New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Privacy_Violation @ /Registration_jsp.java #165

Closed

cxronen opened this issue Sep 20, 2022 · 0 comments

Labels

branch:master Checkmarx project:cxronen/BookStore_VSCode SAST

Owner

cxronen commented Sep 20, 2022 •

edited

Loading

Checkmarx (SAST): Privacy_Violation
Security Issue: Read More about Privacy_Violation
Checkmarx Project: cxronen/BookStore_VSCode
Repository URL: https://github.com/cxronen/BookStore_VSCode
Branch: master
Scan ID: 7c24212b-2b21-4248-ba1f-b86776f5d0c2

Method Reg_Show at line 641 of /Registration_jsp.java sends user information outside the application. This may constitute a Privacy Violation.

Result #1:
Severity: MEDIUM
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. fldmember_password2: /Registration_jsp.java[641,7]
    2. fldmember_password2: /Registration_jsp.java[712,348]
    3. value: /Registration_jsp.java[121,24]
    4. value: /Registration_jsp.java[123,21]
    5. str: /Registration_jsp.java[244,33]
    6. str: /Registration_jsp.java[249,50]
    7. str: /Registration_jsp.java[250,17]
    8. str: /Registration_jsp.java[255,19]
    9. substring: /Registration_jsp.java[255,32]
    10. append: /Registration_jsp.java[255,18]
    11. result: /Registration_jsp.java[255,5]
    12. result: /Registration_jsp.java[256,12]
    13. toString: /Registration_jsp.java[256,27]
    14. replace: /Registration_jsp.java[123,20]
    15. value: /Registration_jsp.java[123,5]
    16. value: /Registration_jsp.java[124,21]
    17. str: /Registration_jsp.java[244,33]
    18. str: /Registration_jsp.java[249,50]
    19. str: /Registration_jsp.java[250,17]
    20. str: /Registration_jsp.java[255,19]
    21. substring: /Registration_jsp.java[255,32]
    22. append: /Registration_jsp.java[255,18]
    23. result: /Registration_jsp.java[255,5]
    24. result: /Registration_jsp.java[256,12]
    25. toString: /Registration_jsp.java[256,27]
    26. replace: /Registration_jsp.java[124,20]
    27. value: /Registration_jsp.java[124,5]
    28. value: /Registration_jsp.java[125,21]
    29. str: /Registration_jsp.java[244,33]
    30. str: /Registration_jsp.java[249,50]
    31. str: /Registration_jsp.java[250,17]
    32. str: /Registration_jsp.java[255,19]
    33. substring: /Registration_jsp.java[255,32]
    34. append: /Registration_jsp.java[255,18]
    35. result: /Registration_jsp.java[255,5]
    36. result: /Registration_jsp.java[256,12]
    37. toString: /Registration_jsp.java[256,27]
    38. replace: /Registration_jsp.java[125,20]
    39. value: /Registration_jsp.java[125,5]
    40. value: /Registration_jsp.java[126,21]
    41. str: /Registration_jsp.java[244,33]
    42. str: /Registration_jsp.java[249,50]
    43. str: /Registration_jsp.java[250,17]
    44. str: /Registration_jsp.java[255,19]
    45. substring: /Registration_jsp.java[255,32]
    46. append: /Registration_jsp.java[255,18]
    47. result: /Registration_jsp.java[255,5]
    48. result: /Registration_jsp.java[256,12]
    49. toString: /Registration_jsp.java[256,27]
    50. replace: /Registration_jsp.java[126,20]
    51. value: /Registration_jsp.java[126,5]
    52. value: /Registration_jsp.java[127,12]
    53. toHTML: /Registration_jsp.java[712,347]
    54. print: /Registration_jsp.java[712,260]
    Review result in Checkmarx One: Privacy_Violation

Result #2:
Severity: MEDIUM
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. fldphone: /Registration_jsp.java[634,9]
    2. fldphone: /Registration_jsp.java[732,321]
    3. value: /Registration_jsp.java[121,24]
    4. value: /Registration_jsp.java[123,21]
    5. str: /Registration_jsp.java[244,33]
    6. str: /Registration_jsp.java[249,50]
    7. str: /Registration_jsp.java[250,17]
    8. str: /Registration_jsp.java[255,19]
    9. substring: /Registration_jsp.java[255,32]
    10. append: /Registration_jsp.java[255,18]
    11. result: /Registration_jsp.java[255,5]
    12. result: /Registration_jsp.java[256,12]
    13. toString: /Registration_jsp.java[256,27]
    14. replace: /Registration_jsp.java[123,20]
    15. value: /Registration_jsp.java[123,5]
    16. value: /Registration_jsp.java[124,21]
    17. str: /Registration_jsp.java[244,33]
    18. str: /Registration_jsp.java[249,50]
    19. str: /Registration_jsp.java[250,17]
    20. str: /Registration_jsp.java[255,19]
    21. substring: /Registration_jsp.java[255,32]
    22. append: /Registration_jsp.java[255,18]
    23. result: /Registration_jsp.java[255,5]
    24. result: /Registration_jsp.java[256,12]
    25. toString: /Registration_jsp.java[256,27]
    26. replace: /Registration_jsp.java[124,20]
    27. value: /Registration_jsp.java[124,5]
    28. value: /Registration_jsp.java[125,21]
    29. str: /Registration_jsp.java[244,33]
    30. str: /Registration_jsp.java[249,50]
    31. str: /Registration_jsp.java[250,17]
    32. str: /Registration_jsp.java[255,19]
    33. substring: /Registration_jsp.java[255,32]
    34. append: /Registration_jsp.java[255,18]
    35. result: /Registration_jsp.java[255,5]
    36. result: /Registration_jsp.java[256,12]
    37. toString: /Registration_jsp.java[256,27]
    38. replace: /Registration_jsp.java[125,20]
    39. value: /Registration_jsp.java[125,5]
    40. value: /Registration_jsp.java[126,21]
    41. str: /Registration_jsp.java[244,33]
    42. str: /Registration_jsp.java[249,50]
    43. str: /Registration_jsp.java[250,17]
    44. str: /Registration_jsp.java[255,19]
    45. substring: /Registration_jsp.java[255,32]
    46. append: /Registration_jsp.java[255,18]
    47. result: /Registration_jsp.java[255,5]
    48. result: /Registration_jsp.java[256,12]
    49. toString: /Registration_jsp.java[256,27]
    50. replace: /Registration_jsp.java[126,20]
    51. value: /Registration_jsp.java[126,5]
    52. value: /Registration_jsp.java[127,12]
    53. toHTML: /Registration_jsp.java[732,320]
    54. print: /Registration_jsp.java[732,248]
    Review result in Checkmarx One: Privacy_Violation

Result #3:
Severity: MEDIUM
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. fldmember_password: /Registration_jsp.java[629,9]
    2. fldmember_password: /Registration_jsp.java[708,339]
    3. value: /Registration_jsp.java[121,24]
    4. value: /Registration_jsp.java[123,21]
    5. str: /Registration_jsp.java[244,33]
    6. str: /Registration_jsp.java[249,50]
    7. str: /Registration_jsp.java[250,17]
    8. str: /Registration_jsp.java[255,19]
    9. substring: /Registration_jsp.java[255,32]
    10. append: /Registration_jsp.java[255,18]
    11. result: /Registration_jsp.java[255,5]
    12. result: /Registration_jsp.java[256,12]
    13. toString: /Registration_jsp.java[256,27]
    14. replace: /Registration_jsp.java[123,20]
    15. value: /Registration_jsp.java[123,5]
    16. value: /Registration_jsp.java[124,21]
    17. str: /Registration_jsp.java[244,33]
    18. str: /Registration_jsp.java[249,50]
    19. str: /Registration_jsp.java[250,17]
    20. str: /Registration_jsp.java[255,19]
    21. substring: /Registration_jsp.java[255,32]
    22. append: /Registration_jsp.java[255,18]
    23. result: /Registration_jsp.java[255,5]
    24. result: /Registration_jsp.java[256,12]
    25. toString: /Registration_jsp.java[256,27]
    26. replace: /Registration_jsp.java[124,20]
    27. value: /Registration_jsp.java[124,5]
    28. value: /Registration_jsp.java[125,21]
    29. str: /Registration_jsp.java[244,33]
    30. str: /Registration_jsp.java[249,50]
    31. str: /Registration_jsp.java[250,17]
    32. str: /Registration_jsp.java[255,19]
    33. substring: /Registration_jsp.java[255,32]
    34. append: /Registration_jsp.java[255,18]
    35. result: /Registration_jsp.java[255,5]
    36. result: /Registration_jsp.java[256,12]
    37. toString: /Registration_jsp.java[256,27]
    38. replace: /Registration_jsp.java[125,20]
    39. value: /Registration_jsp.java[125,5]
    40. value: /Registration_jsp.java[126,21]
    41. str: /Registration_jsp.java[244,33]
    42. str: /Registration_jsp.java[249,50]
    43. str: /Registration_jsp.java[250,17]
    44. str: /Registration_jsp.java[255,19]
    45. substring: /Registration_jsp.java[255,32]
    46. append: /Registration_jsp.java[255,18]
    47. result: /Registration_jsp.java[255,5]
    48. result: /Registration_jsp.java[256,12]
    49. toString: /Registration_jsp.java[256,27]
    50. replace: /Registration_jsp.java[126,20]
    51. value: /Registration_jsp.java[126,5]
    52. value: /Registration_jsp.java[127,12]
    53. toHTML: /Registration_jsp.java[708,338]
    54. print: /Registration_jsp.java[708,252]
    Review result in Checkmarx One: Privacy_Violation

cxronen changed the title ~~Privacy_Violation @ Registration_jsp.java~~ Privacy_Violation @ /Registration_jsp.java

cxronen added project:cxronen/BookStore_VSCode SAST and removed CxSAST labels

cxronen closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment