github
diff --git a/‎java/ql/src/Security/CWE/CWE-352/JsonpInjection.ql‎
Lines changed: 0 additions & 68 deletions b/‎java/ql/src/Security/CWE/CWE-352/JsonpInjection.ql‎
Lines changed: 0 additions & 68 deletions
diff --git a/‎java/ql/src/Security/CWE/CWE-352/JsonpInjectionFilterLib.qll‎
Lines changed: 0 additions & 77 deletions b/‎java/ql/src/Security/CWE/CWE-352/JsonpInjectionFilterLib.qll‎
Lines changed: 0 additions & 77 deletions
diff --git a/‎java/ql/src/Security/CWE/CWE-352/JsonpInjectionLib.qll‎
Lines changed: 0 additions & 155 deletions b/‎java/ql/src/Security/CWE/CWE-352/JsonpInjectionLib.qll‎
Lines changed: 0 additions & 155 deletions
diff --git a/‎…c/Security/CWE/CWE-352/JsonStringLib.qll‎ ‎…l/Security/CWE/CWE-352/JsonStringLib.qll‎java/ql/src/Security/CWE/CWE-352/JsonStringLib.qll renamed to java/ql/src/experimental/Security/CWE/CWE-352/JsonStringLib.qll b/‎…c/Security/CWE/CWE-352/JsonStringLib.qll‎ ‎…l/Security/CWE/CWE-352/JsonStringLib.qll‎java/ql/src/Security/CWE/CWE-352/JsonStringLib.qll renamed to java/ql/src/experimental/Security/CWE/CWE-352/JsonStringLib.qll
diff --git a/‎…sts/security/CWE-352/JsonpInjection.java‎ ‎…ecurity/CWE/CWE-352/JsonpController.java‎java/ql/test/experimental/query-tests/security/CWE-352/JsonpInjection.java renamed to java/ql/src/experimental/Security/CWE/CWE-352/JsonpController.java
Lines changed: 2 additions & 46 deletions b/‎…sts/security/CWE-352/JsonpInjection.java‎ ‎…ecurity/CWE/CWE-352/JsonpController.java‎java/ql/test/experimental/query-tests/security/CWE-352/JsonpInjection.java renamed to java/ql/src/experimental/Security/CWE/CWE-352/JsonpController.java
Lines changed: 2 additions & 46 deletions
diff --git a/‎…Security/CWE/CWE-352/JsonpInjection.java‎ ‎…Security/CWE/CWE-352/JsonpInjection.java‎java/ql/src/Security/CWE/CWE-352/JsonpInjection.java renamed to java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.java b/‎…Security/CWE/CWE-352/JsonpInjection.java‎ ‎…Security/CWE/CWE-352/JsonpInjection.java‎java/ql/src/Security/CWE/CWE-352/JsonpInjection.java renamed to java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.java
diff --git a/‎…ecurity/CWE/CWE-352/JsonpInjection.qhelp‎ ‎…ecurity/CWE/CWE-352/JsonpInjection.qhelp‎java/ql/src/Security/CWE/CWE-352/JsonpInjection.qhelp renamed to java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.qhelp
Lines changed: 1 addition & 1 deletion b/‎…ecurity/CWE/CWE-352/JsonpInjection.qhelp‎ ‎…ecurity/CWE/CWE-352/JsonpInjection.qhelp‎java/ql/src/Security/CWE/CWE-352/JsonpInjection.qhelp renamed to java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.qhelp
Lines changed: 1 addition & 1 deletion
@@ -3,17 +3,14 @@
 import com.google.gson.Gson;
 import java.io.PrintWriter;
 import java.util.HashMap;
-import java.util.Random;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.ResponseBody;
 
 @Controller
-public class JsonpInjection {
+public class JsonpController {
     private static HashMap hashMap = new HashMap();
 
     static {
@@ -96,54 +93,13 @@ public void bad6(HttpServletRequest request,
 
     @GetMapping(value = "jsonp7")
     @ResponseBody
-    public String good(HttpServletRequest request) {
-        String resultStr = null;
-        String jsonpCallback = request.getParameter("jsonpCallback");
-
-        String val = "";
-        Random random = new Random();
-        for (int i = 0; i < 10; i++) {
-            val += String.valueOf(random.nextInt(10));
-        }
-        // good
-        jsonpCallback = jsonpCallback + "_" + val;
-        String jsonStr = getJsonStr(hashMap);
-        resultStr = jsonpCallback + "(" + jsonStr + ")";
-        return resultStr;
-    }
-
-    @GetMapping(value = "jsonp8")
-    @ResponseBody
     public String good1(HttpServletRequest request) {
         String resultStr = null;
-        String jsonpCallback = request.getParameter("jsonpCallback");
 
         String token = request.getParameter("token");
 
-        // good
         if (verifToken(token)){
-            System.out.println(token);
-            String jsonStr = getJsonStr(hashMap);
-            resultStr = jsonpCallback + "(" + jsonStr + ")";
-            return resultStr;
-        }
-
-        return "error";
-    }
-
-    @GetMapping(value = "jsonp9")
-    @ResponseBody
-    public String good2(HttpServletRequest request) {
-        String resultStr = null;
-        String jsonpCallback = request.getParameter("jsonpCallback");
-
-        String referer = request.getHeader("Referer");
-
-        boolean result = verifReferer(referer);
-
-        boolean test = result;
-        // good
-        if (test){
+            String jsonpCallback = request.getParameter("jsonpCallback");
             String jsonStr = getJsonStr(hashMap);
             resultStr = jsonpCallback + "(" + jsonStr + ")";
             return resultStr;
 
@@ -16,7 +16,7 @@ there is a problem of sensitive information leakage.</p>
 
 <p>The following example shows the case of no verification processing and verification processing for the external input function name.</p>
 
-<sample src="JsonHijacking.java" />
+<sample src="JsonpInjection.java" />
 
 </example>
 <references>