github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merge pull request #17837 from smowton/smowton/admin/trim-java-web-jsp-test 

Java: Trim JSP test
This commit is contained in:
Chris Smowton 2024-10-25 17:23:51 +01:00 коммит произвёл GitHub
Родитель 7db90fe073 4e879e64fc
Коммит fa4cc83753
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: B5690EEEBB952194
34 изменённых файлов: 0 добавлений и 452 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

24
java/ql/integration-tests/java/java-web-jsp/pom.xml
Просмотреть файл

@ -54,30 +54,6 @@
<type>pom</type>
</dependency>
<!-- Spring Web MVC (Include Tag Lib) -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
<type>jar</type>
</dependency>
<!-- OWASP Java Encoder -->
<dependency>
<groupId>org.owasp.encoder</groupId>
<artifactId>encoder</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>org.owasp.encoder</groupId>
<artifactId>encoder-jsp</artifactId>
<version>1.2</version>
</dependency>
</dependencies>
<profiles>

1
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/WEB-INF/secret.jsp
Просмотреть файл

@ -1 +0,0 @@
This page should be private.

6
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/include/jsp_include_2_safe.jsp
Просмотреть файл

@ -1,6 +0,0 @@
<i>Psst <a href="?secret_param=../WEB-INF/secret.jsp">click me</a> or <a href="?secret_param=../WEB-INF/web.xml">click me</a>!</i>
<br/><br/>
<%@include file="${param.secret_param}.jsp"%> <!-- Safe will be evaluate as literal -->
<%-- This line doesn't compile in weblogic --%>

9
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/include/jsp_include_3.jsp
Просмотреть файл

@ -1,9 +0,0 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<i>Psst <a href="?secret_param=../WEB-INF/secret.jsp">click me</a> or <a href="?secret_param=../WEB-INF/web.xml">click me</a>!</i>
<br/><br/>
<c:if test="${param.secret_param != null}">
<c:import url="${param.secret_param}" />
</c:if>

45
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/index.jsp
Просмотреть файл

@ -1,45 +0,0 @@
<html>
<head>
<title>Embedded Jetty: JSP Examples</title>
</head>
<body>
<h1>Vulnerable JSP pages</h1>
<h2>XSS</h2>
<ul>
<li><a href="/xss/xss0.jsp">XSS 0</a></li>
<li><a href="/xss/xss1.jsp">XSS 1</a></li>
<li><a href="/xss/xss2.jsp">XSS 2</a></li>
<li><a href="/xss/xss3.jsp">XSS 3</a></li>
<li><a href="/xss/xss4.jsp">XSS 4</a></li>
<li><a href="/xss/xss5.jsp">XSS 5</a></li>
</ul>
<h2>XML parsing</h2>
<ul>
<li><a href="/xml/xml1.jsp?xml=<stock><symbol>TKM%3C%2Fsymbol>%3C%2Fstock>">XML 1</a></li>
<li><a href="/xml/xml2.jsp">XML 2</a></li>
</ul>
<h2>XSLT</h2>
<ul>
<li><a href='/xsl/xsl1.jsp?xml=<stock><symbol>TKM%3C%2Fsymbol>%3C%2Fstock>&xslt=%3Cxsl%3Astylesheet%20version%3D"1.0"%0A%20xmlns%3Axsl%3D"http%3A%2F%2Fwww.w3.org%2F1999%2FXSL%2FTransform"%20%20%20%20%20%20%20%20%20%0A%20xmlns%3Art%3D"http%3A%2F%2Fxml.apache.org%2Fxalan%2Fjava%2Fjava.lang.Runtime"%0A%20exclude-result-prefixes%3D"date">%0A%20%20%20%20%20%20%20%20%3Cxsl%3Aoutput%20method%3D"text"%2F>%0A%20%20%20%20%20%20%20%20%3Cxsl%3Atemplate%20match%3D"%2F">%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3Cxsl%3Atext>Quote%20requested%20for%3A%20%3C%2Fxsl%3Atext>%3Cblink>%3Cxsl%3Avalue-of%20select%3D"stock%2Fsymbol"%2F>%3C%2Fblink>%0A%20%20%20%20%20%20%20%20%3C%2Fxsl%3Atemplate>%0A%3C%2Fxsl%3Astylesheet>'>XSL 1</a></li>
<li><a href='/xsl/xsl2.jsp?xslt=%3Cxsl%3Astylesheet%20version%3D"1.0"%0A%20xmlns%3Axsl%3D"http%3A%2F%2Fwww.w3.org%2F1999%2FXSL%2FTransform"%20%20%20%20%20%20%20%20%20%0A%20xmlns%3Art%3D"http%3A%2F%2Fxml.apache.org%2Fxalan%2Fjava%2Fjava.lang.Runtime"%0A%20exclude-result-prefixes%3D"date">%0A%20%20%20%20%20%20%20%20%3Cxsl%3Aoutput%20method%3D"text"%2F>%0A%20%20%20%20%20%20%20%20%3Cxsl%3Atemplate%20match%3D"%2F">%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3Cxsl%3Atext>Quote%20requested%20for%3A%20%3C%2Fxsl%3Atext>%3Cblink>%3Cxsl%3Avalue-of%20select%3D"stock%2Fsymbol"%2F>%3C%2Fblink>%0A%20%20%20%20%20%20%20%20%3C%2Fxsl%3Atemplate>%0A%3C%2Fxsl%3Astylesheet>'>XSL 2</a></li>
<li><a href='/xsl/xsl3.jsp?xml=<stock><symbol>TKM%3C%2Fsymbol>%3C%2Fstock>'>XSL 3</a></li>
<li><a href='/xsl/xsl4.jsp'>XSL 4</a></li>
</ul>
<h2>Various JSP samples </h2>
<ul>
<li><a href="test/dump.jsp">JSP 1.2 embedded java</a></li>
<li><a href="test/bean1.jsp">JSP 1.2 Bean demo</a></li>
<li><a href="test/tag.jsp">JSP 1.2 BodyTag demo</a></li>
<li><a href="test/tag2.jsp">JSP 2.0 SimpleTag demo</a></li>
<li><a href="test/tagfile.jsp">JSP 2.0 Tag File demo</a></li>
<li><a href="test/expr.jsp?A=1">JSP 2.0 Tag Expression</a></li>
<li><a href="test/jstl.jsp">JSTL Expression</a></li>
<li><a href="test/foo/">Mapping to &lt;jsp-file&gt;</a></li>
<li><a href="date/">Servlet Forwarding to JSP demo</a></li>
</ul>
</body>
</html>

3
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/jstl/jstl_escape_2.jsp
Просмотреть файл

@ -1,3 +0,0 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<c:out value="${param.test_param}" escapeXml="true"/>

3
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/jstl/jstl_escape_3.jsp
Просмотреть файл

@ -1,3 +0,0 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<c:out value="${param.test_param}" escapeXml="false"/>

20
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/spring/spring_eval_1.jsp
Просмотреть файл

@ -1,20 +0,0 @@
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<form method="get" action="">
<input type="text" name="expression" value="1+1"> <input type="submit" value="test">
</form>
<c:set var="expression" value="${param.expression}" scope="request" />
Evaluating ("&#36;{expression}") : <c:out value="${expression}" /><br/>
<br/>
<c:if test="${expression != null}">
Output:
<pre style="background-color:#CCC">
<spring:eval expression="${expression}" var="results" />
<c:out value="${results}" />
</pre>
</c:if>

20
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/spring/spring_eval_2.jsp
Просмотреть файл

@ -1,20 +0,0 @@
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
Change the language:
<form method="get" action="">
<input type="text" name="lang" value="1+1"> <input type="submit" value="test">
</form>
Evaluating ("&#36;{param.lang}") : <c:out value="${param.lang}" /><br/>
<br/>
<c:if test="${param.lang != null}">
Output:
<pre style="background-color:#CCC">
<spring:eval expression="${param.lang}" var="results" />
<c:out value="${results}" />
</pre>
</c:if>

20
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/spring/spring_eval_3.jsp
Просмотреть файл

@ -1,20 +0,0 @@
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
Value is YOLO ?:
<form method="get" action="">
<input type="text" name="value" value="1+1"> <input type="submit" value="test">
</form>
Evaluating ("'&#36;{param.value}'=='YOLO'") : <c:out value="${param.value}" /><br/>
<br/>
<c:if test="${param.value != null}">
Output:
<pre style="background-color:#CCC">
<spring:eval expression="'${param.value}'=='YOLO'" var="results" />
<c:out value="${results}" />
</pre>
</c:if>

20
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/spring/spring_eval_4_safe.jsp
Просмотреть файл

@ -1,20 +0,0 @@
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
Set some value :
<form method="get" action="">
<input type="text" name="value" value="1+1"> <input type="submit" value="test">
</form>
Evaluating ("param.value") : <c:out value="${param.value}" /><br/>
<br/>
<c:if test="${param.value != null}">
Output:
<pre style="background-color:#CCC">
<spring:eval expression="param.value" var="results" />
<c:out value="${results}" />
</pre>
</c:if>

15
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/bean1.jsp
Просмотреть файл

@ -1,15 +0,0 @@
<html>
<%@ page session="true"%>
<body>
<jsp:useBean id='counter' scope='session' class='com.acme.Counter' type="com.acme.Counter" />
<h1>JSP1.2 Beans: 1</h1>
Counter accessed <jsp:getProperty name="counter" property="count"/> times.<br/>
Counter last accessed by <jsp:getProperty name="counter" property="last"/><br/>
<jsp:setProperty name="counter" property="last" value="<%= request.getRequestURI()%>"/>
<a href="bean2.jsp">Goto bean2.jsp</a>
</body>
</html>

15
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/bean2.jsp
Просмотреть файл

@ -1,15 +0,0 @@
<html>
<%@ page session="true"%>
<body>
<jsp:useBean id='counter' scope='session' class='com.acme.Counter' type="com.acme.Counter" />
<h1>JSP1.2 Beans: 2</h1>
Counter accessed <jsp:getProperty name="counter" property="count"/> times.<br/>
Counter last accessed by <jsp:getProperty name="counter" property="last"/><br/>
<jsp:setProperty name="counter" property="last" value="<%= request.getRequestURI()%>"/>
<a href="bean1.jsp">Goto bean1.jsp</a>
</body>
</html>

23
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/dump.jsp
Просмотреть файл

@ -1,23 +0,0 @@
<html><head>
<%@ page import="java.util.Enumeration" %>
</head><body>
<h1>JSP Dump</h1>
<table border="1">
<tr><th>Request URI:</th><td><%= request.getRequestURI() %></td></tr>
<tr><th>ServletPath:</th><td><%= request.getServletPath() %></td></tr>
<tr><th>PathInfo:</th><td><%= request.getPathInfo() %></td></tr>
<%
Enumeration e =request.getParameterNames();
while(e.hasMoreElements())
{
String name = (String)e.nextElement();
%>
<tr>
<th>getParameter("<%= name %>")</th>
<td><%= request.getParameter(name) %></td></tr>
<% } %>
</table>
</body></html>

23
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/expr.jsp
Просмотреть файл

@ -1,23 +0,0 @@
<html>
<h1>JSP2.0 Expressions</h1>
<table border="1">
<tr><th>Expression</th><th>Result</th></tr>
<tr>
<td>\${param["A"]}</td>
<td>${param["A"]}&nbsp;</td>
</tr><tr>
<td>\${header["host"]}</td>
<td>${header["host"]}</td>
</tr><tr>
<td>\${header["user-agent"]}</td>
<td>${header["user-agent"]}</td>
</tr><tr>
<td>\${1+1}</td>
<td>${1+1}</td>
</tr><tr>
<td>\${param["A"] * 2}</td>
<td>${param["A"] * 2}&nbsp;</td>
</tr>
</table>
</html>

15
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/foo/foo.jsp
Просмотреть файл

@ -1,15 +0,0 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<html>
<head>
</head>
<body>
<h1>FOO Example</h1>
<hr>
<p>A trivial FOO example
<hr>
<c:forEach var="i" begin="1" end="10" step="1">
<c:out value="${i}" />
<br />
</c:forEach>
</body>
</html>

15
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/jstl.jsp
Просмотреть файл

@ -1,15 +0,0 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<html>
<head>
</head>
<body>
<h1>JSTL Example</h1>
<hr>
<p>A trivial jstl example
<hr>
<c:forEach var="i" begin="1" end="10" step="1">
<c:out value="${i}" />
<br />
</c:forEach>
</body>
</html>

16
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/tag.jsp
Просмотреть файл

@ -1,16 +0,0 @@
<html>
<body>
<%@ taglib uri="http://www.acme.com/taglib" prefix="acme" %>
<small>&lt;acme:date tz="GMT"&gt;EEE, dd/MMM/yyyy HH:mm:ss ZZZ&lt;/acme:date&gt;
==&gt;</small>
<acme:date tz="GMT">EEE, dd/MMM/yyyy HH:mm:ss ZZZ</acme:date>
<br/>
<small>&lt;acme:date tz="EST"&gt;EEE, dd-MMM-yyyy HH:mm:ss ZZZ&lt;/acme:date&gt;
==&gt;</small>
<acme:date tz="EST">EEE, dd-MMM-yyyy HH:mm:ss ZZZ</acme:date>
<br/>
</body>
</html>

19
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/tag2.jsp
Просмотреть файл

@ -1,19 +0,0 @@
<html>
<body>
<%@ taglib uri="http://www.acme.com/taglib2" prefix="acme" %>
<acme:date2 format="long">
On ${day} of ${month} in the year ${year}
</acme:date2>
<br/>
<acme:date2 format="short">
${day} - ${month} - ${year}
</acme:date2>
<br/>
</body>
</html>

37
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/tagfile.jsp
Просмотреть файл

@ -1,37 +0,0 @@
<%@ taglib prefix="acme" tagdir="/WEB-INF/tags" %>
<html>
<head>
</head>
<body>
<h1>JSP 2.0 Tag File Example</h1>
<hr>
<p>Panel tag created from JSP fragment file in WEB-INF/tags
<hr>
<table border="0">
<tr valign="top">
<td>
<acme:panel color="#ff8080" bgcolor="#ffc0c0" title="Panel 1">
First panel.<br/>
</acme:panel>
</td>
<td>
<acme:panel color="#80ff80" bgcolor="#c0ffc0" title="Panel 2">
Second panel.<br/>
Second panel.<br/>
Second panel.<br/>
Second panel.<br/>
</acme:panel>
</td>
<td>
<acme:panel color="#8080ff" bgcolor="#c0c0ff" title="Panel 3">
Third panel.<br/>
<acme:panel color="#ff80ff" bgcolor="#ffc0ff" title="Inner">
A panel in a panel.
</acme:panel>
Third panel.<br/>
</acme:panel>
</td>
</tr>
</table>
</body>
</html>

21
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/various.jsp
Просмотреть файл

@ -1,21 +0,0 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
JSTL
<c:out value="${param.test_param1}"/>
<c:out value="${param.test_param2}" escapeXml="true"/>
<c:out value="${param.test_param3}" escapeXml="false"/>
JSP include
<%@include file="index.jsp"%>
<c:import url="${param.secret_param}" />
Spring eval
<spring:eval expression="${param.lang}" var="results" />
<c:out value="${results}" />

3
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xml/xml1.jsp
Просмотреть файл

@ -1,3 +0,0 @@
<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %>
<x:parse var="doc" xml="${param.xml}" />
You requested a quote for: <x:out select="$doc/stock/symbol" />

3
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xml/xml2.jsp
Просмотреть файл

@ -1,3 +0,0 @@
<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %>
<x:parse var="doc" xml="<stock><symbol>TKM</symbol></stock>" />
You requested a quote for: <x:out select="$doc/stock/symbol" />

2
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xsl/xsl1.jsp
Просмотреть файл

@ -1,2 +0,0 @@
<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %>
<x:transform xml="${param.xml}" xslt="${param.xslt}" />

2
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xsl/xsl2.jsp
Просмотреть файл

@ -1,2 +0,0 @@
<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %>
<x:transform xml="<stock><symbol>TKM</symbol></stock>" xslt="${param.xslt}" />

2
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xsl/xsl3.jsp
Просмотреть файл

@ -1,2 +0,0 @@
<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %>
<x:transform xml="${param.xml}" xslt='<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="date"></xsl:stylesheet>' />

2
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xsl/xsl4.jsp
Просмотреть файл

@ -1,2 +0,0 @@
<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %>
<x:transform xml="<static>SAFE</static>" xslt='<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="date"></xsl:stylesheet>' />

6
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss0.jsp
Просмотреть файл

@ -1,6 +0,0 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<p>
Client message:<br/>
<c:out value="${param.test}" escapeXml="false"/>
</p>

4
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss1.jsp
Просмотреть файл

@ -1,4 +0,0 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<script>
var test = ${param.test};
</script>

4
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss2.jsp
Просмотреть файл

@ -1,4 +0,0 @@
Contact form:<br/>
<textarea>${param.message}</textarea>

3
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss3.jsp
Просмотреть файл

@ -1,3 +0,0 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
Hello <c:out value="${param.test}"/>!

7
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss4.jsp
Просмотреть файл

@ -1,7 +0,0 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<script>
function hello(param1,param2) {
console.info(param1+" "+param2);
}
var test = hello('<c:out value="${param.test1}"/>','<c:out value="${param.test2}"/>');
</script>

11
java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss5.jsp
Просмотреть файл

@ -1,11 +0,0 @@
<%@taglib prefix="e" uri="https://www.owasp.org/index.php/OWASP_Java_Encoder_Project" %>
<h1>${e:forHtml(param.test1)}</h1>
<script>
function hello(param1,param2) {
console.info(param1+" "+param2);
}
var test = hello('${e:forJavaScript(param.test1)}','${e:forJavaScript(param.test2)}');
</script>

33
java/ql/integration-tests/java/java-web-jsp/test.expected
Просмотреть файл

@ -7,43 +7,10 @@
| src/main/java/org/eclipse/jetty/demo/LoggingUtil.java:0:0:0:0 | LoggingUtil |
| src/main/java/org/eclipse/jetty/demo/Main.java:0:0:0:0 | Main |
| src/main/java/org/eclipse/jetty/demo/SystemOutHandler.java:0:0:0:0 | SystemOutHandler |
| target/classes/jsp/WEB_002dINF/secret_jsp.java:0:0:0:0 | secret_jsp |
| target/classes/jsp/include/$_007bparam_secret_005fparam_007d_jsp.java:0:0:0:0 | $_007bparam_secret_005fparam_007d_jsp |
| target/classes/jsp/include/jsp_005finclude_005f1_jsp.java:0:0:0:0 | jsp_005finclude_005f1_jsp |
| target/classes/jsp/include/jsp_005finclude_005f2_005fsafe_jsp.java:0:0:0:0 | jsp_005finclude_005f2_005fsafe_jsp |
| target/classes/jsp/include/jsp_005finclude_005f3_jsp.java:0:0:0:0 | jsp_005finclude_005f3_jsp |
| target/classes/jsp/index_jsp.java:0:0:0:0 | index_jsp |
| target/classes/jsp/jstl/jstl_005fescape_005f1_jsp.java:0:0:0:0 | jstl_005fescape_005f1_jsp |
| target/classes/jsp/jstl/jstl_005fescape_005f2_jsp.java:0:0:0:0 | jstl_005fescape_005f2_jsp |
| target/classes/jsp/jstl/jstl_005fescape_005f3_jsp.java:0:0:0:0 | jstl_005fescape_005f3_jsp |
| target/classes/jsp/random_jsp.java:0:0:0:0 | random_jsp |
| target/classes/jsp/spring/spring_005feval_005f1_jsp.java:0:0:0:0 | spring_005feval_005f1_jsp |
| target/classes/jsp/spring/spring_005feval_005f2_jsp.java:0:0:0:0 | spring_005feval_005f2_jsp |
| target/classes/jsp/spring/spring_005feval_005f3_jsp.java:0:0:0:0 | spring_005feval_005f3_jsp |
| target/classes/jsp/spring/spring_005feval_005f4_005fsafe_jsp.java:0:0:0:0 | spring_005feval_005f4_005fsafe_jsp |
| target/classes/jsp/test/bean1_jsp.java:0:0:0:0 | bean1_jsp |
| target/classes/jsp/test/bean2_jsp.java:0:0:0:0 | bean2_jsp |
| target/classes/jsp/test/dump_jsp.java:0:0:0:0 | dump_jsp |
| target/classes/jsp/test/expr_jsp.java:0:0:0:0 | expr_jsp |
| target/classes/jsp/test/foo/foo_jsp.java:0:0:0:0 | foo_jsp |
| target/classes/jsp/test/jstl_jsp.java:0:0:0:0 | jstl_jsp |
| target/classes/jsp/test/tag2_jsp.java:0:0:0:0 | tag2_jsp |
| target/classes/jsp/test/tag_jsp.java:0:0:0:0 | tag_jsp |
| target/classes/jsp/test/tagfile_jsp.java:0:0:0:0 | tagfile_jsp |
| target/classes/jsp/various_jsp.java:0:0:0:0 | various_jsp |
| target/classes/jsp/xml/xml1_jsp.java:0:0:0:0 | xml1_jsp |
| target/classes/jsp/xml/xml2_jsp.java:0:0:0:0 | xml2_jsp |
| target/classes/jsp/xsl/xsl1_jsp.java:0:0:0:0 | xsl1_jsp |
| target/classes/jsp/xsl/xsl2_jsp.java:0:0:0:0 | xsl2_jsp |
| target/classes/jsp/xsl/xsl3_jsp.java:0:0:0:0 | xsl3_jsp |
| target/classes/jsp/xsl/xsl4_jsp.java:0:0:0:0 | xsl4_jsp |
| target/classes/jsp/xss/xss0_jsp.java:0:0:0:0 | xss0_jsp |
| target/classes/jsp/xss/xss1_jsp.java:0:0:0:0 | xss1_jsp |
| target/classes/jsp/xss/xss2_jsp.java:0:0:0:0 | xss2_jsp |
| target/classes/jsp/xss/xss3_jsp.java:0:0:0:0 | xss3_jsp |
| target/classes/jsp/xss/xss4_jsp.java:0:0:0:0 | xss4_jsp |
| target/classes/jsp/xss/xss5_jsp.java:0:0:0:0 | xss5_jsp |
| target/classes/org/apache/jsp/tag/web/panel_tag.java:0:0:0:0 | panel_tag |
xmlFiles
| pom.xml:0:0:0:0 | pom.xml |
| spotbugs-security-exclude.xml:0:0:0:0 | spotbugs-security-exclude.xml |