@Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    String[] values = request.getParameterValues("vector");
    String param;
    if (values != null && values.length > 0) param = values[0];
    else param = "";

    String bar = "safe!";
    java.util.HashMap<String, Object> map82281 = new java.util.HashMap<String, Object>();
    map82281.put("keyA-82281", "a_Value"); // put some stuff in the collection
    map82281.put("keyB-82281", param); // put it in a collection
    map82281.put("keyC", "another_Value"); // put some stuff in the collection
    bar = (String) map82281.get("keyB-82281"); // get it back out
    bar = (String) map82281.get("keyA-82281"); // get safe value back out

    String sql = "INSERT INTO users (username, password) VALUES ('foo','" + bar + "')";

    try {
      java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
      int count = statement.executeUpdate(sql, java.sql.Statement.RETURN_GENERATED_KEYS);
      org.owasp.benchmark.helpers.DatabaseHelper.outputUpdateComplete(sql, response);
    } catch (java.sql.SQLException e) {
      if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
        response.getWriter().println("Error processing request.");
        return;
      } else throw new ServletException(e);
    }
  }
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    javax.servlet.http.Cookie[] theCookies = request.getCookies();

    String param = "";
    if (theCookies != null) {
      for (javax.servlet.http.Cookie theCookie : theCookies) {
        if (theCookie.getName().equals("vector")) {
          param = java.net.URLDecoder.decode(theCookie.getValue(), "UTF-8");
          break;
        }
      }
    }

    String bar = doSomething(param);

    String sql = "INSERT INTO users (username, password) VALUES ('foo','" + bar + "')";

    try {
      java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
      int count = statement.executeUpdate(sql);
      org.owasp.benchmark.helpers.DatabaseHelper.outputUpdateComplete(sql, response);
    } catch (java.sql.SQLException e) {
      if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
        response.getWriter().println("Error processing request.");
        return;
      } else throw new ServletException(e);
    }
  } // end doPost
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    String param = "";
    java.util.Enumeration<String> headers = request.getHeaders("vector");
    if (headers.hasMoreElements()) {
      param = headers.nextElement(); // just grab first element
    }

    String bar = doSomething(param);

    String sql = "SELECT * from USERS where USERNAME='******' and PASSWORD='******'";

    try {
      java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
      statement.execute(sql, java.sql.Statement.RETURN_GENERATED_KEYS);
      org.owasp.benchmark.helpers.DatabaseHelper.printResults(statement, sql, response);
    } catch (java.sql.SQLException e) {
      if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
        response.getWriter().println("Error processing request.");
        return;
      } else throw new ServletException(e);
    }
  } // end doPost
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    java.util.Map<String, String[]> map = request.getParameterMap();
    String param = "";
    if (!map.isEmpty()) {
      String[] values = map.get("vector");
      if (values != null) param = values[0];
    }

    String bar = doSomething(param);

    String sql = "SELECT * from USERS where USERNAME=? and PASSWORD='******'";

    try {
      java.sql.Connection connection =
          org.owasp.benchmark.helpers.DatabaseHelper.getSqlConnection();
      java.sql.PreparedStatement statement =
          connection.prepareStatement(
              sql,
              java.sql.ResultSet.TYPE_FORWARD_ONLY,
              java.sql.ResultSet.CONCUR_READ_ONLY,
              java.sql.ResultSet.CLOSE_CURSORS_AT_COMMIT);
      statement.setString(1, "foo");
      statement.execute();
      org.owasp.benchmark.helpers.DatabaseHelper.printResults(statement, sql, response);
    } catch (java.sql.SQLException e) {
      if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
        response.getWriter().println("Error processing request.");
        return;
      } else throw new ServletException(e);
    }
  } // end doPost
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    String queryString = request.getQueryString();
    String paramval = "vector" + "=";
    int paramLoc = -1;
    if (queryString != null) paramLoc = queryString.indexOf(paramval);
    if (paramLoc == -1) {
      response
          .getWriter()
          .println(
              "getQueryString() couldn't find expected parameter '"
                  + "vector"
                  + "' in query string.");
      return;
    }

    String param =
        queryString.substring(
            paramLoc
                + paramval
                    .length()); // 1st assume "vector" param is last parameter in query string.
    // And then check to see if its in the middle of the query string and if so, trim off what comes
    // after.
    int ampersandLoc = queryString.indexOf("&", paramLoc);
    if (ampersandLoc != -1) {
      param = queryString.substring(paramLoc + paramval.length(), ampersandLoc);
    }
    param = java.net.URLDecoder.decode(param, "UTF-8");

    String bar = doSomething(param);

    String sql = "{call " + bar + "}";

    try {
      java.sql.Connection connection =
          org.owasp.benchmark.helpers.DatabaseHelper.getSqlConnection();
      java.sql.CallableStatement statement =
          connection.prepareCall(
              sql,
              java.sql.ResultSet.TYPE_FORWARD_ONLY,
              java.sql.ResultSet.CONCUR_READ_ONLY,
              java.sql.ResultSet.CLOSE_CURSORS_AT_COMMIT);
      java.sql.ResultSet rs = statement.executeQuery();
      org.owasp.benchmark.helpers.DatabaseHelper.printResults(rs, sql, response);
    } catch (java.sql.SQLException e) {
      if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
        response.getWriter().println("Error processing request.");
        return;
      } else throw new ServletException(e);
    }
  } // end doPost
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = "";
    java.util.Enumeration<String> names = request.getParameterNames();
    if (names.hasMoreElements()) {
      param = names.nextElement(); // just grab first element
    }

    String bar = org.springframework.web.util.HtmlUtils.htmlEscape(param);

    String sql = "SELECT * from USERS where USERNAME=? and PASSWORD='******'";

    try {
      java.sql.Connection connection =
          org.owasp.benchmark.helpers.DatabaseHelper.getSqlConnection();
      java.sql.PreparedStatement statement =
          connection.prepareStatement(sql, java.sql.Statement.RETURN_GENERATED_KEYS);
      statement.setString(1, "foo");
      statement.execute();
    } catch (java.sql.SQLException e) {
      throw new ServletException(e);
    }
  }
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = "";
    java.util.Enumeration<String> names = request.getParameterNames();
    if (names.hasMoreElements()) {
      param = names.nextElement(); // just grab first element
    }

    String bar;

    // Simple if statement that assigns param to bar on true condition
    int i = 196;
    if ((500 / 42) + i > 200) bar = param;
    else bar = "This should never happen";

    String sql = "SELECT * from USERS where USERNAME=? and PASSWORD='******'";

    try {
      java.sql.Connection connection =
          org.owasp.benchmark.helpers.DatabaseHelper.getSqlConnection();
      java.sql.PreparedStatement statement = connection.prepareStatement(sql);
      statement.setString(1, "foo");
      statement.execute();
    } catch (java.sql.SQLException e) {
      throw new ServletException(e);
    }
  }
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = request.getQueryString();

    String bar = new Test().doSomething(param);

    String sql = "SELECT * from USERS where USERNAME=? and PASSWORD='******'";

    try {
      java.sql.Connection connection =
          org.owasp.benchmark.helpers.DatabaseHelper.getSqlConnection();
      java.sql.PreparedStatement statement =
          connection.prepareStatement(
              sql,
              java.sql.ResultSet.TYPE_FORWARD_ONLY,
              java.sql.ResultSet.CONCUR_READ_ONLY,
              java.sql.ResultSet.CLOSE_CURSORS_AT_COMMIT);
      statement.setString(1, "foo");
      statement.execute();
    } catch (java.sql.SQLException e) {
      throw new ServletException(e);
    }
  } // end doPost
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = "";
    java.util.Enumeration<String> headerNames = request.getHeaderNames();
    if (headerNames.hasMoreElements()) {
      param = headerNames.nextElement(); // just grab first element
    }

    String bar;

    // Simple if statement that assigns param to bar on true condition
    int i = 196;
    if ((500 / 42) + i > 200) bar = param;
    else bar = "This should never happen";

    String sql = "UPDATE USERS SET PASSWORD='******' WHERE USERNAME='******'";

    try {
      java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
      int count = statement.executeUpdate(sql, new String[] {"user", "password"});
    } catch (java.sql.SQLException e) {
      throw new ServletException(e);
    }
  }
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = "";
    java.util.Enumeration<String> names = request.getParameterNames();
    if (names.hasMoreElements()) {
      param = names.nextElement(); // just grab first element
    }

    String bar = doSomething(param);

    String sql = "SELECT * from USERS where USERNAME=? and PASSWORD='******'";

    try {
      java.sql.Connection connection =
          org.owasp.benchmark.helpers.DatabaseHelper.getSqlConnection();
      java.sql.PreparedStatement statement =
          connection.prepareStatement(
              sql, java.sql.ResultSet.TYPE_FORWARD_ONLY, java.sql.ResultSet.CONCUR_READ_ONLY);
      statement.setString(1, "foo");
      statement.execute();
    } catch (java.sql.SQLException e) {
      throw new ServletException(e);
    }
  } // end doPost
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    org.owasp.benchmark.helpers.SeparateClassRequest scr =
        new org.owasp.benchmark.helpers.SeparateClassRequest(request);
    String param = scr.getTheParameter("foo");

    String bar = new Test().doSomething(param);

    String sql = "{call verifyUserPassword('foo','" + bar + "')}";

    try {
      java.sql.Connection connection =
          org.owasp.benchmark.helpers.DatabaseHelper.getSqlConnection();
      java.sql.CallableStatement statement =
          connection.prepareCall(
              sql,
              java.sql.ResultSet.TYPE_FORWARD_ONLY,
              java.sql.ResultSet.CONCUR_READ_ONLY,
              java.sql.ResultSet.CLOSE_CURSORS_AT_COMMIT);
      statement.execute();
    } catch (java.sql.SQLException e) {
      throw new ServletException(e);
    }
  } // end doPost
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = "";
    java.util.Enumeration<String> headerNames = request.getHeaderNames();
    if (headerNames.hasMoreElements()) {
      param = headerNames.nextElement(); // just grab first element
    }

    String bar = new Test().doSomething(param);

    String sql = "{call verifyUserPassword('foo','" + bar + "')}";

    try {
      java.sql.Connection connection =
          org.owasp.benchmark.helpers.DatabaseHelper.getSqlConnection();
      java.sql.CallableStatement statement =
          connection.prepareCall(
              sql,
              java.sql.ResultSet.TYPE_FORWARD_ONLY,
              java.sql.ResultSet.CONCUR_READ_ONLY,
              java.sql.ResultSet.CLOSE_CURSORS_AT_COMMIT);
      statement.execute();
    } catch (java.sql.SQLException e) {
      throw new ServletException(e);
    }
  } // end doPost
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    org.owasp.benchmark.helpers.SeparateClassRequest scr =
        new org.owasp.benchmark.helpers.SeparateClassRequest(request);
    String param = scr.getTheValue("foo");

    String bar = "safe!";
    java.util.HashMap<String, Object> map13216 = new java.util.HashMap<String, Object>();
    map13216.put("keyA-13216", "a Value"); // put some stuff in the collection
    map13216.put("keyB-13216", param.toString()); // put it in a collection
    map13216.put("keyC", "another Value"); // put some stuff in the collection
    bar = (String) map13216.get("keyB-13216"); // get it back out

    String sql = "{call verifyUserPassword('foo','" + bar + "')}";

    try {
      java.sql.Connection connection =
          org.owasp.benchmark.helpers.DatabaseHelper.getSqlConnection();
      java.sql.CallableStatement statement = connection.prepareCall(sql);
      statement.execute();
    } catch (java.sql.SQLException e) {
      throw new ServletException(e);
    }
  }
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    javax.servlet.http.Cookie[] cookies = request.getCookies();

    String param = null;
    boolean foundit = false;
    if (cookies != null) {
      for (javax.servlet.http.Cookie cookie : cookies) {
        if (cookie.getName().equals("foo")) {
          param = cookie.getValue();
          foundit = true;
        }
      }
      if (!foundit) {
        // no cookie found in collection
        param = "";
      }
    } else {
      // no cookies
      param = "";
    }

    String bar = new Test().doSomething(param);

    String sql = "UPDATE USERS SET PASSWORD='******' WHERE USERNAME='******'";

    try {
      java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
      int count = statement.executeUpdate(sql, new int[] {1, 2});
    } catch (java.sql.SQLException e) {
      throw new ServletException(e);
    }
  } // end doPost
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    String param = "";
    boolean flag = true;
    java.util.Enumeration<String> names = request.getParameterNames();
    while (names.hasMoreElements() && flag) {
      String name = (String) names.nextElement();
      String[] values = request.getParameterValues(name);
      if (values != null) {
        for (int i = 0; i < values.length && flag; i++) {
          String value = values[i];
          if (value.equals("vector")) {
            param = name;
            flag = false;
          }
        }
      }
    }

    String bar = doSomething(param);

    String sql = "SELECT * from USERS where USERNAME=? and PASSWORD='******'";

    try {
      java.sql.Connection connection =
          org.owasp.benchmark.helpers.DatabaseHelper.getSqlConnection();
      java.sql.PreparedStatement statement =
          connection.prepareStatement(sql, java.sql.Statement.RETURN_GENERATED_KEYS);
      statement.setString(1, "foo");
      statement.execute();
      org.owasp.benchmark.helpers.DatabaseHelper.printResults(statement, sql, response);
    } catch (java.sql.SQLException e) {
      if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
        response.getWriter().println("Error processing request.");
        return;
      } else throw new ServletException(e);
    }
  } // end doPost
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    String param = "";
    boolean flag = true;
    java.util.Enumeration<String> names = request.getParameterNames();
    while (names.hasMoreElements() && flag) {
      String name = (String) names.nextElement();
      String[] values = request.getParameterValues(name);
      if (values != null) {
        for (int i = 0; i < values.length && flag; i++) {
          String value = values[i];
          if (value.equals("vector")) {
            param = name;
            flag = false;
          }
        }
      }
    }

    String bar = doSomething(param);

    String sql = "INSERT INTO users (username, password) VALUES ('foo','" + bar + "')";

    try {
      java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
      int count = statement.executeUpdate(sql, new int[] {1, 2});
      org.owasp.benchmark.helpers.DatabaseHelper.outputUpdateComplete(sql, response);
    } catch (java.sql.SQLException e) {
      if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
        response.getWriter().println("Error processing request.");
        return;
      } else throw new ServletException(e);
    }
  } // end doPost
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = request.getParameter("foo");

    String bar = new Test().doSomething(param);

    String sql = "UPDATE USERS SET PASSWORD='******' WHERE USERNAME='******'";

    try {
      java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
      int count = statement.executeUpdate(sql);
    } catch (java.sql.SQLException e) {
      throw new ServletException(e);
    }
  } // end doPost
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = request.getQueryString();

    String bar = new Test().doSomething(param);

    String sql = "SELECT * from USERS where USERNAME='******' and PASSWORD='******'";

    try {
      java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
      statement.execute(sql, new int[] {1, 2});
    } catch (java.sql.SQLException e) {
      throw new ServletException(e);
    }
  } // end doPost
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = request.getHeader("foo");

    String bar = org.springframework.web.util.HtmlUtils.htmlEscape(param);

    String sql = "UPDATE USERS SET PASSWORD='******' WHERE USERNAME='******'";

    try {
      java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
      int count = statement.executeUpdate(sql, new String[] {"user", "password"});
    } catch (java.sql.SQLException e) {
      throw new ServletException(e);
    }
  }
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    java.util.Map<String, String[]> map = request.getParameterMap();
    String param = "";
    if (!map.isEmpty()) {
      param = map.get("foo")[0];
    }

    // Chain a bunch of propagators in sequence
    String a40600 = param; // assign
    StringBuilder b40600 = new StringBuilder(a40600); // stick in stringbuilder
    b40600.append(" SafeStuff"); // append some safe content
    b40600.replace(
        b40600.length() - "Chars".length(),
        b40600.length(),
        "Chars"); // replace some of the end content
    java.util.HashMap<String, Object> map40600 = new java.util.HashMap<String, Object>();
    map40600.put("key40600", b40600.toString()); // put in a collection
    String c40600 = (String) map40600.get("key40600"); // get it back out
    String d40600 = c40600.substring(0, c40600.length() - 1); // extract most of it
    String e40600 =
        new String(
            new sun.misc.BASE64Decoder()
                .decodeBuffer(
                    new sun.misc.BASE64Encoder()
                        .encode(d40600.getBytes()))); // B64 encode and decode it
    String f40600 = e40600.split(" ")[0]; // split it on a space
    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String g40600 = "barbarians_at_the_gate"; // This is static so this whole flow is 'safe'
    String bar = thing.doSomething(g40600); // reflection

    String sql = "SELECT * from USERS where USERNAME='******' and PASSWORD='******'";

    try {
      java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
      statement.addBatch(sql);
      int[] counts = statement.executeBatch();
    } catch (java.sql.SQLException e) {
      throw new ServletException(e);
    }
  }
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = request.getParameter("foo");

    String bar = doSomething(param);

    String sql = "{call verifyUserPassword('foo','" + bar + "')}";

    try {
      java.sql.Connection connection =
          org.owasp.benchmark.helpers.DatabaseHelper.getSqlConnection();
      java.sql.CallableStatement statement = connection.prepareCall(sql);
      statement.execute();
    } catch (java.sql.SQLException e) {
      throw new ServletException(e);
    }
  } // end doPost
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    org.owasp.benchmark.helpers.SeparateClassRequest scr =
        new org.owasp.benchmark.helpers.SeparateClassRequest(request);
    String param = scr.getTheValue("foo");

    String bar = doSomething(param);

    String sql = "SELECT * from USERS where USERNAME='******' and PASSWORD='******'";

    try {
      java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
      java.sql.ResultSet rs = statement.executeQuery(sql);
    } catch (java.sql.SQLException e) {
      throw new ServletException(e);
    }
  } // end doPost
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    javax.servlet.http.Cookie[] cookies = request.getCookies();

    String param = null;
    boolean foundit = false;
    if (cookies != null) {
      for (javax.servlet.http.Cookie cookie : cookies) {
        if (cookie.getName().equals("foo")) {
          param = cookie.getValue();
          foundit = true;
        }
      }
      if (!foundit) {
        // no cookie found in collection
        param = "";
      }
    } else {
      // no cookies
      param = "";
    }

    String bar = new Test().doSomething(param);

    String sql = "{call verifyUserPassword('foo','" + bar + "')}";

    try {
      java.sql.Connection connection =
          org.owasp.benchmark.helpers.DatabaseHelper.getSqlConnection();
      java.sql.CallableStatement statement =
          connection.prepareCall(
              sql,
              java.sql.ResultSet.TYPE_FORWARD_ONLY,
              java.sql.ResultSet.CONCUR_READ_ONLY,
              java.sql.ResultSet.CLOSE_CURSORS_AT_COMMIT);
      statement.execute();
    } catch (java.sql.SQLException e) {
      throw new ServletException(e);
    }
  } // end doPost
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String[] values = request.getParameterValues("foo");
    String param;
    if (values.length != 0) param = request.getParameterValues("foo")[0];
    else param = null;

    String bar = doSomething(param);

    String sql = "SELECT * from USERS where USERNAME='******' and PASSWORD='******'";

    try {
      java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
      statement.execute(sql, java.sql.Statement.RETURN_GENERATED_KEYS);
    } catch (java.sql.SQLException e) {
      throw new ServletException(e);
    }
  } // end doPost
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String[] values = request.getParameterValues("foo");
    String param;
    if (values.length != 0) param = request.getParameterValues("foo")[0];
    else param = null;

    String bar = org.springframework.web.util.HtmlUtils.htmlEscape(param);

    String sql = "UPDATE USERS SET PASSWORD='******' WHERE USERNAME='******'";

    try {
      java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
      int count = statement.executeUpdate(sql);
    } catch (java.sql.SQLException e) {
      throw new ServletException(e);
    }
  }
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String[] values = request.getParameterValues("foo");
    String param;
    if (values.length != 0) param = request.getParameterValues("foo")[0];
    else param = null;

    String bar = org.owasp.esapi.ESAPI.encoder().encodeForHTML(param);

    String sql = "SELECT * from USERS where USERNAME='******' and PASSWORD='******'";

    try {
      java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
      statement.execute(sql, new int[] {1, 2});
    } catch (java.sql.SQLException e) {
      throw new ServletException(e);
    }
  }
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = "";
    java.util.Enumeration<String> headerNames = request.getHeaderNames();
    if (headerNames.hasMoreElements()) {
      param = headerNames.nextElement(); // just grab first element
    }

    String bar = param;

    String sql = "UPDATE USERS SET PASSWORD='******' WHERE USERNAME='******'";

    try {
      java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
      int count = statement.executeUpdate(sql, java.sql.Statement.RETURN_GENERATED_KEYS);
    } catch (java.sql.SQLException e) {
      throw new ServletException(e);
    }
  }
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = request.getQueryString();

    String bar =
        new String(
            new sun.misc.BASE64Decoder()
                .decodeBuffer(new sun.misc.BASE64Encoder().encode(param.getBytes())));

    String sql = "SELECT * from USERS where USERNAME='******' and PASSWORD='******'";

    try {
      java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
      statement.addBatch(sql);
      int[] counts = statement.executeBatch();
    } catch (java.sql.SQLException e) {
      throw new ServletException(e);
    }
  }
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = "";
    java.util.Enumeration<String> names = request.getParameterNames();
    if (names.hasMoreElements()) {
      param = names.nextElement(); // just grab first element
    }

    String bar = doSomething(param);

    String sql = "SELECT * from USERS where USERNAME='******' and PASSWORD='******'";

    try {
      java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
      statement.execute(sql);
    } catch (java.sql.SQLException e) {
      throw new ServletException(e);
    }
  } // end doPost
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    java.util.Map<String, String[]> map = request.getParameterMap();
    String param = "";
    if (!map.isEmpty()) {
      param = map.get("foo")[0];
    }

    String bar = doSomething(param);

    String sql = "SELECT * from USERS where USERNAME='******' and PASSWORD='******'";

    try {
      java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
      java.sql.ResultSet rs = statement.executeQuery(sql);
    } catch (java.sql.SQLException e) {
      throw new ServletException(e);
    }
  } // end doPost