hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Reformat inline expectations (space after $)

Browse Source
This commit is contained in:
Owen Mansel-Chan
2025-01-27 14:36:26 +00:00
parent 05fb22e8ff
commit 9f3572d15a
5 changed files with 54 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/test/query-tests/security/CWE-079/semmle/tests/XSS.java
View File

@@ -16,7 +16,7 @@ public class XSS extends HttpServlet {
throws ServletException, IOException {
// BAD: a request parameter is written directly to the Servlet response stream
response.getWriter()
.print("The page \"" + request.getParameter("page") + "\" was not found."); // $xss
.print("The page \"" + request.getParameter("page") + "\" was not found."); // $ xss
// GOOD: servlet API encodes the error message HTML for the HTML context
response.sendError(HttpServletResponse.SC_NOT_FOUND,
@@ -31,10 +31,10 @@ public class XSS extends HttpServlet {
"The page \"" + capitalizeName(request.getParameter("page")) + "\" was not found.");
// BAD: outputting the path of the resource
response.getWriter().print("The path section of the URL was " + request.getPathInfo()); // $xss
response.getWriter().print("The path section of the URL was " + request.getPathInfo()); // $ xss
// BAD: typical XSS, this time written to an OutputStream instead of a Writer
response.getOutputStream().write(request.getPathInfo().getBytes()); // $xss
response.getOutputStream().write(request.getPathInfo().getBytes()); // $ xss
// GOOD: sanitizer
response.getOutputStream().write(hudson.Util.escape(request.getPathInfo()).getBytes()); // safe