Updated vulnerable XSS.java version

giper45 · web-flow · commit 1c4488e7c854 · 2022-09-13T15:58:25.000+02:00
diff --git a/java/ql/src/Security/CWE/CWE-079/XSS.java b/java/ql/src/Security/CWE/CWE-079/XSS.java
@@ -1,8 +1,9 @@
 public class XSS extends HttpServlet {
 	protected void doGet(HttpServletRequest request, HttpServletResponse response)
 	throws ServletException, IOException {
-		// BAD: a request parameter is written directly to an error response page
-		response.sendError(HttpServletResponse.SC_NOT_FOUND,
-				"The page \"" + request.getParameter("page") + "\" was not found.");
+		// BAD: a request parameter is written directly to the Servlet response stream
+		response.getWriter().print(
+				"The page \"" + request.getParameter("page") + "\" was not found."); // $xss
+
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -1,8 +1,9 @@`
`1`	`1`	`public class XSS extends HttpServlet {`
`2`	`2`	`protected void doGet(HttpServletRequest request, HttpServletResponse response)`
`3`	`3`	`throws ServletException, IOException {`
`4`		`- // BAD: a request parameter is written directly to an error response page`
`5`		`- response.sendError(HttpServletResponse.SC_NOT_FOUND,`
`6`		`- "The page \"" + request.getParameter("page") + "\" was not found.");`
	`4`	`+ // BAD: a request parameter is written directly to the Servlet response stream`
	`5`	`+ response.getWriter().print(`
	`6`	`+ "The page \"" + request.getParameter("page") + "\" was not found."); // $xss`
	`7`	`+`
`7`	`8`	`}`
`8`	`9`	`}`