hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-28 21:03:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
386dedb9df875a1bf9cff6b73205ba863daa91ca
codeql/java/ql/test/query-tests/security/CWE-079/semmle/tests/XSS.java
Tony Torralba ad2f558002 Add Hudson models 
Includes models-as-data rows, flow sources, and XSS sanitizers.

Tests for models-as-data rows not included.
2023-06-02 11:06:24 +02:00

57 lines
2.2 KiB
Java
Raw Blame History

// Test case for
// CWE-079: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
// http://cwe.mitre.org/data/definitions/79.html
package test.cwe079.cwe.examples;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class XSS extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// BAD: a request parameter is written directly to the Servlet response stream
response.getWriter()
.print("The page \"" + request.getParameter("page") + "\" was not found."); // $xss
// GOOD: servlet API encodes the error message HTML for the HTML context
response.sendError(HttpServletResponse.SC_NOT_FOUND,
"The page \"" + request.getParameter("page") + "\" was not found.");
// GOOD: escape HTML characters first
response.sendError(HttpServletResponse.SC_NOT_FOUND,
"The page \"" + encodeForHtml(request.getParameter("page")) + "\" was not found.");
// GOOD: servlet API encodes the error message HTML for the HTML context
response.sendError(HttpServletResponse.SC_NOT_FOUND,
"The page \"" + capitalizeName(request.getParameter("page")) + "\" was not found.");
// BAD: outputting the path of the resource
response.getWriter().print("The path section of the URL was " + request.getPathInfo()); // $xss
// BAD: typical XSS, this time written to an OutputStream instead of a Writer
response.getOutputStream().write(request.getPathInfo().getBytes()); // $xss
// GOOD: sanitizer
response.getOutputStream().write(hudson.Util.escape(request.getPathInfo()).getBytes()); // safe
}
/**
* Replace special characters in the given text such that it can be inserted into an HTML file
* and not be interpreted as including any HTML tags.
*/
static String encodeForHtml(String text) {
// This is just a stub. For an example of a real implementation, see
// the OWASP Java Encoder Project.
return text.replace("<", "&lt;");
}
static String capitalizeName(String text) {
return text.replace("foo inc", "Foo, Inc.");
}
}
Reference in New Issue View Git Blame Copy Permalink