Checkmarx - Improper Resource Access Authorization on native query

Asked Apr 30 '20 at 12:50

Active Apr 30 '20 at 12:50

Viewed 1,031 times

I am trying to scan java code using checkmarkx.

I have a JPA repository with the below method.

@Query(value = "select t.* from transactions t, applications a, payment_processors pp "
      + "where t.paymentProcessorTransactionId = :x " + "and t.asyncPayment = 1 "
      + "and t.applicationId = a.id " + "and a.paymentProcessorId = pp.id "
      + "and pp.name = :y ", nativeQuery = true)
  Transaction fetchAsyncTransactionByTransferCode(@Param("x") String x,
      @Param("y") String y);

After the scan, I am getting Improper Resource Access Authorization at param x and y.

And also getting Improper Exception Handling on these lines.

asked Apr 30 '20 at 12:50

saurabh landge

1

for the Improprer Ressource Access Autorization, this is because you directly assign your x and y param directly to the query. – SPoint May 14 '20 at 15:15
For the second (exception), give us more code.... – SPoint May 14 '20 at 15:16

Checkmarx - Improper Resource Access Authorization on native query

0 Answers0