Add spurious results now found in JaxXSS.java

2026-04-29 02:35:15 +02:00 · 2021-06-28 19:23:39 +01:00
parent 768a8e78dd
commit dd70f2c87e
1 changed files with 4 additions and 4 deletions
--- a/java/ql/test/query-tests/security/CWE-079/semmle/tests/JaxXSS.java
+++ b/java/ql/test/query-tests/security/CWE-079/semmle/tests/JaxXSS.java
@@ -37,18 +37,18 @@ public class JaxXSS {
    else {
      if(chainDirectly) {
        if(contentTypeFirst)
-          return builder.type(MediaType.APPLICATION_JSON).entity(userControlled).build();
+          return builder.type(MediaType.APPLICATION_JSON).entity(userControlled).build(); // $SPURIOUS: xss
        else
-          return builder.entity(userControlled).type(MediaType.APPLICATION_JSON).build();
+          return builder.entity(userControlled).type(MediaType.APPLICATION_JSON).build(); // $SPURIOUS: xss
      }
      else {
        if(contentTypeFirst) {
          Response.ResponseBuilder builder2 = builder.type(MediaType.APPLICATION_JSON);
-          return builder2.entity(userControlled).build();
+          return builder2.entity(userControlled).build(); // $SPURIOUS: xss
        }
        else {
          Response.ResponseBuilder builder2 = builder.entity(userControlled);
-          return builder2.type(MediaType.APPLICATION_JSON).build();
+          return builder2.type(MediaType.APPLICATION_JSON).build(); // $SPURIOUS: xss
        }
      }
    }