...
Noncompliant Code Example
The following servlet noncompliant code example demonstrates a servlet that accepts a visible field and a hidden field, and echoes them back to the user. The visible parameter is sanitized before being passed to the browser, but the hidden field is not.
...
Trusting the contents of hidden form fields may lead to all sorts of nasty problems.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
IDS14-J | High | Probable | High | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| The Checker Framework |
| Tainting Checker | Trust and security errors (see Chapter 8) | ||||||
| Fortify | 6.10.0120 | Hidden_Field | Implemented |
Bibliography
...
...