/* goodG2B2() - use goodsource and badsink by reversing statements in if */
private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (IO.static_final_t) {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
}
String root = "C:\\uploads\\";
/* POTENTIAL FLAW: no validation of concatenated value */
File fIn = new File(root + data);
if (fIn.exists() && fIn.isFile()) {
IO.writeLine(new BufferedReader(new FileReader(fIn)).readLine());
}
}
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
if (request.getParameter("setcookie") != null) {
Cookie cookie = new Cookie("Learningjava", "Cookies!");
cookie.setMaxAge(3600);
response.addCookie(cookie);
out.println("<html><body><h1>Cookie Set...</h1>");
} else {
out.println("<html><body>");
Cookie[] cookies = request.getCookies();
if (cookies.length == 0) {
out.println("<h1>No cookies found...</h1>");
} else {
for (int i = 0; i < cookies.length; i++)
out.print(
"<h1>Name: "
+ cookies[i].getName()
+ "<br>"
+ "Value: "
+ cookies[i].getValue()
+ "</h1>");
}
out.println(
"<p><a href=\""
+ request.getRequestURI()
+ "?setcookie=true\">"
+ "Reset the Learning Java cookie.</a>");
}
out.println("</body></html>");
}
@Override
public Cookie getCookie(final String name) {
for (final javax.servlet.http.Cookie c : req.getCookies()) {
if (c.getName().equals(name)) return new BXServletCookie(c);
}
return null;
}
// getBrowserInfiniteCookie
public static String getBrowserInfiniteCookie(HttpServletRequest request) {
Cookie[] cookieJar = request.getCookies();
if (cookieJar != null) {
for (Cookie cookie : cookieJar) {
if (cookie.getName().equals("infinitecookie")) {
return cookie.getValue() + ";";
}
}
}
return null;
} // TESTED
private Cookie getCookie(String name, HttpServletRequest request) {
Cookie[] cookies = request.getCookies();
if (cookies == null) {
return null;
}
for (int i = 0; i < cookies.length; i++) {
if (cookies[i].getName().equals(name)) {
return cookies[i];
}
}
return null;
}
public void doPost(HttpServletRequest req, HttpServletResponse res)
throws IOException, ServletException {
ArrayList<String> ar = new ArrayList<String>();
boolean flag = false;
Cookie[] cArr = req.getCookies();
if (cArr != null) {
for (int i = 0; i < cArr.length; i++) {
Cookie c0 = cArr[i];
if (c0.getName().equals("Name") && !c0.getValue().equals("Logout")) {
res.sendRedirect("index.html");
flag = true;
}
}
}
if (flag == false) res.sendRedirect("Login.html");
}
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
Cookie[] cookies = req.getCookies();
if (cookies != null) {
for (int i = 0; i < cookies.length; i++) {
System.out.println("COOKIE=" + cookies[i].getValue());
}
}
HttpSession session = req.getSession(false);
if (session == null) {
throw new ServletException("Unable to access login session");
}
res.getWriter().println("JSESSIONID=" + session.getId());
}
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String title = "Shared Info";
out.println(
"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 "
+ "Transitional//EN\">"
+ "<HTML>\n"
+ "<HEAD><TITLE>"
+ title
+ "</TITLE></HEAD>\n"
+ "<BODY BGCOLOR=\"#FDF5E6\">\n"
+ "<H1 ALIGN=\"CENTER\">"
+ title
+ "</H1>\n"
+ "<UL>\n"
+ " <LI>Session:");
HttpSession session = request.getSession(true);
Enumeration attributes = session.getAttributeNames();
out.println(getAttributeList(attributes));
out.println(" <LI>Current Servlet Context:");
ServletContext application = getServletContext();
attributes = application.getAttributeNames();
out.println(getAttributeList(attributes));
out.println(" <LI>Servlet Context of /shareTest1:");
application = application.getContext("/shareTest1");
if (application == null) {
out.println("Context sharing disabled");
} else {
attributes = application.getAttributeNames();
out.println(getAttributeList(attributes));
}
out.println(" <LI>Cookies:<UL>");
Cookie[] cookies = request.getCookies();
if ((cookies == null) || (cookies.length == 0)) {
out.println(" <LI>No cookies found.");
} else {
Cookie cookie;
for (int i = 0; i < cookies.length; i++) {
cookie = cookies[i];
out.println(" <LI>" + cookie.getName());
}
}
out.println(" </UL>\n" + "</UL>\n" + "</BODY></HTML>");
}
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
int index;
DatastoreService ds;
MemcacheService ms;
Cookie[] cookies;
boolean insideFlag;
String delpw;
String paramOffset;
String paramSize;
int offset;
int size;
Key postObjGroupKey;
Query q;
List<Entity> postObjList;
PostObj postObj;
Gson gson;
List<String> filelinkList;
resp.setCharacterEncoding("UTF-8");
resp.setContentType("text/plain");
ds = DatastoreServiceFactory.getDatastoreService();
ms = MemcacheServiceFactory.getMemcacheService();
insideFlag = false;
try {
cookies = req.getCookies();
if (cookies.length > 0) {
if (ms.contains(cookies[0].getValue()) == true) {
insideFlag = true;
}
}
} catch (Exception e) {
insideFlag = false;
}
delpw = req.getParameter("delpw");
if (delpw != null) {
if (delpw.equals("") == true) {
delpw = null;
}
}
paramOffset = req.getParameter("offset");
if (paramOffset != null) {
offset = Integer.valueOf(paramOffset);
} else {
offset = 0;
}
paramSize = req.getParameter("size");
if (paramSize != null) {
size = Integer.valueOf(paramSize);
} else {
size = 4096;
}
postObjGroupKey = KeyFactory.createKey("PostObjGroup", 1L);
q = new Query("PostObj", postObjGroupKey);
if (delpw != null) {
q.addFilter("delpw", FilterOperator.EQUAL, delpw);
q.addSort("delpw");
}
q.addSort("posttime", SortDirection.DESCENDING);
postObjList = ds.prepare(q).asList(FetchOptions.Builder.withOffset(offset).limit(size));
postObj = new PostObj();
filelinkList = new ArrayList<String>();
for (index = 0; index < postObjList.size(); index++) {
postObj.getDB(postObjList.get(index));
if ((postObj.flag.equals("showgallery") == false && insideFlag == true)
|| (postObj.flag.equals("showgallery") == true && insideFlag == false)
|| delpw != null) {
filelinkList.add(postObj.filelink);
}
}
gson = new Gson();
resp.getWriter().print(gson.toJson(filelinkList));
}
@Override
public List<Cookie> getCookies() {
final List<Cookie> list = new ArrayList<>();
for (final javax.servlet.http.Cookie c : req.getCookies()) list.add(new BXServletCookie(c));
return list;
}