public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data_copy;
{
int data;
Logger log_bad = Logger.getLogger("local-logger");
/* init Data$ */
data = -1;
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
String s_data = cookieSources[0].getValue();
data = Integer.parseInt(s_data.trim());
}
data_copy = data;
}
{
int data = data_copy;
/* POTENTIAL FLAW: Zero modulus will cause an issue. An integer division will
result in an exception. */
IO.writeLine("100%" + String.valueOf(data) + " = " + (100 % data) + "\n");
}
}
/* goodB2G() - use badsource and goodsink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data_copy;
{
int data;
Logger log_bad = Logger.getLogger("local-logger");
/* init Data$ */
data = -1;
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
String s_data = cookieSources[0].getValue();
data = Integer.parseInt(s_data.trim());
}
data_copy = data;
}
{
int data = data_copy;
/* FIX: test for a zero modulus */
if (data != 0) {
IO.writeLine("100%" + String.valueOf(data) + " = " + (100 % data) + "\n");
} else {
IO.writeLine("This would result in a modulo by zero");
}
}
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
bad_sink(data, request, response);
}
/* goodG2B2() - use goodsource and badsink by reversing statements in first if */
private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (IO.static_five == 5) {
data = "5";
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
}
if (IO.static_five == 5) {
int loopNum;
try {
loopNum = Integer.parseInt(data);
} catch (NumberFormatException nfe) {
IO.writeLine("Invalid response. Numeric input expected. Assuming 1.");
loopNum = 1;
}
for (int i = 0; i < loopNum; i++) {
/* POTENTIAL FLAW: user supplied input used for loop counter test */
IO.writeLine("hello world");
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
int loopNum;
try {
loopNum = Integer.parseInt(data);
} catch (NumberFormatException nfe) {
IO.writeLine("Invalid response. Numeric input expected. Assuming 1.");
loopNum = 1;
}
/* FIX: loop number thresholds validated */
if (loopNum >= 0 && loopNum <= 5) {
for (int i = 0; i < loopNum; i++) {
IO.writeLine("hello world");
}
}
}
}
/* goodG2B2() - use goodsource and badsink by reversing statements in first if */
private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data;
/* INCIDENTAL: CWE 571 Statement is Always True */
if (IO.static_final_t) {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded number that won't cause underflow, overflow,
divide by zero, or loss-of-precision issues */
data = 2;
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
/* init Data$ */
data = -1;
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
String s_data = cookieSources[0].getValue();
data = Integer.parseInt(s_data.trim());
}
}
/* INCIDENTAL: CWE 571 Statement is Always True */
if (IO.static_final_t) {
int valueToMult = (new SecureRandom()).nextInt(98) + 2; /* multiply by at least 2 */
if (data > 0) /* ensure we don't have an underflow */ {
/* POTENTIAL FLAW: if (data*valueToMult) > MAX_VALUE, this will overflow */
int result = (data * valueToMult);
IO.writeLine("result: " + result);
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
int valueToMult = (new SecureRandom()).nextInt(98) + 2; /* multiply by at least 2 */
if (data > 0) /* ensure we don't have an underflow */ {
int result = 0;
/* FIX: Add a check to prevent an overflow from occurring */
if (data <= (Integer.MAX_VALUE / valueToMult)) {
result = (data * valueToMult);
IO.writeLine("result: " + result);
} else {
IO.writeLine("Input value is too large to perform multiplication.");
}
}
}
}
public void doPost(HttpServletRequest req, HttpServletResponse res)
throws IOException, ServletException {
ArrayList<String> ar = new ArrayList<String>();
boolean flag = false;
Cookie[] cArr = req.getCookies();
if (cArr != null) {
for (int i = 0; i < cArr.length; i++) {
Cookie c0 = cArr[i];
if (c0.getName().equals("Name") && !c0.getValue().equals("Logout")) {
res.sendRedirect("index.html");
flag = true;
}
}
}
if (flag == false) res.sendRedirect("Login.html");
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data;
Logger log_bad = Logger.getLogger("local-logger");
/* init Data$ */
data = -1;
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
String s_data = cookieSources[0].getValue();
data = Integer.parseInt(s_data.trim());
}
(new CWE369_Divide_By_Zero__getCookiesServlet_divide_54b()).bad_sink(data, request, response);
}
/* goodB2G() - use badsource and goodsink */
private int goodB2G_source(HttpServletRequest request, HttpServletResponse response)
throws Throwable {
int data;
Logger log_bad = Logger.getLogger("local-logger");
/* init Data$ */
data = -1;
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
String s_data = cookieSources[0].getValue();
data = Integer.parseInt(s_data.trim());
}
return data;
}
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */
private void goodB2G2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data;
/* INCIDENTAL: CWE 571 Statement is Always True */
if (private_returns_t()) {
Logger log_bad = Logger.getLogger("local-logger");
/* init Data$ */
data = -1;
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
String s_data = cookieSources[0].getValue();
data = Integer.parseInt(s_data.trim());
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded number that won't cause underflow, overflow,
divide by zero, or loss-of-precision issues */
data = 2;
}
/* INCIDENTAL: CWE 571 Statement is Always True */
if (private_returns_t()) {
int result = 0;
int valueToAdd = (new SecureRandom()).nextInt(99) + 1; /* adding at least 1 */
/* FIX: Add a check to prevent an overflow from occurring */
if (data <= (Integer.MAX_VALUE - valueToAdd)) {
result = (data + valueToAdd);
IO.writeLine("result: " + result);
} else {
IO.writeLine("Input value is too large to perform addition.");
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
int valueToAdd = (new SecureRandom()).nextInt(99) + 1; /* adding at least 1 */
/* POTENTIAL FLAW: if (data+valueToAdd) > MAX_VALUE, this will overflow */
int result = (data + valueToAdd);
IO.writeLine("result: " + result);
}
}
private String bad_source(HttpServletRequest request, HttpServletResponse response)
throws Throwable {
String data;
if (badPrivate) {
data = ""; /* initialize data in case there are no cookies */
/* Read data from cookies */
{
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
/* POTENTIAL FLAW: Read data from the first cookie value */
data = cookieSources[0].getValue();
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
}
return data;
}
/* goodG2B2() - use goodsource and badsink by reversing statements in first if */
private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data;
/* INCIDENTAL: CWE 571 Statement is Always True */
if (5 == 5) {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded number that won't cause underflow, overflow,
divide by zero, or loss-of-precision issues */
data = 2;
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
/* init Data$ */
data = -1;
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
String s_data = cookieSources[0].getValue();
data = Integer.parseInt(s_data.trim());
}
}
/* INCIDENTAL: CWE 571 Statement is Always True */
if (5 == 5) {
/* POTENTIAL FLAW: Zero denominator will cause an issue. An integer division will
result in an exception. */
IO.writeLine("bad: 100/" + String.valueOf(data) + " = " + (100 / data) + "\n");
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
/* FIX: test for a zero denominator */
if (data != 0) {
IO.writeLine("100/" + String.valueOf(data) + " = " + (100 / data) + "\n");
} else {
IO.writeLine("This would result in a divide by zero");
}
}
}
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */
private void goodB2G2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
/* INCIDENTAL: CWE 571 Statement is Always True */
if (private_final_five == 5) {
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
}
/* INCIDENTAL: CWE 571 Statement is Always True */
if (private_final_five == 5) {
String names[] = data.split("-");
int iSuccess = 0;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
PreparedStatement sqlstatement = null;
try {
/* FIX: use prepared sqlstatement */
conn_tmp2 = IO.getDBConnection();
sqlstatement =
conn_tmp2.prepareStatement("update users set hitcount=hitcount+1 where name=?");
for (int i = 0; i < names.length; ++i) {
sqlstatement.setString(1, names[i]);
sqlstatement.addBatch();
}
int dbResults[] = sqlstatement.executeBatch();
for (int i = 0; i < names.length; ++i) {
if (dbResults[i] > 0) {
iSuccess++;
}
}
IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries.");
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
String names[] = data.split("-");
int iSuccess = 0;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
for (int i = 0; i < names.length; ++i) {
/* POTENTIAL FLAW: take user input and place into dynamic sql query */
sqlstatement.addBatch(
"update users set hitcount=hitcount+1 where name='" + names[i] + "'");
}
int dbResults[] = sqlstatement.executeBatch();
for (int i = 0; i < names.length; ++i) {
if (dbResults[i] > 0) {
iSuccess++;
}
}
IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries.");
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
}