search

mgonzalezcx / WebGoat

WebGoat is a deliberately insecure application
https://webgoat.github.io/WebGoat/
Other
0 stars 0 forks source link

CX Incorrect_Permission_Assignment_For_Critical_Resources @ webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java [develop] #8

Open mgonzalezcx opened 2 years ago

mgonzalezcx commented 2 years ago

Incorrect_Permission_Assignment_For_Critical_Resources issue exists @ webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java in branch develop

A file is created on the file system by path in webgoat-lessons\missing-function-ac\src\main\java\org\owasp\webgoat\missing_ac\MissingFunctionACUsers.java at line 53 with potentially dangerous permissions.

Severity: Low

CWE:732

Vulnerability details and guidance

Checkmarx

Training Recommended Fix

Lines: 81 52 69

Code (Line #81):

    @RequestMapping(path = {"users","/"}, method = RequestMethod.POST, consumes = "application/json", produces = "application/json")

Code (Line #52):

    @RequestMapping(path = {"users"}, method = RequestMethod.GET)

Code (Line #69):

    @RequestMapping(path = {"users", "/"}, method = RequestMethod.GET,consumes = "application/json")