/RegistrationController.java [develop] #21

Open mgonzalezcx opened 2 years ago

mgonzalezcx commented 2 years ago

Unsafe_Object_Binding issue exists @ webgoat-container/src/main/java/org/owasp/webgoat/users/RegistrationController.java in branch develop

The userForm at webgoat-container\src\main\java\org\owasp\webgoat\users\RegistrationController.java in line 36 may unintentionally allow setting the value of save in addUser, in the object webgoat-container\src\main\java\org\owasp\webgoat\users\UserService.java at line 39.

Severity: Medium

CWE:915

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training Recommended Fix

Lines: 36 42

Code (Line #36):

    public String registration(@ModelAttribute("userForm") @Valid UserForm userForm, BindingResult bindingResult, HttpServletRequest request) throws ServletException {

Code (Line #42):

        userService.addUser(userForm.getUsername(), userForm.getPassword());