Fix scope issues in the Java example

atorralba · atorralba · commit c3c73377b8a4 · 2021-09-15T17:20:28.000+02:00
diff --git a/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.java b/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.java
@@ -1,22 +1,19 @@
 public class InsecureBasicAuth {
   /**
    * Test basic authentication with Apache HTTP request.
-   */	
+   */
   public void testApacheHttpRequest(String username, String password) {
-  {
+
     // BAD: basic authentication over HTTP
     String url = "http://www.example.com/rest/getuser.do?uid=abcdx";
-  }
 
-  {
     // GOOD: basic authentication over HTTPS
-    String url = "https://www.example.com/rest/getuser.do?uid=abcdx";
-  }
+    url = "https://www.example.com/rest/getuser.do?uid=abcdx";
 
     HttpPost post = new HttpPost(url);
     post.setHeader("Accept", "application/json");
     post.setHeader("Content-type", "application/json");
-		
+
     String authString = username + ":" + password;
     byte[] authEncBytes = Base64.getEncoder().encode(authString.getBytes());
     String authStringEnc = new String(authEncBytes);
@@ -28,15 +25,12 @@ public void testApacheHttpRequest(String username, String password) {
    * Test basic authentication with Java HTTP URL connection.
    */
   public void testHttpUrlConnection(String username, String password) {
-  {
+
     // BAD: basic authentication over HTTP
     String urlStr = "http://www.example.com/rest/getuser.do?uid=abcdx";
-  }
 
-  {
     // GOOD: basic authentication over HTTPS
-    String urlStr = "https://www.example.com/rest/getuser.do?uid=abcdx";
-  }
+    urlStr = "https://www.example.com/rest/getuser.do?uid=abcdx";
 
     String authString = username + ":" + password;
     String encoding = Base64.getEncoder().encodeToString(authString.getBytes("UTF-8"));
