hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.21.1
codeql/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery.java
luchua-bc 2f17943abc Update qldoc
2021-02-15 16:58:09 +00:00

27 lines
1.1 KiB
Java
Raw Permalink Blame History

import java.io.IOException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletException;
public class SensitiveGetQuery extends HttpServlet {
// BAD - Tests retrieving sensitive information through `request.getParameter()` in a GET request.
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
String username = request.getParameter("username");
String password = request.getParameter("password");
processUserInfo(username, password);
}
void processUserInfo(String username, String password) {
System.out.println("username = " + username+"; password "+password);
}
// GOOD - Tests retrieving sensitive information through `request.getParameter()` in a POST request.
public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
String password = request.getParameter("password");
System.out.println("password = " + password);
}
}
Reference in New Issue View Git Blame Copy Permalink