17 lines
395 B
Plaintext
17 lines
395 B
Plaintext
|
Using unvalidated values can expose an application to injection attacks.
|
||
|
|
|
||
|
|
|
||
|
|
== Noncompliant Code Example
|
||
|
|
|
||
|
|
----
|
||
|
|
public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
|
||
|
|
// ...
|
||
|
|
Employee employee = new Employee();
|
||
|
|
employee.setFirstName(request.getParameter("firstName")); // Noncompliant
|
||
|
|
// ...
|
||
|
|
|
||
|
|
save(employee); // Uh-oh!
|
||
|
|
----
|
||
|
|
|
||
|
|
|