Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unsynchronized_Access_To_Shared_Data @ /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java #3207

Open
AaronZhouYu opened this issue Aug 8, 2023 · 0 comments
Open

Unsynchronized_Access_To_Shared_Data @ /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java #3207

AaronZhouYu opened this issue Aug 8, 2023 · 0 comments
Labels
branch:main Checkmarx project:AaronZhouYu/TotallySecureApp SAST

Comments

@AaronZhouYu
Copy link
Owner

AaronZhouYu commented Aug 8, 2023
edited
Loading

Checkmarx (SAST): Unsynchronized_Access_To_Shared_Data
Security Issue: Read More about Unsynchronized_Access_To_Shared_Data
Checkmarx Project: AaronZhouYu/TotallySecureApp
Repository URL: https://github.com/AaronZhouYu/TotallySecureApp
Branch: main
Scan ID: d9fa6dd5-d23b-4436-b75a-41a016305f39

The concurrent process getUser found in the file /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java at line 111 influences the shared resource userLoginHistory in the file /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java at line 111. When performed concurrently, an unexpected race condition may occur.

Result #1:
Severity: LOW
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. userLoginHistory: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[111,22]
    Review result in Checkmarx One: Unsynchronized_Access_To_Shared_Data

Result #2:
Severity: LOW
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. accountLockTime: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[130,87]
    Review result in Checkmarx One: Unsynchronized_Access_To_Shared_Data

Result #3:
Severity: LOW
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. userLoginHistory: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[128,22]
    Review result in Checkmarx One: Unsynchronized_Access_To_Shared_Data

Result #4:
Severity: LOW
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. accountLockCount: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[129,64]
    Review result in Checkmarx One: Unsynchronized_Access_To_Shared_Data

Result #5:
Severity: LOW
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. userLoginHistory: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[115,21]
    Review result in Checkmarx One: Unsynchronized_Access_To_Shared_Data

Result #6:
Severity: LOW
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. ""userid"": /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[69,59]
    2. getParameter: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[69,58]
    3. trim: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[69,41]
    4. userid: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[69,16]
    5. userid: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[77,30]
    6. userid: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[104,44]
    7. userid: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[105,30]
    8. userid: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[110,33]
    9. userid: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[115,50]
    10. putIfAbsent: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[115,49]
    11. userLoginHistory: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[115,21]
    Review result in Checkmarx One: Unsynchronized_Access_To_Shared_Data

Result #7:
Severity: LOW
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. req: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[66,69]
    2. req: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[69,42]
    3. getParameter: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[69,58]
    4. trim: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[69,41]
    5. userid: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[69,16]
    6. userid: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[77,30]
    7. userid: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[104,44]
    8. userid: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[105,30]
    9. userid: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[110,33]
    10. userid: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[115,50]
    11. putIfAbsent: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[115,49]
    12. userLoginHistory: /src/main/java/org/t246osslab/easybuggy4sb/controller/DefaultLoginController.java[115,21]
    Review result in Checkmarx One: Unsynchronized_Access_To_Shared_Data
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
branch:main Checkmarx project:AaronZhouYu/TotallySecureApp SAST
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@AaronZhouYu