Add BAD markers to samples

egregius313 · egregius313 · commit e14be0e97132 · 2024-01-08T09:39:04.000-05:00
diff --git a/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironmentName.java b/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironmentName.java
@@ -3,7 +3,8 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) {
     String value = request.getParameter("value");
 
     Map<String, String> env = processBuilder.environment();
-    env.put(attribute, value);
+    // BAD: attr and value are tainted and being added to the environment
+    env.put(attr, value);
 
     processBuilder.start();
 }
diff --git a/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironmentValue.java b/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironmentValue.java
@@ -2,6 +2,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) {
     String path = request.getParameter("path");
 
     Map<String, String> env = processBuilder.environment();
+    // BAD: path is tainted and being added to the environment
     env.put("PATH", path);
 
     processBuilder.start();

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,8 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) {`
`3`	`3`	`String value = request.getParameter("value");`
`4`	`4`
`5`	`5`	`Map<String, String> env = processBuilder.environment();`
`6`		`- env.put(attribute, value);`
	`6`	`+ // BAD: attr and value are tainted and being added to the environment`
	`7`	`+ env.put(attr, value);`
`7`	`8`
`8`	`9`	`processBuilder.start();`
`9`	`10`	`}`