Checkmarx Improper Resource Access Authorization

Question

I am using the Checkmarx security tool to scan my code, it is saying that when I execute executeUpdate() commands to the database that is "Improper Resource Access Authorization."

Various Googling with no success.

int rowInserted = preparedStatement.executeUpdate();

What is your question? Do you know what **Improper Resource Access Authorization** is? — baruchiro, Sep 07 '19 at 18:21

score 1 · Answer 1 · answered Nov 26 '21 at 10:24

Just add a method to your class:

private static boolean checkAuthorization(String userName) {
    return userName.equals("authorization");
}

and check your string with:

if (checkAuthorization("authorization")) {
    int rowInserted = preparedStatement.executeUpdate();
}

score 0 · Accepted Answer · answered Sep 10 '19 at 02:53

0

Add some code that performs access control checks that makes use of words like "admin", "authoriz" or "allowed"

 if (user.equals("admin")){
    int rowInserted = preparedStatement.executeUpdate();
 }

answered Sep 10 '19 at 02:53

securecodeninja

2,497
3
16
22

I have the same problem, Checkmarks is warning `cst = conect.prepareCall(ConstantesDAO.FNFA_REFS); .... cst.setString(3, params.get("cycleId")); ..... Just here -> cst.execute();` :( I tried your suggestion but does not work. – Eric Ocampo Apr 07 '20 at 00:04
I don't see any validation check for access control in the code snippet you shared – securecodeninja Apr 09 '20 at 04:12
@securecodeninja tried your solution. but didnt work `if(user.equals("admin")) {String endPoint=prop.getProperty("endpoint");}` – din_oops Nov 10 '21 at 07:04

Checkmarx Improper Resource Access Authorization

2 Answers2

Linked