hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 21:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Migrate Java code to separate QL repo.

Browse Source
This commit is contained in:
Pavel Avgustinov
2018-08-30 10:48:05 +01:00
parent d957c151a6
commit 846c9d5860
2319 changed files with 134386 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
java/ql/src/Security/CWE/CWE-421/SocketAuthRace.java Normal file
View File

@@ -0,0 +1,19 @@
public void doConnect(int desiredPort, String username) {
ServerSocket listenSocket = new ServerSocket(desiredPort);
if (isAuthenticated(username)) {
Socket connection1 = listenSocket.accept();
// BAD: no authentication over the socket connection
connection1.getOutputStream().write(secretData);
}
}
public void doConnect(int desiredPort, String username) {
ServerSocket listenSocket = new ServerSocket(desiredPort);
Socket connection2 = listenSocket.accept();
// GOOD: authentication happens over the socket
if (doAuthenticate(connection2, username)) {
connection2.getOutputStream().write(secretData);
}
}