hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 21:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

add test and stubs

Browse Source
This commit is contained in:
Alvaro Muñoz
2020-10-27 15:35:35 +01:00
parent a274a1516a
commit 671ea2f6c6
18 changed files with 248 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
java/ql/test/query-tests/security/CWE-094/InsecureBeanValidation.java Normal file
View File

@@ -0,0 +1,18 @@
import javax.validation.ConstraintValidator;
import javax.validation.ConstraintValidatorContext;
public class InsecureBeanValidation implements ConstraintValidator<Override, String> {
@Override
public boolean isValid(String object, ConstraintValidatorContext constraintContext) {
String value = object + " is invalid";
// Bad: Bean properties (normally user-controlled) are passed directly to `buildConstraintViolationWithTemplate`
constraintContext.buildConstraintViolationWithTemplate(value).addConstraintViolation().disableDefaultConstraintViolation();
// Good: Using message parameters
constraintContext.buildConstraintViolationWithTemplate("literal {message_parameter}").addConstraintViolation().disableDefaultConstraintViolation();
return true;
}
}