hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.21.0
codeql/java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.java
Edward Minnix III 929090a847 Typos and style fixes 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
2023-08-17 13:05:37 -04:00

36 lines
1.3 KiB
Java
Raw Permalink Blame History

import java.io.IOException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.owasp.esapi.Validator;
public class TrustBoundaryViolations extends HttpServlet {
Validator validator;
public void doGet(HttpServletRequest request, HttpServletResponse response) {
String input = request.getParameter("input");
// BAD: The input is written to the session without being sanitized.
request.getSession().setAttribute("input", input); // $ hasTaintFlow
String input2 = request.getParameter("input2");
try {
String sanitized = validator.getValidInput("HTTP parameter", input2, "HTTPParameterValue", 100, false);
// GOOD: The input is sanitized before being written to the session.
request.getSession().setAttribute("input2", sanitized);
} catch (Exception e) {
}
try {
String input3 = request.getParameter("input3");
if (validator.isValidInput("HTTP parameter", input3, "HTTPParameterValue", 100, false)) {
// GOOD: The input is sanitized before being written to the session.
request.getSession().setAttribute("input3", input3);
}
} catch (Exception e) {
}
}
}
Reference in New Issue View Git Blame Copy Permalink