rspec/rules/S2574/rule-except-see.adoc

Using unvalidated values can expose an application to injection attacks. 


=== Noncompliant code example

[source,text]
----
public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
  // ...
  Employee employee = new Employee();
  employee.setFirstName(request.getParameter("firstName")); // Noncompliant
  // ...

  save(employee); // Uh-oh!
----
RULEAPI-665: Remove security standards from the irrelevant language-specific rules (#362) 2021-09-21 15:40:35 +02:00			`Using unvalidated values can expose an application to injection attacks.`


migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Noncompliant code example`
RULEAPI-665: Remove security standards from the irrelevant language-specific rules (#362) 2021-09-21 15:40:35 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,text]`
RULEAPI-665: Remove security standards from the irrelevant language-specific rules (#362) 2021-09-21 15:40:35 +02:00			`----`
			`public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {`
			`// ...`
			`Employee employee = new Employee();`
			`employee.setFirstName(request.getParameter("firstName")); // Noncompliant`
			`// ...`

			`save(employee); // Uh-oh!`
			`----`