@SuppressWarnings("unchecked")
void jndiInJEE() throws NamingException {
@SuppressWarnings("rawtypes")
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.fscontext.RefFSContextFactory");
InitialContext context = new InitialContext(env);
DataSource ds = (DataSource) context.lookup("java:comp/env/jdbc/AccountDS");
NamingEnumeration<Binding> bindings = context.listBindings("java:comp/env/jdbc");
while (bindings.hasMore()) {
Binding bd = (Binding) bindings.next();
System.out.println("Name = " + bd.getName() + ", Object = " + bd.getObject());
}
context.bind("java:comp/env/jdbc/AccountDS", ds);
// Directory search
InitialDirContext dirContext = new InitialDirContext();
SearchControls control = new SearchControls();
ds = (DataSource) dirContext.search("java:comp/env/jdbc/AccountDS", "(ver=1.1)", control);
// Or...
BasicAttributes attrs = new BasicAttributes();
attrs.put(new BasicAttribute("ver", "1.1"));
ds = (DataSource) dirContext.search("java:comp/env/jdbc/AccountDS", attrs);
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
String param = request.getHeader("vector");
if (param == null) param = "";
String bar;
// Simple ? condition that assigns constant to bar on true condition
int num = 106;
bar = (7 * 18) + num > 200 ? "This_should_always_happen" : param;
org.owasp.benchmark.helpers.LDAPManager ads = new org.owasp.benchmark.helpers.LDAPManager();
try {
response.setContentType("text/html");
String base = "ou=users,ou=system";
javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
Object[] filters = new Object[] {"The streetz 4 Ms bar"};
javax.naming.directory.DirContext ctx = ads.getDirContext();
javax.naming.directory.InitialDirContext idc = (javax.naming.directory.InitialDirContext) ctx;
javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
idc.search(base, filter, filters, sc);
while (results.hasMore()) {
javax.naming.directory.SearchResult sr =
(javax.naming.directory.SearchResult) results.next();
javax.naming.directory.Attributes attrs = sr.getAttributes();
javax.naming.directory.Attribute attr = attrs.get("uid");
javax.naming.directory.Attribute attr2 = attrs.get("street");
if (attr != null) {
response
.getWriter()
.write(
"LDAP query results:<br>"
+ " Record found with name "
+ attr.get()
+ "<br>"
+ "Address: "
+ attr2.get()
+ "<br>");
System.out.println("record found " + attr.get());
}
}
} catch (javax.naming.NamingException e) {
throw new ServletException(e);
} finally {
try {
ads.closeDirContext();
} catch (Exception e) {
throw new ServletException(e);
}
}
}
@Test(groups = "unit")
public void should_return_same_address_when_no_entry_found() throws Exception {
InitialDirContext mock = mock(InitialDirContext.class);
when(mock.getAttributes(anyString(), any(String[].class))).thenReturn(new BasicAttributes());
EC2MultiRegionAddressTranslater translater = new EC2MultiRegionAddressTranslater(mock);
InetSocketAddress address = new InetSocketAddress("192.0.2.5", 9042);
assertThat(translater.translate(address)).isEqualTo(address);
}
@Test(groups = "unit")
public void should_return_same_address_when_exception_encountered() throws Exception {
InitialDirContext mock = mock(InitialDirContext.class);
when(mock.getAttributes(anyString(), any(String[].class)))
.thenThrow(new NamingException("Problem resolving address (not really)."));
EC2MultiRegionAddressTranslater translater = new EC2MultiRegionAddressTranslater(mock);
InetSocketAddress address = new InetSocketAddress("192.0.2.5", 9042);
assertThat(translater.translate(address)).isEqualTo(address);
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
String param = request.getParameter("vector");
if (param == null) param = "";
String bar = doSomething(param);
org.owasp.benchmark.helpers.LDAPManager ads = new org.owasp.benchmark.helpers.LDAPManager();
try {
response.setContentType("text/html");
String base = "ou=users,ou=system";
javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person)(uid=" + bar + "))";
javax.naming.directory.DirContext ctx = ads.getDirContext();
javax.naming.directory.InitialDirContext idc = (javax.naming.directory.InitialDirContext) ctx;
javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
idc.search(base, filter, sc);
while (results.hasMore()) {
javax.naming.directory.SearchResult sr =
(javax.naming.directory.SearchResult) results.next();
javax.naming.directory.Attributes attrs = sr.getAttributes();
javax.naming.directory.Attribute attr = attrs.get("uid");
javax.naming.directory.Attribute attr2 = attrs.get("street");
if (attr != null) {
response
.getWriter()
.write(
"LDAP query results:<br>"
+ " Record found with name "
+ attr.get()
+ "<br>"
+ "Address: "
+ attr2.get()
+ "<br>");
System.out.println("record found " + attr.get());
}
}
} catch (javax.naming.NamingException e) {
throw new ServletException(e);
} finally {
try {
ads.closeDirContext();
} catch (Exception e) {
throw new ServletException(e);
}
}
} // end doPost
@Test(groups = "unit")
public void should_return_new_address_when_match_found() throws Exception {
InetSocketAddress expectedAddress = new InetSocketAddress("54.32.55.66", 9042);
InitialDirContext mock = mock(InitialDirContext.class);
when(mock.getAttributes("5.2.0.192.in-addr.arpa", new String[] {"PTR"}))
.thenReturn(new BasicAttributes("PTR", expectedAddress.getHostName()));
EC2MultiRegionAddressTranslater translater = new EC2MultiRegionAddressTranslater(mock);
InetSocketAddress address = new InetSocketAddress("192.0.2.5", 9042);
assertThat(translater.translate(address)).isEqualTo(expectedAddress);
}
@SuppressWarnings({"rawtypes", "unchecked"})
private static String[] resolveSRV(String resolve) {
try {
Hashtable hash = new Hashtable();
hash.put("java.naming.factory.initial", "com.sun.jndi.dns.DnsContextFactory");
hash.put("java.naming.provider.url", "dns:");
InitialDirContext idc = new InitialDirContext(hash);
Attributes att = idc.getAttributes("_minecraft._tcp." + resolve, new String[] {"SRV"});
String[] cts = att.get("srv").get().toString().split(" ", 4);
return new String[] {cts[3], cts[2]};
} catch (Throwable e) {
return new String[] {resolve, Integer.toString(25565)};
}
}
public static void closeDirectoryContext(InitialDirContext initialDirContext) {
try {
initialDirContext.close();
} catch (NamingException e) {
LOGGER.warn("Could not close InitialDirContext correctly!", e);
}
}
/**
* Returns a server's address and port for the specified hostname, looking up the SRV record if
* possible
*/
private static String[] getServerAddress(String p_78863_0_) {
try {
String var1 = "com.sun.jndi.dns.DnsContextFactory";
Class.forName("com.sun.jndi.dns.DnsContextFactory");
Hashtable var2 = new Hashtable();
var2.put("java.naming.factory.initial", "com.sun.jndi.dns.DnsContextFactory");
var2.put("java.naming.provider.url", "dns:");
var2.put("com.sun.jndi.dns.timeout.retries", "1");
InitialDirContext var3 = new InitialDirContext(var2);
Attributes var4 = var3.getAttributes("_minecraft._tcp." + p_78863_0_, new String[] {"SRV"});
String[] var5 = var4.get("srv").get().toString().split(" ", 4);
return new String[] {var5[3], var5[2]};
} catch (Throwable var6) {
return new String[] {p_78863_0_, Integer.toString(25565)};
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String param = request.getHeader("foo");
String bar = new Test().doSomething(param);
try {
javax.naming.directory.InitialDirContext idc =
org.owasp.benchmark.helpers.Utils.getInitialDirContext();
idc.search("name", bar, new javax.naming.directory.SearchControls());
} catch (javax.naming.NamingException e) {
throw new ServletException(e);
}
} // end doPost
public Object provide(String url, String username, String password, boolean promiscuous)
throws NamingException {
InitialDirContext context =
new InitialDirContext(getProperties(url, username, password, promiscuous));
SearchControls searchCtls = new SearchControls();
// Specify the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
// specify the LDAP search filter
String searchFilter = "(objectClass=user)";
// initialize counter to total the results
// Search for objects using the filter
NamingEnumeration<SearchResult> answer = context.search(username, searchFilter, searchCtls);
return (answer.next());
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = doSomething(param);
try {
javax.naming.directory.InitialDirContext idc =
org.owasp.benchmark.helpers.Utils.getInitialDirContext();
Object[] filterArgs = {"a", "b"};
idc.search("name", bar, filterArgs, new javax.naming.directory.SearchControls());
} catch (javax.naming.NamingException e) {
throw new ServletException(e);
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String param = "";
java.util.Enumeration<String> headers = request.getHeaders("foo");
if (headers.hasMoreElements()) {
param = headers.nextElement(); // just grab first element
}
String bar = new Test().doSomething(param);
try {
javax.naming.directory.InitialDirContext idc =
org.owasp.benchmark.helpers.Utils.getInitialDirContext();
idc.search("name", bar, new javax.naming.directory.SearchControls());
} catch (javax.naming.NamingException e) {
throw new ServletException(e);
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
java.util.Map<String, String[]> map = request.getParameterMap();
String param = "";
if (!map.isEmpty()) {
param = map.get("foo")[0];
}
String bar = new Test().doSomething(param);
try {
javax.naming.directory.InitialDirContext idc =
org.owasp.benchmark.helpers.Utils.getInitialDirContext();
idc.search("name", bar, new javax.naming.directory.SearchControls());
} catch (javax.naming.NamingException e) {
throw new ServletException(e);
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
javax.servlet.http.Cookie[] cookies = request.getCookies();
String param = null;
boolean foundit = false;
if (cookies != null) {
for (javax.servlet.http.Cookie cookie : cookies) {
if (cookie.getName().equals("foo")) {
param = cookie.getValue();
foundit = true;
}
}
if (!foundit) {
// no cookie found in collection
param = "";
}
} else {
// no cookies
param = "";
}
String bar;
// Simple if statement that assigns constant to bar on true condition
int i = 86;
if ((7 * 42) - i > 200) bar = "This_should_always_happen";
else bar = param;
try {
javax.naming.directory.InitialDirContext idc =
org.owasp.benchmark.helpers.Utils.getInitialDirContext();
idc.search("name", bar, new javax.naming.directory.SearchControls());
} catch (javax.naming.NamingException e) {
throw new ServletException(e);
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = param;
if (param.length() > 1) {
StringBuilder sbxyz98541 = new StringBuilder(param);
bar = sbxyz98541.replace(param.length() - "Z".length(), param.length(), "Z").toString();
}
try {
javax.naming.directory.InitialDirContext idc =
org.owasp.benchmark.helpers.Utils.getInitialDirContext();
idc.search("name", bar, new javax.naming.directory.SearchControls());
} catch (javax.naming.NamingException e) {
throw new ServletException(e);
}
}
public Message list(String base) {
// "ou=users,dc=dexels,dc=com"
try {
if (initialDir == null) {
startup();
}
DirContext dc = (DirContext) initialDir.lookup(base);
NamingEnumeration e = dc.list("");
while (e.hasMore()) {
NameClassPair o = (NameClassPair) e.next();
logger.info("NAME: " + o.getName());
logger.info("NAMESp: " + o.getNameInNamespace());
// o.getSchema("");
logger.info("o: " + o);
}
} catch (NamingException e) {
e.printStackTrace();
}
return null;
}
public void testBasic() throws Exception {
LdapFactoryHelper helper = (LdapFactoryHelper) lookup(LdapFactoryHelper.ROLE);
PersonLdapFactory.setHelper(helper);
InitialDirContext context = apacheDs.getAdminContext();
context.addToEnvironment(Context.OBJECT_FACTORIES, PersonLdapFactory.class.getName());
context.addToEnvironment(Context.STATE_FACTORIES, PersonLdapFactory.class.getName());
LdapName name = new LdapName("uid=trygvis,dc=test");
// ----------------------------------------------------------------------
//
// ----------------------------------------------------------------------
try {
context.unbind(name);
} catch (NamingException e) {
// ignore
}
Person person = new Person();
person.setName("Trygve");
context.bind(name, person);
Object o = context.lookup(name);
assertEquals(Person.class, o.getClass());
person = (Person) o;
assertEquals("Trygve", person.getName());
assertEquals(null, person.getDescription());
context.close();
}
/**
* Returns {@link Item} with addition information in case of user exists and authicated correctly,
* otherwise null
*
* @param username username
* @param password password
* @return a list of UserRole or null
*/
public boolean checkAuthWithLdap(String uid, String password) {
/*
* Step 3. search the entry which has the username(in our case is the uid of the entry)
*/
// List to store the user roles
ArrayList<String> userRoles = new ArrayList<String>();
searchCtls.setReturningAttributes(ldapConfig.getReturnattributs());
// Specify the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
// Specifiy the LDAP search filter
String searchFilter = "(&(uid=" + uid + ") )";
NamingEnumeration<?> answer;
try {
answer = ctx.search(ldapConfig.getSearchbase(), searchFilter, searchCtls);
} catch (NamingException e) {
throw new Error("Search engine for LDAP server failed! Java exception: " + e.toString());
}
/*
* Step 4. determin the dn of the found entry
*/
try {
if (answer.hasMore()) {
SearchResult result = (SearchResult) answer.next();
Attributes attrs = result.getAttributes();
String dn = result.getNameInNamespace();
// System.out.println(attrs.toString());
System.out.println("dn of the entry: " + dn);
Attribute member = attrs.get("memberOf");
if (member == null) {
userRoles.add("unknow_role");
} else {
userRoles.addAll(refineMemberInfo(member));
}
// System.out.println("UserRole "+i+": "+role);
Properties env1 = new Properties();
env1.put(Context.INITIAL_CONTEXT_FACTORY, ldapConfig.getINITIAL_CONTEXT_FACTORY());
env1.put(Context.PROVIDER_URL, ldapConfig.getPROVIDER_URL());
env1.put(Context.SECURITY_PRINCIPAL, dn);
env1.put(Context.SECURITY_CREDENTIALS, password);
/*
* Step 5. Open one more connection to ldap with just found DN and password of user
*
*/
new InitialDirContext(env1); // in case of problem exception will be threw
System.out.println("Authentication successful");
// assign the current user roles
this.setCurrentUserRoles(userRoles);
return true;
} else {
System.out.println("Your password is wrong");
return false;
}
} catch (NamingException e) {
/*
* Step 6. no exception - ok, otherwise user2 has entered wrong password.
*
*/
System.out.println("check password throws naming exeception :" + e.toString());
System.out.println("Your Login or password is wrong");
return false;
}
}