Patched src/com/ibm/security/appscan/altoromutual/util/ServletUtil.java

patched.codes[bot] · patched.codes[bot] · commit 7aa003ed4566 · 2025-03-03T07:40:00.000Z
diff --git a/src/com/ibm/security/appscan/altoromutual/util/ServletUtil.java b/src/com/ibm/security/appscan/altoromutual/util/ServletUtil.java
@@ -246,6 +246,12 @@ public static String sanitizeWeb(String data) {
 		return StringEscapeUtils.escapeHtml(data);
 	}
 
+	/**
+	 * Sanitizes the input HTML string by checking for potential XSS (Cross-Site Scripting) threats using a regular expression.
+	 * 
+	 * @param input The HTML string to be sanitized
+	 * @return The sanitized HTML string, or an empty string if a potential XSS threat is detected
+	 */
 	public static String sanitzieHtmlWithRegex(String input) {
 		if (XSS_REGEXP.matcher(input).matches()) {
 			return "";
@@ -337,6 +343,14 @@ public static void initializeLogFile(ServletContext servletContext) {
 		}
 	}
 
+	/**
+	 * Establishes a session for a given user and creates a cookie with account information.
+	 * 
+	 * @param username The username of the user to establish a session for
+	 * @param session The HttpSession object to store user information
+	 * @return A Cookie object containing the user's account information, or null if an error occurs
+	 * @throws SQLException If there is an error retrieving user information from the database
+	 */
 	public static Cookie establishSession(String username, HttpSession session){
 		try{
 			User user = DBUtil.getUserInfo(username);
@@ -352,6 +366,12 @@ public static Cookie establishSession(String username, HttpSession session){
 		}
 	}
 	
+	/**
+	 * Checks if a user is logged in based on the session attribute.
+	 * 
+	 * @param request The HttpServletRequest object containing the session information
+	 * @return true if the user is logged in, false otherwise
+	 */
 	static public boolean isLoggedin(HttpServletRequest request){
 		try {
 			// Check user is logged in
