/* good2() reverses the bodies in the if statement */
  private void good2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    if (IO.static_returns_t()) {
      Logger tcLog = Logger.getLogger("cwe_testcases_logger");
      if (request.getParameter("username") == null) {
        return;
      }
      String username = request.getParameter("username");
      if (username.matches("[a-zA-Z0-9]*")) {
        HttpSession session = request.getSession(true);
        /* FIX: logged message does not contain session id */
        tcLog.log(Level.FINEST, "Username: "******" Session ID:" + session.getId());
      } else {
        response.getWriter().println("Invalid characters");
      }
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

      Logger tcLog = Logger.getLogger("cwe_testcases_logger");
      if (request.getParameter("username") == null) {
        return;
      }

      String username = request.getParameter("username");

      if (username.matches("[a-zA-Z0-9]*")) {
        HttpSession session = request.getSession(true);
        /* FLAW: leak session ID to debug log */
        tcLog.log(Level.FINEST, "Username: "******" Session ID:" + session.getId());
      } else {
        response.getWriter().println("Invalid characters");
      }
    }
  }
 private void getServices(HttpServletResponse res) {
   InputStream is = null;
   try {
     URL url = ctx.getResource(resourcesDir + XHP_CONFIG);
     // use classpath if not found locally.
     if (url == null)
       url = XmlHttpProxyServlet.class.getResource(classpathResourcesDir + XHP_CONFIG);
     is = url.openStream();
   } catch (Exception ex) {
     try {
       getLogger().severe("XmlHttpProxyServlet error loading xhp.json : " + ex);
       PrintWriter writer = res.getWriter();
       writer.write(
           "XmlHttpProxyServlet Error: Error loading xhp.json. Make sure it is available in the /resources directory of your applicaton.");
       writer.flush();
     } catch (Exception iox) {
     }
   }
   services = xhp.loadServices(is);
 }
  public void doProcess(HttpServletRequest req, HttpServletResponse res, boolean isPost) {
    StringBuffer bodyContent = null;
    OutputStream out = null;
    PrintWriter writer = null;
    String serviceKey = null;

    try {
      BufferedReader in = req.getReader();
      String line = null;
      while ((line = in.readLine()) != null) {
        if (bodyContent == null) bodyContent = new StringBuffer();
        bodyContent.append(line);
      }
    } catch (Exception e) {
    }
    try {
      if (requireSession) {
        // check to see if there was a session created for this request
        // if not assume it was from another domain and blow up
        // Wrap this to prevent Portlet exeptions
        HttpSession session = req.getSession(false);
        if (session == null) {
          res.setStatus(HttpServletResponse.SC_FORBIDDEN);
          return;
        }
      }
      serviceKey = req.getParameter("id");
      // only to preven regressions - Remove before 1.0
      if (serviceKey == null) serviceKey = req.getParameter("key");
      // check if the services have been loaded or if they need to be reloaded
      if (services == null || configUpdated()) {
        getServices(res);
      }
      String urlString = null;
      String xslURLString = null;
      String userName = null;
      String password = null;
      String format = "json";
      String callback = req.getParameter("callback");
      String urlParams = req.getParameter("urlparams");
      String countString = req.getParameter("count");
      // encode the url to prevent spaces from being passed along
      if (urlParams != null) {
        urlParams = urlParams.replace(' ', '+');
      }

      try {
        if (services.has(serviceKey)) {
          JSONObject service = services.getJSONObject(serviceKey);
          // default to the service default if no url parameters are specified
          if (urlParams == null && service.has("defaultURLParams")) {
            urlParams = service.getString("defaultURLParams");
          }
          String serviceURL = service.getString("url");
          // build the URL
          if (urlParams != null && serviceURL.indexOf("?") == -1) {
            serviceURL += "?";
          } else if (urlParams != null) {
            serviceURL += "&";
          }
          String apikey = "";
          if (service.has("username")) userName = service.getString("username");
          if (service.has("password")) password = service.getString("password");
          if (service.has("apikey")) apikey = service.getString("apikey");
          urlString = serviceURL + apikey;
          if (urlParams != null) urlString += "&" + urlParams;
          if (service.has("xslStyleSheet")) {
            xslURLString = service.getString("xslStyleSheet");
          }
        }
        // code for passing the url directly through instead of using configuration file
        else if (req.getParameter("url") != null) {
          String serviceURL = req.getParameter("url");
          // build the URL
          if (urlParams != null && serviceURL.indexOf("?") == -1) {
            serviceURL += "?";
          } else if (urlParams != null) {
            serviceURL += "&";
          }
          urlString = serviceURL;
          if (urlParams != null) urlString += urlParams;
        } else {
          writer = res.getWriter();
          if (serviceKey == null)
            writer.write("XmlHttpProxyServlet Error: id parameter specifying serivce required.");
          else
            writer.write(
                "XmlHttpProxyServlet Error : service for id '" + serviceKey + "' not  found.");
          writer.flush();
          return;
        }
      } catch (Exception ex) {
        getLogger().severe("XmlHttpProxyServlet Error loading service: " + ex);
      }

      Map paramsMap = new HashMap();
      paramsMap.put("format", format);
      // do not allow for xdomain unless the context level setting is enabled.
      if (callback != null && allowXDomain) {
        paramsMap.put("callback", callback);
      }
      if (countString != null) {
        paramsMap.put("count", countString);
      }

      InputStream xslInputStream = null;

      if (urlString == null) {
        writer = res.getWriter();
        writer.write(
            "XmlHttpProxyServlet parameters:  id[Required] urlparams[Optional] format[Optional] callback[Optional]");
        writer.flush();
        return;
      }
      // default to JSON
      res.setContentType(responseContentType);
      out = res.getOutputStream();
      // get the stream for the xsl stylesheet
      if (xslURLString != null) {
        // check the web root for the resource
        URL xslURL = null;
        xslURL = ctx.getResource(resourcesDir + "xsl/" + xslURLString);
        // if not in the web root check the classpath
        if (xslURL == null) {
          xslURL =
              XmlHttpProxyServlet.class.getResource(classpathResourcesDir + "xsl/" + xslURLString);
        }
        if (xslURL != null) {
          xslInputStream = xslURL.openStream();
        } else {
          String message =
              "Could not locate the XSL stylesheet provided for service id "
                  + serviceKey
                  + ". Please check the XMLHttpProxy configuration.";
          getLogger().severe(message);
          try {
            out.write(message.getBytes());
            out.flush();
            return;
          } catch (java.io.IOException iox) {
          }
        }
      }
      if (!isPost) {
        xhp.doGet(urlString, out, xslInputStream, paramsMap, userName, password);
      } else {
        if (bodyContent == null)
          getLogger()
              .info(
                  "XmlHttpProxyServlet attempting to post to url "
                      + urlString
                      + " with no body content");
        xhp.doPost(
            urlString,
            out,
            xslInputStream,
            paramsMap,
            bodyContent.toString(),
            req.getContentType(),
            userName,
            password);
      }
    } catch (Exception iox) {
      iox.printStackTrace();
      getLogger().severe("XmlHttpProxyServlet: caught " + iox);
      try {
        writer = res.getWriter();
        writer.write(iox.toString());
        writer.flush();
      } catch (java.io.IOException ix) {
        ix.printStackTrace();
      }
      return;
    } finally {
      try {
        if (out != null) out.close();
        if (writer != null) writer.close();
      } catch (java.io.IOException iox) {
      }
    }
  }
  @Override
  public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
    resp.setContentType("text/html");
    resp.getWriter().println("<html><body>");

    String keyname = req.getParameter("keyname");
    String value = req.getParameter("value");

    DatastoreService datastore = DatastoreServiceFactory.getDatastoreService();
    // Using the synchronous cache.
    MemcacheService syncCache = MemcacheServiceFactory.getMemcacheService();
    syncCache.setErrorHandler(ErrorHandlers.getConsistentLogAndContinue(Level.INFO));

    // display every element of kind TaskData for /datastore
    if (req.getParameterMap().isEmpty()) {
      // querying from datastore
      resp.getWriter().println("<h3>Datastore results:</h3>");
      List<String> listOfKeys = new ArrayList<String>();
      Query q = new Query("TaskData");
      PreparedQuery pq = datastore.prepare(q);
      for (Entity result : pq.asIterable()) {
        String datastore_key = result.getKey().getName();
        String taskData_value = (String) result.getProperty("value");
        Date taskData_date = (Date) result.getProperty("date");
        resp.getWriter()
            .println(
                "<p>keyname = "
                    + datastore_key
                    + "  value = "
                    + taskData_value
                    + " date = "
                    + taskData_date.toString()
                    + "</p>");
        listOfKeys.add(datastore_key);
      }
      // check which of the keys exist in memcache
      String memcache_value;
      resp.getWriter().println("<h3>Memcache results:</h3>");
      for (String datastore_key : listOfKeys) {
        memcache_value = (String) syncCache.get(datastore_key);
        if (memcache_value != null) {
          // String decoded = new String(memcache_value, "UTF-8");
          resp.getWriter()
              .println("<p>keyname = " + datastore_key + " value = " + memcache_value + "</p>");
        }
      }
    }

    // display element of kind TaskData with key=keyname
    else if (keyname != null && value == null) {

      // first check in the cache
      String memcache_value = (String) syncCache.get(keyname); // Read from cache.
      // Get value from datastore
      Key task_key = KeyFactory.createKey("TaskData", keyname);
      try {
        Entity tne = datastore.get(task_key);
        if (memcache_value == null) {
          resp.getWriter().println("<h2>Datastore</h2>");
        } else {
          resp.getWriter().println("<h2>Both</h2>");
        }

      } catch (EntityNotFoundException e) {
        resp.getWriter().println("<h2>Neither</h2>");
      }
    }

    // store element of kind TaskData with key=keyname and value=value
    else if (keyname != null && value != null) {
      Entity tne = new Entity("TaskData", keyname);
      tne.setProperty("value", value);
      tne.setProperty("date", new Date());
      datastore.put(tne);
      syncCache.put(keyname, value); // Populate cache.
      resp.getWriter()
          .println("<h2>Stored " + keyname + " and " + value + " in Datastore and Memcache</h2>");
    } else {

      resp.getWriter().println("<h2>You entered wrong query parameters</h2>");
    }

    /*
       Entity tne = new Entity("TaskData", "Person");
    alice.setProperty("gender", "female");
    alice.setProperty("age", 20);
    */

    resp.getWriter().println("</body></html>");
  }
Example #5
0
  private boolean sendError(FacesContext context, String lifecycle, Exception e) {
    for (Throwable cause = e; cause != null; cause = cause.getCause()) {
      if (cause instanceof DisplayableException) {
        if (e instanceof RuntimeException) throw (RuntimeException) e;
        else throw new FacesException(e);
      } else if (cause instanceof ServletException) throw new FacesException(e);
      else if (cause instanceof JspException) throw new FacesException(e);
    }

    ExternalContext extContext = context.getExternalContext();
    Object response = extContext.getResponse();

    if (!(response instanceof HttpServletResponse)) {
      context.renderResponse();

      if (e instanceof RuntimeException) throw (RuntimeException) e;
      else throw new RuntimeException(e);
    }

    log.log(Level.WARNING, e.toString(), e);

    HttpServletResponse res = (HttpServletResponse) response;

    try {
      context.renderResponse();
      context.responseComplete();

      res.setStatus(500, "JSF Exception");
      res.setContentType("text/html");

      PrintWriter out = res.getWriter();

      out.println("<body>");

      out.println("<h3>JSF exception detected in " + lifecycle + " phase</h3>");

      String msg = e.getMessage();
      out.println("<span style='color:red;font:bold'>" + Html.escapeHtml(msg) + "</span><br/>");

      out.println("<h3>Context: " + context.getViewRoot() + "</h3>");
      out.println("<code><pre>");

      String errorId = null;

      if (e instanceof FacesException && msg.startsWith("id=")) {
        int p = msg.indexOf(' ');
        errorId = msg.substring(3, p);
      }

      printComponentTree(out, errorId, context, context.getViewRoot(), 0);

      out.println("</pre></code>");

      if (!Alarm.isTest()) {
        out.println("<h3>Stack Trace</h3>");
        out.println("<pre>");
        if (e.getCause() != null) e.getCause().printStackTrace(out);
        else e.printStackTrace(out);
        out.println("</pre>");
      }

      out.println("</body>");

      // clear, so we don't just loop
      Application app = context.getApplication();

      ViewHandler view = app.getViewHandler();

      UIViewRoot viewRoot = context.getViewRoot();

      viewRoot = view.createView(context, viewRoot.getViewId());

      context.setViewRoot(viewRoot);

      // view.writeState(context); // XXX: no need to output state, but review.

      return true;
    } catch (IOException e1) {
      throw new RuntimeException(e);
    }
  }