hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
bc6133de5c1ff734a5fa475a5dd6e0af7ed9ff3c
codeql/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.go
Owen Mansel-Chan 1926ffd450 Convert XSS tests to use inline expectations
2025-05-01 15:39:19 +01:00

21 lines
506 B
Go
Raw Blame History

package main
import (
"fmt"
"net/http"
)
func serve() {
http.HandleFunc("/user", func(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
username := r.Form.Get("username") // $ Source[go/reflected-xss]
if !isValidUsername(username) {
// BAD: a request parameter is incorporated without validation into the response
fmt.Fprintf(w, "%q is an unknown user", username) // $ Alert[go/reflected-xss]
} else {
// TODO: Handle successful login
}
})
http.ListenAndServe(":80", nil)
}
Reference in New Issue View Git Blame Copy Permalink