public String checkValidLogin(String myUserName, String myPW) {
try {
Class.forName(javaSQLDriverPath);
Connection conn =
(Connection) DriverManager.getConnection(ConnectionPath, ConnectionUser, ConnectionPW);
Statement st = conn.createStatement();
String query = "Select * from User";
ResultSet rs = st.executeQuery(query);
while (rs.next()) {
// return rs.getString("Username");
if (myUserName.equals(rs.getString("Username"))) {
if (myPW.equals(rs.getString("Password"))) {
setUserVariables(myUserName);
return "success";
} else {
return "wrongPassword";
}
}
}
rs.close();
st.close();
conn.close();
return "userNotFound";
} catch (Exception e) {
return e.getMessage();
}
}
/* goodG2B() - use goodsource and badsink */
public void goodG2BSink(String data) throws Throwable {
Connection dbConnection = null;
Statement sqlStatement = null;
try {
dbConnection = IO.getDBConnection();
sqlStatement = dbConnection.createStatement();
/* POTENTIAL FLAW: data concatenated into SQL statement used in executeUpdate(), which could result in SQL Injection */
int rowCount =
sqlStatement.executeUpdate(
"insert into users (status) values ('updated') where name='" + data + "'");
IO.writeLine("Updated " + rowCount + " rows successfully.");
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql);
} finally {
try {
if (sqlStatement != null) {
sqlStatement.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql);
}
try {
if (dbConnection != null) {
dbConnection.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
}
}
}
protected collegeTable getCollege(String id, Connection con) throws SQLException {
try {
ResultSet rs = null;
Statement statement = con.createStatement();
rs =
statement.executeQuery(
"SELECT * FROM "
+ TABLECOLLEGES
+ " WHERE "
+ collegeTable.ID
+ " = "
+ id
+ " LIMIT 1");
// if found
if (rs.next()) {
collegeTable table = new collegeTable();
table.setID(id);
table.setShort(rs.getString(collegeTable.SHORTNAME));
table.setFull(rs.getString(collegeTable.FULLNAME));
return table;
} else {
return null; // not found
}
} catch (Exception e) {
log.writeException(e.getMessage());
throw new SQLException(e.getMessage());
}
} // end getCollege
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
String username = request.getParameter("username");
String password = request.getParameter("password");
Statement stmt;
ResultSet rs;
Connection con = null;
try {
Class.forName("com.mysql.jdbc.Driver");
String connectionUrl = "jdbc:mysql://localhost/myflickr?" + "user=root&password=123456";
con = DriverManager.getConnection(connectionUrl);
if (con != null) {
System.out.println("connected to mysql");
}
} catch (SQLException e) {
System.out.println("SQL Exception: " + e.toString());
} catch (ClassNotFoundException cE) {
System.out.println("Class Not Found Exception: " + cE.toString());
}
try {
stmt = con.createStatement();
System.out.println("SELECT * FROM flickrusers WHERE name='" + username + "'");
rs = stmt.executeQuery("SELECT * FROM flickrusers WHERE name='" + username + "'");
while (rs.next()) {
if (rs.getObject(1).toString().equals(username)) {
out.println("<h1>To username pou epileksate uparxei hdh</h1>");
out.println("<a href=\"project3.html\">parakalw dokimaste kapoio allo.</a>");
stmt.close();
rs.close();
return;
}
}
stmt.close();
rs.close();
stmt = con.createStatement();
if (!stmt.execute("INSERT INTO flickrusers VALUES('" + username + "', '" + password + "')")) {
out.println("<h1>Your registration is completed " + username + "</h1>");
out.println("<a href=\"index.jsp\">go to the login menu</a>");
registerListener.Register(username);
} else {
out.println("<h1>To username pou epileksate uparxei hdh</h1>");
out.println("<a href=\"project3.html\">Register</a>");
}
} catch (SQLException e) {
throw new ServletException("Servlet Could not display records.", e);
}
}
/* goodG2B() - use goodsource and badsink */
private void goodG2B() throws Throwable {
String data_copy;
{
String data;
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
data_copy = data;
}
{
String data = data_copy;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
ResultSet sqlrs = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
/* POTENTIAL FLAW: take user input and place into dynamic sql query */
sqlrs = sqlstatement.executeQuery("select * from users where name='" + data + "'");
IO.writeString(sqlrs.toString());
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlrs != null) {
sqlrs.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlrs");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
}
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (privateFive == 5) {
data = ""; /* initialize data in case id is not in query string */
/* POTENTIAL FLAW: Parse id param out of the URL querystring (without using getParameter()) */
{
StringTokenizer tokenizer = new StringTokenizer(request.getQueryString(), "&");
while (tokenizer.hasMoreTokens()) {
String token = tokenizer.nextToken(); /* a token will be like "id=foo" */
if (token.startsWith("id=")) /* check if we have the "id" parameter" */ {
data = token.substring(3); /* set data to "foo" */
break; /* exit while loop */
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
}
if (privateFive == 5) {
Connection dbConnection = null;
Statement sqlStatement = null;
try {
dbConnection = IO.getDBConnection();
sqlStatement = dbConnection.createStatement();
/* POTENTIAL FLAW: data concatenated into SQL statement used in execute(), which could result in SQL Injection */
Boolean result =
sqlStatement.execute(
"insert into users (status) values ('updated') where name='" + data + "'");
if (result) {
IO.writeLine("Name, " + data + ", updated successfully");
} else {
IO.writeLine("Unable to update records for user: "******"Error getting database connection", exceptSql);
} finally {
try {
if (sqlStatement != null) {
sqlStatement.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql);
}
try {
if (dbConnection != null) {
dbConnection.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
}
}
}
}
private void printOutLogs(Connection connection, PrintWriter out) throws SQLException {
Statement select = connection.createStatement();
ResultSet result = select.executeQuery("SELECT * FROM LOGGING ORDER BY DATE ASC");
while (result.next()) {
Timestamp date = result.getTimestamp("DATE");
String ip = result.getString("IP");
String url = result.getString("URL");
out.println(date + "\t\t" + ip + "\t\t" + url);
}
}
/* goodG2B1() - use goodsource and badsink by changing first IO.STATIC_FINAL_FIVE==5 to IO.STATIC_FINAL_FIVE!=5 */
private void goodG2B1() throws Throwable {
String data;
if (IO.STATIC_FINAL_FIVE != 5) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
} else {
/* FIX: Use a hardcoded string */
data = "foo";
}
if (IO.STATIC_FINAL_FIVE == 5) {
if (data != null) {
String names[] = data.split("-");
int successCount = 0;
Connection dbConnection = null;
Statement sqlStatement = null;
try {
dbConnection = IO.getDBConnection();
sqlStatement = dbConnection.createStatement();
for (int i = 0; i < names.length; i++) {
/* POTENTIAL FLAW: data concatenated into SQL statement used in executeBatch(), which could result in SQL Injection */
sqlStatement.addBatch(
"update users set hitcount=hitcount+1 where name='" + names[i] + "'");
}
int resultsArray[] = sqlStatement.executeBatch();
for (int i = 0; i < names.length; i++) {
if (resultsArray[i] > 0) {
successCount++;
}
}
IO.writeLine("Succeeded in " + successCount + " out of " + names.length + " queries.");
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql);
} finally {
try {
if (sqlStatement != null) {
sqlStatement.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Statament", exceptSql);
}
try {
if (dbConnection != null) {
dbConnection.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
}
}
}
}
}
/* goodG2B() - use goodsource and badsink */
private void goodG2B() throws Throwable {
String dataCopy;
{
String data;
/* FIX: Use a hardcoded string */
data = "foo";
dataCopy = data;
}
{
String data = dataCopy;
if (data != null) {
String names[] = data.split("-");
int successCount = 0;
Connection dbConnection = null;
Statement sqlStatement = null;
try {
dbConnection = IO.getDBConnection();
sqlStatement = dbConnection.createStatement();
for (int i = 0; i < names.length; i++) {
/* POTENTIAL FLAW: data concatenated into SQL statement used in executeBatch(), which could result in SQL Injection */
sqlStatement.addBatch(
"update users set hitcount=hitcount+1 where name='" + names[i] + "'");
}
int resultsArray[] = sqlStatement.executeBatch();
for (int i = 0; i < names.length; i++) {
if (resultsArray[i] > 0) {
successCount++;
}
}
IO.writeLine("Succeeded in " + successCount + " out of " + names.length + " queries.");
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql);
} finally {
try {
if (sqlStatement != null) {
sqlStatement.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Statament", exceptSql);
}
try {
if (dbConnection != null) {
dbConnection.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
}
}
}
}
}
/* goodG2B() - use goodsource and badsink */
private void goodG2B(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String dataCopy;
{
String data;
/* FIX: Use a hardcoded string */
data = "foo";
dataCopy = data;
}
{
String data = dataCopy;
Connection dbConnection = null;
Statement sqlStatement = null;
ResultSet resultSet = null;
try {
dbConnection = IO.getDBConnection();
sqlStatement = dbConnection.createStatement();
/* POTENTIAL FLAW: data concatenated into SQL statement used in executeQuery(), which could result in SQL Injection */
resultSet = sqlStatement.executeQuery("select * from users where name='" + data + "'");
IO.writeLine(resultSet.getRow()); /* Use ResultSet in some way */
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql);
} finally {
try {
if (resultSet != null) {
resultSet.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql);
}
try {
if (sqlStatement != null) {
sqlStatement.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql);
}
try {
if (dbConnection != null) {
dbConnection.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
}
}
}
}
/* goodG2B1() - use goodsource and badsink by changing first IO.STATIC_FINAL_FIVE==5 to IO.STATIC_FINAL_FIVE!=5 */
private void goodG2B1() throws Throwable {
String data;
if (IO.STATIC_FINAL_FIVE != 5) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
} else {
/* FIX: Use a hardcoded string */
data = "foo";
}
if (IO.STATIC_FINAL_FIVE == 5) {
Connection dbConnection = null;
Statement sqlStatement = null;
ResultSet resultSet = null;
try {
dbConnection = IO.getDBConnection();
sqlStatement = dbConnection.createStatement();
/* POTENTIAL FLAW: data concatenated into SQL statement used in executeQuery(), which could result in SQL Injection */
resultSet = sqlStatement.executeQuery("select * from users where name='" + data + "'");
IO.writeLine(resultSet.getRow()); /* Use ResultSet in some way */
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql);
} finally {
try {
if (resultSet != null) {
resultSet.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql);
}
try {
if (sqlStatement != null) {
sqlStatement.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql);
}
try {
if (dbConnection != null) {
dbConnection.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
}
}
}
}
public void bad() throws Throwable {
String data;
if (IO.staticTrue) {
/* get environment variable ADD */
/* POTENTIAL FLAW: Read data from an environment variable */
data = System.getenv("ADD");
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
}
if (IO.staticTrue) {
Connection dbConnection = null;
Statement sqlStatement = null;
ResultSet resultSet = null;
try {
dbConnection = IO.getDBConnection();
sqlStatement = dbConnection.createStatement();
/* POTENTIAL FLAW: data concatenated into SQL statement used in executeQuery(), which could result in SQL Injection */
resultSet = sqlStatement.executeQuery("select * from users where name='" + data + "'");
IO.writeLine(resultSet.getRow()); /* Use ResultSet in some way */
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql);
} finally {
try {
if (resultSet != null) {
resultSet.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql);
}
try {
if (sqlStatement != null) {
sqlStatement.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql);
}
try {
if (dbConnection != null) {
dbConnection.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
}
}
}
}
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
res.setContentType("text/html");
PrintWriter toClient = res.getWriter();
toClient.println("<!DOCTYPE HTML>");
toClient.println("<html>");
toClient.println("<head><title>Books</title></head>");
toClient.println("<body>");
toClient.println("<a href=\"index.html\">Home</A>");
toClient.println("<h2>List of books</h2>");
HttpSession session = req.getSession(false);
if (session != null) {
String name = (String) session.getAttribute("name");
if (name != null) {
toClient.println("<h2>name: " + name + "</h2>");
}
}
toClient.print("<form action=\"bookOpinion\" method=GET>");
toClient.println("<table border='1'>");
String sql = "Select code, title, author FROM books";
System.out.println(sql);
try {
Statement statement = connection.createStatement();
ResultSet result = statement.executeQuery(sql);
while (result.next()) {
toClient.println("<tr>");
String codeStr = result.getString("code");
toClient.println(
"<td><input type=\"radio\" name=\"book" + "\" value=\"" + codeStr + "\"></td>");
toClient.println("<td>" + codeStr + "</td>");
toClient.println("<td>" + result.getString("title") + "</td>");
toClient.println("<td>" + result.getString("author") + "</td>");
toClient.println("</tr>");
}
} catch (SQLException e) {
e.printStackTrace();
System.out.println("Resulset: " + sql + " Exception: " + e);
}
toClient.println("</table>");
toClient.println("<textarea rows=\"8\" cols=\"60\" name=\"comment\"></textarea><BR>");
toClient.println("<input type=submit>");
toClient.println("</form>");
toClient.println("</body>");
toClient.println("</html>");
toClient.close();
}
/* goodG2B() - use goodsource and badsink */
public void goodG2B_sink(String data_array[]) throws Throwable {
String data = data_array[2];
String names[] = data.split("-");
int iSuccess = 0;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
for (int i = 0; i < names.length; ++i) {
/* POTENTIAL FLAW: take user input and place into dynamic sql query */
sqlstatement.addBatch("update users set hitcount=hitcount+1 where name='" + names[i] + "'");
}
int dbResults[] = sqlstatement.executeBatch();
for (int i = 0; i < names.length; ++i) {
if (dbResults[i] > 0) {
iSuccess++;
}
}
IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries.");
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
public void bad() throws Throwable {
String data;
if (PRIVATE_STATIC_FINAL_TRUE) {
/* get environment variable ADD */
/* POTENTIAL FLAW: Read data from an environment variable */
data = System.getenv("ADD");
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
}
if (PRIVATE_STATIC_FINAL_TRUE) {
Connection dbConnection = null;
Statement sqlStatement = null;
try {
dbConnection = IO.getDBConnection();
sqlStatement = dbConnection.createStatement();
/* POTENTIAL FLAW: data concatenated into SQL statement used in execute(), which could result in SQL Injection */
Boolean result =
sqlStatement.execute(
"insert into users (status) values ('updated') where name='" + data + "'");
if (result) {
IO.writeLine("Name, " + data + ", updated successfully");
} else {
IO.writeLine("Unable to update records for user: "******"Error getting database connection", exceptSql);
} finally {
try {
if (sqlStatement != null) {
sqlStatement.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql);
}
try {
if (dbConnection != null) {
dbConnection.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
}
}
}
}
/* goodG2B2() - use goodsource and badsink by reversing statements in first if */
private void goodG2B2() throws Throwable {
String data;
if (IO.staticReturnsTrue()) {
/* FIX: Use a hardcoded string */
data = "foo";
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
}
if (IO.staticReturnsTrue()) {
Connection dbConnection = null;
Statement sqlStatement = null;
try {
dbConnection = IO.getDBConnection();
sqlStatement = dbConnection.createStatement();
/* POTENTIAL FLAW: data concatenated into SQL statement used in execute(), which could result in SQL Injection */
Boolean result =
sqlStatement.execute(
"insert into users (status) values ('updated') where name='" + data + "'");
if (result) {
IO.writeLine("Name, " + data + ", updated successfully");
} else {
IO.writeLine("Unable to update records for user: "******"Error getting database connection", exceptSql);
} finally {
try {
if (sqlStatement != null) {
sqlStatement.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql);
}
try {
if (dbConnection != null) {
dbConnection.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
}
}
}
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// get a connection
ConnectionPool pool = ConnectionPool.getInstance();
Connection connection = pool.getConnection();
String sqlStatement = request.getParameter("sqlStatement");
String sqlResult = "";
try {
// create a statement
Statement statement = connection.createStatement();
// parse the SQL string
sqlStatement = sqlStatement.trim();
if (sqlStatement.length() >= 6) {
String sqlType = sqlStatement.substring(0, 6);
if (sqlType.equalsIgnoreCase("select")) {
// create the HTML for the result set
ResultSet resultSet = statement.executeQuery(sqlStatement);
sqlResult = SQLUtil.getHtmlTable(resultSet);
resultSet.close();
} else {
int i = statement.executeUpdate(sqlStatement);
if (i == 0) {
sqlResult = "<p>The statement executed successfully.</p>";
} else { // an INSERT, UPDATE, or DELETE statement
sqlResult = "<p>The statement executed successfully.<br>" + i + " row(s) affected.</p>";
}
}
}
statement.close();
connection.close();
} catch (SQLException e) {
sqlResult = "<p>Error executing the SQL statement: <br>" + e.getMessage() + "</p>";
} finally {
pool.freeConnection(connection);
}
HttpSession session = request.getSession();
session.setAttribute("sqlResult", sqlResult);
session.setAttribute("sqlStatement", sqlStatement);
String url = "/index.jsp";
getServletContext().getRequestDispatcher(url).forward(request, response);
}
/* goodG2B() - use goodsource and badsink */
private void goodG2B() throws Throwable {
String data;
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
/* POTENTIAL FLAW: value of "name" taken directly from an untrusted source and inserted into a command string executed against a SQL interpreter */
Boolean bResult =
sqlstatement.execute(
"insert into users (status) values ('updated') where name='" + data + "'");
if (bResult) {
IO.writeString("Name, " + data + ", updated successfully");
} else {
IO.writeString("Unable to update records for user: "******"Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
public void doPost(HttpServletRequest req, HttpServletResponse res)
throws IOException, ServletException {
res.setContentType("text/html");
PrintWriter out = res.getWriter();
/* Get Session */
HttpSession s = req.getSession(true);
/* Make sure user is logged in */
if (s.getAttribute("login") == null || (String) s.getAttribute("login") != "go") {
req.getRequestDispatcher("login.jsp").forward(req, res);
}
try {
String dbuser = this.getServletContext().getInitParameter("dbuser");
String dbpassword = this.getServletContext().getInitParameter("dbpassword");
Class.forName("com.mysql.jdbc.Driver");
Connection conn =
DriverManager.getConnection("jdbc:mysql://localhost/project", dbuser, dbpassword);
Statement stmt = conn.createStatement();
stmt.execute(
"INSERT INTO songs VALUES(null, '"
+ req.getParameter("song_name")
+ "', '"
+ req.getParameter("artist")
+ "', '"
+ req.getParameter("album")
+ "', '"
+ req.getParameter("genre")
+ "', 0)");
stmt.close();
conn.close();
// delete memcache since new song is now added
MemcachedClient c = new MemcachedClient(new InetSocketAddress("127.0.0.1", 11211));
c.delete("master");
req.getRequestDispatcher("add_song_success.jsp").forward(req, res);
} catch (Exception e) {
out.println(e.getMessage());
}
}
/* goodG2B() - use goodsource and badsink */
public void goodG2B_sink(String data, HttpServletRequest request, HttpServletResponse response)
throws Throwable {
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
ResultSet sqlrs = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
/* POTENTIAL FLAW: take user input and place into dynamic sql query */
sqlrs = sqlstatement.executeQuery("select * from users where name='" + data + "'");
IO.writeString(sqlrs.toString());
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlrs != null) {
sqlrs.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlrs");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
}
/* goodG2B() - use GoodSource and BadSink */
public void goodG2BSink(HashMap<Integer, String> dataHashMap) throws Throwable {
String data = dataHashMap.get(2);
Connection dbConnection = null;
Statement sqlStatement = null;
ResultSet resultSet = null;
try {
dbConnection = IO.getDBConnection();
sqlStatement = dbConnection.createStatement();
/* POTENTIAL FLAW: data concatenated into SQL statement used in executeQuery(), which could result in SQL Injection */
resultSet = sqlStatement.executeQuery("select * from users where name='" + data + "'");
IO.writeLine(resultSet.getRow()); /* Use ResultSet in some way */
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql);
} finally {
try {
if (resultSet != null) {
resultSet.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql);
}
try {
if (sqlStatement != null) {
sqlStatement.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql);
}
try {
if (dbConnection != null) {
dbConnection.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
}
}
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
Statement question;
String query;
ResultSet answer;
connect();
try {
query = "SELECT * FROM PILOT WHERE Address ='" + request.getParameter("city") + "'";
question = link.createStatement();
answer = question.executeQuery(query);
PrintWriter pen;
response.setContentType("text/html");
pen = response.getWriter();
pen.println("<HTML>");
pen.println("<HEAD> <TITLE> Answer </TITLE> </HEAD>");
pen.println("<BODY>");
while (answer.next()) {
String pN = answer.getString("PilotNumber");
String lN = answer.getString("LastName");
String fN = answer.getString("FirstName");
String ad = answer.getString("Address");
float sa = answer.getFloat("Salary");
float pr = answer.getFloat("Premium");
Date hD = answer.getDate("HiringDate");
if (answer.wasNull() == false) {
pen.println("<P><B> Pilot : </B>" + lN + " " + fN);
pen.println("<P><B> ---Reference : </B>" + pN);
pen.println("<P><B> ---Address : </B>" + ad);
pen.println("<P><B> ---Salary : </B>" + sa);
pen.println("<P><B> ---since : </B>" + hD);
if (pr > 0) pen.println("<P><B> ---Premium : </B>" + pr);
else pen.println("<P><B> ---No premium </B>");
}
}
pen.println("</BODY>");
pen.println("</HTML>");
answer.close();
question.close();
link.close();
} catch (SQLException e) {
System.out.println("Connection error: " + e.getMessage());
}
}
/* goodG2B() - use goodsource and badsink */
public void goodG2BSink(String data, HttpServletRequest request, HttpServletResponse response)
throws Throwable {
Connection dbConnection = null;
Statement sqlStatement = null;
try {
dbConnection = IO.getDBConnection();
sqlStatement = dbConnection.createStatement();
/* POTENTIAL FLAW: data concatenated into SQL statement used in execute(), which could result in SQL Injection */
Boolean result =
sqlStatement.execute(
"insert into users (status) values ('updated') where name='" + data + "'");
if (result) {
IO.writeLine("Name, " + data + ", updated successfully");
} else {
IO.writeLine("Unable to update records for user: "******"Error getting database connection", exceptSql);
} finally {
try {
if (sqlStatement != null) {
sqlStatement.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql);
}
try {
if (dbConnection != null) {
dbConnection.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
}
}
}
/* goodG2B() - use goodsource and badsink */
private void goodG2B(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data =
(new CWE89_SQL_Injection__getQueryString_Servlet_executeUpdate_61b())
.goodG2BSource(request, response);
Connection dbConnection = null;
Statement sqlStatement = null;
try {
dbConnection = IO.getDBConnection();
sqlStatement = dbConnection.createStatement();
/* POTENTIAL FLAW: data concatenated into SQL statement used in executeUpdate(), which could result in SQL Injection */
int rowCount =
sqlStatement.executeUpdate(
"insert into users (status) values ('updated') where name='" + data + "'");
IO.writeLine("Updated " + rowCount + " rows successfully.");
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql);
} finally {
try {
if (sqlStatement != null) {
sqlStatement.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql);
}
try {
if (dbConnection != null) {
dbConnection.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
}
}
}
/* goodG2B() - use goodsource and badsink */
public void goodG2B_sink(Object data_obj) throws Throwable {
String data = (String) data_obj;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
/* POTENTIAL FLAW: place user input into dynamic sql query */
int iResult =
sqlstatement.executeUpdate(
"insert into users (status) values ('updated') where name='" + data + "'");
IO.writeString("Updated " + iResult + " rows successfully.");
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String dbUser = "******"; // enter your username here
String dbPassword = "******"; // enter your password here
try {
OracleDataSource ods = new oracle.jdbc.pool.OracleDataSource();
ods.setURL("jdbc:oracle:thin:@//w4111b.cs.columbia.edu:1521/ADB");
ods.setUser(dbUser);
ods.setPassword(dbPassword);
Connection conn = ods.getConnection();
String query = new String();
Statement s = conn.createStatement();
query = "select * from events";
ResultSet r = s.executeQuery(query);
while (r.next()) {
out.println("Today's Date: " + r.getString(1) + " ");
}
r.close();
s.close();
conn.close();
} catch (Exception e) {
out.println("The database could not be accessed.<br>");
out.println("More information is available as follows:<br>");
e.printStackTrace(out);
}
} // end doGet method
public void doPost(HttpServletRequest req, HttpServletResponse res) throws IOException {
try {
res.setContentType("text/html");
pw = res.getWriter();
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
con = DriverManager.getConnection("jdbc:odbc:com", "o7it58", "yajiv32737");
st = con.createStatement();
pw.println("<html>");
pw.println("<head><title>Welcome</title></head>");
pw.println("<body>");
s = req.getParameter("login");
if (s.equals("Submit")) {
uname = req.getParameter("firstname");
pass = req.getParameter("pwd");
PrintWriter out = new PrintWriter(new FileWriter("log.txt"), true);
out.println(uname);
rs =
st.executeQuery(
"select type from login where username='******' and password='******'");
if (rs.next()) {
type = rs.getString("type");
} else {
pw.println("<center>");
pw.println("User does not exists");
pw.println("</center>");
}
if (type.equals("admin")) {
pw.println(
"<a href=\"http://localhost:8080/servlet/AdminLogin\">Hello Admin.Please Click Here</a>");
} else if (type.equals("staff")) {
pw.println(
"<a href=\"http://localhost:8080/servlet/StaffLogin\">Hello Staff.Please Click Here</a>");
} else {
pw.println(
"<a href=\"http://localhost:8080/servlet/StudentLogin\">Hello Student.Please Click Here</a>");
}
}
pw.println("</body></html>");
} catch (Exception e) {
}
}
public void doPost(HttpServletRequest req, HttpServletResponse res)
throws IOException, ServletException {
res.setContentType("text/html");
PrintWriter out = res.getWriter();
out.println("vaishali mehta-130050131524");
out.println("<html>");
out.println("<body><table border='1'>");
out.println("<th>name</th>");
out.println("<th>password</th>");
try {
rs = stmt.executeQuery("select *from records");
while (rs.next()) {
tn = rs.getString("name");
tp = rs.getString("password");
out.println("<tr>");
out.println("<td>" + tn + "</td>");
out.println("<td>" + tp + "</td>");
out.println("</tr>");
}
} catch (Exception e) {
System.out.println(e);
}
out.println("</table></body></html>");
}
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
HttpSession session = request.getSession(true);
try {
Object accountObject = session.getValue(ACCOUNT);
// If no account object was put in the session, or
// if one exists but it is not a hashtable, then
// redirect the user to the original login page
if (accountObject == null)
throw new RuntimeException("You need to log in to use this service!");
if (!(accountObject instanceof Hashtable))
throw new RuntimeException("You need to log in to use this service!");
Hashtable account = (Hashtable) accountObject;
String userName = (String) account.get("name");
//////////////////////////////////////////////
// Display Messages for the user who logged in
//////////////////////////////////////////////
out.println("<HTML>");
out.println("<HEAD>");
out.println("<TITLE>Contacts for " + userName + "</TITLE>");
out.println("</HEAD>");
out.println("<BODY BGCOLOR='#EFEFEF'>");
out.println("<H3>Welcome " + userName + "</H3>");
out.println("<CENTER>");
Connection con = null;
Statement stmt = null;
ResultSet rs = null;
try {
Class.forName("com.mysql.jdbc.Driver").newInstance();
con =
DriverManager.getConnection(
"jdbc:mysql://localhost/contacts?user=kareena&password=kapoor");
stmt = con.createStatement();
rs =
stmt.executeQuery(
"SELECT * FROM contacts WHERE userName='******' ORDER BY contactID");
out.println("<form name='deleteContactsForm' method='post' action='deleteContact'>");
out.println("<TABLE BGCOLOR='#EFEFFF' CELLPADDING='2' CELLSPACING='4' BORDER='1'>");
out.println("<TR BGCOLOR='#D6DFFF'>");
out.println("<TD ALIGN='center'><B>Contact ID</B></TD>");
out.println("<TD ALIGN='center'><B>Contact Name</B></TD>");
out.println("<TD ALIGN='center'><B>Comment</B></TD>");
out.println("<TD ALIGN='center'><B>Date</B></TD>");
out.println("<TD ALIGN='center'><B>Delete Contacts</B></TD>");
out.println("</TR>");
int nRows = 0;
while (rs.next()) {
nRows++;
String messageID = rs.getString("contactID");
String fromUser = rs.getString("contactName");
String message = rs.getString("comments");
String messageDate = rs.getString("dateAdded");
out.println("<TR>");
out.println("<TD>" + messageID + "</TD>");
out.println("<TD>" + fromUser + "</TD>");
out.println("<TD>" + message + "</TD>");
out.println("<TD>" + messageDate + "</TD>");
out.println(
"<TD><input type='checkbox' name='msgList' value='" + messageID + "'> Delete</TD>");
out.println("</TR>");
}
out.println("<TR>");
out.println(
"<TD COLSPAN='6' ALIGN='center'><input type='submit' value='Delete Selected Contacts'></TD>");
out.println("</TR>");
out.println("</TABLE>");
out.println("</FORM>");
} catch (Exception e) {
out.println("Could not connect to the users database.<P>");
out.println("The error message was");
out.println("<PRE>");
out.println(e.getMessage());
out.println("</PRE>");
} finally {
if (rs != null) {
try {
rs.close();
} catch (SQLException ignore) {
}
}
if (stmt != null) {
try {
stmt.close();
} catch (SQLException ignore) {
}
}
if (con != null) {
try {
con.close();
} catch (SQLException ignore) {
}
}
}
out.println("</CENTER>");
out.println("</BODY>");
out.println("</HTML>");
} catch (RuntimeException e) {
out.println("<script language=\"javascript\">");
out.println("alert(\"You need to log in to use this service!\");");
out.println("</script>");
out.println("<a href='index.html'>Click Here</a> to go to the main page.<br><br>");
out.println(
"Or Click on the button to exit<FORM><INPUT onClick=\"javascipt:window.close()\" TYPE=\"BUTTON\" VALUE=\"Close Browser\" TITLE=\"Click here to close window\" NAME=\"CloseWindow\" STYLE=\"font-family:Verdana, Arial, Helvetica; font-size:smaller; font-weight:bold\"></FORM>");
log(e.getMessage());
return;
}
}
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */
private void goodB2G2() throws Throwable {
String data;
/* INCIDENTAL: CWE 571 Statement is Always True */
if (private_five == 5) {
Logger log_bad = Logger.getLogger("local-logger");
data = ""; /* init data */
Socket sock = null;
BufferedReader buffread = null;
InputStreamReader instrread = null;
try {
/* Read data using an outbound tcp connection */
sock = new Socket("host.example.org", 39544);
/* read input from socket */
instrread = new InputStreamReader(sock.getInputStream());
buffread = new BufferedReader(instrread);
data = buffread.readLine();
} catch (IOException ioe) {
log_bad.warning("Error with stream reading");
} finally {
/* clean up stream reading objects */
try {
if (buffread != null) {
buffread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing buffread");
} finally {
try {
if (instrread != null) {
instrread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing instrread");
}
}
/* clean up socket objects */
try {
if (sock != null) {
sock.close();
}
} catch (IOException e) {
log_bad.warning("Error closing sock");
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
}
/* INCIDENTAL: CWE 571 Statement is Always True */
if (private_five == 5) {
String names[] = data.split("-");
int iSuccess = 0;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
PreparedStatement sqlstatement = null;
try {
/* FIX: use prepared sqlstatement */
conn_tmp2 = IO.getDBConnection();
sqlstatement =
conn_tmp2.prepareStatement("update users set hitcount=hitcount+1 where name=?");
for (int i = 0; i < names.length; ++i) {
sqlstatement.setString(1, names[i]);
sqlstatement.addBatch();
}
int dbResults[] = sqlstatement.executeBatch();
for (int i = 0; i < names.length; ++i) {
if (dbResults[i] > 0) {
iSuccess++;
}
}
IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries.");
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
String names[] = data.split("-");
int iSuccess = 0;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
for (int i = 0; i < names.length; ++i) {
/* POTENTIAL FLAW: take user input and place into dynamic sql query */
sqlstatement.addBatch(
"update users set hitcount=hitcount+1 where name='" + names[i] + "'");
}
int dbResults[] = sqlstatement.executeBatch();
for (int i = 0; i < names.length; ++i) {
if (dbResults[i] > 0) {
iSuccess++;
}
}
IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries.");
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
}