CX Portability_Flaw_Locale_Dependent_Comparison @ src/main/java/org/joychou/security/SecurityUtil.java [master]

**Portability_Flaw_Locale_Dependent_Comparison** issue exists @ **src/main/java/org/joychou/security/SecurityUtil.java** in branch **master**

*The application handles input strings&nbsp;in a locale-unspecific manner. In particular, src\main\java\org\joychou\security\SecurityUtil.java's checkURLbyEndsWith calls toLowerCase at line 23 to manipulate the string. The resulting string is compared with endsWith by checkURLbyEndsWith, at src\main\java\org\joychou\security\SecurityUtil.java:23.*

Severity: Low

CWE:474

[Vulnerability details and guidance](https://cwe.mitre.org/data/definitions/474.html)

[Internal Guidance](https://checkmarx.atlassian.net/wiki/spaces/AS/pages/79462432/Remediation+Guidance)

[Checkmarx](http://WIN-D41IBM498QO/CxWebClient/ViewerMain.aspx?scanid=1000004&projectid=1&pathid=264)

Lines: [34](https://github.com/CxCEC/java-sec-code/blob/master/src/main/java/org/joychou/security/SecurityUtil.java#L34) 

---
[Code (Line #34):](https://github.com/CxCEC/java-sec-code/blob/master/src/main/java/org/joychou/security/SecurityUtil.java#L34)
```
            String host = uri.getHost().toLowerCase();
```
---


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CX Portability_Flaw_Locale_Dependent_Comparison @ src/main/java/org/joychou/security/SecurityUtil.java [master] #75

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CX Portability_Flaw_Locale_Dependent_Comparison @ src/main/java/org/joychou/security/SecurityUtil.java [master] #75

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions