shashirajraja/shopping-cart

Malicious code vunerability

Opened this issue · 1 comments

nazzyjq commented

I have come across a malicious code vulnerability.

image

The issue occurs in the class OrderDetails on line 59.

It states the error: This code stores a reference to an externally mutable object into the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations

SAIVEERENDER24 commented

public Timestamp getTime() & return time; }:
There seems to be a syntax error with the & symbol, which should likely be replaced with { to open the method body.
Also, time is not defined here. Presumably, you want to return some timestamp value. If time is a variable, it should be defined somewhere in the class.
Assuming time is a class variable and you want to return its value, the corrected version would be:
java
Copy code
public Timestamp getTime() {
return time;
}
public void setTime (Timestamp time) { this. time - time; }:
There's a syntax error here. It seems you're trying to assign the value of time parameter to some class variable, but the syntax is incorrect.
To assign the value of time parameter to a class variable, you should use the assignment operator = instead of -.
Assuming time is a class variable, the corrected version would be:
java
Copy code
public void setTime(Timestamp time) {
this.time = time;
}
public InputStream getProdImage) { return prodImage;:
There's a syntax error with the closing parenthesis ) after getProdImage. It should be replaced with { to open the method body.
Also, prodImage is not defined here. Presumably, you want to return some InputStream value representing a product image. If prodImage is a variable, it should be defined somewhere in the class.
Assuming prodImage is a class variable and you want to return its value, the corrected version would be:
java
Copy code
public InputStream getProdImage() {
return prodImage;
}
After correcting these syntax errors, the code should work as expected. Make sure to define time and prodImage variables appropriately in your class.