Java: Add test for XSS sanitizer

github · Aug 4, 2021 · 9c35332 · 9c35332
1 parent 8a2030a
commit 9c35332
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/java/ql/test/query-tests/security/CWE-079/semmle/tests/SpringXSS.java b/java/ql/test/query-tests/security/CWE-079/semmle/tests/SpringXSS.java
@@ -5,6 +5,7 @@
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.util.HtmlUtils;
 
 import java.util.Optional;
 
@@ -157,4 +158,9 @@ public static String stringWithNoMediaType(String userControlled) {
     return userControlled; // $xss
   }
 
-}
+  @GetMapping(value = "/abc")
+  public static String sanitizedString(String userControlled) {
+    return HtmlUtils.htmlEscape(userControlled);
+  }
+
+}