Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit aa488e5

Browse files
ahmed-farid-devsmowton
ahmed-farid-dev
authored and
smowton
committed
Update csrfComparison.java
1 parent 333130b commit aa488e5

1 file changed

Lines changed: 2 additions & 27 deletions

File tree

java/ql/src/experimental/Security/CWE/CWE-208/csrfComparison.java

Lines changed: 2 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -1,40 +1,15 @@
11
import javax.servlet.http.HttpServletRequest;
2-
import javax.servlet.http.Cookie;
32
import java.nio.charset.StandardCharsets;
43
import java.security.MessageDigest;
54

6-
public boolean validateCsrfTokenInRequest(HttpServletRequest request) {
7-
if (cookies != null) {
8-
for (Cookie cookie : cookies) {
9-
if (cookie.getName().equals(CSRF-TOKEN){
10-
csrfCookieValue = cookie.getValue();
11-
}
12-
}
13-
}
14-
if (UnsafecsrfComparison(csrfCookieValue)) { // BAD
15-
return true;
16-
}
17-
}
5+
186
private boolean UnsafecsrfComparison(String csrfTokenInCookie) {
197
if(csrfTokenInCookie == null || !csrfTokenInCookie.equals(request.getHeader("X-CSRF-TOKEN"))) { // BAD
208
return false;
219
}
2210
}
2311

24-
25-
26-
public boolean validateCsrfTokenInRequest(HttpServletRequest request) {
27-
if (cookies != null) {
28-
for (Cookie cookie : cookies) {
29-
if (cookie.getName().equals(CSRF-TOKEN){
30-
csrfCookieValue = cookie.getValue();
31-
}
32-
}
33-
}
34-
if (safecsrfComparison(csrfCookieValue)) { // GOOD
35-
return true;
36-
}
37-
}
12+
3813
private boolean safecsrfComparison(String csrfTokenInCookie) {
3914
String csrfTokenInRequest = request.getHeader("X-CSRF-TOKEN");
4015
if (csrfTokenInRequest == null || !MessageDigest.isEqual(

0 commit comments

Comments
 (0)