mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
23 lines
932 B
Java
23 lines
932 B
Java
// Safe: user-supplied substring routed through the project-local
|
|
// `escapeXpath` helper before being concatenated into the XPath expression.
|
|
// The sanitizer clears the XPATH_INJECTION cap so the sink does not fire.
|
|
import javax.xml.xpath.XPath;
|
|
import javax.xml.xpath.XPathConstants;
|
|
import javax.xml.xpath.XPathFactory;
|
|
import javax.servlet.http.HttpServletRequest;
|
|
import org.w3c.dom.Document;
|
|
import org.w3c.dom.NodeList;
|
|
|
|
public class SafeXPathQuery {
|
|
public static String escapeXpath(String raw) {
|
|
return raw.replace("'", "'");
|
|
}
|
|
|
|
public NodeList lookup(HttpServletRequest req, Document doc) throws Exception {
|
|
String user = req.getParameter("user");
|
|
String safe = escapeXpath(user);
|
|
String expr = "//user[name='" + safe + "']";
|
|
XPath xpath = XPathFactory.newInstance().newXPath();
|
|
return (NodeList) xpath.evaluate(expr, doc, XPathConstants.NODESET);
|
|
}
|
|
}
|