54 lines
1.2 KiB
Plaintext
54 lines
1.2 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
@RequestMapping("/delete_user") // Sensitive: by default all HTTP methods are allowed
|
|
public String delete1(String username) {
|
|
// state of the application will be changed here
|
|
}
|
|
|
|
@RequestMapping(path = "/delete_user", method = {RequestMethod.GET, RequestMethod.POST}) // Sensitive: both safe and unsafe methods are allowed
|
|
String delete2(@RequestParam("id") String id) {
|
|
// state of the application will be changed here
|
|
}
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
[source,java]
|
|
----
|
|
@RequestMapping("/delete_user", method = RequestMethod.POST) // Compliant
|
|
public String delete1(String username) {
|
|
// state of the application will be changed here
|
|
}
|
|
|
|
@RequestMapping(path = "/delete_user", method = RequestMethod.POST) // Compliant
|
|
String delete2(@RequestParam("id") String id) {
|
|
// state of the application will be changed here
|
|
}
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
include::../highlighting.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
endif::env-github,rspecator-view[]
|