hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Abbreviate qhelp example

Browse Source
This commit is contained in:
Chris Smowton
2021-11-24 12:12:22 +00:00
committed by GitHub
parent e56737e007
commit 136ecaf49a
1 changed files with 7 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.java
View File

@@ -1,40 +1,11 @@
public class ThreadResourceAbuse extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// Get thread pause time from request parameter
String delayTimeStr = request.getParameter("DelayTime");
try {
int delayTime = Integer.valueOf(delayTimeStr);
new SyncAction(delayTime).start();
} catch (NumberFormatException e) {
}
}
class SleepTest {
public void test(int userSuppliedWaitTime) throws Exception {
// BAD: no boundary check on wait time
Thread.sleep(waitTime);
class SyncAction extends Thread {
int waitTime;
public SyncAction(int waitTime) {
this.waitTime = waitTime;
}
@Override
public void run() {
try {
{
// BAD: no boundary check on wait time
Thread.sleep(waitTime);
}
{
// GOOD: enforce an upper limit on wait time
if (waitTime > 0 && waitTime < 5000) {
Thread.sleep(waitTime);
}
}
//Do other updates
} catch (InterruptedException e) {
}
// GOOD: enforce an upper limit on wait time
if (waitTime > 0 && waitTime < 5000) {
Thread.sleep(waitTime);
}
}
}