hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improve handling of the 'author' word as an exception

Browse Source
This commit is contained in:
Tony Torralba
2021-09-16 11:57:28 +02:00
parent 21079a1315
commit f18c163408
2 changed files with 32 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
java/ql/test/query-tests/security/CWE-807/semmle/tests/ConditionalBypassTest.java
View File

@@ -129,6 +129,27 @@ class ConditionalBypassTest {
}
}
public static void test8(String user, String password) {
Cookie adminCookie = getCookies()[0];
{
// BAD: login may not happen
if (adminCookie.getValue() == "false") // $ hasConditionalBypassTest
authorize(user, password);
else {
// do something else
doIt();
}
}
{
// obtainAuthor is not sensitive, so this is safe
if (adminCookie.getValue() == "false")
obtainAuthor();
else {
doIt();
}
}
}
public static void login(String user, String password) {
// login
}
@@ -137,6 +158,14 @@ class ConditionalBypassTest {
// login
}
public static void authorize(String user, String password) {
// login
}
public static String obtainAuthor() {
return "";
}
public static Cookie[] getCookies() {
// get cookies from a servlet
return new Cookie[0];