hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 05:05:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update qldoc

Browse Source
This commit is contained in:
luchua-bc
2021-02-15 16:58:09 +00:00
parent cb01613aa6
commit 2f17943abc
5 changed files with 15 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery.java
View File

@@ -6,7 +6,7 @@ import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletException;
public class SensitiveGetQuery extends HttpServlet {
// BAD - Tests sending sensitive information in a GET request.
// BAD - Tests retrieving sensitive information through `request.getParameter()` in a GET request.
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
String username = request.getParameter("username");
String password = request.getParameter("password");
@@ -18,7 +18,7 @@ public class SensitiveGetQuery extends HttpServlet {
System.out.println("username = " + username+"; password "+password);
}
// GOOD - Tests sending sensitive information in a POST request.
// GOOD - Tests retrieving sensitive information through `request.getParameter()` in a POST request.
public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
String password = request.getParameter("password");
System.out.println("password = " + password);

4
java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery2.java
View File

@@ -7,7 +7,7 @@ import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletException;
public class SensitiveGetQuery2 extends HttpServlet {
// BAD - Tests sending sensitive information in a GET request.
// BAD - Tests retrieving sensitive information through `request.getParameterMap()` in a GET request.
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
Map map = request.getParameterMap();
String username = (String) map.get("username");
@@ -19,7 +19,7 @@ public class SensitiveGetQuery2 extends HttpServlet {
System.out.println("username = " + username+"; password "+password);
}
// GOOD - Tests sending sensitive information in a POST request.
// GOOD - Tests retrieving sensitive information through `request.getParameterMap()` in a POST request.
public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
Map map = request.getParameterMap();
String username = (String) map.get("username");

4
java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery3.java
View File

@@ -6,7 +6,7 @@ import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletException;
public class SensitiveGetQuery3 extends HttpServlet {
// BAD - Tests sending sensitive information in a GET request.
// BAD - Tests retrieving sensitive information through a wrapper call in a GET request.
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
String username = getRequestParameter(request, "username");
String password = getRequestParameter(request, "password");
@@ -17,7 +17,7 @@ public class SensitiveGetQuery3 extends HttpServlet {
return request.getParameter(paramName);
}
// GOOD - Tests sending sensitive information in a POST request.
// GOOD - Tests retrieving sensitive information through a wrapper call in a POST request.
public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
String username = getRequestParameter(request, "username");
String password = getRequestParameter(request, "password");

4
java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery4.java
View File

@@ -6,7 +6,7 @@ import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletException;
public class SensitiveGetQuery4 extends HttpServlet {
// BAD - Tests sending sensitive information in a GET request.
// BAD - Tests retrieving non-sensitive tokens and sensitive tokens in a GET request.
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
String username = getRequestParameter(request, "username");
String token = getRequestParameter(request, "token");
@@ -20,7 +20,7 @@ public class SensitiveGetQuery4 extends HttpServlet {
return request.getParameter(paramName);
}
// GOOD - Tests sending sensitive information in a POST request.
// GOOD - Tests retrieving non-sensitive tokens and sensitive tokens in a POST request.
public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
String username = getRequestParameter(request, "username");
String token = getRequestParameter(request, "token");