hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Updated vulnerable XSS.java version

Browse Source
This commit is contained in:
gx1
2022-09-13 15:58:25 +02:00
committed by GitHub
parent 46751e515c
commit 1c4488e7c8
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
java/ql/src/Security/CWE/CWE-079/XSS.java
View File

@@ -1,8 +1,9 @@
public class XSS extends HttpServlet { public class XSS extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response) protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException { throws ServletException, IOException {
// BAD: a request parameter is written directly to an error response page // BAD: a request parameter is written directly to the Servlet response stream
response.sendError(HttpServletResponse.SC_NOT_FOUND, response.getWriter().print(
"The page \"" + request.getParameter("page") + "\" was not found."); "The page \"" + request.getParameter("page") + "\" was not found."); // $xss
} }
} }