File tree Expand file tree Collapse file tree 1 file changed +7
-7
lines changed Expand file tree Collapse file tree 1 file changed +7
-7
lines changed Original file line number Diff line number Diff line change @@ -12,13 +12,13 @@ A3:2019 Improper Data Filtering
1212
1313### Scenario #1
1414
15- The User model implements a toJSON() method to serialize a user object as JSON.
16- While implementing the ` GET /v1/articles/{article_id}/comments/{comment_id} `
17- endpoint that returns details about a specific comment in an article and basic
18- details about its author, the developer finds the toJSON() method and decides to
19- use it (without thinking about the sensitive details it may expose). The mobile
20- team is using the endpoint in the articles view, rendering only relevant data.
21- An attacker sniffs the mobile app traffic and finds about the sensitive data
15+ The User model implements a ` toJSON() ` method to serialize a user object. While
16+ implementing the ` GET /v1/articles/{article_id}/comments/{comment_id} ` endpoint
17+ that returns details about a specific comment in an article and basic details
18+ about its author, the developer finds the toJSON() method and decides to use it
19+ (without thinking about the sensitive details it may expose). The mobile team is
20+ using the endpoint in the articles view, rendering only relevant data. An
21+ attacker sniffs the mobile app traffic and finds about the sensitive data
2222exposure.
2323
2424### Scenario #2
You can’t perform that action at this time.
0 commit comments