CX Unsynchronized_Access_To_Shared_Data @ src/main/java/org/cysecurity/cspf/jvl/controller/Install.java [master]

[satyamchaurasiapersistent]

Unsynchronized_Access_To_Shared_Data issue exists @ src/main/java/org/cysecurity/cspf/jvl/controller/Install.java in branch master

The concurrent process processRequest found in the file src\main\java\org\cysecurity\cspf\jvl\controller\Install.java at line 54 influences the shared resource dburl in the file src\main\java\org\cysecurity\cspf\jvl\controller\Install.java at line 54. When performed concurrently, an unexpected race condition may occur.

Severity: Low

CWE:567

Vulnerability details and guidance

Checkmarx

Training Recommended Fix

Lines: 66 67 68 69 70 71 111 112 117 54 119 55 56 121 57 58 59 60 61 127

---

Code (Line #66):

         config.setProperty("dburl",dburl);

---

Code (Line #67):

         config.setProperty("jdbcdriver",jdbcdriver);

---

Code (Line #68):

         config.setProperty("dbuser",dbuser);

---

Code (Line #69):

         config.setProperty("dbpass",dbpass);

---

Code (Line #70):

         config.setProperty("dbname",dbname);

---

Code (Line #71):

         config.setProperty("siteTitle",siteTitle);

---

Code (Line #111):

                    Class.forName(jdbcdriver);

---

Code (Line #112):

                    Connection con= DriverManager.getConnection(dburl,dbuser,dbpass);

---

Code (Line #117):

                             stmt.executeUpdate("DROP DATABASE IF EXISTS "+dbname);

---

Code (Line #54):

        dburl = request.getParameter("dburl");

---

Code (Line #119):

                             stmt.executeUpdate("CREATE DATABASE "+dbname);

---

Code (Line #55):

        jdbcdriver = request.getParameter("jdbcdriver");

---

Code (Line #56):

        dbuser = request.getParameter("dbuser");

---

Code (Line #121):

                            con= DriverManager.getConnection(dburl+dbname,dbuser,dbpass);

---

Code (Line #57):

        dbpass = request.getParameter("dbpass");

---

Code (Line #58):

        dbname = request.getParameter("dbname");

---

Code (Line #59):

        siteTitle= request.getParameter("siteTitle");

---

Code (Line #60):

        adminuser= request.getParameter("adminuser");

---

Code (Line #61):

        adminpass= HashMe.hashMe(request.getParameter("adminpass"));

---

Code (Line #127):

                                  stmt.executeUpdate("INSERT into users(username, password, email,About,avatar, privilege,secretquestion,secret) values ('"+adminuser+"','"+adminpass+"','admin@localhost','I am the admin of this application','default.jpg','admin',1,'rocky')");

---

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.

[satyamchaurasiapersistent]

Issue still exists.