Skip to content

Commit cbd9cc6

Browse files
michaelnebelmichaelnebel
committed
Java: Update request forgery expected output.
1 parent 3b6f399 commit cbd9cc6

File tree

1 file changed

+12
-12
lines changed

1 file changed

+12
-12
lines changed

java/ql/test/query-tests/security/CWE-918/SanitizationTests.java

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response)
2020
// BAD: a request parameter is incorporated without validation into a Http
2121
// request
2222
HttpRequest r = HttpRequest.newBuilder(uri).build(); // $ SSRF
23-
client.send(r, null);
23+
client.send(r, null); // $ SSRF
2424

2525
// GOOD: sanitisation by concatenation with a prefix that prevents targeting an arbitrary host.
2626
// We test a few different ways of sanitisation: via string conctentation (perhaps nested),
@@ -74,51 +74,51 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response)
7474
// place to sanitise user input:
7575
String unsafeUri3 = request.getParameter("baduri3") + "https://example.com/";
7676
HttpRequest unsafer3 = HttpRequest.newBuilder(new URI(unsafeUri3)).build(); // $ SSRF
77-
client.send(unsafer3, null);
77+
client.send(unsafer3, null); // $ SSRF
7878

7979
String unsafeUri4 = ("someprefix" + request.getParameter("baduri4")) + "https://example.com/";
8080
HttpRequest unsafer4 = HttpRequest.newBuilder(new URI(unsafeUri4)).build(); // $ SSRF
81-
client.send(unsafer4, null);
81+
client.send(unsafer4, null); // $ SSRF
8282

8383
StringBuilder unsafeUri5 = new StringBuilder();
8484
unsafeUri5.append(request.getParameter("baduri5")).append("https://example.com/");
8585
HttpRequest unsafer5 = HttpRequest.newBuilder(new URI(unsafeUri5.toString())).build(); // $ SSRF
86-
client.send(unsafer5, null);
86+
client.send(unsafer5, null); // $ SSRF
8787

8888
StringBuilder unafeUri5a = new StringBuilder(request.getParameter("uri5a"));
8989
unafeUri5a.append("https://example.com/");
9090
HttpRequest unsafer5a = HttpRequest.newBuilder(new URI(unafeUri5a.toString())).build(); // $ SSRF
91-
client.send(unsafer5a, null);
91+
client.send(unsafer5a, null); // $ SSRF
9292

9393
StringBuilder unsafeUri5b = (new StringBuilder(request.getParameter("uri5b"))).append("dir/");
9494
unsafeUri5b.append("https://example.com/");
9595
HttpRequest unsafer5b = HttpRequest.newBuilder(new URI(unsafeUri5b.toString())).build(); // $ SSRF
96-
client.send(unsafer5b, null);
96+
client.send(unsafer5b, null); // $ SSRF
9797

9898
StringBuilder unsafeUri5c = (new StringBuilder("https")).append(request.getParameter("uri5c"));
9999
unsafeUri5c.append("://example.com/dir/");
100100
HttpRequest unsafer5c = HttpRequest.newBuilder(new URI(unsafeUri5c.toString())).build(); // $ SSRF
101-
client.send(unsafer5c, null);
101+
client.send(unsafer5c, null); // $ SSRF
102102

103103
String unsafeUri6 = String.format("%shttps://example.com/", request.getParameter("baduri6"));
104104
HttpRequest unsafer6 = HttpRequest.newBuilder(new URI(unsafeUri6)).build(); // $ SSRF
105-
client.send(unsafer6, null);
105+
client.send(unsafer6, null); // $ SSRF
106106

107107
String unsafeUri7 = String.format("%s/%s", request.getParameter("baduri7"), "https://example.com");
108108
HttpRequest unsafer7 = HttpRequest.newBuilder(new URI(unsafeUri7)).build(); // $ SSRF
109-
client.send(unsafer7, null);
109+
client.send(unsafer7, null); // $ SSRF
110110

111111
String unsafeUri8 = String.format("%s%s", request.getParameter("baduri8"), "https://example.com/");
112112
HttpRequest unsafer8 = HttpRequest.newBuilder(new URI(unsafeUri8)).build(); // $ SSRF
113-
client.send(unsafer8, null);
113+
client.send(unsafer8, null); // $ SSRF
114114

115115
String unsafeUri9 = request.getParameter("baduri9") + "/" + String.format("http://%s", "myserver.com");
116116
HttpRequest unsafer9 = HttpRequest.newBuilder(new URI(unsafeUri9)).build(); // $ SSRF
117-
client.send(unsafer9, null);
117+
client.send(unsafer9, null); // $ SSRF
118118

119119
String unsafeUri10 = String.format("%s://%s:%s%s", "http", "myserver.com", "80", request.getParameter("baduri10"));
120120
HttpRequest unsafer10 = HttpRequest.newBuilder(new URI(unsafeUri10)).build(); // $ SSRF
121-
client.send(unsafer10, null);
121+
client.send(unsafer10, null); // $ SSRF
122122
} catch (Exception e) {
123123
// TODO: handle exception
124124
}

0 commit comments

Comments
 (0)