/**
* Load the class with the specified name, searching using the following algorithm until it finds
* and returns the class. If the class cannot be found, returns <code>ClassNotFoundException
* </code>.
*
* <ul>
* <li>Call <code>findLoadedClass(String)</code> to check if the class has already been loaded.
* If it has, the same <code>Class</code> object is returned.
* <li>If the <code>delegate</code> property is set to <code>true</code>, call the <code>
* loadClass()</code> method of the parent class loader, if any.
* <li>Call <code>findClass()</code> to find this class in our locally defined repositories.
* <li>Call the <code>loadClass()</code> method of our parent class loader, if any.
* </ul>
*
* If the class was found using the above steps, and the <code>resolve</code> flag is <code>true
* </code>, this method will then call <code>resolveClass(Class)</code> on the resulting Class
* object.
*
* @param name Name of the class to be loaded
* @param resolve If <code>true</code> then resolve the class
* @exception ClassNotFoundException if the class was not found
*/
public Class loadClass(String name, boolean resolve) throws ClassNotFoundException {
Class clazz = null;
// (0) Check our previously loaded class cache
clazz = findLoadedClass(name);
if (clazz != null) {
if (resolve) resolveClass(clazz);
return (clazz);
}
// (.5) Permission to access this class when using a SecurityManager
int dot = name.lastIndexOf('.');
if (System.getSecurityManager() != null) {
if (dot >= 0) {
try {
securityManager.checkPackageAccess(name.substring(0, dot));
} catch (SecurityException se) {
String error = "Security Violation, attempt to use " + "Restricted Class: " + name;
System.out.println(error);
throw new ClassNotFoundException(error);
}
}
}
// Class is in a package, delegate to thread context class loader
if (!name.startsWith(Constants.JSP_PACKAGE_NAME)) {
ClassLoader classLoader = null;
if (System.getSecurityManager() != null) {
classLoader = (ClassLoader) AccessController.doPrivileged(privLoadClass);
} else {
classLoader = Thread.currentThread().getContextClassLoader();
}
clazz = classLoader.loadClass(name);
if (resolve) resolveClass(clazz);
return clazz;
}
// Only load classes for this JSP page
if (name.startsWith(className)) {
String classFile = name.substring(Constants.JSP_PACKAGE_NAME.length() + 1) + ".class";
byte[] cdata = loadClassDataFromFile(classFile);
if (cdata == null) throw new ClassNotFoundException(name);
if (System.getSecurityManager() != null) {
ProtectionDomain pd = new ProtectionDomain(codeSource, permissionCollection);
clazz = defineClass(name, cdata, 0, cdata.length, pd);
} else {
clazz = defineClass(name, cdata, 0, cdata.length);
}
if (clazz != null) {
if (resolve) resolveClass(clazz);
return clazz;
}
}
throw new ClassNotFoundException(name);
}
/* uses badsource and badsink */
public void bad() throws Throwable {
String data;
if (privateTrue) {
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
data = System.getProperty("user.home");
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
}
String osCommand;
if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) {
/* running on Windows */
osCommand = "c:\\WINDOWS\\SYSTEM32\\cmd.exe /c dir ";
} else {
/* running on non-Windows */
osCommand = "/bin/ls ";
}
/* POTENTIAL FLAW: command injection */
Process process = Runtime.getRuntime().exec(osCommand + data);
process.waitFor();
}
/* goodB2G() - use badsource and goodsink by changing the second "if" so that
* both branches use the GoodSink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (IO.staticReturnsTrueOrFalse()) {
/* get environment variable ADD */
/* POTENTIAL FLAW: Read data from an environment variable */
data = System.getenv("ADD");
} else {
/* get environment variable ADD */
/* POTENTIAL FLAW: Read data from an environment variable */
data = System.getenv("ADD");
}
if (IO.staticReturnsTrueOrFalse()) {
if (data != null) {
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
data = URLEncoder.encode(data, "UTF-8");
response.setHeader("Location", "/author.jsp?lang=" + data);
}
} else {
if (data != null) {
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
data = URLEncoder.encode(data, "UTF-8");
response.setHeader("Location", "/author.jsp?lang=" + data);
}
}
}
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
String strCallResult = "";
resp.setContentType("text/plain");
String strId = req.getParameter("id");
String strCount = req.getParameter("count");
int id = -1;
int count = -1;
try {
id = Integer.valueOf(strId);
count = Integer.valueOf(strCount);
} catch (NumberFormatException e) {
e.printStackTrace();
}
try {
TopsCalculator.getTopUrlsForDay();
TopsCalculator.getTopUrlsForMonth();
TopsCalculator.getTopUrlsForYear();
TopsCalculator.getTopHostsForDay();
TopsCalculator.getTopHostsForMonth();
TopsCalculator.getTopHostsForYear();
if (id == 0) {
DbHelper.setStartTime(System.currentTimeMillis());
} else if (id == count - 1) {
DbHelper.setRunTime(System.currentTimeMillis() - DbHelper.getStartTime());
}
} catch (Exception ex) {
strCallResult = "FAIL: Fetching top lists";
System.out.println(strCallResult);
}
}
// Velocity init
public static void initVelocity() {
if (velocityCatch == null) {
System.out.println("init VM");
velocityCatch = new Object();
Properties props = new Properties();
props.setProperty("input.encoding", "UTF-8");
props.setProperty("output.encoding", "UTF-8");
if (getConfig().getChild("vmtemplatepath") != null) {
props.setProperty("file.resource.loader.path", getConfig().getChildText("vmtemplatepath"));
}
if (System.getProperty("vmtemplatepath") != null) {
props.setProperty("file.resource.loader.path", System.getProperty("vmtemplatepath"));
// Velocity.setProperty(RuntimeConstants.FILE_RESOURCE_LOADER_PATH,
// System.getProperty("vmtemplatepath"));//oder new FIle()?
}
System.out.println("vmtemplatepath=" + props.getProperty("vmtemplatepath"));
try {
Velocity.setProperty(Velocity.RUNTIME_LOG_LOGSYSTEM, VeloLog.getInstance());
Velocity.init(props);
} catch (Exception ex) {
ex.printStackTrace();
}
}
}
/**
* Constructor.
*
* @param rq request
* @param rs response
* @throws IOException I/O exception
*/
public HTTPContext(final HttpServletRequest rq, final HttpServletResponse rs) throws IOException {
req = rq;
res = rs;
final String m = rq.getMethod();
method = HTTPMethod.get(m);
final StringBuilder uri = new StringBuilder(req.getRequestURL());
final String qs = req.getQueryString();
if (qs != null) uri.append('?').append(qs);
log(false, m, uri);
// set UTF8 as default encoding (can be overwritten)
res.setCharacterEncoding(UTF8);
segments = toSegments(req.getPathInfo());
path = join(0);
user = System.getProperty(DBUSER);
pass = System.getProperty(DBPASS);
// set session-specific credentials
final String auth = req.getHeader(AUTHORIZATION);
if (auth != null) {
final String[] values = auth.split(" ");
if (values[0].equals(BASIC)) {
final String[] cred = Base64.decode(values[1]).split(":", 2);
if (cred.length != 2) throw new LoginException(NOPASSWD);
user = cred[0];
pass = cred[1];
} else {
throw new LoginException(WHICHAUTH, values[0]);
}
}
}
/* uses badsource and badsink */
public void bad() throws Throwable {
String data;
/* get environment variable ADD */
/* POTENTIAL FLAW: Read data from an environment variable */
data = System.getenv("ADD");
String root;
if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) {
/* running on Windows */
root = "C:\\uploads\\";
} else {
/* running on non-Windows */
root = "/home/user/uploads/";
}
if (data != null) {
/* POTENTIAL FLAW: no validation of concatenated value */
File file = new File(root + data);
FileInputStream streamFileInputSink = null;
InputStreamReader readerInputStreamSink = null;
BufferedReader readerBufferdSink = null;
if (file.exists() && file.isFile()) {
try {
streamFileInputSink = new FileInputStream(file);
readerInputStreamSink = new InputStreamReader(streamFileInputSink, "UTF-8");
readerBufferdSink = new BufferedReader(readerInputStreamSink);
IO.writeLine(readerBufferdSink.readLine());
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error with stream reading", exceptIO);
} finally {
/* Close stream reading objects */
try {
if (readerBufferdSink != null) {
readerBufferdSink.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing BufferedReader", exceptIO);
}
try {
if (readerInputStreamSink != null) {
readerInputStreamSink.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing InputStreamReader", exceptIO);
}
try {
if (streamFileInputSink != null) {
streamFileInputSink.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing FileInputStream", exceptIO);
}
}
}
}
}
// For war agent needs to be switched on
private boolean listenForDiscoveryMcRequests(Configuration pConfig) {
// Check for system props, system env and agent config
boolean sysProp =
System.getProperty("jolokia." + ConfigKey.DISCOVERY_ENABLED.getKeyValue()) != null;
boolean env = System.getenv("JOLOKIA_DISCOVERY") != null;
boolean config = pConfig.getAsBoolean(ConfigKey.DISCOVERY_ENABLED);
return sysProp || env || config;
}
// Try to find an URL for system props or config
private String findAgentUrl(Configuration pConfig) {
// System property has precedence
String url = System.getProperty("jolokia." + ConfigKey.DISCOVERY_AGENT_URL.getKeyValue());
if (url == null) {
url = System.getenv("JOLOKIA_DISCOVERY_AGENT_URL");
if (url == null) {
url = pConfig.get(ConfigKey.DISCOVERY_AGENT_URL);
}
}
return NetworkUtil.replaceExpression(url);
}
public void init(FilterConfig config) throws ServletException {
Log log = LogFactory.getLog(this.getClass());
log.info("PsqStoreConfigFilter: init(config) called");
String path = "";
try {
URL pathUrl = config.getServletContext().getResource("/");
path = new File(config.getServletContext().getRealPath("/")).getAbsolutePath();
log.info(" protocol=" + pathUrl.getProtocol());
log.info(" path=" + path);
} catch (Exception ex) {
ex.printStackTrace();
}
if (config.getInitParameter("derby-home") != null) {
String myHome = config.getInitParameter("derby-home");
if (!myHome.startsWith("/")) {
myHome = path + File.separator + myHome;
}
log.info("derby-home(final)=" + myHome);
System.setProperty("xpsq.derby.home", myHome);
if (PsqContext.getStore("derby") != null) {
PsqContext.getStore("derby").initialize();
}
}
if (config.getInitParameter("bdb-home") != null) {
String myHome = config.getInitParameter("bdb-home");
if (!myHome.startsWith("/")) {
myHome = path + File.separator + myHome;
}
log.info("bdb-home(final)=" + myHome);
System.setProperty("xpsq.bdb.home", myHome);
if (PsqContext.getStore("bdb") != null) {
PsqContext.getStore("bdb").initialize();
}
}
}
/* goodB2G1() - use badsource and goodsink by changing second privateReturnsTrue() to privateReturnsFalse() */
private void goodB2G1() throws Throwable {
String data;
if (privateReturnsTrue()) {
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
data = System.getProperty("user.home");
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
}
if (privateReturnsFalse()) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
IO.writeLine("Benign, fixed string");
} else {
String xmlFile = null;
if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) {
/* running on Windows */
xmlFile = "\\src\\testcases\\CWE643_Xpath Injection\\CWE643_Xpath_Injection__Helper.xml";
} else {
/* running on non-Windows */
xmlFile = "./src/testcases/CWE643_Xpath Injection/CWE643_Xpath_Injection__Helper.xml";
}
if (data != null) {
/* assume username||password as source */
String[] tokens = data.split("||");
if (tokens.length < 2) {
return;
}
/* FIX: validate input using StringEscapeUtils */
String username = StringEscapeUtils.escapeXml(tokens[0]);
String password = StringEscapeUtils.escapeXml(tokens[1]);
/* build xpath */
XPath xPath = XPathFactory.newInstance().newXPath();
InputSource inputXml = new InputSource(xmlFile);
String query =
"//users/user[name/text()='"
+ username
+ "' and pass/text()='"
+ password
+ "']"
+ "/secret/text()";
String secret = (String) xPath.evaluate(query, inputXml, XPathConstants.STRING);
}
}
}
public void bad() throws Throwable {
int data;
if (IO.staticReturnsTrue()) {
data = Integer.MIN_VALUE; /* Initialize data */
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
{
String stringNumber = System.getProperty("user.home");
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing data from string",
exceptNumberFormat);
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = 0;
}
if (IO.staticReturnsTrue()) {
/* POTENTIAL FLAW: if data == Integer.MIN_VALUE, this will overflow */
int result = (int) (data - 1);
IO.writeLine("result: " + result);
}
}
/* uses badsource and badsink */
public void bad() throws Throwable {
int dataCopy;
{
int data;
data = Integer.MIN_VALUE; /* Initialize data */
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
{
String stringNumber = System.getProperty("user.home");
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing data from string",
exceptNumberFormat);
}
}
dataCopy = data;
}
{
int data = dataCopy;
/* POTENTIAL FLAW: Create a HashMap using data as the initial size. data may be very large, creating memory issues */
HashMap intHashMap = new HashMap(data);
}
}
/* goodG2B() - use goodsource and badsink by changing the conditions on the first and second while statements */
private void goodG2B(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
boolean local_f = false;
while (true) {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
break;
}
while (local_f) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
/* get environment variable ADD */
data = System.getenv("ADD");
break;
}
while (true) {
Cookie cookieSink = new Cookie("lang", data);
/* POTENTIAL FLAW: Input not verified before inclusion in the cookie */
response.addCookie(cookieSink);
break;
}
while (local_f) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Cookie cookieSink = new Cookie("lang", URLEncoder.encode(data, "UTF-16"));
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
response.addCookie(cookieSink);
break;
}
}
/* goodB2G2() - use badsource and goodsink by reversing the blocks in the second switch */
private void goodB2G2() throws Throwable {
String data;
switch (6) {
case 6:
/* POTENTIAL FLAW: data may be set to null */
data = System.getProperty("CWE690");
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
break;
}
switch (7) {
case 7:
/* FIX: call equals() on string literal (that is not null) */
if ("CWE690".equals(data)) {
IO.writeLine("data is CWE690");
}
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
IO.writeLine("Benign, fixed string");
break;
}
}
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */
private void goodB2G2() throws Throwable {
int data;
if (IO.staticReturnsTrue()) {
data = Integer.MIN_VALUE; /* Initialize data */
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
{
String stringNumber = System.getProperty("user.home");
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing data from string",
exceptNumberFormat);
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = 0;
}
if (IO.staticReturnsTrue()) {
/* FIX: Add a check to prevent an overflow from occurring */
if (data > Integer.MIN_VALUE) {
int result = (int) (data - 1);
IO.writeLine("result: " + result);
} else {
IO.writeLine("data value is too small to perform subtraction.");
}
}
}
public void bad() throws Throwable {
String data;
switch (6) {
case 6:
/* POTENTIAL FLAW: data may be set to null */
data = System.getProperty("CWE690");
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
break;
}
switch (7) {
case 7:
/* POTENTIAL FLAW: data could be null */
if (data.equals("CWE690")) {
IO.writeLine("data is CWE690");
}
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
IO.writeLine("Benign, fixed string");
break;
}
}
public void action(String data) throws Throwable {
String xmlFile = null;
if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) {
/* running on Windows */
xmlFile = "\\src\\testcases\\CWE643_Xpath Injection\\CWE643_Xpath_Injection__Helper.xml";
} else {
/* running on non-Windows */
xmlFile = "./src/testcases/CWE643_Xpath Injection/CWE643_Xpath_Injection__Helper.xml";
}
if (data != null) {
/* assume username||password as source */
String[] tokens = data.split("||");
if (tokens.length < 2) {
return;
}
String username = tokens[0];
String password = tokens[1];
/* build xpath */
XPath xPath = XPathFactory.newInstance().newXPath();
InputSource inputXml = new InputSource(xmlFile);
/* INCIDENTAL: CWE180 Incorrect Behavior Order: Validate Before Canonicalize
* The user input should be canonicalized before validation. */
/* POTENTIAL FLAW: user input is used without validate */
String query =
"//users/user[name/text()='"
+ username
+ "' and pass/text()='"
+ password
+ "']"
+ "/secret/text()";
String secret = (String) xPath.evaluate(query, inputXml, XPathConstants.STRING);
}
}
public void bad() throws Throwable {
int data;
if (PRIVATE_STATIC_FINAL_FIVE == 5) {
data = Integer.MIN_VALUE; /* Initialize data */
/* get environment variable ADD */
/* POTENTIAL FLAW: Read data from an environment variable */
{
String stringNumber = System.getenv("ADD");
if (stringNumber != null) // avoid NPD incidental warnings
{
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing data from string",
exceptNumberFormat);
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = 0;
}
if (PRIVATE_STATIC_FINAL_FIVE == 5) {
if (data < 0) /* ensure we won't have an overflow */ {
/* POTENTIAL FLAW: if (data * 2) < Integer.MIN_VALUE, this will underflow */
int result = (int) (data * 2);
IO.writeLine("result: " + result);
}
}
}
public static void main(String[] args) throws Exception {
Server server = new Server(Integer.valueOf(System.getenv("PORT")));
ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
context.setContextPath("/");
server.setHandler(context);
context.addServlet(
new ServletHolder(
new HttpServlet() {
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
resp.getWriter()
.print(
"<h1>umlet-github web service</h1>"
+ "<p>"
+ "<a href=\"https://github.com/CalumJEadie/umlet-github/\">"
+ "https://github.com/CalumJEadie/umlet-github/"
+ "</a>"
+ "</p>");
}
}),
"/");
context.addServlet(new ServletHolder(new UmletGithub()), "/convert/uxf/svg/");
server.start();
server.join();
}
public void bad() throws Throwable {
int data;
if (IO.STATIC_FINAL_TRUE) {
data = Integer.MIN_VALUE; /* Initialize data */
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
{
String stringNumber = System.getProperty("user.home");
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing data from string",
exceptNumberFormat);
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = 0;
}
if (IO.STATIC_FINAL_TRUE) {
/* Need to ensure that the array is of size > 3 and < 101 due to the GoodSource and the large_fixed BadSource */
int array[] = {0, 1, 2, 3, 4};
/* POTENTIAL FLAW: Verify that data < array.length, but don't verify that data > 0, so may be attempting to read out of the array bounds */
if (data < array.length) {
IO.writeLine(array[data]);
} else {
IO.writeLine("Array index out of bounds");
}
}
}
/**
* Writes a log message.
*
* @param str strings to be written
* @param time add performance info
*/
public void log(final boolean time, final Object... str) {
final Object[] obj = new Object[str.length + (time ? 2 : 1)];
obj[0] = remote();
System.arraycopy(str, 0, obj, 1, str.length);
if (time) obj[obj.length - 1] = perf.toString();
context.log.write(obj);
}
private int bad_source() throws Throwable {
int data;
if (badPrivate) {
data = Integer.MIN_VALUE; /* Initialize data */
/* get environment variable ADD */
/* POTENTIAL FLAW: Read data from an environment variable */
{
String stringNumber = System.getenv("ADD");
if (stringNumber != null) // avoid NPD incidental warnings
{
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing data from string",
exceptNumberFormat);
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = 0;
}
return data;
}
/* goodG2B1() - use goodsource and badsink by changing privateTrue to privateFalse */
private void goodG2B1() throws Throwable {
String data;
if (privateFalse) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
} else {
/* FIX: Use a hardcoded string */
data = "foo";
}
String osCommand;
if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) {
/* running on Windows */
osCommand = "c:\\WINDOWS\\SYSTEM32\\cmd.exe /c dir ";
} else {
/* running on non-Windows */
osCommand = "/bin/ls ";
}
/* POTENTIAL FLAW: command injection */
Process process = Runtime.getRuntime().exec(osCommand + data);
process.waitFor();
}
public void bad() throws Throwable {
int data;
data = Integer.MIN_VALUE; /* Initialize data */
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
{
String stringNumber = System.getProperty("user.home");
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING, "Number format exception parsing data from string", exceptNumberFormat);
}
}
/* Need to ensure that the array is of size > 3 and < 101 due to the GoodSource and the large_fixed BadSource */
int array[] = {0, 1, 2, 3, 4};
/* POTENTIAL FLAW: Attempt to write to array at location data, which may be outside the array bounds */
array[data] = 42;
/* Skip reading back data from array since that may be another out of bounds operation */
}
public void bad() throws Throwable {
int data;
if (privateReturnsTrue()) {
data = Integer.MIN_VALUE; /* Initialize data */
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
{
String stringNumber = System.getProperty("user.home");
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing data from string",
exceptNumberFormat);
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = 0;
}
if (privateReturnsTrue()) {
/* Need to ensure that the array is of size > 3 and < 101 due to the GoodSource and the large_fixed BadSource */
int array[] = {0, 1, 2, 3, 4};
/* POTENTIAL FLAW: Attempt to read from array at location data, which may be outside the array bounds */
IO.writeLine(array[data]);
}
}
/* goodG2B2() - use goodsource and badsink by reversing statements in if */
private void goodG2B2() throws Throwable {
String data;
if (IO.static_returns_t()) {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
data = ""; /* init data */
File f = new File("C:\\data.txt");
BufferedReader buffread = null;
FileReader fread = null;
try {
/* read string from file into data */
fread = new FileReader(f);
buffread = new BufferedReader(fread);
data = buffread.readLine(); // This will be reading the first "line" of the file, which
// could be very long if there are little or no newlines in the file\
} catch (IOException ioe) {
log_bad.warning("Error with stream reading");
} catch (NumberFormatException nfe) {
log_bad.warning("Error with number parsing");
} finally {
/* clean up stream reading objects */
try {
if (buffread != null) {
buffread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing buffread");
} finally {
try {
if (fread != null) {
fread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing fread");
}
}
}
}
String osCommand;
if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) {
/* running on Windows */
osCommand = "c:\\WINDOWS\\SYSTEM32\\cmd.exe /c dir ";
} else {
/* running on non-Windows */
osCommand = "/bin/ls ";
}
/* POTENTIAL FLAW: command injection */
Process p = Runtime.getRuntime().exec(osCommand + data);
p.waitFor();
}
/* goodB2G() - use badsource and goodsink */
private void goodB2G() throws Throwable {
int data;
data = Integer.MIN_VALUE; /* Initialize data */
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
{
String stringNumber = System.getProperty("user.home");
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING, "Number format exception parsing data from string", exceptNumberFormat);
}
}
/* Need to ensure that the array is of size > 3 and < 101 due to the GoodSource and the large_fixed BadSource */
int array[] = {0, 1, 2, 3, 4};
/* FIX: Verify index before writing to array at location data */
if (data >= 0 && data < array.length) {
array[data] = 42;
} else {
IO.writeLine("Array index out of bounds");
}
}
/* uses badsource and badsink */
public void bad() throws Throwable {
String data;
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
data = System.getProperty("user.home");
Connection dbConnection = null;
try {
dbConnection = IO.getDBConnection();
/* POTENTIAL FLAW: Set the catalog name with the value of data
* allowing a nonexistent catalog name or unauthorized access to a portion of the DB */
dbConnection.setCatalog(data);
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql);
} finally {
try {
if (dbConnection != null) {
dbConnection.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
}
}
}
/* goodB2G1() - use badsource and goodsink by changing second IO.STATIC_FINAL_FIVE==5 to IO.STATIC_FINAL_FIVE!=5 */
private void goodB2G1() throws Throwable {
String data;
if (IO.STATIC_FINAL_FIVE == 5) {
/* get environment variable ADD */
/* POTENTIAL FLAW: Read data from an environment variable */
data = System.getenv("ADD");
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
}
if (IO.STATIC_FINAL_FIVE != 5) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
IO.writeLine("Benign, fixed string");
} else {
if (data != null) {
String names[] = data.split("-");
int successCount = 0;
Connection dbConnection = null;
PreparedStatement sqlStatement = null;
try {
/* FIX: Use prepared statement and executeBatch (properly) */
dbConnection = IO.getDBConnection();
sqlStatement =
dbConnection.prepareStatement("update users set hitcount=hitcount+1 where name=?");
for (int i = 0; i < names.length; i++) {
sqlStatement.setString(1, names[i]);
sqlStatement.addBatch();
}
int resultsArray[] = sqlStatement.executeBatch();
for (int i = 0; i < names.length; i++) {
if (resultsArray[i] > 0) {
successCount++;
}
}
IO.writeLine("Succeeded in " + successCount + " out of " + names.length + " queries.");
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql);
} finally {
try {
if (sqlStatement != null) {
sqlStatement.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql);
}
try {
if (dbConnection != null) {
dbConnection.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
}
}
}
}
}