Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Privacy_Violation @ /MembersRecord_jsp.java #217

Closed
cxronen opened this issue Sep 20, 2022 · 0 comments
Closed

Privacy_Violation @ /MembersRecord_jsp.java #217

cxronen opened this issue Sep 20, 2022 · 0 comments

Comments

@cxronen
Copy link
Owner

cxronen commented Sep 20, 2022

Checkmarx (SAST): Privacy_Violation
Security Issue: Read More about Privacy_Violation
Checkmarx Project: cxronen/BookStore_VSCode
Repository URL: https://github.com/cxronen/BookStore_VSCode
Branch: master
Scan ID: 7c24212b-2b21-4248-ba1f-b86776f5d0c2


Method Members_Show at line 675 of /MembersRecord_jsp.java sends user information outside the application. This may constitute a Privacy Violation.

Result #1:
Severity: MEDIUM
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. fldphone: /MembersRecord_jsp.java[675,9]
    2. fldphone: /MembersRecord_jsp.java[782,321]
    3. value: /MembersRecord_jsp.java[121,24]
    4. value: /MembersRecord_jsp.java[123,21]
    5. str: /MembersRecord_jsp.java[244,33]
    6. str: /MembersRecord_jsp.java[249,50]
    7. str: /MembersRecord_jsp.java[250,17]
    8. str: /MembersRecord_jsp.java[255,19]
    9. substring: /MembersRecord_jsp.java[255,32]
    10. append: /MembersRecord_jsp.java[255,18]
    11. result: /MembersRecord_jsp.java[255,5]
    12. result: /MembersRecord_jsp.java[256,12]
    13. toString: /MembersRecord_jsp.java[256,27]
    14. replace: /MembersRecord_jsp.java[123,20]
    15. value: /MembersRecord_jsp.java[123,5]
    16. value: /MembersRecord_jsp.java[124,21]
    17. str: /MembersRecord_jsp.java[244,33]
    18. str: /MembersRecord_jsp.java[249,50]
    19. str: /MembersRecord_jsp.java[250,17]
    20. str: /MembersRecord_jsp.java[255,19]
    21. substring: /MembersRecord_jsp.java[255,32]
    22. append: /MembersRecord_jsp.java[255,18]
    23. result: /MembersRecord_jsp.java[255,5]
    24. result: /MembersRecord_jsp.java[256,12]
    25. toString: /MembersRecord_jsp.java[256,27]
    26. replace: /MembersRecord_jsp.java[124,20]
    27. value: /MembersRecord_jsp.java[124,5]
    28. value: /MembersRecord_jsp.java[125,21]
    29. str: /MembersRecord_jsp.java[244,33]
    30. str: /MembersRecord_jsp.java[249,50]
    31. str: /MembersRecord_jsp.java[250,17]
    32. str: /MembersRecord_jsp.java[255,19]
    33. substring: /MembersRecord_jsp.java[255,32]
    34. append: /MembersRecord_jsp.java[255,18]
    35. result: /MembersRecord_jsp.java[255,5]
    36. result: /MembersRecord_jsp.java[256,12]
    37. toString: /MembersRecord_jsp.java[256,27]
    38. replace: /MembersRecord_jsp.java[125,20]
    39. value: /MembersRecord_jsp.java[125,5]
    40. value: /MembersRecord_jsp.java[126,21]
    41. str: /MembersRecord_jsp.java[244,33]
    42. str: /MembersRecord_jsp.java[249,50]
    43. str: /MembersRecord_jsp.java[250,17]
    44. str: /MembersRecord_jsp.java[255,19]
    45. substring: /MembersRecord_jsp.java[255,32]
    46. append: /MembersRecord_jsp.java[255,18]
    47. result: /MembersRecord_jsp.java[255,5]
    48. result: /MembersRecord_jsp.java[256,12]
    49. toString: /MembersRecord_jsp.java[256,27]
    50. replace: /MembersRecord_jsp.java[126,20]
    51. value: /MembersRecord_jsp.java[126,5]
    52. value: /MembersRecord_jsp.java[127,12]
    53. toHTML: /MembersRecord_jsp.java[782,320]
    54. print: /MembersRecord_jsp.java[782,248]
    Review result in Checkmarx One: Privacy_Violation

Result #2:
Severity: MEDIUM
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. fldmember_password: /MembersRecord_jsp.java[670,9]
    2. fldmember_password: /MembersRecord_jsp.java[761,339]
    3. value: /MembersRecord_jsp.java[121,24]
    4. value: /MembersRecord_jsp.java[123,21]
    5. str: /MembersRecord_jsp.java[244,33]
    6. str: /MembersRecord_jsp.java[249,50]
    7. str: /MembersRecord_jsp.java[250,17]
    8. str: /MembersRecord_jsp.java[255,19]
    9. substring: /MembersRecord_jsp.java[255,32]
    10. append: /MembersRecord_jsp.java[255,18]
    11. result: /MembersRecord_jsp.java[255,5]
    12. result: /MembersRecord_jsp.java[256,12]
    13. toString: /MembersRecord_jsp.java[256,27]
    14. replace: /MembersRecord_jsp.java[123,20]
    15. value: /MembersRecord_jsp.java[123,5]
    16. value: /MembersRecord_jsp.java[124,21]
    17. str: /MembersRecord_jsp.java[244,33]
    18. str: /MembersRecord_jsp.java[249,50]
    19. str: /MembersRecord_jsp.java[250,17]
    20. str: /MembersRecord_jsp.java[255,19]
    21. substring: /MembersRecord_jsp.java[255,32]
    22. append: /MembersRecord_jsp.java[255,18]
    23. result: /MembersRecord_jsp.java[255,5]
    24. result: /MembersRecord_jsp.java[256,12]
    25. toString: /MembersRecord_jsp.java[256,27]
    26. replace: /MembersRecord_jsp.java[124,20]
    27. value: /MembersRecord_jsp.java[124,5]
    28. value: /MembersRecord_jsp.java[125,21]
    29. str: /MembersRecord_jsp.java[244,33]
    30. str: /MembersRecord_jsp.java[249,50]
    31. str: /MembersRecord_jsp.java[250,17]
    32. str: /MembersRecord_jsp.java[255,19]
    33. substring: /MembersRecord_jsp.java[255,32]
    34. append: /MembersRecord_jsp.java[255,18]
    35. result: /MembersRecord_jsp.java[255,5]
    36. result: /MembersRecord_jsp.java[256,12]
    37. toString: /MembersRecord_jsp.java[256,27]
    38. replace: /MembersRecord_jsp.java[125,20]
    39. value: /MembersRecord_jsp.java[125,5]
    40. value: /MembersRecord_jsp.java[126,21]
    41. str: /MembersRecord_jsp.java[244,33]
    42. str: /MembersRecord_jsp.java[249,50]
    43. str: /MembersRecord_jsp.java[250,17]
    44. str: /MembersRecord_jsp.java[255,19]
    45. substring: /MembersRecord_jsp.java[255,32]
    46. append: /MembersRecord_jsp.java[255,18]
    47. result: /MembersRecord_jsp.java[255,5]
    48. result: /MembersRecord_jsp.java[256,12]
    49. toString: /MembersRecord_jsp.java[256,27]
    50. replace: /MembersRecord_jsp.java[126,20]
    51. value: /MembersRecord_jsp.java[126,5]
    52. value: /MembersRecord_jsp.java[127,12]
    53. toHTML: /MembersRecord_jsp.java[761,338]
    54. print: /MembersRecord_jsp.java[761,252]
    Review result in Checkmarx One: Privacy_Violation

@cxronen cxronen changed the title Privacy_Violation @ MembersRecord_jsp.java Privacy_Violation @ /MembersRecord_jsp.java Sep 18, 2023
@cxronen cxronen closed this as completed Jun 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant