hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix test mistakes

Browse Source
This commit is contained in:
Chris Smowton
2021-06-25 18:07:08 +01:00
parent 6b3bc42ef2
commit 8eaffaff35
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
java/ql/test/query-tests/security/CWE-079/semmle/tests/JaxXSS.java
View File

@@ -37,18 +37,18 @@ public class JaxXSS {
else {
if(chainDirectly) {
if(contentTypeFirst)
return builder.type(MediaType.APPLICATION_JSON).entity(userControlled).build(); // $xss
return builder.type(MediaType.APPLICATION_JSON).entity(userControlled).build();
else
return builder.entity(userControlled).type(MediaType.APPLICATION_JSON).build(); // $xss
return builder.entity(userControlled).type(MediaType.APPLICATION_JSON).build();
}
else {
if(contentTypeFirst) {
Response.ResponseBuilder builder2 = builder.type(MediaType.APPLICATION_JSON);
return builder2.entity(userControlled).build(); // $xss
return builder2.entity(userControlled).build();
}
else {
Response.ResponseBuilder builder2 = builder.entity(userControlled);
return builder2.type(MediaType.APPLICATION_JSON).build(); // $xss
return builder2.type(MediaType.APPLICATION_JSON).build();
}
}
}
@@ -188,7 +188,7 @@ public class JaxXSS {
@Path("/abc")
@Produces({"application/json"})
private static class ClassContentTypeSafe {
public static class ClassContentTypeSafe {
@GET
public Response test(String userControlled) {
return Response.ok(userControlled).build();
@@ -212,7 +212,7 @@ public class JaxXSS {
@Path("/abc")
@Produces({"text/html"})
private static class ClassContentTypeUnsafe {
public static class ClassContentTypeUnsafe {
@GET
public Response test(String userControlled) {
return Response.ok(userControlled).build(); // $MISSING: xss