codeql/javascript/ql/src/Security/CWE-807/example.inc.qhelp at sauyon/java-spring-stringutils · ByteDecoder/codeql · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
<!DOCTYPE qhelp SYSTEM "qhelp.dtd">
<qhelp>
	<fragment>

			<p>

				In this example, we have a server that shows private
				information for a user, based on the request parameter
				<code>userId</code>.  For privacy reasons, users may only view their
				own private information, so the server checks that the request
				parameter <code>userId</code> matches a cookie value for the user
				who is logged in.

			</p>

			<sample src="examples/bypass.js" />

			<p>

				This security check is, however, insufficient since an
				attacker can craft his cookie values to match those of any user.  To
				prevent this, the server can cryptographically sign the security
				critical cookie values:

			</p>

			<sample src="examples/bypass_fixed.js" />

	</fragment>
</qhelp>