Conversation
at 🎯 Static Application Security Testing (SAST) VulnerabilityFull descriptionOverviewXSS, or Cross-Site Scripting, is a type of vulnerability that allows an attacker to Vulnerable examplepublic class xss_vuln {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String username = request.getParameter("username");
//If username exists in the db - do something and write a response
//if it doesn't exists -
response.getWriter().println("Unable to find user " + username);
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
}
}In this example, a user-provided data is injected directly into the Remediation+ import org.owasp.html.HtmlPolicyBuilder;
+ import org.owasp.html.PolicyFactory;
public class xss_safe {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String username = request.getParameter("username");
//If username exists in the db - do something and write a response
//if it doesn't exists -
+ PolicyFactory policy = new HtmlPolicyBuilder().toFactory();
+ String htmlResponse = policy.sanitize("Unable to find user " + username);
+ response.getWriter().println(htmlResponse);
- response.getWriter().println("Unable to find user " + username);
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
}
}Using Code FlowsVulnerable data flow analysis result
|
at 🎯 Static Application Security Testing (SAST) VulnerabilityFull descriptionOverviewXSS, or Cross-Site Scripting, is a type of vulnerability that allows an attacker to Vulnerable examplepublic class xss_vuln {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String username = request.getParameter("username");
//If username exists in the db - do something and write a response
//if it doesn't exists -
response.getWriter().println("Unable to find user " + username);
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
}
}In this example, a user-provided data is injected directly into the Remediation+ import org.owasp.html.HtmlPolicyBuilder;
+ import org.owasp.html.PolicyFactory;
public class xss_safe {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String username = request.getParameter("username");
//If username exists in the db - do something and write a response
//if it doesn't exists -
+ PolicyFactory policy = new HtmlPolicyBuilder().toFactory();
+ String htmlResponse = policy.sanitize("Unable to find user " + username);
+ response.getWriter().println(htmlResponse);
- response.getWriter().println("Unable to find user " + username);
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
}
}Using Code FlowsVulnerable data flow analysis result
|
at 🎯 Static Application Security Testing (SAST) VulnerabilityFull descriptionOverviewXSS, or Cross-Site Scripting, is a type of vulnerability that allows an attacker to Vulnerable examplepublic class xss_vuln {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String username = request.getParameter("username");
//If username exists in the db - do something and write a response
//if it doesn't exists -
response.getWriter().println("Unable to find user " + username);
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
}
}In this example, a user-provided data is injected directly into the Remediation+ import org.owasp.html.HtmlPolicyBuilder;
+ import org.owasp.html.PolicyFactory;
public class xss_safe {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String username = request.getParameter("username");
//If username exists in the db - do something and write a response
//if it doesn't exists -
+ PolicyFactory policy = new HtmlPolicyBuilder().toFactory();
+ String htmlResponse = policy.sanitize("Unable to find user " + username);
+ response.getWriter().println(htmlResponse);
- response.getWriter().println("Unable to find user " + username);
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
}
}Using Code FlowsVulnerable data flow analysis result
|
at 🎯 Static Application Security Testing (SAST) VulnerabilityFull descriptionOverviewServer-Side Request Forgery (SSRF) is a type of attack in which an attacker Vulnerable examplepublic class ssrf_vuln {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
URL url = new URL(request.getParameter("url"));
HttpURLConnection con = (HttpURLConnection) url.openConnection();
con.setRequestMethod("GET");
if (con.getResponseCode() == HttpURLConnection.HTTP_OK) {
String htmlRes = new String(con.getInputStream().readAllBytes(),
StandardCharsets.UTF_8);
response.getWriter().println(htmlRes);
response.setStatus(HttpServletResponse.SC_OK);
} else {
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
}
}
}Remediationpublic class ssrf_safe {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
URL url = new URL(request.getParameter("url"));
+ if (url.getHost() == "api.site.com") {
HttpURLConnection con = (HttpURLConnection) url.openConnection();
con.setRequestMethod("GET");
if (con.getResponseCode() == HttpURLConnection.HTTP_OK) {
String htmlRes = new String(con.getInputStream().readAllBytes(),
StandardCharsets.UTF_8);
response.getWriter().println(htmlRes);
response.setStatus(HttpServletResponse.SC_OK);
+ return;
- } else {
+ }
+ }
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
- }
}
}Code FlowsVulnerable data flow analysis result
|
rebase the dev-dk branch



No description provided.