hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix scope issues in the Java example

Browse Source
This commit is contained in:
Tony Torralba
2021-09-15 14:39:12 +02:00
parent 023264660b
commit c3c73377b8
1 changed files with 6 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.java
View File

@@ -3,15 +3,12 @@ public class InsecureBasicAuth {
* Test basic authentication with Apache HTTP request.
*/
public void testApacheHttpRequest(String username, String password) {
{
// BAD: basic authentication over HTTP
String url = "http://www.example.com/rest/getuser.do?uid=abcdx";
}
{
// GOOD: basic authentication over HTTPS
String url = "https://www.example.com/rest/getuser.do?uid=abcdx";
}
url = "https://www.example.com/rest/getuser.do?uid=abcdx";
HttpPost post = new HttpPost(url);
post.setHeader("Accept", "application/json");
@@ -28,15 +25,12 @@ public class InsecureBasicAuth {
* Test basic authentication with Java HTTP URL connection.
*/
public void testHttpUrlConnection(String username, String password) {
{
// BAD: basic authentication over HTTP
String urlStr = "http://www.example.com/rest/getuser.do?uid=abcdx";
}
{
// GOOD: basic authentication over HTTPS
String urlStr = "https://www.example.com/rest/getuser.do?uid=abcdx";
}
urlStr = "https://www.example.com/rest/getuser.do?uid=abcdx";
String authString = username + ":" + password;
String encoding = Base64.getEncoder().encodeToString(authString.getBytes("UTF-8"));