We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
com/google/common/escape/Escaper.escape() is often used to encode URL parameter.
While the interface is generic and could be implemented by any type of escaping, it is highly likely to be for URL. https://guava.dev/releases/19.0/api/docs/com/google/common/net/UrlEscapers.html
Test case provided by @ RichardBradley
Bad :
import javax.ws.rs.core.Response; import org.apache.http.client.methods.HttpGet; public Response get(String x, String y) throws IOException { String url = String.format("%s/%s", x, y); HttpGet request = new HttpGet(url); // HERE ... }
Good:
import javax.ws.rs.core.Response; import org.apache.http.client.methods.HttpGet; import static com.google.common.net.UrlEscapers.urlPathSegmentEscaper; public Response get(String x, String y) throws IOException { String url = String.format("%s/%s", urlPathSegmentEscaper().escape(x), urlPathSegmentEscaper().escape(y)); HttpGet request = new HttpGet(url); ... }
The text was updated successfully, but these errors were encountered:
Open to close #346
Sorry, something went wrong.
For somebody to do this "quick" win: Here is an example of configuration for URLEncoder.
find-sec-bugs/plugin/src/main/resources/safe-encoders/other.txt
Lines 1 to 4 in a1a27ac
I would like to take this for this hacktoberfest
@thiyagu-7 Perfect! I have assigned you to this issue.
thiyagu-7
No branches or pull requests
Description
com/google/common/escape/Escaper.escape() is often used to encode URL parameter.
While the interface is generic and could be implemented by any type of escaping, it is highly likely to be for URL. https://guava.dev/releases/19.0/api/docs/com/google/common/net/UrlEscapers.html
Code
Test case provided by @ RichardBradley
Bad :
Good:
The text was updated successfully, but these errors were encountered: