Open_Redirect @ /LoginValidator.java #277
Description
Checkmarx (SAST): Open_Redirect
Security Issue: Read More about Open_Redirect
Checkmarx Project: cx-boris-goman/borJavaVul
Repository URL: https://github.com/cx-boris-goman/borJavaVul
Branch: main
Scan ID: df63710a-c9c2-4406-9ad7-319bd05458a4
The potentially tainted value provided by ""username"" in /LoginValidator.java at line 9 is used as a destination URL by sendRedirect in /LoginValidator.java at line 34, potentially allowing attackers to perform an open redirection.
Result 1:
Severity: MEDIUM
State: TO_VERIFY
Status: RECURRENT
Attack Vector:
1. ""username"": /LoginValidator.java[9,41]
2. getParameter: /LoginValidator.java[9,40]
3. trim: /LoginValidator.java[9,57]
4. user: /LoginValidator.java[9,15]
5. user: /LoginValidator.java[29,78]
6. Cookie: /LoginValidator.java[29,56]
7. username: /LoginValidator.java[29,47]
8. username: /LoginValidator.java[31,59]
9. addCookie: /LoginValidator.java[31,58]
10. response: /LoginValidator.java[31,40]
11. response: /LoginValidator.java[32,41]
12. response: /LoginValidator.java[34,58]
13. response: /LoginValidator.java[34,36]
14. sendRedirect: /LoginValidator.java[34,57]
Review result in Checkmarx One: Open_Redirect
Result 2:
Severity: MEDIUM
State: TO_VERIFY
Status: RECURRENT
Attack Vector:
1. ""password"": /LoginValidator.java[10,44]
2. getParameter: /LoginValidator.java[10,43]
3. trim: /LoginValidator.java[10,60]
4. pass: /LoginValidator.java[10,18]
5. pass: /LoginValidator.java[30,78]
6. Cookie: /LoginValidator.java[30,56]
7. password: /LoginValidator.java[30,47]
8. password: /LoginValidator.java[32,60]
9. addCookie: /LoginValidator.java[32,59]
10. response: /LoginValidator.java[32,41]
11. response: /LoginValidator.java[34,58]
12. response: /LoginValidator.java[34,36]
13. sendRedirect: /LoginValidator.java[34,57]
Review result in Checkmarx One: Open_Redirect
Result 3:
Severity: MEDIUM
State: TO_VERIFY
Status: RECURRENT
Attack Vector:
1. ""username"": /LoginValidator.java[9,41]
2. getParameter: /LoginValidator.java[9,40]
3. trim: /LoginValidator.java[9,57]
4. user: /LoginValidator.java[9,15]
5. user: /LoginValidator.java[29,78]
6. Cookie: /LoginValidator.java[29,56]
7. username: /LoginValidator.java[29,47]
8. username: /LoginValidator.java[31,59]
9. addCookie: /LoginValidator.java[31,58]
10. response: /LoginValidator.java[31,40]
11. response: /LoginValidator.java[32,41]
12. response: /LoginValidator.java[34,58]
13. response: /LoginValidator.java[34,36]
14. response: /LoginValidator.java[45,28]
15. sendRedirect: /LoginValidator.java[45,49]
Review result in Checkmarx One: Open_Redirect
Result 4:
Severity: MEDIUM
State: TO_VERIFY
Status: RECURRENT
Attack Vector:
1. ""password"": /LoginValidator.java[10,44]
2. getParameter: /LoginValidator.java[10,43]
3. trim: /LoginValidator.java[10,60]
4. pass: /LoginValidator.java[10,18]
5. pass: /LoginValidator.java[30,78]
6. Cookie: /LoginValidator.java[30,56]
7. password: /LoginValidator.java[30,47]
8. password: /LoginValidator.java[32,60]
9. addCookie: /LoginValidator.java[32,59]
10. response: /LoginValidator.java[32,41]
11. response: /LoginValidator.java[34,58]
12. response: /LoginValidator.java[34,36]
13. response: /LoginValidator.java[45,28]
14. sendRedirect: /LoginValidator.java[45,49]
Review result in Checkmarx One: Open_Redirect