Trust Boundary Work

2026-04-30 19:26:02 +02:00 · 2023-07-19 16:39:09 -04:00
parent 2aba425464
commit f58590c6a9
5 changed files with 66 additions and 0 deletions
--- a/java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.java
+++ b/java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.java
@@ -0,0 +1,12 @@
+import java.io.IOException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public class TrustBoundaryViolations extends HttpServlet {
+    public void doGet(HttpServletRequest request, HttpServletResponse response) {
+        String input = request.getParameter("input");
+
+        request.getSession().setAttribute("input", input); // $ hasTaintFlow
+    }
+}
--- a/java/ql/test/query-tests/security/CWE-501/options
+++ b/java/ql/test/query-tests/security/CWE-501/options