From 4e879e64fcd3cd1ba00f86f726c1031f3cd5f01d Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Thu, 24 Oct 2024 14:16:13 +0100 Subject: [PATCH] Trim JSP test This was only ever testing that Java files relating to the JSPs in question appear in the database, so there's no need for a particularly wide selection. --- .../java/java-web-jsp/pom.xml | 24 ---------- .../src/main/webapp/WEB-INF/secret.jsp | 1 - .../webapp/include/jsp_include_2_safe.jsp | 6 --- .../src/main/webapp/include/jsp_include_3.jsp | 9 ---- .../java-web-jsp/src/main/webapp/index.jsp | 45 ------------------- .../src/main/webapp/jstl/jstl_escape_2.jsp | 3 -- .../src/main/webapp/jstl/jstl_escape_3.jsp | 3 -- .../src/main/webapp/spring/spring_eval_1.jsp | 20 --------- .../src/main/webapp/spring/spring_eval_2.jsp | 20 --------- .../src/main/webapp/spring/spring_eval_3.jsp | 20 --------- .../main/webapp/spring/spring_eval_4_safe.jsp | 20 --------- .../src/main/webapp/test/bean1.jsp | 15 ------- .../src/main/webapp/test/bean2.jsp | 15 ------- .../src/main/webapp/test/dump.jsp | 23 ---------- .../src/main/webapp/test/expr.jsp | 23 ---------- .../src/main/webapp/test/foo/foo.jsp | 15 ------- .../src/main/webapp/test/jstl.jsp | 15 ------- .../java-web-jsp/src/main/webapp/test/tag.jsp | 16 ------- .../src/main/webapp/test/tag2.jsp | 19 -------- .../src/main/webapp/test/tagfile.jsp | 37 --------------- .../java-web-jsp/src/main/webapp/various.jsp | 21 --------- .../java-web-jsp/src/main/webapp/xml/xml1.jsp | 3 -- .../java-web-jsp/src/main/webapp/xml/xml2.jsp | 3 -- .../java-web-jsp/src/main/webapp/xsl/xsl1.jsp | 2 - .../java-web-jsp/src/main/webapp/xsl/xsl2.jsp | 2 - .../java-web-jsp/src/main/webapp/xsl/xsl3.jsp | 2 - .../java-web-jsp/src/main/webapp/xsl/xsl4.jsp | 2 - .../java-web-jsp/src/main/webapp/xss/xss0.jsp | 6 --- .../java-web-jsp/src/main/webapp/xss/xss1.jsp | 4 -- .../java-web-jsp/src/main/webapp/xss/xss2.jsp | 4 -- .../java-web-jsp/src/main/webapp/xss/xss3.jsp | 3 -- .../java-web-jsp/src/main/webapp/xss/xss4.jsp | 7 --- .../java-web-jsp/src/main/webapp/xss/xss5.jsp | 11 ----- .../java/java-web-jsp/test.expected | 33 -------------- 34 files changed, 452 deletions(-) delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/WEB-INF/secret.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/include/jsp_include_2_safe.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/include/jsp_include_3.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/index.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/jstl/jstl_escape_2.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/jstl/jstl_escape_3.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/spring/spring_eval_1.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/spring/spring_eval_2.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/spring/spring_eval_3.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/spring/spring_eval_4_safe.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/bean1.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/bean2.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/dump.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/expr.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/foo/foo.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/jstl.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/tag.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/tag2.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/tagfile.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/various.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xml/xml1.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xml/xml2.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xsl/xsl1.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xsl/xsl2.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xsl/xsl3.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xsl/xsl4.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss0.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss1.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss2.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss3.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss4.jsp delete mode 100644 java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss5.jsp diff --git a/java/ql/integration-tests/java/java-web-jsp/pom.xml b/java/ql/integration-tests/java/java-web-jsp/pom.xml index e9f33c059078..5f72b64a8b04 100644 --- a/java/ql/integration-tests/java/java-web-jsp/pom.xml +++ b/java/ql/integration-tests/java/java-web-jsp/pom.xml @@ -54,30 +54,6 @@ pom - - - - org.springframework - spring-webmvc - ${spring.version} - jar - - - - - - - org.owasp.encoder - encoder - 1.2 - - - - org.owasp.encoder - encoder-jsp - 1.2 - - diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/WEB-INF/secret.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/WEB-INF/secret.jsp deleted file mode 100644 index 9f66d62135b9..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/WEB-INF/secret.jsp +++ /dev/null @@ -1 +0,0 @@ -This page should be private. \ No newline at end of file diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/include/jsp_include_2_safe.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/include/jsp_include_2_safe.jsp deleted file mode 100644 index 87e1475c58e9..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/include/jsp_include_2_safe.jsp +++ /dev/null @@ -1,6 +0,0 @@ -Psst click me or click me! -

- - -<%@include file="${param.secret_param}.jsp"%> -<%-- This line doesn't compile in weblogic --%> \ No newline at end of file diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/include/jsp_include_3.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/include/jsp_include_3.jsp deleted file mode 100644 index a804db07f7ae..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/include/jsp_include_3.jsp +++ /dev/null @@ -1,9 +0,0 @@ -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> - -Psst click me or click me! -

- - - - - \ No newline at end of file diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/index.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/index.jsp deleted file mode 100644 index dda2310a037c..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/index.jsp +++ /dev/null @@ -1,45 +0,0 @@ - - - Embedded Jetty: JSP Examples - - -

Vulnerable JSP pages

- -

XSS

- - -

XML parsing

- - -

XSLT

- - -

Various JSP samples

- - - \ No newline at end of file diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/jstl/jstl_escape_2.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/jstl/jstl_escape_2.jsp deleted file mode 100644 index 8d859f2cc94b..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/jstl/jstl_escape_2.jsp +++ /dev/null @@ -1,3 +0,0 @@ -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> - - \ No newline at end of file diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/jstl/jstl_escape_3.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/jstl/jstl_escape_3.jsp deleted file mode 100644 index fde15587eba9..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/jstl/jstl_escape_3.jsp +++ /dev/null @@ -1,3 +0,0 @@ -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> - - \ No newline at end of file diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/spring/spring_eval_1.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/spring/spring_eval_1.jsp deleted file mode 100644 index a38662dcedf9..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/spring/spring_eval_1.jsp +++ /dev/null @@ -1,20 +0,0 @@ -<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %> -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> - - -
- -
- - - -Evaluating ("${expression}") :
-
- - -Output: -
-
-
-
-
\ No newline at end of file diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/spring/spring_eval_2.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/spring/spring_eval_2.jsp deleted file mode 100644 index 3ee0946bed9d..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/spring/spring_eval_2.jsp +++ /dev/null @@ -1,20 +0,0 @@ -<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %> -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> - - -Change the language: -
- -
- -Evaluating ("${param.lang}") :
-
- - - -Output: -
-
-
-
-
\ No newline at end of file diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/spring/spring_eval_3.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/spring/spring_eval_3.jsp deleted file mode 100644 index 25c8910c682a..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/spring/spring_eval_3.jsp +++ /dev/null @@ -1,20 +0,0 @@ -<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %> -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> - - -Value is YOLO ?: -
- -
- -Evaluating ("'${param.value}'=='YOLO'") :
-
- - - -Output: -
-
-
-
-
\ No newline at end of file diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/spring/spring_eval_4_safe.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/spring/spring_eval_4_safe.jsp deleted file mode 100644 index 108883c07075..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/spring/spring_eval_4_safe.jsp +++ /dev/null @@ -1,20 +0,0 @@ -<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %> -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> - - -Set some value : -
- -
- -Evaluating ("param.value") :
-
- - - -Output: -
-
-
-
-
\ No newline at end of file diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/bean1.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/bean1.jsp deleted file mode 100644 index 0c15da2ca4e3..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/bean1.jsp +++ /dev/null @@ -1,15 +0,0 @@ - -<%@ page session="true"%> - - - -

JSP1.2 Beans: 1

- -Counter accessed times.
-Counter last accessed by
- - -Goto bean2.jsp - - - diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/bean2.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/bean2.jsp deleted file mode 100644 index 624dc2e59d4b..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/bean2.jsp +++ /dev/null @@ -1,15 +0,0 @@ - -<%@ page session="true"%> - - - -

JSP1.2 Beans: 2

- -Counter accessed times.
-Counter last accessed by
- - -Goto bean1.jsp - - - diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/dump.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/dump.jsp deleted file mode 100644 index fb73b0b00026..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/dump.jsp +++ /dev/null @@ -1,23 +0,0 @@ - -<%@ page import="java.util.Enumeration" %> - -

JSP Dump

- - - - - - -<% - Enumeration e =request.getParameterNames(); - while(e.hasMoreElements()) - { - String name = (String)e.nextElement(); -%> - - - -<% } %> - -
Request URI:<%= request.getRequestURI() %>
ServletPath:<%= request.getServletPath() %>
PathInfo:<%= request.getPathInfo() %>
getParameter("<%= name %>")<%= request.getParameter(name) %>
- diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/expr.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/expr.jsp deleted file mode 100644 index e0b25e202031..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/expr.jsp +++ /dev/null @@ -1,23 +0,0 @@ - -

JSP2.0 Expressions

- - - - - - - - - - - - - - - - - - - -
ExpressionResult
\${param["A"]}${param["A"]} 
\${header["host"]}${header["host"]}
\${header["user-agent"]}${header["user-agent"]}
\${1+1}${1+1}
\${param["A"] * 2}${param["A"] * 2} 
- diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/foo/foo.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/foo/foo.jsp deleted file mode 100644 index 7ec8955932d2..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/foo/foo.jsp +++ /dev/null @@ -1,15 +0,0 @@ -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> - - - - -

FOO Example

-
-

A trivial FOO example -


- - -
-
- - diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/jstl.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/jstl.jsp deleted file mode 100644 index 9fa7b57e96c6..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/jstl.jsp +++ /dev/null @@ -1,15 +0,0 @@ -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> - - - - -

JSTL Example

-
-

A trivial jstl example -


- - -
-
- - diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/tag.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/tag.jsp deleted file mode 100644 index 069d8c67b172..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/tag.jsp +++ /dev/null @@ -1,16 +0,0 @@ - - - -<%@ taglib uri="http://www.acme.com/taglib" prefix="acme" %> - -<acme:date tz="GMT">EEE, dd/MMM/yyyy HH:mm:ss ZZZ</acme:date> -==> -EEE, dd/MMM/yyyy HH:mm:ss ZZZ -
-<acme:date tz="EST">EEE, dd-MMM-yyyy HH:mm:ss ZZZ</acme:date> -==> -EEE, dd-MMM-yyyy HH:mm:ss ZZZ -
- - - diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/tag2.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/tag2.jsp deleted file mode 100644 index 8071927562a4..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/tag2.jsp +++ /dev/null @@ -1,19 +0,0 @@ - - - -<%@ taglib uri="http://www.acme.com/taglib2" prefix="acme" %> - - - On ${day} of ${month} in the year ${year} - - -
- - - ${day} - ${month} - ${year} - - -
- - - diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/tagfile.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/tagfile.jsp deleted file mode 100644 index 67299f0229c7..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/tagfile.jsp +++ /dev/null @@ -1,37 +0,0 @@ -<%@ taglib prefix="acme" tagdir="/WEB-INF/tags" %> - - - - -

JSP 2.0 Tag File Example

-
-

Panel tag created from JSP fragment file in WEB-INF/tags -


- - - - - - -
- - First panel.
-
-
- - Second panel.
- Second panel.
- Second panel.
- Second panel.
-
-
- - Third panel.
- - A panel in a panel. - - Third panel.
-
-
- - diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/various.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/various.jsp deleted file mode 100644 index a98224534277..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/various.jsp +++ /dev/null @@ -1,21 +0,0 @@ -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> -<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %> - -JSTL - - - - - - - -JSP include - -<%@include file="index.jsp"%> - - - -Spring eval - - - \ No newline at end of file diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xml/xml1.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xml/xml1.jsp deleted file mode 100644 index ae6c9dbbc1ae..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xml/xml1.jsp +++ /dev/null @@ -1,3 +0,0 @@ -<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %> - -You requested a quote for: \ No newline at end of file diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xml/xml2.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xml/xml2.jsp deleted file mode 100644 index 7dd49631a827..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xml/xml2.jsp +++ /dev/null @@ -1,3 +0,0 @@ -<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %> - -You requested a quote for: \ No newline at end of file diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xsl/xsl1.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xsl/xsl1.jsp deleted file mode 100644 index 0a9a411120f5..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xsl/xsl1.jsp +++ /dev/null @@ -1,2 +0,0 @@ -<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %> - diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xsl/xsl2.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xsl/xsl2.jsp deleted file mode 100644 index 782b038587d3..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xsl/xsl2.jsp +++ /dev/null @@ -1,2 +0,0 @@ -<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %> - diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xsl/xsl3.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xsl/xsl3.jsp deleted file mode 100644 index 0814455288e9..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xsl/xsl3.jsp +++ /dev/null @@ -1,2 +0,0 @@ -<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %> - diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xsl/xsl4.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xsl/xsl4.jsp deleted file mode 100644 index 3cc111d48090..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xsl/xsl4.jsp +++ /dev/null @@ -1,2 +0,0 @@ -<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %> - \ No newline at end of file diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss0.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss0.jsp deleted file mode 100644 index cd4546d43967..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss0.jsp +++ /dev/null @@ -1,6 +0,0 @@ -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> - -

-Client message:
- -

\ No newline at end of file diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss1.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss1.jsp deleted file mode 100644 index 558bcd627494..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss1.jsp +++ /dev/null @@ -1,4 +0,0 @@ -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> - \ No newline at end of file diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss2.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss2.jsp deleted file mode 100644 index 99c205fb2803..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss2.jsp +++ /dev/null @@ -1,4 +0,0 @@ - -Contact form:
- - \ No newline at end of file diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss3.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss3.jsp deleted file mode 100644 index 9dd9dd3f3f75..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss3.jsp +++ /dev/null @@ -1,3 +0,0 @@ -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> - -Hello ! \ No newline at end of file diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss4.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss4.jsp deleted file mode 100644 index 91179dc1df84..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss4.jsp +++ /dev/null @@ -1,7 +0,0 @@ -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> - \ No newline at end of file diff --git a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss5.jsp b/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss5.jsp deleted file mode 100644 index cc96ed91d203..000000000000 --- a/java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss5.jsp +++ /dev/null @@ -1,11 +0,0 @@ -<%@taglib prefix="e" uri="https://www.owasp.org/index.php/OWASP_Java_Encoder_Project" %> - - -

${e:forHtml(param.test1)}

- - diff --git a/java/ql/integration-tests/java/java-web-jsp/test.expected b/java/ql/integration-tests/java/java-web-jsp/test.expected index dd9230891667..490e552943e4 100644 --- a/java/ql/integration-tests/java/java-web-jsp/test.expected +++ b/java/ql/integration-tests/java/java-web-jsp/test.expected @@ -7,43 +7,10 @@ | src/main/java/org/eclipse/jetty/demo/LoggingUtil.java:0:0:0:0 | LoggingUtil | | src/main/java/org/eclipse/jetty/demo/Main.java:0:0:0:0 | Main | | src/main/java/org/eclipse/jetty/demo/SystemOutHandler.java:0:0:0:0 | SystemOutHandler | -| target/classes/jsp/WEB_002dINF/secret_jsp.java:0:0:0:0 | secret_jsp | | target/classes/jsp/include/$_007bparam_secret_005fparam_007d_jsp.java:0:0:0:0 | $_007bparam_secret_005fparam_007d_jsp | | target/classes/jsp/include/jsp_005finclude_005f1_jsp.java:0:0:0:0 | jsp_005finclude_005f1_jsp | -| target/classes/jsp/include/jsp_005finclude_005f2_005fsafe_jsp.java:0:0:0:0 | jsp_005finclude_005f2_005fsafe_jsp | -| target/classes/jsp/include/jsp_005finclude_005f3_jsp.java:0:0:0:0 | jsp_005finclude_005f3_jsp | -| target/classes/jsp/index_jsp.java:0:0:0:0 | index_jsp | | target/classes/jsp/jstl/jstl_005fescape_005f1_jsp.java:0:0:0:0 | jstl_005fescape_005f1_jsp | -| target/classes/jsp/jstl/jstl_005fescape_005f2_jsp.java:0:0:0:0 | jstl_005fescape_005f2_jsp | -| target/classes/jsp/jstl/jstl_005fescape_005f3_jsp.java:0:0:0:0 | jstl_005fescape_005f3_jsp | | target/classes/jsp/random_jsp.java:0:0:0:0 | random_jsp | -| target/classes/jsp/spring/spring_005feval_005f1_jsp.java:0:0:0:0 | spring_005feval_005f1_jsp | -| target/classes/jsp/spring/spring_005feval_005f2_jsp.java:0:0:0:0 | spring_005feval_005f2_jsp | -| target/classes/jsp/spring/spring_005feval_005f3_jsp.java:0:0:0:0 | spring_005feval_005f3_jsp | -| target/classes/jsp/spring/spring_005feval_005f4_005fsafe_jsp.java:0:0:0:0 | spring_005feval_005f4_005fsafe_jsp | -| target/classes/jsp/test/bean1_jsp.java:0:0:0:0 | bean1_jsp | -| target/classes/jsp/test/bean2_jsp.java:0:0:0:0 | bean2_jsp | -| target/classes/jsp/test/dump_jsp.java:0:0:0:0 | dump_jsp | -| target/classes/jsp/test/expr_jsp.java:0:0:0:0 | expr_jsp | -| target/classes/jsp/test/foo/foo_jsp.java:0:0:0:0 | foo_jsp | -| target/classes/jsp/test/jstl_jsp.java:0:0:0:0 | jstl_jsp | -| target/classes/jsp/test/tag2_jsp.java:0:0:0:0 | tag2_jsp | -| target/classes/jsp/test/tag_jsp.java:0:0:0:0 | tag_jsp | -| target/classes/jsp/test/tagfile_jsp.java:0:0:0:0 | tagfile_jsp | -| target/classes/jsp/various_jsp.java:0:0:0:0 | various_jsp | -| target/classes/jsp/xml/xml1_jsp.java:0:0:0:0 | xml1_jsp | -| target/classes/jsp/xml/xml2_jsp.java:0:0:0:0 | xml2_jsp | -| target/classes/jsp/xsl/xsl1_jsp.java:0:0:0:0 | xsl1_jsp | -| target/classes/jsp/xsl/xsl2_jsp.java:0:0:0:0 | xsl2_jsp | -| target/classes/jsp/xsl/xsl3_jsp.java:0:0:0:0 | xsl3_jsp | -| target/classes/jsp/xsl/xsl4_jsp.java:0:0:0:0 | xsl4_jsp | -| target/classes/jsp/xss/xss0_jsp.java:0:0:0:0 | xss0_jsp | -| target/classes/jsp/xss/xss1_jsp.java:0:0:0:0 | xss1_jsp | -| target/classes/jsp/xss/xss2_jsp.java:0:0:0:0 | xss2_jsp | -| target/classes/jsp/xss/xss3_jsp.java:0:0:0:0 | xss3_jsp | -| target/classes/jsp/xss/xss4_jsp.java:0:0:0:0 | xss4_jsp | -| target/classes/jsp/xss/xss5_jsp.java:0:0:0:0 | xss5_jsp | -| target/classes/org/apache/jsp/tag/web/panel_tag.java:0:0:0:0 | panel_tag | xmlFiles | pom.xml:0:0:0:0 | pom.xml | | spotbugs-security-exclude.xml:0:0:0:0 | spotbugs-security-exclude.xml |