Ejemplo n.º 1
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    org.owasp.benchmark.helpers.SeparateClassRequest scr =
        new org.owasp.benchmark.helpers.SeparateClassRequest(request);
    String param = scr.getTheParameter("vector");
    if (param == null) param = "";

    String bar = "safe!";
    java.util.HashMap<String, Object> map51510 = new java.util.HashMap<String, Object>();
    map51510.put("keyA-51510", "a_Value"); // put some stuff in the collection
    map51510.put("keyB-51510", param); // put it in a collection
    map51510.put("keyC", "another_Value"); // put some stuff in the collection
    bar = (String) map51510.get("keyB-51510"); // get it back out
    bar = (String) map51510.get("keyA-51510"); // get safe value back out

    String cmd = "";
    String osName = System.getProperty("os.name");
    if (osName.indexOf("Windows") != -1) {
      cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo");
    }

    Runtime r = Runtime.getRuntime();

    try {
      Process p = r.exec(cmd + bar);
      org.owasp.benchmark.helpers.Utils.printOSCommandResults(p, response);
    } catch (IOException e) {
      System.out.println("Problem executing cmdi - TestCase");
      throw new ServletException(e);
    }
  }
Ejemplo n.º 2
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = "";
    java.util.Enumeration<String> headers = request.getHeaders("foo");
    if (headers.hasMoreElements()) {
      param = headers.nextElement(); // just grab first element
    }

    String bar = doSomething(param);

    String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo") + bar;

    String[] argsEnv = {"Foo=bar"};
    Runtime r = Runtime.getRuntime();

    try {
      Process p = r.exec(cmd, argsEnv);
      org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
    } catch (IOException e) {
      System.out.println("Problem executing cmdi - TestCase");
      throw new ServletException(e);
    }
  } // end doPost
Ejemplo n.º 3
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    java.util.Map<String, String[]> map = request.getParameterMap();
    String param = "";
    if (!map.isEmpty()) {
      String[] values = map.get("vector");
      if (values != null) param = values[0];
    }

    String bar = new Test().doSomething(param);

    String cmd =
        org.owasp.benchmark.helpers.Utils.getInsecureOSCommandString(
            this.getClass().getClassLoader());
    String[] argsEnv = {bar};
    Runtime r = Runtime.getRuntime();
    try {
      Process p = r.exec(cmd, argsEnv, new java.io.File(System.getProperty("user.dir")));
      org.owasp.benchmark.helpers.Utils.printOSCommandResults(p, response);
    } catch (IOException e) {
      System.out.println("Problem executing cmdi - TestCase");
      throw new ServletException(e);
    }
  } // end doPost
Ejemplo n.º 4
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String[] values = request.getParameterValues("foo");
    String param;
    if (values.length != 0) param = request.getParameterValues("foo")[0];
    else param = null;

    String bar = param;
    if (param.length() > 1) {
      StringBuilder sbxyz23220 = new StringBuilder(param);
      bar = sbxyz23220.replace(param.length() - "Z".length(), param.length(), "Z").toString();
    }

    String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo") + bar;

    String[] argsEnv = {"Foo=bar"};
    Runtime r = Runtime.getRuntime();

    try {
      Process p = r.exec(cmd, argsEnv);
      org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
    } catch (IOException e) {
      System.out.println("Problem executing cmdi - TestCase");
      throw new ServletException(e);
    }
  }
Ejemplo n.º 5
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = "";
    java.util.Enumeration<String> headers = request.getHeaders("foo");
    if (headers.hasMoreElements()) {
      param = headers.nextElement(); // just grab first element
    }

    String bar;

    // Simple ? condition that assigns param to bar on false condition
    int i = 106;

    bar = (7 * 42) - i > 200 ? "This should never happen" : param;

    String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo") + bar;

    String[] argsEnv = {"Foo=bar"};
    Runtime r = Runtime.getRuntime();

    try {
      Process p = r.exec(cmd, argsEnv, new java.io.File(System.getProperty("user.dir")));
      org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
    } catch (IOException e) {
      System.out.println("Problem executing cmdi - TestCase");
      throw new ServletException(e);
    }
  }
Ejemplo n.º 6
0
 public String getToolTime(String toolName) {
   String[] results = new String[3];
   String time = null;
   List<String> lines =
       Utils.getLinesFromFile(
           Utils.getFileFromClasspath(CSV_TIMES_FILE, this.getClass().getClassLoader()));
   for (String i : lines) {
     if (i.contains(toolName)) {
       results = i.split(";");
       time = results[2].replaceAll("\"", "");
       // System.out.println(time.split("\\.")[0]);
       return time.split("\\.")[0];
     }
   }
   return "";
 }
Ejemplo n.º 7
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    // some code

    String param = request.getHeader("foo");

    String a1 = "";
    String a2 = "";
    String osName = System.getProperty("os.name");
    if (osName.indexOf("Windows") != -1) {
      a1 = "cmd.exe";
      a2 = "/c";
    } else {
      a1 = "sh";
      a2 = "-c";
    }
    String[] args = {a1, a2, "echo", param};

    ProcessBuilder pb = new ProcessBuilder();

    pb.command(args);

    try {
      Process p = pb.start();
      org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
    } catch (IOException e) {
      System.out.println(
          "Problem executing cmdi - java.lang.ProcessBuilder(java.util.List) Test Case");
      throw new ServletException(e);
    }
  }
Ejemplo n.º 8
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    String[] values = request.getParameterValues("vector");
    String param;
    if (values != null && values.length > 0) param = values[0];
    else param = "";

    String bar = "safe!";
    java.util.HashMap<String, Object> map33225 = new java.util.HashMap<String, Object>();
    map33225.put("keyA-33225", "a Value"); // put some stuff in the collection
    map33225.put("keyB-33225", param); // put it in a collection
    map33225.put("keyC", "another Value"); // put some stuff in the collection
    bar = (String) map33225.get("keyB-33225"); // get it back out

    // javax.servlet.http.HttpSession.putValue(java.lang.String,java.lang.Object^)
    request.getSession().putValue("userid", bar);

    response
        .getWriter()
        .println(
            "Item: 'userid' with value: '"
                + org.owasp.benchmark.helpers.Utils.encodeForHTML(bar)
                + "' saved in session.");
  }
Ejemplo n.º 9
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = request.getHeader("foo");

    String bar = new Test().doSomething(param);

    String a1 = "";
    String a2 = "";
    String osName = System.getProperty("os.name");
    if (osName.indexOf("Windows") != -1) {
      a1 = "cmd.exe";
      a2 = "/c";
    } else {
      a1 = "sh";
      a2 = "-c";
    }
    String[] args = {a1, a2, "echo", bar};

    String[] argsEnv = {"foo=bar"};

    Runtime r = Runtime.getRuntime();

    try {
      Process p = r.exec(args, argsEnv, new java.io.File(System.getProperty("user.dir")));
      org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
    } catch (IOException e) {
      System.out.println("Problem executing cmdi - TestCase");
      throw new ServletException(e);
    }
  } // end doPost
Ejemplo n.º 10
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = request.getHeader("foo");

    String bar = doSomething(param);

    java.util.List<String> argList = new java.util.ArrayList<String>();

    String osName = System.getProperty("os.name");
    if (osName.indexOf("Windows") != -1) {
      argList.add("cmd.exe");
      argList.add("/c");
    } else {
      argList.add("sh");
      argList.add("-c");
    }
    argList.add("echo");
    argList.add(bar);

    ProcessBuilder pb = new ProcessBuilder(argList);

    try {
      Process p = pb.start();
      org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
    } catch (IOException e) {
      System.out.println(
          "Problem executing cmdi - java.lang.ProcessBuilder(java.util.List) Test Case");
      throw new ServletException(e);
    }
  } // end doPost
Ejemplo n.º 11
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    String param = "";
    java.util.Enumeration<String> headers = request.getHeaders("vector");
    if (headers.hasMoreElements()) {
      param = headers.nextElement(); // just grab first element
    }

    String bar = "";
    if (param != null) {
      bar =
          new String(
              new sun.misc.BASE64Decoder()
                  .decodeBuffer(new sun.misc.BASE64Encoder().encode(param.getBytes())));
    }

    String cmd = "";
    String a1 = "";
    String a2 = "";
    String[] args = null;
    String osName = System.getProperty("os.name");

    if (osName.indexOf("Windows") != -1) {
      a1 = "cmd.exe";
      a2 = "/c";
      cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo");
      args = new String[] {a1, a2, cmd, bar};
    } else {
      a1 = "sh";
      a2 = "-c";
      cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ping -c1");
      args = new String[] {a1, a2, cmd + bar};
    }

    Runtime r = Runtime.getRuntime();

    try {
      Process p = r.exec(args);
      org.owasp.benchmark.helpers.Utils.printOSCommandResults(p, response);
    } catch (IOException e) {
      System.out.println("Problem executing cmdi - TestCase");
      throw new ServletException(e);
    }
  }
Ejemplo n.º 12
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    String param = "";
    java.util.Enumeration<String> headers = request.getHeaders("vector");
    if (headers.hasMoreElements()) {
      param = headers.nextElement(); // just grab first element
    }

    String bar;

    // Simple ? condition that assigns param to bar on false condition
    int num = 106;

    bar = (7 * 42) - num > 200 ? "This should never happen" : param;

    String cmd = "";
    String a1 = "";
    String a2 = "";
    String[] args = null;
    String osName = System.getProperty("os.name");

    if (osName.indexOf("Windows") != -1) {
      a1 = "cmd.exe";
      a2 = "/c";
      cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo");
      args = new String[] {a1, a2, cmd, bar};
    } else {
      a1 = "sh";
      a2 = "-c";
      cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ping -c1");
      args = new String[] {a1, a2, cmd + bar};
    }

    Runtime r = Runtime.getRuntime();

    try {
      Process p = r.exec(args);
      org.owasp.benchmark.helpers.Utils.printOSCommandResults(p, response);
    } catch (IOException e) {
      System.out.println("Problem executing cmdi - TestCase");
      throw new ServletException(e);
    }
  }
Ejemplo n.º 13
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    javax.servlet.http.Cookie[] cookies = request.getCookies();

    String param = null;
    boolean foundit = false;
    if (cookies != null) {
      for (javax.servlet.http.Cookie cookie : cookies) {
        if (cookie.getName().equals("foo")) {
          param = cookie.getValue();
          foundit = true;
        }
      }
      if (!foundit) {
        // no cookie found in collection
        param = "";
      }
    } else {
      // no cookies
      param = "";
    }

    java.util.List<String> valuesList = new java.util.ArrayList<String>();
    valuesList.add("safe");
    valuesList.add(param);
    valuesList.add("moresafe");

    valuesList.remove(0); // remove the 1st safe value

    String bar = valuesList.get(1); // get the last 'safe' value

    String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo") + bar;

    String[] argsEnv = {"Foo=bar"};
    Runtime r = Runtime.getRuntime();

    try {
      Process p = r.exec(cmd, argsEnv, new java.io.File(System.getProperty("user.dir")));
      org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
    } catch (IOException e) {
      System.out.println("Problem executing cmdi - TestCase");
      throw new ServletException(e);
    }
  }
Ejemplo n.º 14
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    javax.servlet.http.Cookie[] cookies = request.getCookies();

    String param = null;
    boolean foundit = false;
    if (cookies != null) {
      for (javax.servlet.http.Cookie cookie : cookies) {
        if (cookie.getName().equals("foo")) {
          param = cookie.getValue();
          foundit = true;
        }
      }
      if (!foundit) {
        // no cookie found in collection
        param = "";
      }
    } else {
      // no cookies
      param = "";
    }

    String bar =
        new String(
            new sun.misc.BASE64Decoder()
                .decodeBuffer(new sun.misc.BASE64Encoder().encode(param.getBytes())));

    String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo");

    String[] argsEnv = {bar};
    Runtime r = Runtime.getRuntime();

    try {
      Process p = r.exec(cmd, argsEnv, new java.io.File(System.getProperty("user.dir")));
      org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
    } catch (IOException e) {
      System.out.println("Problem executing cmdi - TestCase");
      throw new ServletException(e);
    }
  }
Ejemplo n.º 15
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    org.owasp.benchmark.helpers.SeparateClassRequest scr =
        new org.owasp.benchmark.helpers.SeparateClassRequest(request);
    String param = scr.getTheParameter("vector");
    if (param == null) param = "";

    String bar = new Test().doSomething(param);

    String cmd = "";
    String a1 = "";
    String a2 = "";
    String[] args = null;
    String osName = System.getProperty("os.name");

    if (osName.indexOf("Windows") != -1) {
      a1 = "cmd.exe";
      a2 = "/c";
      cmd = "echo ";
      args = new String[] {a1, a2, cmd, bar};
    } else {
      a1 = "sh";
      a2 = "-c";
      cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
      args = new String[] {a1, a2, cmd + bar};
    }

    String[] argsEnv = {"foo=bar"};

    Runtime r = Runtime.getRuntime();

    try {
      Process p = r.exec(args, argsEnv);
      org.owasp.benchmark.helpers.Utils.printOSCommandResults(p, response);
    } catch (IOException e) {
      System.out.println("Problem executing cmdi - TestCase");
      throw new ServletException(e);
    }
  } // end doPost
Ejemplo n.º 16
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = request.getParameter("foo");

    // Chain a bunch of propagators in sequence
    String a26691 = param; // assign
    StringBuilder b26691 = new StringBuilder(a26691); // stick in stringbuilder
    b26691.append(" SafeStuff"); // append some safe content
    b26691.replace(
        b26691.length() - "Chars".length(),
        b26691.length(),
        "Chars"); // replace some of the end content
    java.util.HashMap<String, Object> map26691 = new java.util.HashMap<String, Object>();
    map26691.put("key26691", b26691.toString()); // put in a collection
    String c26691 = (String) map26691.get("key26691"); // get it back out
    String d26691 = c26691.substring(0, c26691.length() - 1); // extract most of it
    String e26691 =
        new String(
            new sun.misc.BASE64Decoder()
                .decodeBuffer(
                    new sun.misc.BASE64Encoder()
                        .encode(d26691.getBytes()))); // B64 encode and decode it
    String f26691 = e26691.split(" ")[0]; // split it on a space
    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String bar = thing.doSomething(f26691); // reflection

    String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo");

    String[] argsEnv = {bar};
    Runtime r = Runtime.getRuntime();

    try {
      Process p = r.exec(cmd, argsEnv, new java.io.File(System.getProperty("user.dir")));
      org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
    } catch (IOException e) {
      System.out.println("Problem executing cmdi - TestCase");
      throw new ServletException(e);
    }
  }
Ejemplo n.º 17
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = request.getHeader("foo");

    String bar = new Test().doSomething(param);

    String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo") + bar;

    String[] argsEnv = {"Foo=bar"};
    Runtime r = Runtime.getRuntime();

    try {
      Process p = r.exec(cmd, argsEnv);
      org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
    } catch (IOException e) {
      System.out.println("Problem executing cmdi - TestCase");
      throw new ServletException(e);
    }
  } // end doPost
Ejemplo n.º 18
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = request.getHeader("foo");

    // Chain a bunch of propagators in sequence
    String a89890 = param; // assign
    StringBuilder b89890 = new StringBuilder(a89890); // stick in stringbuilder
    b89890.append(" SafeStuff"); // append some safe content
    b89890.replace(
        b89890.length() - "Chars".length(),
        b89890.length(),
        "Chars"); // replace some of the end content
    java.util.HashMap<String, Object> map89890 = new java.util.HashMap<String, Object>();
    map89890.put("key89890", b89890.toString()); // put in a collection
    String c89890 = (String) map89890.get("key89890"); // get it back out
    String d89890 = c89890.substring(0, c89890.length() - 1); // extract most of it
    String e89890 =
        new String(
            new sun.misc.BASE64Decoder()
                .decodeBuffer(
                    new sun.misc.BASE64Encoder()
                        .encode(d89890.getBytes()))); // B64 encode and decode it
    String f89890 = e89890.split(" ")[0]; // split it on a space
    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String bar = thing.doSomething(f89890); // reflection

    String a1 = "";
    String a2 = "";
    String osName = System.getProperty("os.name");
    if (osName.indexOf("Windows") != -1) {
      a1 = "cmd.exe";
      a2 = "/c";
    } else {
      a1 = "sh";
      a2 = "-c";
    }
    String[] args = {a1, a2, "echo", bar};

    ProcessBuilder pb = new ProcessBuilder(args);

    try {
      Process p = pb.start();
      org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
    } catch (IOException e) {
      System.out.println(
          "Problem executing cmdi - java.lang.ProcessBuilder(java.lang.String[]) Test Case");
      throw new ServletException(e);
    }
  }
Ejemplo n.º 19
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    javax.servlet.http.Cookie[] theCookies = request.getCookies();

    String param = null;
    boolean foundit = false;
    if (theCookies != null) {
      for (javax.servlet.http.Cookie theCookie : theCookies) {
        if (theCookie.getName().equals("vector")) {
          param = java.net.URLDecoder.decode(theCookie.getValue(), "UTF-8");
          foundit = true;
        }
      }
      if (!foundit) {
        // no cookie found in collection
        param = "";
      }
    } else {
      // no cookies
      param = "";
    }

    String bar = new Test().doSomething(param);

    try {
      java.io.FileInputStream file =
          new java.io.FileInputStream(
              org.owasp.benchmark.helpers.Utils.getFileFromClasspath(
                  "employees.xml", this.getClass().getClassLoader()));
      javax.xml.parsers.DocumentBuilderFactory builderFactory =
          javax.xml.parsers.DocumentBuilderFactory.newInstance();
      javax.xml.parsers.DocumentBuilder builder = builderFactory.newDocumentBuilder();
      org.w3c.dom.Document xmlDocument = builder.parse(file);
      javax.xml.xpath.XPathFactory xpf = javax.xml.xpath.XPathFactory.newInstance();
      javax.xml.xpath.XPath xp = xpf.newXPath();

      response.getWriter().println("Your query results are: <br/>");
      String expression = "/Employees/Employee[@emplid='" + bar + "']";
      response.getWriter().println(xp.evaluate(expression, xmlDocument) + "<br/>");

    } catch (javax.xml.xpath.XPathExpressionException e) {
      // OK to swallow
      System.out.println("XPath expression exception caught and swallowed: " + e.getMessage());
    } catch (javax.xml.parsers.ParserConfigurationException e) {
      System.out.println("XPath expression exception caught and swallowed: " + e.getMessage());
    } catch (org.xml.sax.SAXException e) {
      System.out.println("XPath expression exception caught and swallowed: " + e.getMessage());
    }
  } // end doPost
Ejemplo n.º 20
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    javax.servlet.http.Cookie[] cookies = request.getCookies();

    String param = null;
    boolean foundit = false;
    if (cookies != null) {
      for (javax.servlet.http.Cookie cookie : cookies) {
        if (cookie.getName().equals("foo")) {
          param = cookie.getValue();
          foundit = true;
        }
      }
      if (!foundit) {
        // no cookie found in collection
        param = "";
      }
    } else {
      // no cookies
      param = "";
    }

    String bar = param;
    if (param.length() > 1) {
      StringBuilder sbxyz80074 = new StringBuilder(param);
      bar = sbxyz80074.replace(param.length() - "Z".length(), param.length(), "Z").toString();
    }

    String a1 = "";
    String a2 = "";
    String osName = System.getProperty("os.name");
    if (osName.indexOf("Windows") != -1) {
      a1 = "cmd.exe";
      a2 = "/c";
    } else {
      a1 = "sh";
      a2 = "-c";
    }
    String[] args = {a1, a2, "echo", bar};

    Runtime r = Runtime.getRuntime();

    try {
      Process p = r.exec(args);
      org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
    } catch (IOException e) {
      System.out.println("Problem executing cmdi - TestCase");
      throw new ServletException(e);
    }
  }
Ejemplo n.º 21
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = request.getHeader("foo");

    StringBuilder sbxyz47510 = new StringBuilder(param);
    String bar = sbxyz47510.append("_SafeStuff").toString();

    String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo");

    String[] argsEnv = {bar};
    Runtime r = Runtime.getRuntime();

    try {
      Process p = r.exec(cmd, argsEnv, new java.io.File(System.getProperty("user.dir")));
      org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
    } catch (IOException e) {
      System.out.println("Problem executing cmdi - TestCase");
      throw new ServletException(e);
    }
  }
Ejemplo n.º 22
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    javax.servlet.http.Cookie[] cookies = request.getCookies();

    String param = null;
    boolean foundit = false;
    if (cookies != null) {
      for (javax.servlet.http.Cookie cookie : cookies) {
        if (cookie.getName().equals("foo")) {
          param = cookie.getValue();
          foundit = true;
        }
      }
      if (!foundit) {
        // no cookie found in collection
        param = "";
      }
    } else {
      // no cookies
      param = "";
    }

    String bar = new Test().doSomething(param);

    String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo");

    Runtime r = Runtime.getRuntime();

    try {
      Process p = r.exec(cmd + bar);
      org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
    } catch (IOException e) {
      System.out.println("Problem executing cmdi - TestCase");
      throw new ServletException(e);
    }
  } // end doPost
Ejemplo n.º 23
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    org.owasp.benchmark.helpers.SeparateClassRequest scr =
        new org.owasp.benchmark.helpers.SeparateClassRequest(request);
    String param = scr.getTheValue("foo");

    String bar = new Test().doSomething(param);

    String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo") + bar;

    String[] argsEnv = {"Foo=bar"};
    Runtime r = Runtime.getRuntime();

    try {
      Process p = r.exec(cmd, argsEnv, new java.io.File(System.getProperty("user.dir")));
      org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
    } catch (IOException e) {
      System.out.println("Problem executing cmdi - TestCase");
      throw new ServletException(e);
    }
  } // end doPost
Ejemplo n.º 24
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = request.getHeader("foo");

    String bar = new Test().doSomething(param);

    try {
      javax.naming.directory.InitialDirContext idc =
          org.owasp.benchmark.helpers.Utils.getInitialDirContext();
      idc.search("name", bar, new javax.naming.directory.SearchControls());
    } catch (javax.naming.NamingException e) {
      throw new ServletException(e);
    }
  } // end doPost
Ejemplo n.º 25
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    String param = "";
    boolean flag = true;
    java.util.Enumeration<String> names = request.getParameterNames();
    while (names.hasMoreElements() && flag) {
      String name = (String) names.nextElement();
      String[] values = request.getParameterValues(name);
      if (values != null) {
        for (int i = 0; i < values.length && flag; i++) {
          String value = values[i];
          if (value.equals("vector")) {
            param = name;
            flag = false;
          }
        }
      }
    }

    String bar = doSomething(param);

    String a1 = "";
    String a2 = "";
    String osName = System.getProperty("os.name");
    if (osName.indexOf("Windows") != -1) {
      a1 = "cmd.exe";
      a2 = "/c";
    } else {
      a1 = "sh";
      a2 = "-c";
    }
    String[] args = {a1, a2, "echo " + bar};

    ProcessBuilder pb = new ProcessBuilder(args);

    try {
      Process p = pb.start();
      org.owasp.benchmark.helpers.Utils.printOSCommandResults(p, response);
    } catch (IOException e) {
      System.out.println(
          "Problem executing cmdi - java.lang.ProcessBuilder(java.lang.String[]) Test Case");
      throw new ServletException(e);
    }
  } // end doPost
Ejemplo n.º 26
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    org.owasp.benchmark.helpers.SeparateClassRequest scr =
        new org.owasp.benchmark.helpers.SeparateClassRequest(request);
    String param = scr.getTheValue("foo");

    String bar = doSomething(param);

    try {
      javax.naming.directory.DirContext dc = org.owasp.benchmark.helpers.Utils.getDirContext();
      dc.search("name", bar, new javax.naming.directory.SearchControls());
    } catch (javax.naming.NamingException e) {
      throw new ServletException(e);
    }
  } // end doPost
Ejemplo n.º 27
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    java.util.Map<String, String[]> map = request.getParameterMap();
    String param = "";
    if (!map.isEmpty()) {
      String[] values = map.get("vector");
      if (values != null) param = values[0];
    }

    String bar = new Test().doSomething(param);

    try {
      java.io.FileInputStream file =
          new java.io.FileInputStream(
              org.owasp.benchmark.helpers.Utils.getFileFromClasspath(
                  "employees.xml", this.getClass().getClassLoader()));
      javax.xml.parsers.DocumentBuilderFactory builderFactory =
          javax.xml.parsers.DocumentBuilderFactory.newInstance();
      javax.xml.parsers.DocumentBuilder builder = builderFactory.newDocumentBuilder();
      org.w3c.dom.Document xmlDocument = builder.parse(file);
      javax.xml.xpath.XPathFactory xpf = javax.xml.xpath.XPathFactory.newInstance();
      javax.xml.xpath.XPath xp = xpf.newXPath();

      String expression = "/Employees/Employee[@emplid='" + bar + "']";

      response.getWriter().println("Your query results are: <br/>");
      org.w3c.dom.NodeList nodeList =
          (org.w3c.dom.NodeList)
              xp.compile(expression).evaluate(xmlDocument, javax.xml.xpath.XPathConstants.NODESET);
      for (int i = 0; i < nodeList.getLength(); i++) {
        org.w3c.dom.Element value = (org.w3c.dom.Element) nodeList.item(i);
        response.getWriter().println(value.getTextContent() + "<br/>");
      }
    } catch (javax.xml.xpath.XPathExpressionException e) {
      // OK to swallow
      System.out.println("XPath expression exception caught and swallowed: " + e.getMessage());
    } catch (javax.xml.parsers.ParserConfigurationException e) {
      System.out.println("XPath expression exception caught and swallowed: " + e.getMessage());
    } catch (org.xml.sax.SAXException e) {
      System.out.println("XPath expression exception caught and swallowed: " + e.getMessage());
    }
  } // end doPost
Ejemplo n.º 28
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    org.owasp.benchmark.helpers.SeparateClassRequest scr =
        new org.owasp.benchmark.helpers.SeparateClassRequest(request);
    String param = scr.getTheValue("foo");

    StringBuilder sbxyz66124 = new StringBuilder(param);
    String bar = sbxyz66124.append("_SafeStuff").toString();

    try {
      javax.naming.directory.InitialDirContext idc =
          org.owasp.benchmark.helpers.Utils.getInitialDirContext();
      Object[] filterArgs = {"a", "b"};
      idc.search("name", bar, filterArgs, new javax.naming.directory.SearchControls());
    } catch (javax.naming.NamingException e) {
      throw new ServletException(e);
    }
  }
Ejemplo n.º 29
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    java.util.Map<String, String[]> map = request.getParameterMap();
    String param = "";
    if (!map.isEmpty()) {
      param = map.get("foo")[0];
    }

    String bar = new Test().doSomething(param);

    try {
      javax.naming.directory.DirContext dc = org.owasp.benchmark.helpers.Utils.getDirContext();
      Object[] filterArgs = {"a", "b"};
      dc.search("name", bar, filterArgs, new javax.naming.directory.SearchControls());
    } catch (javax.naming.NamingException e) {
      throw new ServletException(e);
    }
  } // end doPost
Ejemplo n.º 30
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = "";
    java.util.Enumeration<String> headers = request.getHeaders("foo");
    if (headers.hasMoreElements()) {
      param = headers.nextElement(); // just grab first element
    }

    String bar = new Test().doSomething(param);

    try {
      javax.naming.directory.InitialDirContext idc =
          org.owasp.benchmark.helpers.Utils.getInitialDirContext();
      idc.search("name", bar, new javax.naming.directory.SearchControls());
    } catch (javax.naming.NamingException e) {
      throw new ServletException(e);
    }
  } // end doPost