CX Command_Injection @ src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00303.java [main]

Command_Injection issue exists @ src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00303.java in branch main

The application's doPost method calls an OS (shell) command with exec, at line 83 of src\main\java\org\owasp\benchmark\testcode\BenchmarkTest00303.java, using an untrusted string with the command to execute.   This could allow an attacker to inject an arbitrary command, and enable a Command Injection attack. The attacker may be able to inject the executed command via user input, getHeaders, which is retrieved by the application in the doPost method, at line 44 of src\main\java\org\owasp\benchmark\testcode\BenchmarkTest00303.java. Similarity ID: -1555325800

Severity: High

CWE:77

Vulnerability details and guidance

Checkmarx

Training Recommended Fix

Lines: 44

---

Code (Line #44):

java.util.Enumeration<String> headers = request.getHeaders("BenchmarkTest00303");

---