@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = new Test().doSomething(param);
String sql = "{call verifyUserPassword('foo','" + bar + "')}";
try {
java.sql.Connection connection =
org.owasp.benchmark.helpers.DatabaseHelper.getSqlConnection();
java.sql.CallableStatement statement =
connection.prepareCall(
sql,
java.sql.ResultSet.TYPE_FORWARD_ONLY,
java.sql.ResultSet.CONCUR_READ_ONLY,
java.sql.ResultSet.CLOSE_CURSORS_AT_COMMIT);
statement.execute();
} catch (java.sql.SQLException e) {
throw new ServletException(e);
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = new Test().doSomething(param);
try {
java.util.Properties Benchmarkprops = new java.util.Properties();
Benchmarkprops.load(
this.getClass().getClassLoader().getResourceAsStream("Benchmark.properties"));
String algorithm = Benchmarkprops.getProperty("cryptoAlg2", "AES/ECB/PKCS5Padding");
javax.crypto.Cipher c = javax.crypto.Cipher.getInstance(algorithm);
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println(
"Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String) Test Case");
throw new ServletException(e);
} catch (javax.crypto.NoSuchPaddingException e) {
System.out.println(
"Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String) Test Case");
throw new ServletException(e);
}
response
.getWriter()
.println("Crypto Test javax.crypto.Cipher.getInstance(java.lang.String) executed");
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = new Test().doSomething(param);
try {
java.util.Random numGen = java.security.SecureRandom.getInstance("SHA1PRNG");
// Get 40 random bytes
byte[] randomBytes = new byte[40];
getNextNumber(numGen, randomBytes);
response.getWriter().println("Random bytes are: " + new String(randomBytes));
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println("Problem executing SecureRandom.nextBytes() - TestCase");
throw new ServletException(e);
} finally {
response
.getWriter()
.println("Randomness Test java.security.SecureRandom.nextBytes(byte[]) executed");
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = doSomething(param);
java.security.Provider[] provider = java.security.Security.getProviders();
java.security.MessageDigest md;
try {
if (provider.length > 1) {
md = java.security.MessageDigest.getInstance("SHA1", provider[0]);
} else {
md = java.security.MessageDigest.getInstance("SHA1", "SUN");
}
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println(
"Problem executing hash - TestCase java.security.MessageDigest.getInstance(java.lang.String,java.security.Provider)");
throw new ServletException(e);
} catch (java.security.NoSuchProviderException e) {
System.out.println(
"Problem executing hash - TestCase java.security.MessageDigest.getInstance(java.lang.String,java.security.Provider)");
throw new ServletException(e);
}
response
.getWriter()
.println(
"Hash Test java.security.MessageDigest.getInstance(java.lang.String,java.security.Provider) executed");
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("vector");
if (param == null) param = "";
String bar = "safe!";
java.util.HashMap<String, Object> map51510 = new java.util.HashMap<String, Object>();
map51510.put("keyA-51510", "a_Value"); // put some stuff in the collection
map51510.put("keyB-51510", param); // put it in a collection
map51510.put("keyC", "another_Value"); // put some stuff in the collection
bar = (String) map51510.get("keyB-51510"); // get it back out
bar = (String) map51510.get("keyA-51510"); // get safe value back out
String cmd = "";
String osName = System.getProperty("os.name");
if (osName.indexOf("Windows") != -1) {
cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo");
}
Runtime r = Runtime.getRuntime();
try {
Process p = r.exec(cmd + bar);
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p, response);
} catch (IOException e) {
System.out.println("Problem executing cmdi - TestCase");
throw new ServletException(e);
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = new Test().doSomething(param);
java.security.Provider[] provider = java.security.Security.getProviders();
javax.crypto.Cipher c;
try {
c =
javax.crypto.Cipher.getInstance(
"AES/CBC/PKCS5PADDING", java.security.Security.getProvider("SunJCE"));
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println(
"Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String,java.security.Provider) Test Case");
throw new ServletException(e);
} catch (javax.crypto.NoSuchPaddingException e) {
System.out.println(
"Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String,java.security.Provider) Test Case");
throw new ServletException(e);
}
response
.getWriter()
.println(
"Crypto Test javax.crypto.Cipher.getInstance(java.lang.String,java.security.Provider) executed");
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
// Chain a bunch of propagators in sequence
String a93077 = param; // assign
StringBuilder b93077 = new StringBuilder(a93077); // stick in stringbuilder
b93077.append(" SafeStuff"); // append some safe content
b93077.replace(
b93077.length() - "Chars".length(),
b93077.length(),
"Chars"); // replace some of the end content
java.util.HashMap<String, Object> map93077 = new java.util.HashMap<String, Object>();
map93077.put("key93077", b93077.toString()); // put in a collection
String c93077 = (String) map93077.get("key93077"); // get it back out
String d93077 = c93077.substring(0, c93077.length() - 1); // extract most of it
String e93077 =
new String(
new sun.misc.BASE64Decoder()
.decodeBuffer(
new sun.misc.BASE64Encoder()
.encode(d93077.getBytes()))); // B64 encode and decode it
String f93077 = e93077.split(" ")[0]; // split it on a space
org.owasp.benchmark.helpers.ThingInterface thing =
org.owasp.benchmark.helpers.ThingFactory.createThing();
String bar = thing.doSomething(f93077); // reflection
java.io.File file = new java.io.File(bar);
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("vector");
if (param == null) param = "";
String bar = doSomething(param);
byte[] bytes = new byte[10];
new java.util.Random().nextBytes(bytes);
String rememberMeKey = org.owasp.esapi.ESAPI.encoder().encodeForBase64(bytes, true);
String user = "******";
String fullClassName = this.getClass().getName();
String testCaseNumber =
fullClassName.substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length());
user += testCaseNumber;
String cookieName = "rememberMe" + testCaseNumber;
boolean foundUser = false;
javax.servlet.http.Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (int i = 0; !foundUser && i < cookies.length; i++) {
javax.servlet.http.Cookie cookie = cookies[i];
if (cookieName.equals(cookie.getName())) {
if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
foundUser = true;
}
}
}
}
if (foundUser) {
response.getWriter().println("Welcome back: " + user + "<br/>");
} else {
javax.servlet.http.Cookie rememberMe =
new javax.servlet.http.Cookie(cookieName, rememberMeKey);
rememberMe.setSecure(true);
rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
request.getSession().setAttribute(cookieName, rememberMeKey);
response.addCookie(rememberMe);
response
.getWriter()
.println(
user
+ " has been remembered with cookie: "
+ rememberMe.getName()
+ " whose value is: "
+ rememberMe.getValue()
+ "<br/>");
}
response.getWriter().println("Weak Randomness Test java.util.Random.nextBytes() executed");
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar;
String guess = "ABC";
char switchTarget = guess.charAt(2);
// Simple case statement that assigns param to bar on conditions 'A' or 'C'
switch (switchTarget) {
case 'A':
bar = param;
break;
case 'B':
bar = "bobs_your_uncle";
break;
case 'C':
case 'D':
bar = param;
break;
default:
bar = "bobs_your_uncle";
break;
}
java.security.Provider[] provider = java.security.Security.getProviders();
java.security.MessageDigest md;
try {
if (provider.length > 1) {
md = java.security.MessageDigest.getInstance("sha-384", provider[0]);
} else {
md = java.security.MessageDigest.getInstance("sha-384", "SUN");
}
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println(
"Problem executing hash - TestCase java.security.MessageDigest.getInstance(java.lang.String,java.security.Provider)");
throw new ServletException(e);
} catch (java.security.NoSuchProviderException e) {
System.out.println(
"Problem executing hash - TestCase java.security.MessageDigest.getInstance(java.lang.String,java.security.Provider)");
throw new ServletException(e);
}
response
.getWriter()
.println(
"Hash Test java.security.MessageDigest.getInstance(java.lang.String,java.security.Provider) executed");
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = org.owasp.esapi.ESAPI.encoder().encodeForHTML(param);
response.getWriter().write(bar);
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = new Test().doSomething(param);
Object[] obj = {"a", "b"};
response.getWriter().printf(bar, obj);
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = new Test().doSomething(param);
double rand = new java.util.Random().nextDouble();
response.getWriter().println("Weak Randomness Test java.util.Random.nextDouble() executed");
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
// Chain a bunch of propagators in sequence
String a32671 = param; // assign
StringBuilder b32671 = new StringBuilder(a32671); // stick in stringbuilder
b32671.append(" SafeStuff"); // append some safe content
b32671.replace(
b32671.length() - "Chars".length(),
b32671.length(),
"Chars"); // replace some of the end content
java.util.HashMap<String, Object> map32671 = new java.util.HashMap<String, Object>();
map32671.put("key32671", b32671.toString()); // put in a collection
String c32671 = (String) map32671.get("key32671"); // get it back out
String d32671 = c32671.substring(0, c32671.length() - 1); // extract most of it
String e32671 =
new String(
new sun.misc.BASE64Decoder()
.decodeBuffer(
new sun.misc.BASE64Encoder()
.encode(d32671.getBytes()))); // B64 encode and decode it
String f32671 = e32671.split(" ")[0]; // split it on a space
org.owasp.benchmark.helpers.ThingInterface thing =
org.owasp.benchmark.helpers.ThingFactory.createThing();
String bar = thing.doSomething(f32671); // reflection
try {
java.security.SecureRandom secureRandomGenerator =
java.security.SecureRandom.getInstance("SHA1PRNG");
// Get 40 random bytes
byte[] randomBytes = new byte[40];
secureRandomGenerator.nextBytes(randomBytes);
response.getWriter().println("Random bytes are: " + new String(randomBytes));
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println("Problem executing SecureRandom.nextBytes() - TestCase");
throw new ServletException(e);
} finally {
response
.getWriter()
.println("Randomness Test java.security.SecureRandom.nextBytes(byte[]) executed");
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = doSomething(param);
int length = 1;
if (bar != null) {
length = bar.length();
response.getWriter().write(bar, 0, length - 1);
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar;
// Simple if statement that assigns param to bar on true condition
int i = 196;
if ((500 / 42) + i > 200) bar = param;
else bar = "This should never happen";
response.getWriter().print(bar.toCharArray());
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = doSomething(param);
String sql = "SELECT * from USERS where USERNAME='******' and PASSWORD='******'";
try {
java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
statement.execute(sql, new String[] {"username", "password"});
} catch (java.sql.SQLException e) {
throw new ServletException(e);
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar;
// Simple if statement that assigns constant to bar on true condition
int i = 86;
if ((7 * 42) - i > 200) bar = "This_should_always_happen";
else bar = param;
Object[] obj = {"a", bar};
response.getWriter().printf(java.util.Locale.US, "notfoo", obj);
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("vector");
if (param == null) param = "";
String bar;
// Simple ? condition that assigns param to bar on false condition
int num = 106;
bar = (7 * 42) - num > 200 ? "This should never happen" : param;
response.getWriter().write(bar);
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("vector");
if (param == null) param = "";
// Chain a bunch of propagators in sequence
String a59200 = param; // assign
StringBuilder b59200 = new StringBuilder(a59200); // stick in stringbuilder
b59200.append(" SafeStuff"); // append some safe content
b59200.replace(
b59200.length() - "Chars".length(),
b59200.length(),
"Chars"); // replace some of the end content
java.util.HashMap<String, Object> map59200 = new java.util.HashMap<String, Object>();
map59200.put("key59200", b59200.toString()); // put in a collection
String c59200 = (String) map59200.get("key59200"); // get it back out
String d59200 = c59200.substring(0, c59200.length() - 1); // extract most of it
String e59200 =
new String(
new sun.misc.BASE64Decoder()
.decodeBuffer(
new sun.misc.BASE64Encoder()
.encode(d59200.getBytes()))); // B64 encode and decode it
String f59200 = e59200.split(" ")[0]; // split it on a space
org.owasp.benchmark.helpers.ThingInterface thing =
org.owasp.benchmark.helpers.ThingFactory.createThing();
String g59200 = "barbarians_at_the_gate"; // This is static so this whole flow is 'safe'
String bar = thing.doSomething(g59200); // reflection
java.io.File fileTarget =
new java.io.File(new java.io.File(org.owasp.benchmark.helpers.Utils.testfileDir), bar);
response.getWriter().write("Access to file: '" + fileTarget + "' created.");
if (fileTarget.exists()) {
response.getWriter().write(" And file already exists.");
} else {
response.getWriter().write(" But file doesn't exist yet.");
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = doSomething(param);
String sql = "UPDATE USERS SET PASSWORD='******' WHERE USERNAME='******'";
try {
java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
int count = statement.executeUpdate(sql, new int[] {1, 2});
} catch (java.sql.SQLException e) {
throw new ServletException(e);
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = doSomething(param);
try {
javax.naming.directory.InitialDirContext idc =
org.owasp.benchmark.helpers.Utils.getInitialDirContext();
Object[] filterArgs = {"a", "b"};
idc.search("name", bar, filterArgs, new javax.naming.directory.SearchControls());
} catch (javax.naming.NamingException e) {
throw new ServletException(e);
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = doSomething(param);
javax.xml.xpath.XPathFactory xpf = javax.xml.xpath.XPathFactory.newInstance();
javax.xml.xpath.XPath xp = xpf.newXPath();
try {
xp.compile(bar);
} catch (javax.xml.xpath.XPathExpressionException e) {
// OK to swallow
System.out.println("XPath expression exception caught and swallowed: " + e.getMessage());
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("vector");
if (param == null) param = "";
String bar = new Test().doSomething(param);
String cmd = "";
String a1 = "";
String a2 = "";
String[] args = null;
String osName = System.getProperty("os.name");
if (osName.indexOf("Windows") != -1) {
a1 = "cmd.exe";
a2 = "/c";
cmd = "echo ";
args = new String[] {a1, a2, cmd, bar};
} else {
a1 = "sh";
a2 = "-c";
cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
args = new String[] {a1, a2, cmd + bar};
}
String[] argsEnv = {"foo=bar"};
Runtime r = Runtime.getRuntime();
try {
Process p = r.exec(args, argsEnv);
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p, response);
} catch (IOException e) {
System.out.println("Problem executing cmdi - TestCase");
throw new ServletException(e);
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = new Test().doSomething(param);
try {
long l = java.security.SecureRandom.getInstance("SHA1PRNG").nextLong();
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println("Problem executing SecureRandom.nextLong() - TestCase");
throw new ServletException(e);
}
response
.getWriter()
.println("Weak Randomness Test java.security.SecureRandom.nextLong() executed");
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
// Chain a bunch of propagators in sequence
String a20448 = param; // assign
StringBuilder b20448 = new StringBuilder(a20448); // stick in stringbuilder
b20448.append(" SafeStuff"); // append some safe content
b20448.replace(
b20448.length() - "Chars".length(),
b20448.length(),
"Chars"); // replace some of the end content
java.util.HashMap<String, Object> map20448 = new java.util.HashMap<String, Object>();
map20448.put("key20448", b20448.toString()); // put in a collection
String c20448 = (String) map20448.get("key20448"); // get it back out
String d20448 = c20448.substring(0, c20448.length() - 1); // extract most of it
String e20448 =
new String(
new sun.misc.BASE64Decoder()
.decodeBuffer(
new sun.misc.BASE64Encoder()
.encode(d20448.getBytes()))); // B64 encode and decode it
String f20448 = e20448.split(" ")[0]; // split it on a space
org.owasp.benchmark.helpers.ThingInterface thing =
org.owasp.benchmark.helpers.ThingFactory.createThing();
String g20448 = "barbarians_at_the_gate"; // This is static so this whole flow is 'safe'
String bar = thing.doSomething(g20448); // reflection
javax.xml.xpath.XPathFactory xpf = javax.xml.xpath.XPathFactory.newInstance();
javax.xml.xpath.XPath xp = xpf.newXPath();
try {
xp.compile(bar);
} catch (javax.xml.xpath.XPathExpressionException e) {
// OK to swallow
System.out.println("XPath expression exception caught and swallowed: " + e.getMessage());
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar =
new String(
new sun.misc.BASE64Decoder()
.decodeBuffer(new sun.misc.BASE64Encoder().encode(param.getBytes())));
java.util.List<String> argList = new java.util.ArrayList<String>();
String osName = System.getProperty("os.name");
if (osName.indexOf("Windows") != -1) {
argList.add("cmd.exe");
argList.add("/c");
} else {
argList.add("sh");
argList.add("-c");
}
argList.add("echo");
argList.add(bar);
ProcessBuilder pb = new ProcessBuilder();
pb.command(argList);
try {
Process p = pb.start();
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
} catch (IOException e) {
System.out.println(
"Problem executing cmdi - java.lang.ProcessBuilder(java.util.List) Test Case");
throw new ServletException(e);
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("vector");
if (param == null) param = "";
String bar;
String guess = "ABC";
char switchTarget = guess.charAt(1); // condition 'B', which is safe
// Simple case statement that assigns param to bar on conditions 'A', 'C', or 'D'
switch (switchTarget) {
case 'A':
bar = param;
break;
case 'B':
bar = "bob";
break;
case 'C':
case 'D':
bar = param;
break;
default:
bar = "bob's your uncle";
break;
}
java.io.File fileTarget = new java.io.File(org.owasp.benchmark.helpers.Utils.testfileDir, bar);
response.getWriter().write("Access to file: '" + fileTarget + "' created.");
if (fileTarget.exists()) {
response.getWriter().write(" And file already exists.");
} else {
response.getWriter().write(" But file doesn't exist yet.");
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = param;
if (param.length() > 1) {
StringBuilder sbxyz98541 = new StringBuilder(param);
bar = sbxyz98541.replace(param.length() - "Z".length(), param.length(), "Z").toString();
}
try {
javax.naming.directory.InitialDirContext idc =
org.owasp.benchmark.helpers.Utils.getInitialDirContext();
idc.search("name", bar, new javax.naming.directory.SearchControls());
} catch (javax.naming.NamingException e) {
throw new ServletException(e);
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("vector");
if (param == null) param = "";
String bar = new Test().doSomething(param);
String fileName = null;
java.io.FileOutputStream fos = null;
try {
fileName = org.owasp.benchmark.helpers.Utils.testfileDir + bar;
fos = new java.io.FileOutputStream(fileName, false);
response
.getWriter()
.write(
"Now ready to write to file: "
+ org.owasp.esapi.ESAPI.encoder().encodeForHTML(fileName));
} catch (Exception e) {
System.out.println("Couldn't open FileOutputStream on file: '" + fileName + "'");
// System.out.println("File exception caught and swallowed: " + e.getMessage());
} finally {
if (fos != null) {
try {
fos.close();
fos = null;
} catch (Exception e) {
// we tried...
}
}
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = new Test().doSomething(param);
// Create the file first so the test won't throw an exception if it doesn't exist.
// Note: Don't actually do this because this method signature could cause a tool to find THIS
// file constructor
// as a vuln, rather than the File signature we are trying to actually test.
// If necessary, just run the benchmark twice. The 1st run should create all the necessary
// files.
// new java.io.File(org.owasp.benchmark.helpers.Utils.testfileDir + bar).createNewFile();
java.io.FileInputStream fileInputStream =
new java.io.FileInputStream(org.owasp.benchmark.helpers.Utils.testfileDir + bar);
java.io.FileDescriptor fd = fileInputStream.getFD();
java.io.FileOutputStream anotOutputStream = new java.io.FileOutputStream(fd);
} // end doPost
