hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Resolve now-fixed spurious XSS results

Browse Source
This commit is contained in:
Chris Smowton
2021-06-29 09:49:17 +01:00
parent c37ecb7102
commit 7f556de8a0
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
java/ql/test/query-tests/security/CWE-079/semmle/tests/JaxXSS.java
View File

@@ -37,18 +37,18 @@ public class JaxXSS {
else {
if(chainDirectly) {
if(contentTypeFirst)
return builder.type(MediaType.APPLICATION_JSON).entity(userControlled).build(); // $SPURIOUS: xss
return builder.type(MediaType.APPLICATION_JSON).entity(userControlled).build();
else
return builder.entity(userControlled).type(MediaType.APPLICATION_JSON).build(); // $SPURIOUS: xss
return builder.entity(userControlled).type(MediaType.APPLICATION_JSON).build();
}
else {
if(contentTypeFirst) {
Response.ResponseBuilder builder2 = builder.type(MediaType.APPLICATION_JSON);
return builder2.entity(userControlled).build(); // $SPURIOUS: xss
return builder2.entity(userControlled).build();
}
else {
Response.ResponseBuilder builder2 = builder.entity(userControlled);
return builder2.type(MediaType.APPLICATION_JSON).build(); // $SPURIOUS: xss
return builder2.type(MediaType.APPLICATION_JSON).build();
}
}
}