CX Trust_Boundary_Violation_in_Session_Variables @ src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java [master] #830
Description
Trust_Boundary_Violation_in_Session_Variables issue exists @ src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java in branch master
*Method processRequest at line 35 of src\main\java\org\cysecurity\cspf\jvl\controller\XPathQuery.java gets user input from element ""username"". This element’s value flows through the code without being properly sanitized or validated and is eventually stored in the server-side Session object, in processRequest at line 63 of src\main\java\org\cysecurity\cspf\jvl\controller\XPathQuery.java. This constitutes a Trust Boundary Violation.
Similarity ID: 1837507346
Method processRequest at line 36 of src\main\java\org\cysecurity\cspf\jvl\controller\XPathQuery.java gets user input from element ""password"". This element’s value flows through the code without being properly sanitized or validated and is eventually stored in the server-side Session object, in processRequest at line 63 of src\main\java\org\cysecurity\cspf\jvl\controller\XPathQuery.java. This constitutes a Trust Boundary Violation.
Similarity ID: -1458384623*
Severity: Low
CWE:501
Vulnerability details and guidance
String user=request.getParameter("username");
String pass=request.getParameter("password");