CX XSRF @ root/basket.jsp [master]

[CxYair]

XSRF issue exists @ root/basket.jsp in branch master

Method request.getParameter at line 160 of root\basket.jsp gets a parameter from a user request from ""quantity"". This parameter value flows through the code and is eventually used to access application state altering functionality. This may enable Cross-Site Request Forgery (XSRF).

Severity: Medium

CWE:352

Checkmarx

Training
Recommended Fix

Lines: 160 212 148 38 43

---

Code (Line #160):

		String quantity = request.getParameter("quantity");

---

Code (Line #212):

		Map params = request.getParameterMap();

---

Code (Line #148):

	String productId = request.getParameter("productid");

---

Code (Line #38):

	Cookie[] cookies = request.getCookies();

---

Code (Line #43):

				basketId = cookie.getValue();

---