/* goodB2G() - use badsource and goodsink */ public void goodB2G_sink(String data, HttpServletRequest request, HttpServletResponse response) throws Throwable { String prefix = "Tru3ly 0b$scUre"; MessageDigest hash = MessageDigest.getInstance("SHA512"); /* FIX: credentials hashed prior to setting in cookie */ byte[] hashv = hash.digest((prefix + data).getBytes()); response.addCookie(new Cookie("auth", IO.toHex(hashv))); }
/* goodG2B() - use goodsource and badsink */ public void goodG2B_sink(String data, HttpServletRequest request, HttpServletResponse response) throws Throwable { /* NOTE: potential incidental issues with not setting secure or HttpOnly flag */ String fp = "../common/config.properties"; /* simple pre-set key makes the stored password recoverable */ String sharedKey = "0000000000000000"; byte[] input = data.getBytes(); SecretKeySpec key = new SecretKeySpec(sharedKey.getBytes(), "AES"); Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding", "BC"); cipher.init(Cipher.ENCRYPT_MODE, key); byte[] cipherText = cipher.doFinal(input); /* FLAW: writing a recoverable password to a cookie */ response.addCookie(new Cookie("auth", new String(cipherText))); }
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable { String data; /* INCIDENTAL: CWE 571 Statement is Always True */ if (5 == 5) { Logger log_bad = Logger.getLogger("local-logger"); data = ""; /* init data */ /* read user input from console with readLine*/ BufferedReader buffread = null; InputStreamReader instrread = null; try { instrread = new InputStreamReader(System.in); buffread = new BufferedReader(instrread); data = buffread.readLine(); } catch (IOException ioe) { log_bad.warning("Error with stream reading"); } finally { /* clean up stream reading objects */ try { if (buffread != null) { buffread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing buffread"); } finally { try { if (instrread != null) { instrread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing instrread"); } } } } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger"); /* FIX: Use a hardcoded string */ data = "foo"; } /* INCIDENTAL: CWE 571 Statement is Always True */ if (5 == 5) { /* NOTE: potential incidental issues with not setting secure or HttpOnly flag */ String fp = "../common/config.properties"; /* simple pre-set key makes the stored password recoverable */ String sharedKey = "0000000000000000"; byte[] input = data.getBytes(); SecretKeySpec key = new SecretKeySpec(sharedKey.getBytes(), "AES"); Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding", "BC"); cipher.init(Cipher.ENCRYPT_MODE, key); byte[] cipherText = cipher.doFinal(input); /* FLAW: writing a recoverable password to a cookie */ response.addCookie(new Cookie("auth", new String(cipherText))); } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ String prefix = "Tru3ly 0b$scUre"; MessageDigest hash = MessageDigest.getInstance("SHA512"); /* FIX: credentials hashed prior to setting in cookie */ byte[] hashv = hash.digest((prefix + data).getBytes()); response.addCookie(new Cookie("auth", IO.toHex(hashv))); } }
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable { String data; /* INCIDENTAL: CWE 571 Statement is Always True */ if (private_final_five == 5) { Logger log_bad = Logger.getLogger("local-logger"); data = ""; /* init data */ Connection conn = null; PreparedStatement statement = null; ResultSet rs = null; BufferedReader buffread = null; InputStreamReader instrread = null; try { /* setup the connection */ conn = IO.getDBConnection(); /* prepare the query */ statement = conn.prepareStatement("select name from users where id=?"); /* get user input for the userid */ IO.writeLine("Enter a userid to login as (number): "); instrread = new InputStreamReader(System.in); buffread = new BufferedReader(instrread); int num = Integer.parseInt(buffread.readLine()); statement.setInt(1, num); rs = statement.executeQuery(); data = rs.getString(1); } catch (IOException ioe) { log_bad.warning("Error with stream reading"); } finally { /* clean up stream reading objects */ try { if (buffread != null) { buffread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing buffread"); } finally { try { if (instrread != null) { instrread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing instrread"); } } /* clean up database objects */ try { if (rs != null) { rs.close(); } } catch (SQLException se) { log_bad.warning("Error closing rs"); } finally { try { if (statement != null) { statement.close(); } } catch (SQLException se) { log_bad.warning("Error closing statement"); } finally { try { if (conn != null) { conn.close(); } } catch (SQLException se) { log_bad.warning("Error closing conn"); } } } } } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger"); /* FIX: Use a hardcoded string */ data = "foo"; } /* INCIDENTAL: CWE 571 Statement is Always True */ if (private_final_five == 5) { /* NOTE: potential incidental issues with not setting secure or HttpOnly flag */ String fp = "../common/config.properties"; /* simple pre-set key makes the stored password recoverable */ String sharedKey = "0000000000000000"; byte[] input = data.getBytes(); SecretKeySpec key = new SecretKeySpec(sharedKey.getBytes(), "AES"); Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding", "BC"); cipher.init(Cipher.ENCRYPT_MODE, key); byte[] cipherText = cipher.doFinal(input); /* FLAW: writing a recoverable password to a cookie */ response.addCookie(new Cookie("auth", new String(cipherText))); } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ String prefix = "Tru3ly 0b$scUre"; MessageDigest hash = MessageDigest.getInstance("SHA512"); /* FIX: credentials hashed prior to setting in cookie */ byte[] hashv = hash.digest((prefix + data).getBytes()); response.addCookie(new Cookie("auth", IO.toHex(hashv))); } }