io.codemodder.RawFileChanger

io.codemodder.RegexFileChanger

io.codemodder.codemods.JSPScriptletXSSCodemod

All Implemented Interfaces:: io.codemodder.CodeChanger

@Codemod(id="pixee:java/encode-jsp-scriptlet", reviewGuidance=MERGE_WITHOUT_REVIEW) public final class JSPScriptletXSSCodemod extends io.codemodder.RegexFileChanger

This type corrects simple and obvious XSS vulnerabilities in JSPs. It looks for patterns like:

<%= request.getParameter("anything") %>

Literally almost any modification to the above snippets could provide protection -- we only want to find 100% certain cases when its uncontrolled user input which can escape any context and achieve exploitation.

Field Summary

Fields inherited from class io.codemodder.RawFileChanger
reporter
Constructor Summary

Constructors

Constructor

Description

JSPScriptletXSSCodemod()
Method Summary

Modifier and Type

Method

Description

String

getReplacementFor(String matchingSnippet)

Methods inherited from class io.codemodder.RegexFileChanger
visitFile

Methods inherited from class io.codemodder.RawFileChanger
getDescription, getIndividualChangeDescription, getReferences, getSourceControlUrl, getSummary

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- JSPScriptletXSSCodemod
  
  public JSPScriptletXSSCodemod()
Method Details
- getReplacementFor
  
  public String getReplacementFor(String matchingSnippet)
  
  Specified by:
  
  getReplacementFor in class io.codemodder.RegexFileChanger

Class JSPScriptletXSSCodemod

Field Summary

Fields inherited from class io.codemodder.RawFileChanger

Constructor Summary

Method Summary

Methods inherited from class io.codemodder.RegexFileChanger

Methods inherited from class io.codemodder.RawFileChanger

Methods inherited from class java.lang.Object

Constructor Details

JSPScriptletXSSCodemod

Method Details

getReplacementFor