Fix scope issues in the Java example

2025-12-21 19:26:31 +01:00 · 2021-09-15 14:39:12 +02:00
parent 023264660b
commit c3c73377b8
1 changed files with 6 additions and 12 deletions
--- a/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.java
+++ b/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.java
@@ -1,22 +1,19 @@
 public class InsecureBasicAuth {
  /**
   * Test basic authentication with Apache HTTP request.
-   */	
+   */
  public void testApacheHttpRequest(String username, String password) {
-  {
+
    // BAD: basic authentication over HTTP
    String url = "http://www.example.com/rest/getuser.do?uid=abcdx";
-  }

-  {
    // GOOD: basic authentication over HTTPS
-    String url = "https://www.example.com/rest/getuser.do?uid=abcdx";
-  }
+    url = "https://www.example.com/rest/getuser.do?uid=abcdx";

    HttpPost post = new HttpPost(url);
    post.setHeader("Accept", "application/json");
    post.setHeader("Content-type", "application/json");
-		
+
    String authString = username + ":" + password;
    byte[] authEncBytes = Base64.getEncoder().encode(authString.getBytes());
    String authStringEnc = new String(authEncBytes);
@@ -28,15 +25,12 @@ public class InsecureBasicAuth {
   * Test basic authentication with Java HTTP URL connection.
   */
  public void testHttpUrlConnection(String username, String password) {
-  {
+
    // BAD: basic authentication over HTTP
    String urlStr = "http://www.example.com/rest/getuser.do?uid=abcdx";
-  }

-  {
    // GOOD: basic authentication over HTTPS
-    String urlStr = "https://www.example.com/rest/getuser.do?uid=abcdx";
-  }
+    urlStr = "https://www.example.com/rest/getuser.do?uid=abcdx";

    String authString = username + ":" + password;
    String encoding = Base64.getEncoder().encodeToString(authString.getBytes("UTF-8"));