/* goodB2G() - use badsource and goodsink by changing the second "if" so that
  both branches use the GoodSink */
  private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;
    if (IO.static_returns_t_or_f()) {
      Logger log_bad = Logger.getLogger("local-logger");
      /* read parameter from cookie */
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        data = cookieSources[0].getValue();
      } else {
        data = null;
      }
    } else {

      Logger log_bad = Logger.getLogger("local-logger");

      /* read parameter from cookie */
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        data = cookieSources[0].getValue();
      } else {
        data = null;
      }
    }
    if (IO.static_returns_t_or_f()) {
      /* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
      data = URLEncoder.encode(data, "UTF-16");
      response.addHeader("Location", "/author.jsp?lang=" + data);
    } else {

      /* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
      data = URLEncoder.encode(data, "UTF-16");
      response.addHeader("Location", "/author.jsp?lang=" + data);
    }
  }
  @Override
  protected void doPost(HttpServletRequest req, HttpServletResponse resp)
      throws ServletException, IOException {
    HttpSession session = req.getSession();
    String exitParam = req.getParameter("exit");
    String deleteParam = req.getParameter("delete");
    String settingsParam = req.getParameter("settings");

    if ("settings".equals(settingsParam)) {
      resp.sendRedirect("/profileSettings");
      return;
    }

    if ("exit".equals(exitParam)) {
      // обнуляем куку
      Cookie[] cookies = req.getCookies();
      if (cookies != null) {
        for (Cookie cookie : cookies) {
          if (cookie.getName().equals("remember")) {
            cookie.setMaxAge(0);
            cookie.setValue(null);
            resp.addCookie(cookie);
            break;
          }
        }
      }
      session.setAttribute("user_a", null);
      resp.sendRedirect("/login");
    }

    if ("delete".equals(deleteParam)) {
      // обнуляем куку
      Cookie[] cookies = req.getCookies();
      if (cookies != null) {
        for (Cookie cookie : cookies) {
          if (cookie.getName().equals("remember")) {
            cookie.setMaxAge(0);
            cookie.setValue(null);
            resp.addCookie(cookie);
            break;
          }
        }
      }
      try {
        UserRepository.deleteUser((User) session.getAttribute("user_a"));
      } catch (SQLException e) {
        req.setAttribute("message", "Some problems with server");
        resp.sendRedirect("/profile");

        e.printStackTrace();
      }
      session.setAttribute("user_a", null);
      resp.sendRedirect("/welcome");
    }
  }
  /* goodG2B1() - use goodsource and badsink by changing first 5==5 to 5!=5 */
  private void goodG2B1(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;
    /* INCIDENTAL: CWE 570 Statement is Always False */
    if (5 != 5) {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
      Logger log_bad = Logger.getLogger("local-logger");
      /* read parameter from cookie */
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        data = cookieSources[0].getValue();
      } else {
        data = null;
      }
    } else {

      java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");

      /* FIX: Use a hardcoded string */
      data = "foo";
    }
    /* INCIDENTAL: CWE 571 Statement is Always True */
    if (5 == 5) {
      Cookie cookieSink = new Cookie("lang", data);
      /* POTENTIAL FLAW: Input not verified before inclusion in the cookie */
      response.addCookie(cookieSink);
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

      Cookie cookieSink = new Cookie("lang", URLEncoder.encode(data, "UTF-16"));
      /* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
      response.addCookie(cookieSink);
    }
  }
  public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;
    if (IO.static_returns_t_or_f()) {
      Logger log_bad = Logger.getLogger("local-logger");
      /* read parameter from cookie */
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        data = cookieSources[0].getValue();
      } else {
        data = null;
      }
    } else {

      java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");

      /* FIX: Use a hardcoded string */
      data = "foo";
    }
    if (IO.static_returns_t_or_f()) {
      /* POTENTIAL FLAW: Input from file not verified */
      response.addHeader("Location", "/author.jsp?lang=" + data);
    } else {

      /* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
      data = URLEncoder.encode(data, "UTF-16");
      response.addHeader("Location", "/author.jsp?lang=" + data);
    }
  }
  public void doGet(HttpServletRequest request, HttpServletResponse response)
      throws IOException, ServletException {
    response.setContentType("text/html");
    PrintWriter out = response.getWriter();

    if (request.getParameter("setcookie") != null) {
      Cookie cookie = new Cookie("Learningjava", "Cookies!");
      cookie.setMaxAge(3600);
      response.addCookie(cookie);
      out.println("<html><body><h1>Cookie Set...</h1>");
    } else {
      out.println("<html><body>");
      Cookie[] cookies = request.getCookies();
      if (cookies.length == 0) {
        out.println("<h1>No cookies found...</h1>");
      } else {
        for (int i = 0; i < cookies.length; i++)
          out.print(
              "<h1>Name: "
                  + cookies[i].getName()
                  + "<br>"
                  + "Value: "
                  + cookies[i].getValue()
                  + "</h1>");
      }
      out.println(
          "<p><a href=\""
              + request.getRequestURI()
              + "?setcookie=true\">"
              + "Reset the Learning Java cookie.</a>");
    }
    out.println("</body></html>");
  }
  /* goodB2G() - use badsource and goodsink */
  private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    int data;

    data = Integer.MIN_VALUE; /* initialize data in case there are no cookies */

    /* Read data from cookies */
    {
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        /* POTENTIAL FLAW: Read data from the first cookie value */
        String stringNumber = cookieSources[0].getValue();
        try {
          data = Integer.parseInt(stringNumber.trim());
        } catch (NumberFormatException exceptNumberFormat) {
          IO.logger.log(
              Level.WARNING,
              "Number format exception reading data from cookie",
              exceptNumberFormat);
        }
      }
    }

    (new CWE129_Improper_Validation_of_Array_Index__getCookies_Servlet_array_write_no_check_53b())
        .goodB2GSink(data, request, response);
  }
Example #7
0
 @Override
 public Cookie getCookie(final String name) {
   for (final javax.servlet.http.Cookie c : req.getCookies()) {
     if (c.getName().equals(name)) return new BXServletCookie(c);
   }
   return null;
 }
  public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    int data_copy;
    {
      int data;

      Logger log_bad = Logger.getLogger("local-logger");

      /* init Data$ */
      data = -1;

      /* read parameter from cookie */
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        String s_data = cookieSources[0].getValue();
        data = Integer.parseInt(s_data.trim());
      }

      data_copy = data;
    }
    {
      int data = data_copy;

      /* POTENTIAL FLAW: Zero modulus will cause an issue.  An integer division will
      result in an exception.  */
      IO.writeLine("100%" + String.valueOf(data) + " = " + (100 % data) + "\n");
    }
  }
  /* goodB2G() - use badsource and goodsink */
  private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    int data_copy;
    {
      int data;

      Logger log_bad = Logger.getLogger("local-logger");

      /* init Data$ */
      data = -1;

      /* read parameter from cookie */
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        String s_data = cookieSources[0].getValue();
        data = Integer.parseInt(s_data.trim());
      }

      data_copy = data;
    }
    {
      int data = data_copy;

      /* FIX: test for a zero modulus */
      if (data != 0) {
        IO.writeLine("100%" + String.valueOf(data) + " = " + (100 % data) + "\n");
      } else {
        IO.writeLine("This would result in a modulo by zero");
      }
    }
  }
  public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;

    Logger log_bad = Logger.getLogger("local-logger");

    /* read parameter from cookie */
    Cookie cookieSources[] = request.getCookies();
    if (cookieSources != null) {
      data = cookieSources[0].getValue();
    } else {
      data = null;
    }

    {
      try {
        int iConversion = Integer.valueOf(data);
      } catch (Exception e) {
        e.printStackTrace(); /* POTENTIAL FLAW: Print stack trace on error */
      }
    }

    if (true) return; /* INCIDENTAL: CWE 571 Expression is Always True.
		  We need the "if(true)" because the Java Language Spec requires that
		  unreachable code generate a compiler error */

    /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
    {
      try {
        int iConversion = Integer.valueOf(data);
      } catch (Exception e) {
        IO.writeLine("There was an error parsing the string"); /* FIX: print a generic message */
      }
    }
  }
  /* goodG2B2() - use goodsource and badsink by reversing statements in if */
  private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;
    if (IO.static_t) {
      java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
      /* FIX: Use a hardcoded string */
      data = "foo";
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

      Logger log_bad = Logger.getLogger("local-logger");

      /* read parameter from cookie */
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        data = cookieSources[0].getValue();
      } else {
        data = null;
      }
    }

    if (data != null) {
      /* POTENTIAL FLAW: script code (e.g. id=<script>alert('xss')</script>) is sent to the client; The built-in J2EE server automatically does some HTML entity encoding.  Therefore, to test this, change response.sendError to response.getWriter().println and remove the 404,
       */
      response.sendError(404, "<br>bad() - Parameter name has value " + data);
    }
  }
  /* uses badsource and badsink */
  public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    int dataCopy;
    {
      int data;

      data = Integer.MIN_VALUE; /* initialize data in case there are no cookies */

      /* Read data from cookies */
      {
        Cookie cookieSources[] = request.getCookies();
        if (cookieSources != null) {
          /* POTENTIAL FLAW: Read data from the first cookie value */
          String stringNumber = cookieSources[0].getValue();
          try {
            data = Integer.parseInt(stringNumber.trim());
          } catch (NumberFormatException exceptNumberFormat) {
            IO.logger.log(
                Level.WARNING,
                "Number format exception reading data from cookie",
                exceptNumberFormat);
          }
        }
      }

      dataCopy = data;
    }
    {
      int data = dataCopy;

      /* POTENTIAL FLAW: Create a HashSet using data as the initial size.  data may be very large, creating memory issues */
      HashSet intHashSet = new HashSet(data);
    }
  }
Example #13
0
 private void worker(HttpServletRequest request, HttpServletResponse response) throws IOException {
   System.out.println("Login servlet!");
   JSONObject answer = new JSONObject();
   String user, pass, session = null;
   Cookie[] cookies = request.getCookies();
   if (cookies != null)
     for (Cookie cookie : cookies)
       if (cookie.getName().equals("JSESSIONID")) session = cookie.getValue();
   try {
     // Auth by cookie session
     if (session != null) {
       authenticationBySession(response, answer, session);
     } else {
       // try auth by pass and name
       if (request.getAttribute("user") != null && request.getAttribute("pass") != null) {
         user = request.getAttribute("user").toString();
         pass = request.getAttribute("pass").toString();
         System.out.println(user + " / " + pass);
         authenticationByPassword(request, response, answer, user, pass);
       } else {
         answer.put("answer", "Bad request. No fields \"user\" or \"pass\" in request!");
         answer.put("code", 400);
       }
     }
   } catch (Exception e) {
     answer.put("answer", "Server error: " + e.toString());
     answer.put("code", 500);
     e.getStackTrace();
   }
   PrintWriter out = response.getWriter();
   out.write(answer.toString());
 }
  /* goodG2B2() - use goodsource and badsink by reversing statements in if */
  private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;
    if (IO.static_final_t) {
      java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
      /* FIX: Use a hardcoded string */
      data = "foo";
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

      Logger log_bad = Logger.getLogger("local-logger");

      /* read parameter from cookie */
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        data = cookieSources[0].getValue();
      } else {
        data = null;
      }
    }

    String root = "C:\\uploads\\";
    /* POTENTIAL FLAW: no validation of concatenated value */
    File fIn = new File(root + data);
    if (fIn.exists() && fIn.isFile()) {
      IO.writeLine(new BufferedReader(new FileReader(fIn)).readLine());
    }
  }
  public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    int count;
    if (PRIVATE_STATIC_FINAL_TRUE) {
      count = Integer.MIN_VALUE; /* initialize count in case there are no cookies */
      /* Read count from cookies */
      {
        Cookie cookieSources[] = request.getCookies();
        if (cookieSources != null) {
          /* POTENTIAL FLAW: Read count from the first cookie value */
          String stringNumber = cookieSources[0].getValue();
          try {
            count = Integer.parseInt(stringNumber.trim());
          } catch (NumberFormatException exceptNumberFormat) {
            IO.logger.log(
                Level.WARNING,
                "Number format exception reading count from cookie",
                exceptNumberFormat);
          }
        }
      }
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run
       * but ensure count is inititialized before the Sink to avoid compiler errors */
      count = 0;
    }

    if (PRIVATE_STATIC_FINAL_TRUE) {
      int i = 0;
      /* POTENTIAL FLAW: For loop using count as the loop variant and no validation */
      for (i = 0; i < count; i++) {
        IO.writeLine("Hello");
      }
    }
  }
Example #16
0
 private void invalidateCookies(HttpServletRequest request, HttpServletResponse response) {
   Cookie[] c = request.getCookies();
   for (Cookie cookie : c) {
     cookie.setMaxAge(0);
     LOGGER.info(TextUtils.merge("Invalidate cookie: {0}", cookie.getName()));
     response.addCookie(cookie);
   }
 }
  /* goodG2B() - use goodsource and badsink by moving BadSource and BadSink to after return */
  private void goodG2B(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;
    {
      java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");

      /* FIX: Use a hardcoded string */
      data = "foo";

      if (data != null) {
        /* This prevents \r\n (and other chars) and should prevent incidentals such
         * as HTTP Response Splitting and HTTP Header Injection.
         */
        URI u;
        try {
          u = new URI(data);
        } catch (URISyntaxException e) {
          response.getWriter().write("Invalid redirect URL");
          return;
        }
        /* POTENTIAL FLAW: redirect is sent verbatim; escape the string to prevent ancillary issues like XSS, Response splitting etc */
        response.sendRedirect(data);
        return;
      }
    }

    if (true) return; /* INCIDENTAL: CWE 571 Expression is Always True.
		  We need the "if(true)" because the Java Language Spec requires that
		  unreachable code generate a compiler error */

    /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
    {
      Logger log_bad = Logger.getLogger("local-logger");

      /* read parameter from cookie */
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        data = cookieSources[0].getValue();
      } else {
        data = null;
      }

      if (data != null) {
        /* This prevents \r\n (and other chars) and should prevent incidentals such
         * as HTTP Response Splitting and HTTP Header Injection.
         */
        URI u;
        try {
          u = new URI(data);
        } catch (URISyntaxException e) {
          response.getWriter().write("Invalid redirect URL");
          return;
        }
        /* POTENTIAL FLAW: redirect is sent verbatim; escape the string to prevent ancillary issues like XSS, Response splitting etc */
        response.sendRedirect(data);
        return;
      }
    }
  }
  public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    int data;

    data = Integer.MIN_VALUE; /* initialize data in case there are no cookies */

    /* Read data from cookies */
    {
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        /* POTENTIAL FLAW: Read data from the first cookie value */
        String stringNumber = cookieSources[0].getValue();
        try {
          data = Integer.parseInt(stringNumber.trim());
        } catch (NumberFormatException exceptNumberFormat) {
          IO.logger.log(
              Level.WARNING,
              "Number format exception reading data from cookie",
              exceptNumberFormat);
        }
      }
    }

    /* serialize data to a byte array */
    ByteArrayOutputStream streamByteArrayOutput = null;
    ObjectOutput outputObject = null;

    try {
      streamByteArrayOutput = new ByteArrayOutputStream();
      outputObject = new ObjectOutputStream(streamByteArrayOutput);
      outputObject.writeObject(data);
      byte[] dataSerialized = streamByteArrayOutput.toByteArray();
      (new CWE129_Improper_Validation_of_Array_Index__getCookies_Servlet_array_size_75b())
          .badSink(dataSerialized, request, response);
    } catch (IOException exceptIO) {
      IO.logger.log(Level.WARNING, "IOException in serialization", exceptIO);
    } finally {
      /* clean up stream writing objects */
      try {
        if (outputObject != null) {
          outputObject.close();
        }
      } catch (IOException exceptIO) {
        IO.logger.log(Level.WARNING, "Error closing ObjectOutputStream", exceptIO);
      }

      try {
        if (streamByteArrayOutput != null) {
          streamByteArrayOutput.close();
        }
      } catch (IOException exceptIO) {
        IO.logger.log(Level.WARNING, "Error closing ByteArrayOutputStream", exceptIO);
      }
    }
  }
Example #19
0
 // getBrowserInfiniteCookie
 public static String getBrowserInfiniteCookie(HttpServletRequest request) {
   Cookie[] cookieJar = request.getCookies();
   if (cookieJar != null) {
     for (Cookie cookie : cookieJar) {
       if (cookie.getName().equals("infinitecookie")) {
         return cookie.getValue() + ";";
       }
     }
   }
   return null;
 } // TESTED
  /* goodB2G() - use BadSource and GoodSink */
  private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    int count;

    count = Integer.MIN_VALUE; /* initialize count in case there are no cookies */

    /* Read count from cookies */
    {
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        /* POTENTIAL FLAW: Read count from the first cookie value */
        String stringNumber = cookieSources[0].getValue();
        try {
          count = Integer.parseInt(stringNumber.trim());
        } catch (NumberFormatException exceptNumberFormat) {
          IO.logger.log(
              Level.WARNING,
              "Number format exception reading count from cookie",
              exceptNumberFormat);
        }
      }
    }

    /* serialize count to a byte array */
    ByteArrayOutputStream streamByteArrayOutput = null;
    ObjectOutput outputObject = null;

    try {
      streamByteArrayOutput = new ByteArrayOutputStream();
      outputObject = new ObjectOutputStream(streamByteArrayOutput);
      outputObject.writeObject(count);
      byte[] countSerialized = streamByteArrayOutput.toByteArray();
      (new CWE400_Resource_Exhaustion__getCookies_Servlet_write_75b())
          .goodB2GSink(countSerialized, request, response);
    } catch (IOException exceptIO) {
      IO.logger.log(Level.WARNING, "IOException in serialization", exceptIO);
    } finally {
      /* clean up stream writing objects */
      try {
        if (outputObject != null) {
          outputObject.close();
        }
      } catch (IOException exceptIO) {
        IO.logger.log(Level.WARNING, "Error closing ObjectOutputStream", exceptIO);
      }

      try {
        if (streamByteArrayOutput != null) {
          streamByteArrayOutput.close();
        }
      } catch (IOException exceptIO) {
        IO.logger.log(Level.WARNING, "Error closing ByteArrayOutputStream", exceptIO);
      }
    }
  }
Example #21
0
 private Cookie getCookie(String name, HttpServletRequest request) {
   Cookie[] cookies = request.getCookies();
   if (cookies == null) {
     return null;
   }
   for (int i = 0; i < cookies.length; i++) {
     if (cookies[i].getName().equals(name)) {
       return cookies[i];
     }
   }
   return null;
 }
  /* goodB2G() - use badsource and goodsink */
  private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;

    Logger log_bad = Logger.getLogger("local-logger");

    /* read parameter from cookie */
    Cookie cookieSources[] = request.getCookies();
    if (cookieSources != null) {
      data = cookieSources[0].getValue();
    } else {
      data = null;
    }

    goodB2G_sink(data, request, response);
  }
  public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {

    data = ""; /* initialize data in case there are no cookies */

    /* Read data from cookies */
    {
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        /* POTENTIAL FLAW: Read data from the first cookie value */
        data = cookieSources[0].getValue();
      }
    }

    (new CWE89_SQL_Injection__getCookies_Servlet_executeUpdate_68b()).badSink(request, response);
  }
  /* goodG2B2() - use goodsource and badsink by reversing statements in first if */
  private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    int data;
    /* INCIDENTAL: CWE 571 Statement is Always True */
    if (IO.static_final_t) {
      java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
      /* FIX: Use a hardcoded number that won't cause underflow, overflow,
      divide by zero, or loss-of-precision issues */
      data = 2;
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

      Logger log_bad = Logger.getLogger("local-logger");

      /* init Data$ */
      data = -1;

      /* read parameter from cookie */
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        String s_data = cookieSources[0].getValue();
        data = Integer.parseInt(s_data.trim());
      }
    }
    /* INCIDENTAL: CWE 571 Statement is Always True */
    if (IO.static_final_t) {
      int valueToMult = (new SecureRandom()).nextInt(98) + 2; /* multiply by at least 2 */
      if (data > 0) /* ensure we don't have an underflow */ {
        /* POTENTIAL FLAW: if (data*valueToMult) > MAX_VALUE, this will overflow */
        int result = (data * valueToMult);
        IO.writeLine("result: " + result);
      }
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

      int valueToMult = (new SecureRandom()).nextInt(98) + 2; /* multiply by at least 2 */

      if (data > 0) /* ensure we don't have an underflow */ {
        int result = 0;
        /* FIX: Add a check to prevent an overflow from occurring */
        if (data <= (Integer.MAX_VALUE / valueToMult)) {
          result = (data * valueToMult);
          IO.writeLine("result: " + result);
        } else {
          IO.writeLine("Input value is too large to perform multiplication.");
        }
      }
    }
  }
  /* goodG2B2() - use goodsource and badsink by reversing statements in first if */
  private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;
    if (IO.static_five == 5) {
      data = "5";
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

      Logger log_bad = Logger.getLogger("local-logger");

      /* read parameter from cookie */
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        data = cookieSources[0].getValue();
      } else {
        data = null;
      }
    }
    if (IO.static_five == 5) {
      int loopNum;
      try {
        loopNum = Integer.parseInt(data);
      } catch (NumberFormatException nfe) {
        IO.writeLine("Invalid response. Numeric input expected. Assuming 1.");
        loopNum = 1;
      }
      for (int i = 0; i < loopNum; i++) {
        /* POTENTIAL FLAW: user supplied input used for loop counter test */
        IO.writeLine("hello world");
      }
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

      int loopNum;
      try {
        loopNum = Integer.parseInt(data);
      } catch (NumberFormatException nfe) {
        IO.writeLine("Invalid response. Numeric input expected. Assuming 1.");
        loopNum = 1;
      }

      /* FIX: loop number thresholds validated */
      if (loopNum >= 0 && loopNum <= 5) {
        for (int i = 0; i < loopNum; i++) {
          IO.writeLine("hello world");
        }
      }
    }
  }
  public String bad_source(HttpServletRequest request, HttpServletResponse response)
      throws Throwable {
    String data;

    Logger log_bad = Logger.getLogger("local-logger");

    /* read parameter from cookie */
    Cookie cookieSources[] = request.getCookies();
    if (cookieSources != null) {
      data = cookieSources[0].getValue();
    } else {
      data = null;
    }

    return data;
  }
Example #27
0
 public void doPost(HttpServletRequest req, HttpServletResponse res)
     throws IOException, ServletException {
   ArrayList<String> ar = new ArrayList<String>();
   boolean flag = false;
   Cookie[] cArr = req.getCookies();
   if (cArr != null) {
     for (int i = 0; i < cArr.length; i++) {
       Cookie c0 = cArr[i];
       if (c0.getName().equals("Name") && !c0.getValue().equals("Logout")) {
         res.sendRedirect("index.html");
         flag = true;
       }
     }
   }
   if (flag == false) res.sendRedirect("Login.html");
 }
  public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;

    data = ""; /* initialize data in case there are no cookies */

    /* Read data from cookies */
    {
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        /* POTENTIAL FLAW: Read data from the first cookie value */
        data = cookieSources[0].getValue();
      }
    }

    (new CWE470_Unsafe_Reflection__getCookies_Servlet_53b()).badSink(data, request, response);
  }
  /* goodB2G() - use badsource and goodsink */
  private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;

    Logger log_bad = Logger.getLogger("local-logger");

    /* read parameter from cookie */
    Cookie cookieSources[] = request.getCookies();
    if (cookieSources != null) {
      data = cookieSources[0].getValue();
    } else {
      data = null;
    }

    (new CWE113_HTTP_Response_Splitting__getCookiesServlet_addHeaderServlet_52b())
        .goodB2G_sink(data, request, response);
  }
  /* goodB2G() - use badsource and goodsink */
  private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;

    Logger log_bad = Logger.getLogger("local-logger");

    /* read parameter from cookie */
    Cookie cookieSources[] = request.getCookies();
    if (cookieSources != null) {
      data = cookieSources[0].getValue();
    } else {
      data = null;
    }

    (new CWE352_Cross_Site_Request_Forgery__getCookiesServlet_71b())
        .goodB2G_sink((Object) data, request, response);
  }