hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.23.0
codeql/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery3.java
luchua-bc 2f17943abc Update qldoc
2021-02-15 16:58:09 +00:00

27 lines
1.2 KiB
Java
Raw Permalink Blame History

import java.io.IOException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletException;
public class SensitiveGetQuery3 extends HttpServlet {
// BAD - Tests retrieving sensitive information through a wrapper call in a GET request.
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
String username = getRequestParameter(request, "username");
String password = getRequestParameter(request, "password");
System.out.println("Username="+username+"; password="+password);
}
String getRequestParameter(HttpServletRequest request, String paramName) {
return request.getParameter(paramName);
}
// GOOD - Tests retrieving sensitive information through a wrapper call in a POST request.
public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
String username = getRequestParameter(request, "username");
String password = getRequestParameter(request, "password");
System.out.println("Username="+username+"; password="+password);
}
}
Reference in New Issue View Git Blame Copy Permalink