Review

Detector:

Findbugs

Target:

project '

uberfire

' version

0.3.1

Tags:

Potential Misuse

Anomaly identified by the detector. Please review whether this anomaly corresponds to a misuse.

Finding:	finding-4
In File:	org/uberfire/server/UberfireServlet.java
In Method:	loadUserInfo(PrintWriter)
Code with Finding:	`class UberfireServlet { private void loadUserInfo( PrintWriter writer ) { final Subject subject = SecurityFactory.getIdentity(); final Map<String, String> map = new HashMap<String, String>() {{ put( "name", subject.getName() ); put( "roles", collectionAsString( subject.getRoles() ) ); put( "properties", mapAsString( subject.getProperties() ) ); }}; final String content = TemplateRuntime.execute( userDataTemplate, map ).toString(); writer.append( content ); } }`

Metadata

Hit	Rank	Desc	Type	Violations
?	4	SECXSS2: This use of java/io/PrintWriter.append(Ljava/lang/CharSequence;)Ljava/io/PrintWriter; could be vulnerable to XSS	XSS_SERVLET