hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
remove-javascript
codeql/java/ql/test/query-tests/security/CWE-079/semmle/tests/JsfXSS.java
Chris Smowton fcc0f1d5a7 Expand test to exercise all sinks
2021-09-14 12:27:33 +01:00

70 lines
2.9 KiB
Java
Raw Permalink Blame History

import java.io.IOException;
import java.util.Map;
import javax.faces.component.UIComponent;
import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import javax.faces.context.ResponseWriter;
import javax.faces.render.FacesRenderer;
import javax.faces.render.Renderer;
import javax.servlet.http.Cookie;
@FacesRenderer(componentFamily = "", rendererType = "")
public class JsfXSS extends Renderer
{
@Override
// BAD: directly output user input.
public void encodeBegin(FacesContext facesContext, UIComponent component) throws IOException
{
super.encodeBegin(facesContext, component);
Map<String, String> requestParameters = facesContext.getExternalContext().getRequestParameterMap();
String windowId = requestParameters.get("window_id");
ResponseWriter writer = facesContext.getResponseWriter();
writer.write("<script type=\"text/javascript\">");
writer.write("(function(){");
writer.write("dswh.init('" + windowId + "','" // $xss
+ "......" + "',"
+ -1 + ",{");
writer.write("});");
writer.write("})();");
writer.write("</script>");
}
// GOOD: use the method `writeText` that performs escaping appropriate for the markup language being rendered.
public void encodeBegin2(FacesContext facesContext, UIComponent component) throws IOException
{
super.encodeBegin(facesContext, component);
Map<String, String> requestParameters = facesContext.getExternalContext().getRequestParameterMap();
String windowId = requestParameters.get("window_id");
ResponseWriter writer = facesContext.getResponseWriter();
writer.write("<script type=\"text/javascript\">");
writer.write("(function(){");
writer.write("dswh.init('");
writer.writeText(windowId, null);
writer.write("','"
+ "......" + "',"
+ -1 + ",{");
writer.write("});");
writer.write("})();");
writer.write("</script>");
}
public void testAllSources(FacesContext facesContext) throws IOException
{
ExternalContext ec = facesContext.getExternalContext();
ResponseWriter writer = facesContext.getResponseWriter();
writer.write(ec.getRequestParameterMap().keySet().iterator().next()); // $xss
writer.write(ec.getRequestParameterNames().next()); // $xss
writer.write(ec.getRequestParameterValuesMap().get("someKey")[0]); // $xss
writer.write(ec.getRequestParameterValuesMap().keySet().iterator().next()); // $xss
writer.write(ec.getRequestPathInfo()); // $xss
writer.write(((Cookie)ec.getRequestCookieMap().get("someKey")).getName()); // $xss
writer.write(ec.getRequestHeaderMap().get("someKey")); // $xss
writer.write(ec.getRequestHeaderValuesMap().get("someKey")[0]); // $xss
}
}
Reference in New Issue View Git Blame Copy Permalink