hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.22.2
codeql/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery4.java
luchua-bc 2f17943abc Update qldoc
2021-02-15 16:58:09 +00:00

33 lines
1.5 KiB
Java
Raw Permalink Blame History

import java.io.IOException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletException;
public class SensitiveGetQuery4 extends HttpServlet {
// BAD - Tests retrieving non-sensitive tokens and sensitive tokens in a GET request.
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
String username = getRequestParameter(request, "username");
String token = getRequestParameter(request, "token");
String tokenType = getRequestParameter(request, "tokenType");
String accessToken = getRequestParameter(request, "accessToken");
System.out.println("Username="+username+"; token="+token+"; tokenType="+tokenType);
System.out.println("AccessToken="+accessToken);
}
String getRequestParameter(HttpServletRequest request, String paramName) {
return request.getParameter(paramName);
}
// GOOD - Tests retrieving non-sensitive tokens and sensitive tokens in a POST request.
public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
String username = getRequestParameter(request, "username");
String token = getRequestParameter(request, "token");
String tokenType = getRequestParameter(request, "tokenType");
String accessToken = getRequestParameter(request, "accessToken");
System.out.println("Username="+username+"; token="+token+"; tokenType="+tokenType);
System.out.println("AccessToken="+accessToken);
}
}
Reference in New Issue View Git Blame Copy Permalink