/* goodG2B2() - use goodsource and badsink by reversing statements in if */
  private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;
    if (IO.static_final_t) {
      java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
      /* FIX: Use a hardcoded string */
      data = "foo";
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

      Logger log_bad = Logger.getLogger("local-logger");

      /* read parameter from cookie */
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        data = cookieSources[0].getValue();
      } else {
        data = null;
      }
    }

    String root = "C:\\uploads\\";
    /* POTENTIAL FLAW: no validation of concatenated value */
    File fIn = new File(root + data);
    if (fIn.exists() && fIn.isFile()) {
      IO.writeLine(new BufferedReader(new FileReader(fIn)).readLine());
    }
  }
  public void doGet(HttpServletRequest request, HttpServletResponse response)
      throws IOException, ServletException {
    response.setContentType("text/html");
    PrintWriter out = response.getWriter();

    if (request.getParameter("setcookie") != null) {
      Cookie cookie = new Cookie("Learningjava", "Cookies!");
      cookie.setMaxAge(3600);
      response.addCookie(cookie);
      out.println("<html><body><h1>Cookie Set...</h1>");
    } else {
      out.println("<html><body>");
      Cookie[] cookies = request.getCookies();
      if (cookies.length == 0) {
        out.println("<h1>No cookies found...</h1>");
      } else {
        for (int i = 0; i < cookies.length; i++)
          out.print(
              "<h1>Name: "
                  + cookies[i].getName()
                  + "<br>"
                  + "Value: "
                  + cookies[i].getValue()
                  + "</h1>");
      }
      out.println(
          "<p><a href=\""
              + request.getRequestURI()
              + "?setcookie=true\">"
              + "Reset the Learning Java cookie.</a>");
    }
    out.println("</body></html>");
  }
Beispiel #3
0
 @Override
 public Cookie getCookie(final String name) {
   for (final javax.servlet.http.Cookie c : req.getCookies()) {
     if (c.getName().equals(name)) return new BXServletCookie(c);
   }
   return null;
 }
Beispiel #4
0
 // getBrowserInfiniteCookie
 public static String getBrowserInfiniteCookie(HttpServletRequest request) {
   Cookie[] cookieJar = request.getCookies();
   if (cookieJar != null) {
     for (Cookie cookie : cookieJar) {
       if (cookie.getName().equals("infinitecookie")) {
         return cookie.getValue() + ";";
       }
     }
   }
   return null;
 } // TESTED
Beispiel #5
0
 private Cookie getCookie(String name, HttpServletRequest request) {
   Cookie[] cookies = request.getCookies();
   if (cookies == null) {
     return null;
   }
   for (int i = 0; i < cookies.length; i++) {
     if (cookies[i].getName().equals(name)) {
       return cookies[i];
     }
   }
   return null;
 }
Beispiel #6
0
 public void doPost(HttpServletRequest req, HttpServletResponse res)
     throws IOException, ServletException {
   ArrayList<String> ar = new ArrayList<String>();
   boolean flag = false;
   Cookie[] cArr = req.getCookies();
   if (cArr != null) {
     for (int i = 0; i < cArr.length; i++) {
       Cookie c0 = cArr[i];
       if (c0.getName().equals("Name") && !c0.getValue().equals("Logout")) {
         res.sendRedirect("index.html");
         flag = true;
       }
     }
   }
   if (flag == false) res.sendRedirect("Login.html");
 }
  public void doGet(HttpServletRequest req, HttpServletResponse res)
      throws ServletException, IOException {

    Cookie[] cookies = req.getCookies();
    if (cookies != null) {
      for (int i = 0; i < cookies.length; i++) {
        System.out.println("COOKIE=" + cookies[i].getValue());
      }
    }

    HttpSession session = req.getSession(false);
    if (session == null) {
      throw new ServletException("Unable to access login session");
    }

    res.getWriter().println("JSESSIONID=" + session.getId());
  }
 public void doGet(HttpServletRequest request, HttpServletResponse response)
     throws ServletException, IOException {
   response.setContentType("text/html");
   PrintWriter out = response.getWriter();
   String title = "Shared Info";
   out.println(
       "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 "
           + "Transitional//EN\">"
           + "<HTML>\n"
           + "<HEAD><TITLE>"
           + title
           + "</TITLE></HEAD>\n"
           + "<BODY BGCOLOR=\"#FDF5E6\">\n"
           + "<H1 ALIGN=\"CENTER\">"
           + title
           + "</H1>\n"
           + "<UL>\n"
           + "  <LI>Session:");
   HttpSession session = request.getSession(true);
   Enumeration attributes = session.getAttributeNames();
   out.println(getAttributeList(attributes));
   out.println("  <LI>Current Servlet Context:");
   ServletContext application = getServletContext();
   attributes = application.getAttributeNames();
   out.println(getAttributeList(attributes));
   out.println("  <LI>Servlet Context of /shareTest1:");
   application = application.getContext("/shareTest1");
   if (application == null) {
     out.println("Context sharing disabled");
   } else {
     attributes = application.getAttributeNames();
     out.println(getAttributeList(attributes));
   }
   out.println("  <LI>Cookies:<UL>");
   Cookie[] cookies = request.getCookies();
   if ((cookies == null) || (cookies.length == 0)) {
     out.println("    <LI>No cookies found.");
   } else {
     Cookie cookie;
     for (int i = 0; i < cookies.length; i++) {
       cookie = cookies[i];
       out.println("    <LI>" + cookie.getName());
     }
   }
   out.println("    </UL>\n" + "</UL>\n" + "</BODY></HTML>");
 }
  public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
    int index;

    DatastoreService ds;
    MemcacheService ms;

    Cookie[] cookies;
    boolean insideFlag;

    String delpw;
    String paramOffset;
    String paramSize;
    int offset;
    int size;

    Key postObjGroupKey;
    Query q;
    List<Entity> postObjList;
    PostObj postObj;

    Gson gson;
    List<String> filelinkList;

    resp.setCharacterEncoding("UTF-8");
    resp.setContentType("text/plain");

    ds = DatastoreServiceFactory.getDatastoreService();
    ms = MemcacheServiceFactory.getMemcacheService();

    insideFlag = false;
    try {
      cookies = req.getCookies();
      if (cookies.length > 0) {
        if (ms.contains(cookies[0].getValue()) == true) {
          insideFlag = true;
        }
      }
    } catch (Exception e) {
      insideFlag = false;
    }

    delpw = req.getParameter("delpw");
    if (delpw != null) {
      if (delpw.equals("") == true) {
        delpw = null;
      }
    }

    paramOffset = req.getParameter("offset");
    if (paramOffset != null) {
      offset = Integer.valueOf(paramOffset);
    } else {
      offset = 0;
    }

    paramSize = req.getParameter("size");
    if (paramSize != null) {
      size = Integer.valueOf(paramSize);
    } else {
      size = 4096;
    }

    postObjGroupKey = KeyFactory.createKey("PostObjGroup", 1L);
    q = new Query("PostObj", postObjGroupKey);
    if (delpw != null) {
      q.addFilter("delpw", FilterOperator.EQUAL, delpw);
      q.addSort("delpw");
    }
    q.addSort("posttime", SortDirection.DESCENDING);
    postObjList = ds.prepare(q).asList(FetchOptions.Builder.withOffset(offset).limit(size));

    postObj = new PostObj();
    filelinkList = new ArrayList<String>();
    for (index = 0; index < postObjList.size(); index++) {
      postObj.getDB(postObjList.get(index));
      if ((postObj.flag.equals("showgallery") == false && insideFlag == true)
          || (postObj.flag.equals("showgallery") == true && insideFlag == false)
          || delpw != null) {
        filelinkList.add(postObj.filelink);
      }
    }

    gson = new Gson();
    resp.getWriter().print(gson.toJson(filelinkList));
  }
Beispiel #10
0
 @Override
 public List<Cookie> getCookies() {
   final List<Cookie> list = new ArrayList<>();
   for (final javax.servlet.http.Cookie c : req.getCookies()) list.add(new BXServletCookie(c));
   return list;
 }