mirror of
https://github.com/github/codeql.git
synced 2026-04-30 19:26:02 +02:00
update VerificationMethodFlowConfig, add if test
This commit is contained in:
haby0
@@ -26,9 +26,6 @@ public class JsonpController {
|
||||
hashMap.put("password","123456");
|
||||
}
|
||||
|
||||
private String name = null;
|
||||
|
||||
|
||||
@GetMapping(value = "jsonp1")
|
||||
@ResponseBody
|
||||
public String bad1(HttpServletRequest request) {
|
||||
@@ -77,7 +74,6 @@ public class JsonpController {
|
||||
PrintWriter pw = null;
|
||||
Gson gson = new Gson();
|
||||
String result = gson.toJson(hashMap);
|
||||
|
||||
String resultStr = null;
|
||||
pw = response.getWriter();
|
||||
resultStr = jsonpCallback + "(" + result + ")";
|
||||
@@ -109,13 +105,25 @@ public class JsonpController {
|
||||
return resultStr;
|
||||
}
|
||||
|
||||
|
||||
@GetMapping(value = "jsonp8")
|
||||
@ResponseBody
|
||||
public String bad8(HttpServletRequest request) {
|
||||
String resultStr = null;
|
||||
String token = request.getParameter("token");
|
||||
boolean result = verifToken(token); //Just check.
|
||||
String jsonpCallback = request.getParameter("jsonpCallback");
|
||||
String jsonStr = getJsonStr(hashMap);
|
||||
resultStr = jsonpCallback + "(" + jsonStr + ")";
|
||||
return resultStr;
|
||||
}
|
||||
|
||||
|
||||
@GetMapping(value = "jsonp9")
|
||||
@ResponseBody
|
||||
public String good1(HttpServletRequest request) {
|
||||
String resultStr = null;
|
||||
String token = request.getParameter("token");
|
||||
if (verifToken(token)){
|
||||
String referer = request.getParameter("referer");
|
||||
if (verifReferer(referer)){
|
||||
String jsonpCallback = request.getParameter("jsonpCallback");
|
||||
String jsonStr = getJsonStr(hashMap);
|
||||
resultStr = jsonpCallback + "(" + jsonStr + ")";
|
||||
@@ -125,7 +133,7 @@ public class JsonpController {
|
||||
}
|
||||
|
||||
|
||||
@GetMapping(value = "jsonp9")
|
||||
@GetMapping(value = "jsonp10")
|
||||
@ResponseBody
|
||||
public String good2(HttpServletRequest request) {
|
||||
String resultStr = null;
|
||||
@@ -140,7 +148,7 @@ public class JsonpController {
|
||||
return resultStr;
|
||||
}
|
||||
|
||||
@RequestMapping(value = "jsonp10")
|
||||
@RequestMapping(value = "jsonp11")
|
||||
@ResponseBody
|
||||
public String good3(HttpServletRequest request) {
|
||||
JSONObject parameterObj = readToJSONObect(request);
|
||||
@@ -151,7 +159,7 @@ public class JsonpController {
|
||||
return resultStr;
|
||||
}
|
||||
|
||||
@RequestMapping(value = "jsonp11")
|
||||
@RequestMapping(value = "jsonp12")
|
||||
@ResponseBody
|
||||
public String good4(@RequestParam("file") MultipartFile file,HttpServletRequest request) {
|
||||
if(null == file){
|
||||
@@ -200,4 +208,11 @@ public class JsonpController {
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
public static boolean verifReferer(String str){
|
||||
if (str != "xxxx"){
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,80 +1,76 @@
|
||||
edges
|
||||
| JsonpController.java:36:32:36:68 | getParameter(...) : String | JsonpController.java:40:16:40:24 | resultStr |
|
||||
| JsonpController.java:39:21:39:54 | ... + ... : String | JsonpController.java:40:16:40:24 | resultStr |
|
||||
| JsonpController.java:47:32:47:68 | getParameter(...) : String | JsonpController.java:49:16:49:24 | resultStr |
|
||||
| JsonpController.java:48:21:48:80 | ... + ... : String | JsonpController.java:49:16:49:24 | resultStr |
|
||||
| JsonpController.java:56:32:56:68 | getParameter(...) : String | JsonpController.java:59:16:59:24 | resultStr |
|
||||
| JsonpController.java:58:21:58:55 | ... + ... : String | JsonpController.java:59:16:59:24 | resultStr |
|
||||
| JsonpController.java:66:32:66:68 | getParameter(...) : String | JsonpController.java:69:16:69:24 | resultStr |
|
||||
| JsonpController.java:68:21:68:54 | ... + ... : String | JsonpController.java:69:16:69:24 | resultStr |
|
||||
| JsonpController.java:76:32:76:68 | getParameter(...) : String | JsonpController.java:84:20:84:28 | resultStr |
|
||||
| JsonpController.java:83:21:83:54 | ... + ... : String | JsonpController.java:84:20:84:28 | resultStr |
|
||||
| JsonpController.java:91:32:91:68 | getParameter(...) : String | JsonpController.java:98:20:98:28 | resultStr |
|
||||
| JsonpController.java:97:21:97:54 | ... + ... : String | JsonpController.java:98:20:98:28 | resultStr |
|
||||
| JsonpController.java:105:32:105:68 | getParameter(...) : String | JsonpController.java:109:16:109:24 | resultStr |
|
||||
| JsonpController.java:108:21:108:54 | ... + ... : String | JsonpController.java:109:16:109:24 | resultStr |
|
||||
| JsonpController.java:117:24:117:52 | getParameter(...) : String | JsonpController.java:118:24:118:28 | token |
|
||||
| JsonpController.java:119:36:119:72 | getParameter(...) : String | JsonpController.java:122:20:122:28 | resultStr |
|
||||
| JsonpController.java:121:25:121:59 | ... + ... : String | JsonpController.java:122:20:122:28 | resultStr |
|
||||
| JsonpController.java:132:24:132:52 | getParameter(...) : String | JsonpController.java:133:37:133:41 | token |
|
||||
| JsonpController.java:137:32:137:68 | getParameter(...) : String | JsonpController.java:140:16:140:24 | resultStr |
|
||||
| JsonpController.java:139:21:139:55 | ... + ... : String | JsonpController.java:140:16:140:24 | resultStr |
|
||||
| JsonpController.java:150:21:150:54 | ... + ... : String | JsonpController.java:151:16:151:24 | resultStr |
|
||||
| JsonpController.java:165:21:165:54 | ... + ... : String | JsonpController.java:166:16:166:24 | resultStr |
|
||||
| JsonpController.java:33:32:33:68 | getParameter(...) : String | JsonpController.java:37:16:37:24 | resultStr |
|
||||
| JsonpController.java:36:21:36:54 | ... + ... : String | JsonpController.java:37:16:37:24 | resultStr |
|
||||
| JsonpController.java:44:32:44:68 | getParameter(...) : String | JsonpController.java:46:16:46:24 | resultStr |
|
||||
| JsonpController.java:45:21:45:80 | ... + ... : String | JsonpController.java:46:16:46:24 | resultStr |
|
||||
| JsonpController.java:53:32:53:68 | getParameter(...) : String | JsonpController.java:56:16:56:24 | resultStr |
|
||||
| JsonpController.java:55:21:55:55 | ... + ... : String | JsonpController.java:56:16:56:24 | resultStr |
|
||||
| JsonpController.java:63:32:63:68 | getParameter(...) : String | JsonpController.java:66:16:66:24 | resultStr |
|
||||
| JsonpController.java:65:21:65:54 | ... + ... : String | JsonpController.java:66:16:66:24 | resultStr |
|
||||
| JsonpController.java:73:32:73:68 | getParameter(...) : String | JsonpController.java:80:20:80:28 | resultStr |
|
||||
| JsonpController.java:79:21:79:54 | ... + ... : String | JsonpController.java:80:20:80:28 | resultStr |
|
||||
| JsonpController.java:87:32:87:68 | getParameter(...) : String | JsonpController.java:94:20:94:28 | resultStr |
|
||||
| JsonpController.java:93:21:93:54 | ... + ... : String | JsonpController.java:94:20:94:28 | resultStr |
|
||||
| JsonpController.java:101:32:101:68 | getParameter(...) : String | JsonpController.java:105:16:105:24 | resultStr |
|
||||
| JsonpController.java:104:21:104:54 | ... + ... : String | JsonpController.java:105:16:105:24 | resultStr |
|
||||
| JsonpController.java:114:32:114:68 | getParameter(...) : String | JsonpController.java:117:16:117:24 | resultStr |
|
||||
| JsonpController.java:116:21:116:55 | ... + ... : String | JsonpController.java:117:16:117:24 | resultStr |
|
||||
| JsonpController.java:127:36:127:72 | getParameter(...) : String | JsonpController.java:130:20:130:28 | resultStr |
|
||||
| JsonpController.java:129:25:129:59 | ... + ... : String | JsonpController.java:130:20:130:28 | resultStr |
|
||||
| JsonpController.java:145:32:145:68 | getParameter(...) : String | JsonpController.java:148:16:148:24 | resultStr |
|
||||
| JsonpController.java:147:21:147:55 | ... + ... : String | JsonpController.java:148:16:148:24 | resultStr |
|
||||
| JsonpController.java:158:21:158:54 | ... + ... : String | JsonpController.java:159:16:159:24 | resultStr |
|
||||
| JsonpController.java:173:21:173:54 | ... + ... : String | JsonpController.java:174:16:174:24 | resultStr |
|
||||
| JsonpInjectionServlet1.java:31:32:31:64 | getParameter(...) : String | JsonpInjectionServlet1.java:45:24:45:32 | resultStr |
|
||||
| JsonpInjectionServlet1.java:36:26:36:49 | getHeader(...) : String | JsonpInjectionServlet1.java:38:39:38:45 | referer |
|
||||
| JsonpInjectionServlet1.java:44:25:44:62 | ... + ... : String | JsonpInjectionServlet1.java:45:24:45:32 | resultStr |
|
||||
| JsonpInjectionServlet2.java:31:32:31:64 | getParameter(...) : String | JsonpInjectionServlet2.java:39:20:39:28 | resultStr |
|
||||
| JsonpInjectionServlet2.java:38:21:38:54 | ... + ... : String | JsonpInjectionServlet2.java:39:20:39:28 | resultStr |
|
||||
| RefererFilter.java:22:26:22:53 | getHeader(...) : String | RefererFilter.java:23:39:23:45 | refefer |
|
||||
nodes
|
||||
| JsonpController.java:36:32:36:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:39:21:39:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:40:16:40:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:40:16:40:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:47:32:47:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:48:21:48:80 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:49:16:49:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:49:16:49:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:56:32:56:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:58:21:58:55 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:59:16:59:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:59:16:59:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:66:32:66:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:68:21:68:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:69:16:69:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:69:16:69:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:76:32:76:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:83:21:83:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:84:20:84:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:84:20:84:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:91:32:91:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:97:21:97:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:98:20:98:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:98:20:98:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:105:32:105:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:108:21:108:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:109:16:109:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:109:16:109:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:117:24:117:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:118:24:118:28 | token | semmle.label | token |
|
||||
| JsonpController.java:119:36:119:72 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:121:25:121:59 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:122:20:122:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:122:20:122:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:132:24:132:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:133:37:133:41 | token | semmle.label | token |
|
||||
| JsonpController.java:137:32:137:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:139:21:139:55 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:140:16:140:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:140:16:140:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:150:21:150:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:151:16:151:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:165:21:165:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:166:16:166:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:33:32:33:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:36:21:36:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:37:16:37:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:37:16:37:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:44:32:44:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:45:21:45:80 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:46:16:46:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:46:16:46:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:53:32:53:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:55:21:55:55 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:56:16:56:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:56:16:56:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:63:32:63:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:65:21:65:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:66:16:66:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:66:16:66:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:73:32:73:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:79:21:79:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:80:20:80:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:80:20:80:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:87:32:87:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:93:21:93:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:94:20:94:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:94:20:94:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:101:32:101:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:104:21:104:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:105:16:105:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:105:16:105:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:114:32:114:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:116:21:116:55 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:117:16:117:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:117:16:117:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:127:36:127:72 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:129:25:129:59 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:130:20:130:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:130:20:130:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:145:32:145:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:147:21:147:55 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:148:16:148:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:148:16:148:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:158:21:158:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:159:16:159:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:173:21:173:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:174:16:174:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpInjectionServlet1.java:31:32:31:64 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpInjectionServlet1.java:36:26:36:49 | getHeader(...) : String | semmle.label | getHeader(...) : String |
|
||||
| JsonpInjectionServlet1.java:38:39:38:45 | referer | semmle.label | referer |
|
||||
| JsonpInjectionServlet1.java:44:25:44:62 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpInjectionServlet1.java:45:24:45:32 | resultStr | semmle.label | resultStr |
|
||||
| JsonpInjectionServlet1.java:45:24:45:32 | resultStr | semmle.label | resultStr |
|
||||
@@ -82,6 +78,4 @@ nodes
|
||||
| JsonpInjectionServlet2.java:38:21:38:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpInjectionServlet2.java:39:20:39:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpInjectionServlet2.java:39:20:39:28 | resultStr | semmle.label | resultStr |
|
||||
| RefererFilter.java:22:26:22:53 | getHeader(...) : String | semmle.label | getHeader(...) : String |
|
||||
| RefererFilter.java:23:39:23:45 | refefer | semmle.label | refefer |
|
||||
#select
|
||||
|
||||
@@ -26,9 +26,6 @@ public class JsonpController {
|
||||
hashMap.put("password","123456");
|
||||
}
|
||||
|
||||
private String name = null;
|
||||
|
||||
|
||||
@GetMapping(value = "jsonp1")
|
||||
@ResponseBody
|
||||
public String bad1(HttpServletRequest request) {
|
||||
@@ -77,7 +74,6 @@ public class JsonpController {
|
||||
PrintWriter pw = null;
|
||||
Gson gson = new Gson();
|
||||
String result = gson.toJson(hashMap);
|
||||
|
||||
String resultStr = null;
|
||||
pw = response.getWriter();
|
||||
resultStr = jsonpCallback + "(" + result + ")";
|
||||
@@ -109,13 +105,25 @@ public class JsonpController {
|
||||
return resultStr;
|
||||
}
|
||||
|
||||
|
||||
@GetMapping(value = "jsonp8")
|
||||
@ResponseBody
|
||||
public String bad8(HttpServletRequest request) {
|
||||
String resultStr = null;
|
||||
String token = request.getParameter("token");
|
||||
boolean result = verifToken(token); //Just check.
|
||||
String jsonpCallback = request.getParameter("jsonpCallback");
|
||||
String jsonStr = getJsonStr(hashMap);
|
||||
resultStr = jsonpCallback + "(" + jsonStr + ")";
|
||||
return resultStr;
|
||||
}
|
||||
|
||||
|
||||
@GetMapping(value = "jsonp9")
|
||||
@ResponseBody
|
||||
public String good1(HttpServletRequest request) {
|
||||
String resultStr = null;
|
||||
String token = request.getParameter("token");
|
||||
if (verifToken(token)){
|
||||
String referer = request.getParameter("referer");
|
||||
if (verifReferer(referer)){
|
||||
String jsonpCallback = request.getParameter("jsonpCallback");
|
||||
String jsonStr = getJsonStr(hashMap);
|
||||
resultStr = jsonpCallback + "(" + jsonStr + ")";
|
||||
@@ -125,7 +133,7 @@ public class JsonpController {
|
||||
}
|
||||
|
||||
|
||||
@GetMapping(value = "jsonp9")
|
||||
@GetMapping(value = "jsonp10")
|
||||
@ResponseBody
|
||||
public String good2(HttpServletRequest request) {
|
||||
String resultStr = null;
|
||||
@@ -140,7 +148,7 @@ public class JsonpController {
|
||||
return resultStr;
|
||||
}
|
||||
|
||||
@RequestMapping(value = "jsonp10")
|
||||
@RequestMapping(value = "jsonp11")
|
||||
@ResponseBody
|
||||
public String good3(HttpServletRequest request) {
|
||||
JSONObject parameterObj = readToJSONObect(request);
|
||||
@@ -151,7 +159,7 @@ public class JsonpController {
|
||||
return resultStr;
|
||||
}
|
||||
|
||||
@RequestMapping(value = "jsonp11")
|
||||
@RequestMapping(value = "jsonp12")
|
||||
@ResponseBody
|
||||
public String good4(@RequestParam("file") MultipartFile file,HttpServletRequest request) {
|
||||
if(null == file){
|
||||
@@ -200,4 +208,11 @@ public class JsonpController {
|
||||
}
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
public static boolean verifReferer(String str){
|
||||
if (str != "xxxx"){
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
}
|
||||
@@ -1,76 +1,77 @@
|
||||
edges
|
||||
| JsonpController.java:36:32:36:68 | getParameter(...) : String | JsonpController.java:40:16:40:24 | resultStr |
|
||||
| JsonpController.java:39:21:39:54 | ... + ... : String | JsonpController.java:40:16:40:24 | resultStr |
|
||||
| JsonpController.java:47:32:47:68 | getParameter(...) : String | JsonpController.java:49:16:49:24 | resultStr |
|
||||
| JsonpController.java:48:21:48:80 | ... + ... : String | JsonpController.java:49:16:49:24 | resultStr |
|
||||
| JsonpController.java:56:32:56:68 | getParameter(...) : String | JsonpController.java:59:16:59:24 | resultStr |
|
||||
| JsonpController.java:58:21:58:55 | ... + ... : String | JsonpController.java:59:16:59:24 | resultStr |
|
||||
| JsonpController.java:66:32:66:68 | getParameter(...) : String | JsonpController.java:69:16:69:24 | resultStr |
|
||||
| JsonpController.java:68:21:68:54 | ... + ... : String | JsonpController.java:69:16:69:24 | resultStr |
|
||||
| JsonpController.java:76:32:76:68 | getParameter(...) : String | JsonpController.java:84:20:84:28 | resultStr |
|
||||
| JsonpController.java:83:21:83:54 | ... + ... : String | JsonpController.java:84:20:84:28 | resultStr |
|
||||
| JsonpController.java:91:32:91:68 | getParameter(...) : String | JsonpController.java:98:20:98:28 | resultStr |
|
||||
| JsonpController.java:97:21:97:54 | ... + ... : String | JsonpController.java:98:20:98:28 | resultStr |
|
||||
| JsonpController.java:105:32:105:68 | getParameter(...) : String | JsonpController.java:109:16:109:24 | resultStr |
|
||||
| JsonpController.java:108:21:108:54 | ... + ... : String | JsonpController.java:109:16:109:24 | resultStr |
|
||||
| JsonpController.java:117:24:117:52 | getParameter(...) : String | JsonpController.java:118:24:118:28 | token |
|
||||
| JsonpController.java:119:36:119:72 | getParameter(...) : String | JsonpController.java:122:20:122:28 | resultStr |
|
||||
| JsonpController.java:121:25:121:59 | ... + ... : String | JsonpController.java:122:20:122:28 | resultStr |
|
||||
| JsonpController.java:132:24:132:52 | getParameter(...) : String | JsonpController.java:133:37:133:41 | token |
|
||||
| JsonpController.java:137:32:137:68 | getParameter(...) : String | JsonpController.java:140:16:140:24 | resultStr |
|
||||
| JsonpController.java:139:21:139:55 | ... + ... : String | JsonpController.java:140:16:140:24 | resultStr |
|
||||
| JsonpController.java:150:21:150:54 | ... + ... : String | JsonpController.java:151:16:151:24 | resultStr |
|
||||
| JsonpController.java:165:21:165:54 | ... + ... : String | JsonpController.java:166:16:166:24 | resultStr |
|
||||
| JsonpController.java:33:32:33:68 | getParameter(...) : String | JsonpController.java:37:16:37:24 | resultStr |
|
||||
| JsonpController.java:36:21:36:54 | ... + ... : String | JsonpController.java:37:16:37:24 | resultStr |
|
||||
| JsonpController.java:44:32:44:68 | getParameter(...) : String | JsonpController.java:46:16:46:24 | resultStr |
|
||||
| JsonpController.java:45:21:45:80 | ... + ... : String | JsonpController.java:46:16:46:24 | resultStr |
|
||||
| JsonpController.java:53:32:53:68 | getParameter(...) : String | JsonpController.java:56:16:56:24 | resultStr |
|
||||
| JsonpController.java:55:21:55:55 | ... + ... : String | JsonpController.java:56:16:56:24 | resultStr |
|
||||
| JsonpController.java:63:32:63:68 | getParameter(...) : String | JsonpController.java:66:16:66:24 | resultStr |
|
||||
| JsonpController.java:65:21:65:54 | ... + ... : String | JsonpController.java:66:16:66:24 | resultStr |
|
||||
| JsonpController.java:73:32:73:68 | getParameter(...) : String | JsonpController.java:80:20:80:28 | resultStr |
|
||||
| JsonpController.java:79:21:79:54 | ... + ... : String | JsonpController.java:80:20:80:28 | resultStr |
|
||||
| JsonpController.java:87:32:87:68 | getParameter(...) : String | JsonpController.java:94:20:94:28 | resultStr |
|
||||
| JsonpController.java:93:21:93:54 | ... + ... : String | JsonpController.java:94:20:94:28 | resultStr |
|
||||
| JsonpController.java:101:32:101:68 | getParameter(...) : String | JsonpController.java:105:16:105:24 | resultStr |
|
||||
| JsonpController.java:104:21:104:54 | ... + ... : String | JsonpController.java:105:16:105:24 | resultStr |
|
||||
| JsonpController.java:114:32:114:68 | getParameter(...) : String | JsonpController.java:117:16:117:24 | resultStr |
|
||||
| JsonpController.java:116:21:116:55 | ... + ... : String | JsonpController.java:117:16:117:24 | resultStr |
|
||||
| JsonpController.java:127:36:127:72 | getParameter(...) : String | JsonpController.java:130:20:130:28 | resultStr |
|
||||
| JsonpController.java:129:25:129:59 | ... + ... : String | JsonpController.java:130:20:130:28 | resultStr |
|
||||
| JsonpController.java:145:32:145:68 | getParameter(...) : String | JsonpController.java:148:16:148:24 | resultStr |
|
||||
| JsonpController.java:147:21:147:55 | ... + ... : String | JsonpController.java:148:16:148:24 | resultStr |
|
||||
| JsonpController.java:158:21:158:54 | ... + ... : String | JsonpController.java:159:16:159:24 | resultStr |
|
||||
| JsonpController.java:173:21:173:54 | ... + ... : String | JsonpController.java:174:16:174:24 | resultStr |
|
||||
nodes
|
||||
| JsonpController.java:36:32:36:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:39:21:39:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:40:16:40:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:40:16:40:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:47:32:47:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:48:21:48:80 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:49:16:49:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:49:16:49:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:56:32:56:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:58:21:58:55 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:59:16:59:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:59:16:59:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:66:32:66:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:68:21:68:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:69:16:69:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:69:16:69:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:76:32:76:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:83:21:83:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:84:20:84:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:84:20:84:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:91:32:91:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:97:21:97:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:98:20:98:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:98:20:98:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:105:32:105:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:108:21:108:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:109:16:109:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:109:16:109:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:117:24:117:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:118:24:118:28 | token | semmle.label | token |
|
||||
| JsonpController.java:119:36:119:72 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:121:25:121:59 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:122:20:122:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:122:20:122:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:132:24:132:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:133:37:133:41 | token | semmle.label | token |
|
||||
| JsonpController.java:137:32:137:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:139:21:139:55 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:140:16:140:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:140:16:140:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:150:21:150:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:151:16:151:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:165:21:165:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:166:16:166:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:33:32:33:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:36:21:36:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:37:16:37:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:37:16:37:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:44:32:44:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:45:21:45:80 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:46:16:46:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:46:16:46:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:53:32:53:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:55:21:55:55 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:56:16:56:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:56:16:56:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:63:32:63:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:65:21:65:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:66:16:66:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:66:16:66:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:73:32:73:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:79:21:79:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:80:20:80:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:80:20:80:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:87:32:87:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:93:21:93:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:94:20:94:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:94:20:94:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:101:32:101:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:104:21:104:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:105:16:105:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:105:16:105:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:114:32:114:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:116:21:116:55 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:117:16:117:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:117:16:117:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:127:36:127:72 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:129:25:129:59 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:130:20:130:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:130:20:130:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:145:32:145:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:147:21:147:55 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:148:16:148:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:148:16:148:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:158:21:158:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:159:16:159:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:173:21:173:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:174:16:174:24 | resultStr | semmle.label | resultStr |
|
||||
#select
|
||||
| JsonpController.java:40:16:40:24 | resultStr | JsonpController.java:36:32:36:68 | getParameter(...) : String | JsonpController.java:40:16:40:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:36:32:36:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:49:16:49:24 | resultStr | JsonpController.java:47:32:47:68 | getParameter(...) : String | JsonpController.java:49:16:49:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:47:32:47:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:59:16:59:24 | resultStr | JsonpController.java:56:32:56:68 | getParameter(...) : String | JsonpController.java:59:16:59:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:56:32:56:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:69:16:69:24 | resultStr | JsonpController.java:66:32:66:68 | getParameter(...) : String | JsonpController.java:69:16:69:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:66:32:66:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:84:20:84:28 | resultStr | JsonpController.java:76:32:76:68 | getParameter(...) : String | JsonpController.java:84:20:84:28 | resultStr | Jsonp response might include code from $@. | JsonpController.java:76:32:76:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:98:20:98:28 | resultStr | JsonpController.java:91:32:91:68 | getParameter(...) : String | JsonpController.java:98:20:98:28 | resultStr | Jsonp response might include code from $@. | JsonpController.java:91:32:91:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:109:16:109:24 | resultStr | JsonpController.java:105:32:105:68 | getParameter(...) : String | JsonpController.java:109:16:109:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:105:32:105:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:37:16:37:24 | resultStr | JsonpController.java:33:32:33:68 | getParameter(...) : String | JsonpController.java:37:16:37:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:33:32:33:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:46:16:46:24 | resultStr | JsonpController.java:44:32:44:68 | getParameter(...) : String | JsonpController.java:46:16:46:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:44:32:44:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:56:16:56:24 | resultStr | JsonpController.java:53:32:53:68 | getParameter(...) : String | JsonpController.java:56:16:56:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:53:32:53:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:66:16:66:24 | resultStr | JsonpController.java:63:32:63:68 | getParameter(...) : String | JsonpController.java:66:16:66:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:63:32:63:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:80:20:80:28 | resultStr | JsonpController.java:73:32:73:68 | getParameter(...) : String | JsonpController.java:80:20:80:28 | resultStr | Jsonp response might include code from $@. | JsonpController.java:73:32:73:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:94:20:94:28 | resultStr | JsonpController.java:87:32:87:68 | getParameter(...) : String | JsonpController.java:94:20:94:28 | resultStr | Jsonp response might include code from $@. | JsonpController.java:87:32:87:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:105:16:105:24 | resultStr | JsonpController.java:101:32:101:68 | getParameter(...) : String | JsonpController.java:105:16:105:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:101:32:101:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:117:16:117:24 | resultStr | JsonpController.java:114:32:114:68 | getParameter(...) : String | JsonpController.java:117:16:117:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:114:32:114:68 | getParameter(...) | this user input |
|
||||
|
||||
@@ -26,9 +26,6 @@ public class JsonpController {
|
||||
hashMap.put("password","123456");
|
||||
}
|
||||
|
||||
private String name = null;
|
||||
|
||||
|
||||
@GetMapping(value = "jsonp1")
|
||||
@ResponseBody
|
||||
public String bad1(HttpServletRequest request) {
|
||||
@@ -77,7 +74,6 @@ public class JsonpController {
|
||||
PrintWriter pw = null;
|
||||
Gson gson = new Gson();
|
||||
String result = gson.toJson(hashMap);
|
||||
|
||||
String resultStr = null;
|
||||
pw = response.getWriter();
|
||||
resultStr = jsonpCallback + "(" + result + ")";
|
||||
@@ -109,13 +105,25 @@ public class JsonpController {
|
||||
return resultStr;
|
||||
}
|
||||
|
||||
|
||||
@GetMapping(value = "jsonp8")
|
||||
@ResponseBody
|
||||
public String bad8(HttpServletRequest request) {
|
||||
String resultStr = null;
|
||||
String token = request.getParameter("token");
|
||||
boolean result = verifToken(token); //Just check.
|
||||
String jsonpCallback = request.getParameter("jsonpCallback");
|
||||
String jsonStr = getJsonStr(hashMap);
|
||||
resultStr = jsonpCallback + "(" + jsonStr + ")";
|
||||
return resultStr;
|
||||
}
|
||||
|
||||
|
||||
@GetMapping(value = "jsonp9")
|
||||
@ResponseBody
|
||||
public String good1(HttpServletRequest request) {
|
||||
String resultStr = null;
|
||||
String token = request.getParameter("token");
|
||||
if (verifToken(token)){
|
||||
String referer = request.getParameter("referer");
|
||||
if (verifReferer(referer)){
|
||||
String jsonpCallback = request.getParameter("jsonpCallback");
|
||||
String jsonStr = getJsonStr(hashMap);
|
||||
resultStr = jsonpCallback + "(" + jsonStr + ")";
|
||||
@@ -125,7 +133,7 @@ public class JsonpController {
|
||||
}
|
||||
|
||||
|
||||
@GetMapping(value = "jsonp9")
|
||||
@GetMapping(value = "jsonp10")
|
||||
@ResponseBody
|
||||
public String good2(HttpServletRequest request) {
|
||||
String resultStr = null;
|
||||
@@ -140,7 +148,7 @@ public class JsonpController {
|
||||
return resultStr;
|
||||
}
|
||||
|
||||
@RequestMapping(value = "jsonp10")
|
||||
@RequestMapping(value = "jsonp11")
|
||||
@ResponseBody
|
||||
public String good3(HttpServletRequest request) {
|
||||
JSONObject parameterObj = readToJSONObect(request);
|
||||
@@ -151,7 +159,7 @@ public class JsonpController {
|
||||
return resultStr;
|
||||
}
|
||||
|
||||
@RequestMapping(value = "jsonp11")
|
||||
@RequestMapping(value = "jsonp12")
|
||||
@ResponseBody
|
||||
public String good4(@RequestParam("file") MultipartFile file,HttpServletRequest request) {
|
||||
if(null == file){
|
||||
@@ -200,4 +208,11 @@ public class JsonpController {
|
||||
}
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
public static boolean verifReferer(String str){
|
||||
if (str != "xxxx"){
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
}
|
||||
@@ -1,79 +1,76 @@
|
||||
edges
|
||||
| JsonpController.java:36:32:36:68 | getParameter(...) : String | JsonpController.java:40:16:40:24 | resultStr |
|
||||
| JsonpController.java:39:21:39:54 | ... + ... : String | JsonpController.java:40:16:40:24 | resultStr |
|
||||
| JsonpController.java:47:32:47:68 | getParameter(...) : String | JsonpController.java:49:16:49:24 | resultStr |
|
||||
| JsonpController.java:48:21:48:80 | ... + ... : String | JsonpController.java:49:16:49:24 | resultStr |
|
||||
| JsonpController.java:56:32:56:68 | getParameter(...) : String | JsonpController.java:59:16:59:24 | resultStr |
|
||||
| JsonpController.java:58:21:58:55 | ... + ... : String | JsonpController.java:59:16:59:24 | resultStr |
|
||||
| JsonpController.java:66:32:66:68 | getParameter(...) : String | JsonpController.java:69:16:69:24 | resultStr |
|
||||
| JsonpController.java:68:21:68:54 | ... + ... : String | JsonpController.java:69:16:69:24 | resultStr |
|
||||
| JsonpController.java:76:32:76:68 | getParameter(...) : String | JsonpController.java:84:20:84:28 | resultStr |
|
||||
| JsonpController.java:83:21:83:54 | ... + ... : String | JsonpController.java:84:20:84:28 | resultStr |
|
||||
| JsonpController.java:91:32:91:68 | getParameter(...) : String | JsonpController.java:98:20:98:28 | resultStr |
|
||||
| JsonpController.java:97:21:97:54 | ... + ... : String | JsonpController.java:98:20:98:28 | resultStr |
|
||||
| JsonpController.java:105:32:105:68 | getParameter(...) : String | JsonpController.java:109:16:109:24 | resultStr |
|
||||
| JsonpController.java:108:21:108:54 | ... + ... : String | JsonpController.java:109:16:109:24 | resultStr |
|
||||
| JsonpController.java:117:24:117:52 | getParameter(...) : String | JsonpController.java:118:24:118:28 | token |
|
||||
| JsonpController.java:119:36:119:72 | getParameter(...) : String | JsonpController.java:122:20:122:28 | resultStr |
|
||||
| JsonpController.java:121:25:121:59 | ... + ... : String | JsonpController.java:122:20:122:28 | resultStr |
|
||||
| JsonpController.java:132:24:132:52 | getParameter(...) : String | JsonpController.java:133:37:133:41 | token |
|
||||
| JsonpController.java:137:32:137:68 | getParameter(...) : String | JsonpController.java:140:16:140:24 | resultStr |
|
||||
| JsonpController.java:139:21:139:55 | ... + ... : String | JsonpController.java:140:16:140:24 | resultStr |
|
||||
| JsonpController.java:150:21:150:54 | ... + ... : String | JsonpController.java:151:16:151:24 | resultStr |
|
||||
| JsonpController.java:165:21:165:54 | ... + ... : String | JsonpController.java:166:16:166:24 | resultStr |
|
||||
| JsonpController.java:33:32:33:68 | getParameter(...) : String | JsonpController.java:37:16:37:24 | resultStr |
|
||||
| JsonpController.java:36:21:36:54 | ... + ... : String | JsonpController.java:37:16:37:24 | resultStr |
|
||||
| JsonpController.java:44:32:44:68 | getParameter(...) : String | JsonpController.java:46:16:46:24 | resultStr |
|
||||
| JsonpController.java:45:21:45:80 | ... + ... : String | JsonpController.java:46:16:46:24 | resultStr |
|
||||
| JsonpController.java:53:32:53:68 | getParameter(...) : String | JsonpController.java:56:16:56:24 | resultStr |
|
||||
| JsonpController.java:55:21:55:55 | ... + ... : String | JsonpController.java:56:16:56:24 | resultStr |
|
||||
| JsonpController.java:63:32:63:68 | getParameter(...) : String | JsonpController.java:66:16:66:24 | resultStr |
|
||||
| JsonpController.java:65:21:65:54 | ... + ... : String | JsonpController.java:66:16:66:24 | resultStr |
|
||||
| JsonpController.java:73:32:73:68 | getParameter(...) : String | JsonpController.java:80:20:80:28 | resultStr |
|
||||
| JsonpController.java:79:21:79:54 | ... + ... : String | JsonpController.java:80:20:80:28 | resultStr |
|
||||
| JsonpController.java:87:32:87:68 | getParameter(...) : String | JsonpController.java:94:20:94:28 | resultStr |
|
||||
| JsonpController.java:93:21:93:54 | ... + ... : String | JsonpController.java:94:20:94:28 | resultStr |
|
||||
| JsonpController.java:101:32:101:68 | getParameter(...) : String | JsonpController.java:105:16:105:24 | resultStr |
|
||||
| JsonpController.java:104:21:104:54 | ... + ... : String | JsonpController.java:105:16:105:24 | resultStr |
|
||||
| JsonpController.java:114:32:114:68 | getParameter(...) : String | JsonpController.java:117:16:117:24 | resultStr |
|
||||
| JsonpController.java:116:21:116:55 | ... + ... : String | JsonpController.java:117:16:117:24 | resultStr |
|
||||
| JsonpController.java:127:36:127:72 | getParameter(...) : String | JsonpController.java:130:20:130:28 | resultStr |
|
||||
| JsonpController.java:129:25:129:59 | ... + ... : String | JsonpController.java:130:20:130:28 | resultStr |
|
||||
| JsonpController.java:145:32:145:68 | getParameter(...) : String | JsonpController.java:148:16:148:24 | resultStr |
|
||||
| JsonpController.java:147:21:147:55 | ... + ... : String | JsonpController.java:148:16:148:24 | resultStr |
|
||||
| JsonpController.java:158:21:158:54 | ... + ... : String | JsonpController.java:159:16:159:24 | resultStr |
|
||||
| JsonpController.java:173:21:173:54 | ... + ... : String | JsonpController.java:174:16:174:24 | resultStr |
|
||||
| JsonpInjectionServlet1.java:31:32:31:64 | getParameter(...) : String | JsonpInjectionServlet1.java:45:24:45:32 | resultStr |
|
||||
| JsonpInjectionServlet1.java:36:26:36:49 | getHeader(...) : String | JsonpInjectionServlet1.java:38:39:38:45 | referer |
|
||||
| JsonpInjectionServlet1.java:44:25:44:62 | ... + ... : String | JsonpInjectionServlet1.java:45:24:45:32 | resultStr |
|
||||
| JsonpInjectionServlet2.java:31:32:31:64 | getParameter(...) : String | JsonpInjectionServlet2.java:39:20:39:28 | resultStr |
|
||||
| JsonpInjectionServlet2.java:38:21:38:54 | ... + ... : String | JsonpInjectionServlet2.java:39:20:39:28 | resultStr |
|
||||
nodes
|
||||
| JsonpController.java:36:32:36:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:39:21:39:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:40:16:40:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:40:16:40:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:47:32:47:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:48:21:48:80 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:49:16:49:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:49:16:49:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:56:32:56:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:58:21:58:55 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:59:16:59:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:59:16:59:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:66:32:66:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:68:21:68:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:69:16:69:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:69:16:69:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:76:32:76:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:83:21:83:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:84:20:84:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:84:20:84:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:91:32:91:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:97:21:97:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:98:20:98:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:98:20:98:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:105:32:105:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:108:21:108:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:109:16:109:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:109:16:109:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:117:24:117:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:118:24:118:28 | token | semmle.label | token |
|
||||
| JsonpController.java:119:36:119:72 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:121:25:121:59 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:122:20:122:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:122:20:122:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:132:24:132:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:133:37:133:41 | token | semmle.label | token |
|
||||
| JsonpController.java:137:32:137:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:139:21:139:55 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:140:16:140:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:140:16:140:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:150:21:150:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:151:16:151:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:165:21:165:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:166:16:166:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:33:32:33:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:36:21:36:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:37:16:37:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:37:16:37:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:44:32:44:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:45:21:45:80 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:46:16:46:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:46:16:46:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:53:32:53:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:55:21:55:55 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:56:16:56:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:56:16:56:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:63:32:63:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:65:21:65:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:66:16:66:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:66:16:66:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:73:32:73:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:79:21:79:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:80:20:80:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:80:20:80:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:87:32:87:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:93:21:93:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:94:20:94:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:94:20:94:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:101:32:101:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:104:21:104:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:105:16:105:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:105:16:105:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:114:32:114:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:116:21:116:55 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:117:16:117:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:117:16:117:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:127:36:127:72 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:129:25:129:59 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:130:20:130:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:130:20:130:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:145:32:145:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpController.java:147:21:147:55 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:148:16:148:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:148:16:148:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:158:21:158:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:159:16:159:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpController.java:173:21:173:54 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpController.java:174:16:174:24 | resultStr | semmle.label | resultStr |
|
||||
| JsonpInjectionServlet1.java:31:32:31:64 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| JsonpInjectionServlet1.java:36:26:36:49 | getHeader(...) : String | semmle.label | getHeader(...) : String |
|
||||
| JsonpInjectionServlet1.java:38:39:38:45 | referer | semmle.label | referer |
|
||||
| JsonpInjectionServlet1.java:44:25:44:62 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| JsonpInjectionServlet1.java:45:24:45:32 | resultStr | semmle.label | resultStr |
|
||||
| JsonpInjectionServlet1.java:45:24:45:32 | resultStr | semmle.label | resultStr |
|
||||
@@ -82,11 +79,12 @@ nodes
|
||||
| JsonpInjectionServlet2.java:39:20:39:28 | resultStr | semmle.label | resultStr |
|
||||
| JsonpInjectionServlet2.java:39:20:39:28 | resultStr | semmle.label | resultStr |
|
||||
#select
|
||||
| JsonpController.java:40:16:40:24 | resultStr | JsonpController.java:36:32:36:68 | getParameter(...) : String | JsonpController.java:40:16:40:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:36:32:36:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:49:16:49:24 | resultStr | JsonpController.java:47:32:47:68 | getParameter(...) : String | JsonpController.java:49:16:49:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:47:32:47:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:59:16:59:24 | resultStr | JsonpController.java:56:32:56:68 | getParameter(...) : String | JsonpController.java:59:16:59:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:56:32:56:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:69:16:69:24 | resultStr | JsonpController.java:66:32:66:68 | getParameter(...) : String | JsonpController.java:69:16:69:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:66:32:66:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:84:20:84:28 | resultStr | JsonpController.java:76:32:76:68 | getParameter(...) : String | JsonpController.java:84:20:84:28 | resultStr | Jsonp response might include code from $@. | JsonpController.java:76:32:76:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:98:20:98:28 | resultStr | JsonpController.java:91:32:91:68 | getParameter(...) : String | JsonpController.java:98:20:98:28 | resultStr | Jsonp response might include code from $@. | JsonpController.java:91:32:91:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:109:16:109:24 | resultStr | JsonpController.java:105:32:105:68 | getParameter(...) : String | JsonpController.java:109:16:109:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:105:32:105:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:37:16:37:24 | resultStr | JsonpController.java:33:32:33:68 | getParameter(...) : String | JsonpController.java:37:16:37:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:33:32:33:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:46:16:46:24 | resultStr | JsonpController.java:44:32:44:68 | getParameter(...) : String | JsonpController.java:46:16:46:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:44:32:44:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:56:16:56:24 | resultStr | JsonpController.java:53:32:53:68 | getParameter(...) : String | JsonpController.java:56:16:56:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:53:32:53:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:66:16:66:24 | resultStr | JsonpController.java:63:32:63:68 | getParameter(...) : String | JsonpController.java:66:16:66:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:63:32:63:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:80:20:80:28 | resultStr | JsonpController.java:73:32:73:68 | getParameter(...) : String | JsonpController.java:80:20:80:28 | resultStr | Jsonp response might include code from $@. | JsonpController.java:73:32:73:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:94:20:94:28 | resultStr | JsonpController.java:87:32:87:68 | getParameter(...) : String | JsonpController.java:94:20:94:28 | resultStr | Jsonp response might include code from $@. | JsonpController.java:87:32:87:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:105:16:105:24 | resultStr | JsonpController.java:101:32:101:68 | getParameter(...) : String | JsonpController.java:105:16:105:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:101:32:101:68 | getParameter(...) | this user input |
|
||||
| JsonpController.java:117:16:117:24 | resultStr | JsonpController.java:114:32:114:68 | getParameter(...) : String | JsonpController.java:117:16:117:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:114:32:114:68 | getParameter(...) | this user input |
|
||||
| JsonpInjectionServlet2.java:39:20:39:28 | resultStr | JsonpInjectionServlet2.java:31:32:31:64 | getParameter(...) : String | JsonpInjectionServlet2.java:39:20:39:28 | resultStr | Jsonp response might include code from $@. | JsonpInjectionServlet2.java:31:32:31:64 | getParameter(...) | this user input |
|
||||
|
||||
Reference in New Issue
Block a user