How to resolve HTTP Parameter Pollution warning?

1.6k Views Asked by At

While checking for findSpecBugs warnings in my scala based application, I encountered:

HTTP Parameter Pollution warning with the message: Concatenating unvalidated user input into a URL can allow an attacker to override the value of a request parameter.

This issue is arising when I am concatenating a URL with a value fetched from the database. Any idea how can I sanitize or validate that value, or is there any other way to resolve this issue?

1

There are 1 best solutions below

2
On BEST ANSWER

You should use URIBuilder and set the setParameter(<param>, <value>). Like the following:

val builder = new URIBuilder(<url>)
    builder.setParameter("pparam1", "value1").setParameter("param2", "value2")
val request = new HttpGet(builder.build())

I hope this answers your question.