TechQA.

Solve checkmarx Spring ModelView Injection

150 views Asked by At

I have to solve this so called spring modelview injection in an old Spring MVC 2.5 application.

Checkmarx says "The input processed by showForm in MyClass.java in line 112 is used to construct a ModelAndView object at MyClass.java in line 112".

This vulnerability is present whenever i use a param coming from the request to generate a dynamic modelview in any type of controller.

I have tried to sanitize the value or to get it from the database but it is still considered vulnerable.

Does anyone know how to solve it? Thanks

protected ModelAndView showForm(HttpServletRequest request,HttpServletResponse response, BindException errors) throws Exception {
         String code= ValidationUtility.sanitizeModelViewPath(request.getParameter("code"), String.class);
         String codeDB = myService.findCodeByCode(code);//Gets the param from the db
         String url = "redirect:/a/b.do?param=paramValue&param2=".concat(codeDB);
         return new ModelAndView(url);
}

Here is what i've tried to do

spring security model-view-controller checkmarx sast
Original Q&A
0

There are 0 answers

Related Questions in SPRING

Related Questions in SECURITY

Related Questions in MODEL-VIEW-CONTROLLER

Related Questions in CHECKMARX

Related Questions in SAST

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions