abstract class TrustBoundaryValidationSanitizer extends DataFlow::Node { }

predicate isBarrier(DataFlow::Node node) {

node instanceof TrustBoundaryValidationSanitizer or

node.getType() instanceof HttpServletSession or

node.asExpr()

.(MethodAccess)

.getMethod()

.hasQualifiedName("javax.servlet.http", "HttpServletRequest", "getMethod")

}

<!DOCTYPE qhelp PUBLIC

"-//Semmle//qhelp//EN"

"qhelp.dtd">

<qhelp>

<overview>

<p>

A trust boundary violation occurs when a value is passed from a less trusted context to a more trusted context.

</p>

<p>

For example, a value that is generated by a less trusted source, such as a user, may be passed to a more trusted

source, such as a system process. If the less trusted source is malicious, then the value may be crafted to

exploit the more trusted source.

</p>

<p>

Trust boundary violations are often caused by a failure to validate input. For example, if a web application

accepts a cookie from a user, then the application should validate the cookie before using it. If the cookie is

not validated, then the user may be able to craft a malicious cookie that exploits the application.

</p>

</overview>

<recommendation>

<p>

Validate input coming from a user. For example, if a web application accepts a cookie from a user, then the

application should validate the cookie before using it.

</p>

</recommendation>

<example>

</example>

<references>

<li>

Wikipedia: <a href="http://en.wikipedia.org/wiki/Trust_boundary">Trust boundary</a>.

</li>

</references>

</qhelp>

import java.io.IOException;

import javax.servlet.http.HttpServlet;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

public class TrustBoundaryViolations extends HttpServlet {

public void doGet(HttpServletRequest request, HttpServletResponse response) {

String input = request.getParameter("input");

request.getSession().setAttribute("input", input); // $ hasTaintFlow

}

}