CX CSRF @ src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java [master]

[nidhi0512]

CSRF issue exists @ src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java in branch master

*Method processRequest at line 44 of src\main\java\org\cysecurity\cspf\jvl\controller\LoginValidator.java gets a parameter from a user request from ""password"". This parameter value flows through the code and is eventually used to access application state altering functionality. This may enable Cross-Site Request Forgery (CSRF).
Similarity ID: -1272886377

Method processRequest at line 44 of src\main\java\org\cysecurity\cspf\jvl\controller\LoginValidator.java gets a parameter from a user request from ""password"". This parameter value flows through the code and is eventually used to access application state altering functionality. This may enable Cross-Site Request Forgery (CSRF).
Similarity ID: -1203683746

Method processRequest at line 44 of src\main\java\org\cysecurity\cspf\jvl\controller\LoginValidator.java gets a parameter from a user request from ""password"". This parameter value flows through the code and is eventually used to access application state altering functionality. This may enable Cross-Site Request Forgery (CSRF).
Similarity ID: 2092790308

Method processRequest at line 43 of src\main\java\org\cysecurity\cspf\jvl\controller\LoginValidator.java gets a parameter from a user request from ""username"". This parameter value flows through the code and is eventually used to access application state altering functionality. This may enable Cross-Site Request Forgery (CSRF).
Similarity ID: -98999751

Method processRequest at line 43 of src\main\java\org\cysecurity\cspf\jvl\controller\LoginValidator.java gets a parameter from a user request from ""username"". This parameter value flows through the code and is eventually used to access application state altering functionality. This may enable Cross-Site Request Forgery (CSRF).
Similarity ID: 877733481

Method processRequest at line 43 of src\main\java\org\cysecurity\cspf\jvl\controller\LoginValidator.java gets a parameter from a user request from ""username"". This parameter value flows through the code and is eventually used to access application state altering functionality. This may enable Cross-Site Request Forgery (CSRF).
Similarity ID: 2129027250*

Severity: Medium

CWE:352

Vulnerability details and guidance

Checkmarx

Training
Recommended Fix

Lines: 43 44

---

Code (Line #43):

String user=request.getParameter("username").trim();

---

Code (Line #44):

String pass=request.getParameter("password").trim();

---