hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Typos and style fixes

Browse Source 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
This commit is contained in:
Edward Minnix III
2023-07-26 09:58:56 -04:00
committed by Ed Minnix
parent 52ebf9fff6
commit 929090a847
4 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/Security/CWE/CWE-501/TrustBoundaryFixed.java
View File

@@ -2,7 +2,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) {
String username = request.getParameter("username");
if (validator.isValidInput("HTTP parameter", username, "username", 20, false)) {
// GOOD: The input is sanitized before being written to the response.
// GOOD: The input is sanitized before being written to the session.
request.getSession().setAttribute("username", username);
}
}

2
java/ql/src/Security/CWE/CWE-501/TrustBoundaryVulnerable.java
View File

@@ -1,6 +1,6 @@
public void doGet(HttpServletRequest request, HttpServletResponse response) {
String username = request.getParameter("username");
// BAD: The input is written to the response without being sanitized.
// BAD: The input is written to the session without being sanitized.
request.getSession().setAttribute("username", username);
}

2
java/ql/src/change-notes/2023-07-25-trust-boundary-violation-query.md
View File

@@ -1,5 +1,5 @@
---
category: newQuery
---
* Added the `java/trust-boundary-violation` query to detect trust boundary violations between http requests and the http session.
* Added the `java/trust-boundary-violation` query to detect trust boundary violations between HTTP requests and the HTTP session.

6
java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.java
View File

@@ -10,14 +10,14 @@ public class TrustBoundaryViolations extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response) {
String input = request.getParameter("input");
// BAD: The input is written to the response without being sanitized.
// BAD: The input is written to the session without being sanitized.
request.getSession().setAttribute("input", input); // $ hasTaintFlow
String input2 = request.getParameter("input2");
try {
String sanitized = validator.getValidInput("HTTP parameter", input2, "HTTPParameterValue", 100, false);
// GOOD: The input is sanitized before being written to the response.
// GOOD: The input is sanitized before being written to the session.
request.getSession().setAttribute("input2", sanitized);
} catch (Exception e) {
@@ -26,7 +26,7 @@ public class TrustBoundaryViolations extends HttpServlet {
try {
String input3 = request.getParameter("input3");
if (validator.isValidInput("HTTP parameter", input3, "HTTPParameterValue", 100, false)) {
// GOOD: The input is sanitized before being written to the response.
// GOOD: The input is sanitized before being written to the session.
request.getSession().setAttribute("input3", input3);
}
} catch (Exception e) {