CSRF @ /BookDetail_jsp.java

[margaritalm]

Checkmarx (SAST): CSRF
Security Issue: Read More about CSRF
Checkmarx Project: margaritalm/BookStore_Small_CLI_small
Repository URL: https://github.com/margaritalm/BookStore_Small_CLI_small
Branch: master
Scan ID: 79dde67e-447e-480d-9f9e-f0bfb2e3e6f8

---

Method getParam at line 163 of /BookDetail_jsp.java gets a parameter from a user request from paramName. This parameter value flows through the code and is eventually used to access application state altering functionality. This may enable Cross-Site Request Forgery (CSRF).

Result #1:
Severity: MEDIUM
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. paramName: /BookDetail_jsp.java[163,37]
    2. getParameter: /BookDetail_jsp.java[163,36]
    3. param: /BookDetail_jsp.java[163,12]
    4. param: /BookDetail_jsp.java[164,27]
    5. param: /BookDetail_jsp.java[165,12]
    6. getParam: /BookDetail_jsp.java[953,131]
    7. sSQL: /BookDetail_jsp.java[953,1]
    8. sSQL: /BookDetail_jsp.java[967,28]
    9. executeUpdate: /BookDetail_jsp.java[967,27]
    Review result in Checkmarx One: CSRF