hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: adjust BarrierPrefix to handle prepended chars

Browse Source
This commit is contained in:
Jami Cogswell
2024-03-13 16:27:25 -04:00
parent 5ac453eb38
commit 1b01f26d09
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/test/query-tests/security/CWE-552/UrlForwardTest.java
View File

@@ -389,7 +389,7 @@ public class UrlForwardTest extends HttpServlet implements Filter {
}
}
// Test `StringBuilder.append` sequence with `?` appended before the user input
// GOOD: char `?` appended before the user input
private static final String LOGIN_URL = "/UI/Login";
public void doPost2(HttpServletRequest request, HttpServletResponse response)
@@ -399,14 +399,13 @@ public class UrlForwardTest extends HttpServlet implements Filter {
String queryString = request.getQueryString();
// should be sanitized due to the `?` appended
forwardUrl.append('?').append(queryString);
String fUrl = forwardUrl.toString();
ServletConfig config = getServletConfig();
RequestDispatcher dispatcher = config.getServletContext().getRequestDispatcher(fUrl); // $ SPURIOUS: hasUrlForward
RequestDispatcher dispatcher = config.getServletContext().getRequestDispatcher(fUrl);
dispatcher.forward(request, response);
}
}