@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("vector");
if (param == null) param = "";
String bar = "safe!";
java.util.HashMap<String, Object> map51510 = new java.util.HashMap<String, Object>();
map51510.put("keyA-51510", "a_Value"); // put some stuff in the collection
map51510.put("keyB-51510", param); // put it in a collection
map51510.put("keyC", "another_Value"); // put some stuff in the collection
bar = (String) map51510.get("keyB-51510"); // get it back out
bar = (String) map51510.get("keyA-51510"); // get safe value back out
String cmd = "";
String osName = System.getProperty("os.name");
if (osName.indexOf("Windows") != -1) {
cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo");
}
Runtime r = Runtime.getRuntime();
try {
Process p = r.exec(cmd + bar);
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p, response);
} catch (IOException e) {
System.out.println("Problem executing cmdi - TestCase");
throw new ServletException(e);
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String param = "";
java.util.Enumeration<String> headers = request.getHeaders("foo");
if (headers.hasMoreElements()) {
param = headers.nextElement(); // just grab first element
}
String bar = doSomething(param);
String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo") + bar;
String[] argsEnv = {"Foo=bar"};
Runtime r = Runtime.getRuntime();
try {
Process p = r.exec(cmd, argsEnv);
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
} catch (IOException e) {
System.out.println("Problem executing cmdi - TestCase");
throw new ServletException(e);
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
java.util.Map<String, String[]> map = request.getParameterMap();
String param = "";
if (!map.isEmpty()) {
String[] values = map.get("vector");
if (values != null) param = values[0];
}
String bar = new Test().doSomething(param);
String cmd =
org.owasp.benchmark.helpers.Utils.getInsecureOSCommandString(
this.getClass().getClassLoader());
String[] argsEnv = {bar};
Runtime r = Runtime.getRuntime();
try {
Process p = r.exec(cmd, argsEnv, new java.io.File(System.getProperty("user.dir")));
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p, response);
} catch (IOException e) {
System.out.println("Problem executing cmdi - TestCase");
throw new ServletException(e);
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String[] values = request.getParameterValues("foo");
String param;
if (values.length != 0) param = request.getParameterValues("foo")[0];
else param = null;
String bar = param;
if (param.length() > 1) {
StringBuilder sbxyz23220 = new StringBuilder(param);
bar = sbxyz23220.replace(param.length() - "Z".length(), param.length(), "Z").toString();
}
String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo") + bar;
String[] argsEnv = {"Foo=bar"};
Runtime r = Runtime.getRuntime();
try {
Process p = r.exec(cmd, argsEnv);
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
} catch (IOException e) {
System.out.println("Problem executing cmdi - TestCase");
throw new ServletException(e);
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String param = "";
java.util.Enumeration<String> headers = request.getHeaders("foo");
if (headers.hasMoreElements()) {
param = headers.nextElement(); // just grab first element
}
String bar;
// Simple ? condition that assigns param to bar on false condition
int i = 106;
bar = (7 * 42) - i > 200 ? "This should never happen" : param;
String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo") + bar;
String[] argsEnv = {"Foo=bar"};
Runtime r = Runtime.getRuntime();
try {
Process p = r.exec(cmd, argsEnv, new java.io.File(System.getProperty("user.dir")));
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
} catch (IOException e) {
System.out.println("Problem executing cmdi - TestCase");
throw new ServletException(e);
}
}
public String getToolTime(String toolName) {
String[] results = new String[3];
String time = null;
List<String> lines =
Utils.getLinesFromFile(
Utils.getFileFromClasspath(CSV_TIMES_FILE, this.getClass().getClassLoader()));
for (String i : lines) {
if (i.contains(toolName)) {
results = i.split(";");
time = results[2].replaceAll("\"", "");
// System.out.println(time.split("\\.")[0]);
return time.split("\\.")[0];
}
}
return "";
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// some code
String param = request.getHeader("foo");
String a1 = "";
String a2 = "";
String osName = System.getProperty("os.name");
if (osName.indexOf("Windows") != -1) {
a1 = "cmd.exe";
a2 = "/c";
} else {
a1 = "sh";
a2 = "-c";
}
String[] args = {a1, a2, "echo", param};
ProcessBuilder pb = new ProcessBuilder();
pb.command(args);
try {
Process p = pb.start();
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
} catch (IOException e) {
System.out.println(
"Problem executing cmdi - java.lang.ProcessBuilder(java.util.List) Test Case");
throw new ServletException(e);
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
String[] values = request.getParameterValues("vector");
String param;
if (values != null && values.length > 0) param = values[0];
else param = "";
String bar = "safe!";
java.util.HashMap<String, Object> map33225 = new java.util.HashMap<String, Object>();
map33225.put("keyA-33225", "a Value"); // put some stuff in the collection
map33225.put("keyB-33225", param); // put it in a collection
map33225.put("keyC", "another Value"); // put some stuff in the collection
bar = (String) map33225.get("keyB-33225"); // get it back out
// javax.servlet.http.HttpSession.putValue(java.lang.String,java.lang.Object^)
request.getSession().putValue("userid", bar);
response
.getWriter()
.println(
"Item: 'userid' with value: '"
+ org.owasp.benchmark.helpers.Utils.encodeForHTML(bar)
+ "' saved in session.");
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String param = request.getHeader("foo");
String bar = new Test().doSomething(param);
String a1 = "";
String a2 = "";
String osName = System.getProperty("os.name");
if (osName.indexOf("Windows") != -1) {
a1 = "cmd.exe";
a2 = "/c";
} else {
a1 = "sh";
a2 = "-c";
}
String[] args = {a1, a2, "echo", bar};
String[] argsEnv = {"foo=bar"};
Runtime r = Runtime.getRuntime();
try {
Process p = r.exec(args, argsEnv, new java.io.File(System.getProperty("user.dir")));
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
} catch (IOException e) {
System.out.println("Problem executing cmdi - TestCase");
throw new ServletException(e);
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String param = request.getHeader("foo");
String bar = doSomething(param);
java.util.List<String> argList = new java.util.ArrayList<String>();
String osName = System.getProperty("os.name");
if (osName.indexOf("Windows") != -1) {
argList.add("cmd.exe");
argList.add("/c");
} else {
argList.add("sh");
argList.add("-c");
}
argList.add("echo");
argList.add(bar);
ProcessBuilder pb = new ProcessBuilder(argList);
try {
Process p = pb.start();
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
} catch (IOException e) {
System.out.println(
"Problem executing cmdi - java.lang.ProcessBuilder(java.util.List) Test Case");
throw new ServletException(e);
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
String param = "";
java.util.Enumeration<String> headers = request.getHeaders("vector");
if (headers.hasMoreElements()) {
param = headers.nextElement(); // just grab first element
}
String bar = "";
if (param != null) {
bar =
new String(
new sun.misc.BASE64Decoder()
.decodeBuffer(new sun.misc.BASE64Encoder().encode(param.getBytes())));
}
String cmd = "";
String a1 = "";
String a2 = "";
String[] args = null;
String osName = System.getProperty("os.name");
if (osName.indexOf("Windows") != -1) {
a1 = "cmd.exe";
a2 = "/c";
cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo");
args = new String[] {a1, a2, cmd, bar};
} else {
a1 = "sh";
a2 = "-c";
cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ping -c1");
args = new String[] {a1, a2, cmd + bar};
}
Runtime r = Runtime.getRuntime();
try {
Process p = r.exec(args);
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p, response);
} catch (IOException e) {
System.out.println("Problem executing cmdi - TestCase");
throw new ServletException(e);
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
String param = "";
java.util.Enumeration<String> headers = request.getHeaders("vector");
if (headers.hasMoreElements()) {
param = headers.nextElement(); // just grab first element
}
String bar;
// Simple ? condition that assigns param to bar on false condition
int num = 106;
bar = (7 * 42) - num > 200 ? "This should never happen" : param;
String cmd = "";
String a1 = "";
String a2 = "";
String[] args = null;
String osName = System.getProperty("os.name");
if (osName.indexOf("Windows") != -1) {
a1 = "cmd.exe";
a2 = "/c";
cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo");
args = new String[] {a1, a2, cmd, bar};
} else {
a1 = "sh";
a2 = "-c";
cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ping -c1");
args = new String[] {a1, a2, cmd + bar};
}
Runtime r = Runtime.getRuntime();
try {
Process p = r.exec(args);
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p, response);
} catch (IOException e) {
System.out.println("Problem executing cmdi - TestCase");
throw new ServletException(e);
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
javax.servlet.http.Cookie[] cookies = request.getCookies();
String param = null;
boolean foundit = false;
if (cookies != null) {
for (javax.servlet.http.Cookie cookie : cookies) {
if (cookie.getName().equals("foo")) {
param = cookie.getValue();
foundit = true;
}
}
if (!foundit) {
// no cookie found in collection
param = "";
}
} else {
// no cookies
param = "";
}
java.util.List<String> valuesList = new java.util.ArrayList<String>();
valuesList.add("safe");
valuesList.add(param);
valuesList.add("moresafe");
valuesList.remove(0); // remove the 1st safe value
String bar = valuesList.get(1); // get the last 'safe' value
String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo") + bar;
String[] argsEnv = {"Foo=bar"};
Runtime r = Runtime.getRuntime();
try {
Process p = r.exec(cmd, argsEnv, new java.io.File(System.getProperty("user.dir")));
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
} catch (IOException e) {
System.out.println("Problem executing cmdi - TestCase");
throw new ServletException(e);
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
javax.servlet.http.Cookie[] cookies = request.getCookies();
String param = null;
boolean foundit = false;
if (cookies != null) {
for (javax.servlet.http.Cookie cookie : cookies) {
if (cookie.getName().equals("foo")) {
param = cookie.getValue();
foundit = true;
}
}
if (!foundit) {
// no cookie found in collection
param = "";
}
} else {
// no cookies
param = "";
}
String bar =
new String(
new sun.misc.BASE64Decoder()
.decodeBuffer(new sun.misc.BASE64Encoder().encode(param.getBytes())));
String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo");
String[] argsEnv = {bar};
Runtime r = Runtime.getRuntime();
try {
Process p = r.exec(cmd, argsEnv, new java.io.File(System.getProperty("user.dir")));
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
} catch (IOException e) {
System.out.println("Problem executing cmdi - TestCase");
throw new ServletException(e);
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("vector");
if (param == null) param = "";
String bar = new Test().doSomething(param);
String cmd = "";
String a1 = "";
String a2 = "";
String[] args = null;
String osName = System.getProperty("os.name");
if (osName.indexOf("Windows") != -1) {
a1 = "cmd.exe";
a2 = "/c";
cmd = "echo ";
args = new String[] {a1, a2, cmd, bar};
} else {
a1 = "sh";
a2 = "-c";
cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
args = new String[] {a1, a2, cmd + bar};
}
String[] argsEnv = {"foo=bar"};
Runtime r = Runtime.getRuntime();
try {
Process p = r.exec(args, argsEnv);
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p, response);
} catch (IOException e) {
System.out.println("Problem executing cmdi - TestCase");
throw new ServletException(e);
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String param = request.getParameter("foo");
// Chain a bunch of propagators in sequence
String a26691 = param; // assign
StringBuilder b26691 = new StringBuilder(a26691); // stick in stringbuilder
b26691.append(" SafeStuff"); // append some safe content
b26691.replace(
b26691.length() - "Chars".length(),
b26691.length(),
"Chars"); // replace some of the end content
java.util.HashMap<String, Object> map26691 = new java.util.HashMap<String, Object>();
map26691.put("key26691", b26691.toString()); // put in a collection
String c26691 = (String) map26691.get("key26691"); // get it back out
String d26691 = c26691.substring(0, c26691.length() - 1); // extract most of it
String e26691 =
new String(
new sun.misc.BASE64Decoder()
.decodeBuffer(
new sun.misc.BASE64Encoder()
.encode(d26691.getBytes()))); // B64 encode and decode it
String f26691 = e26691.split(" ")[0]; // split it on a space
org.owasp.benchmark.helpers.ThingInterface thing =
org.owasp.benchmark.helpers.ThingFactory.createThing();
String bar = thing.doSomething(f26691); // reflection
String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo");
String[] argsEnv = {bar};
Runtime r = Runtime.getRuntime();
try {
Process p = r.exec(cmd, argsEnv, new java.io.File(System.getProperty("user.dir")));
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
} catch (IOException e) {
System.out.println("Problem executing cmdi - TestCase");
throw new ServletException(e);
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String param = request.getHeader("foo");
String bar = new Test().doSomething(param);
String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo") + bar;
String[] argsEnv = {"Foo=bar"};
Runtime r = Runtime.getRuntime();
try {
Process p = r.exec(cmd, argsEnv);
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
} catch (IOException e) {
System.out.println("Problem executing cmdi - TestCase");
throw new ServletException(e);
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String param = request.getHeader("foo");
// Chain a bunch of propagators in sequence
String a89890 = param; // assign
StringBuilder b89890 = new StringBuilder(a89890); // stick in stringbuilder
b89890.append(" SafeStuff"); // append some safe content
b89890.replace(
b89890.length() - "Chars".length(),
b89890.length(),
"Chars"); // replace some of the end content
java.util.HashMap<String, Object> map89890 = new java.util.HashMap<String, Object>();
map89890.put("key89890", b89890.toString()); // put in a collection
String c89890 = (String) map89890.get("key89890"); // get it back out
String d89890 = c89890.substring(0, c89890.length() - 1); // extract most of it
String e89890 =
new String(
new sun.misc.BASE64Decoder()
.decodeBuffer(
new sun.misc.BASE64Encoder()
.encode(d89890.getBytes()))); // B64 encode and decode it
String f89890 = e89890.split(" ")[0]; // split it on a space
org.owasp.benchmark.helpers.ThingInterface thing =
org.owasp.benchmark.helpers.ThingFactory.createThing();
String bar = thing.doSomething(f89890); // reflection
String a1 = "";
String a2 = "";
String osName = System.getProperty("os.name");
if (osName.indexOf("Windows") != -1) {
a1 = "cmd.exe";
a2 = "/c";
} else {
a1 = "sh";
a2 = "-c";
}
String[] args = {a1, a2, "echo", bar};
ProcessBuilder pb = new ProcessBuilder(args);
try {
Process p = pb.start();
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
} catch (IOException e) {
System.out.println(
"Problem executing cmdi - java.lang.ProcessBuilder(java.lang.String[]) Test Case");
throw new ServletException(e);
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
javax.servlet.http.Cookie[] theCookies = request.getCookies();
String param = null;
boolean foundit = false;
if (theCookies != null) {
for (javax.servlet.http.Cookie theCookie : theCookies) {
if (theCookie.getName().equals("vector")) {
param = java.net.URLDecoder.decode(theCookie.getValue(), "UTF-8");
foundit = true;
}
}
if (!foundit) {
// no cookie found in collection
param = "";
}
} else {
// no cookies
param = "";
}
String bar = new Test().doSomething(param);
try {
java.io.FileInputStream file =
new java.io.FileInputStream(
org.owasp.benchmark.helpers.Utils.getFileFromClasspath(
"employees.xml", this.getClass().getClassLoader()));
javax.xml.parsers.DocumentBuilderFactory builderFactory =
javax.xml.parsers.DocumentBuilderFactory.newInstance();
javax.xml.parsers.DocumentBuilder builder = builderFactory.newDocumentBuilder();
org.w3c.dom.Document xmlDocument = builder.parse(file);
javax.xml.xpath.XPathFactory xpf = javax.xml.xpath.XPathFactory.newInstance();
javax.xml.xpath.XPath xp = xpf.newXPath();
response.getWriter().println("Your query results are: <br/>");
String expression = "/Employees/Employee[@emplid='" + bar + "']";
response.getWriter().println(xp.evaluate(expression, xmlDocument) + "<br/>");
} catch (javax.xml.xpath.XPathExpressionException e) {
// OK to swallow
System.out.println("XPath expression exception caught and swallowed: " + e.getMessage());
} catch (javax.xml.parsers.ParserConfigurationException e) {
System.out.println("XPath expression exception caught and swallowed: " + e.getMessage());
} catch (org.xml.sax.SAXException e) {
System.out.println("XPath expression exception caught and swallowed: " + e.getMessage());
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
javax.servlet.http.Cookie[] cookies = request.getCookies();
String param = null;
boolean foundit = false;
if (cookies != null) {
for (javax.servlet.http.Cookie cookie : cookies) {
if (cookie.getName().equals("foo")) {
param = cookie.getValue();
foundit = true;
}
}
if (!foundit) {
// no cookie found in collection
param = "";
}
} else {
// no cookies
param = "";
}
String bar = param;
if (param.length() > 1) {
StringBuilder sbxyz80074 = new StringBuilder(param);
bar = sbxyz80074.replace(param.length() - "Z".length(), param.length(), "Z").toString();
}
String a1 = "";
String a2 = "";
String osName = System.getProperty("os.name");
if (osName.indexOf("Windows") != -1) {
a1 = "cmd.exe";
a2 = "/c";
} else {
a1 = "sh";
a2 = "-c";
}
String[] args = {a1, a2, "echo", bar};
Runtime r = Runtime.getRuntime();
try {
Process p = r.exec(args);
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
} catch (IOException e) {
System.out.println("Problem executing cmdi - TestCase");
throw new ServletException(e);
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String param = request.getHeader("foo");
StringBuilder sbxyz47510 = new StringBuilder(param);
String bar = sbxyz47510.append("_SafeStuff").toString();
String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo");
String[] argsEnv = {bar};
Runtime r = Runtime.getRuntime();
try {
Process p = r.exec(cmd, argsEnv, new java.io.File(System.getProperty("user.dir")));
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
} catch (IOException e) {
System.out.println("Problem executing cmdi - TestCase");
throw new ServletException(e);
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
javax.servlet.http.Cookie[] cookies = request.getCookies();
String param = null;
boolean foundit = false;
if (cookies != null) {
for (javax.servlet.http.Cookie cookie : cookies) {
if (cookie.getName().equals("foo")) {
param = cookie.getValue();
foundit = true;
}
}
if (!foundit) {
// no cookie found in collection
param = "";
}
} else {
// no cookies
param = "";
}
String bar = new Test().doSomething(param);
String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo");
Runtime r = Runtime.getRuntime();
try {
Process p = r.exec(cmd + bar);
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
} catch (IOException e) {
System.out.println("Problem executing cmdi - TestCase");
throw new ServletException(e);
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheValue("foo");
String bar = new Test().doSomething(param);
String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo") + bar;
String[] argsEnv = {"Foo=bar"};
Runtime r = Runtime.getRuntime();
try {
Process p = r.exec(cmd, argsEnv, new java.io.File(System.getProperty("user.dir")));
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
} catch (IOException e) {
System.out.println("Problem executing cmdi - TestCase");
throw new ServletException(e);
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String param = request.getHeader("foo");
String bar = new Test().doSomething(param);
try {
javax.naming.directory.InitialDirContext idc =
org.owasp.benchmark.helpers.Utils.getInitialDirContext();
idc.search("name", bar, new javax.naming.directory.SearchControls());
} catch (javax.naming.NamingException e) {
throw new ServletException(e);
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
String param = "";
boolean flag = true;
java.util.Enumeration<String> names = request.getParameterNames();
while (names.hasMoreElements() && flag) {
String name = (String) names.nextElement();
String[] values = request.getParameterValues(name);
if (values != null) {
for (int i = 0; i < values.length && flag; i++) {
String value = values[i];
if (value.equals("vector")) {
param = name;
flag = false;
}
}
}
}
String bar = doSomething(param);
String a1 = "";
String a2 = "";
String osName = System.getProperty("os.name");
if (osName.indexOf("Windows") != -1) {
a1 = "cmd.exe";
a2 = "/c";
} else {
a1 = "sh";
a2 = "-c";
}
String[] args = {a1, a2, "echo " + bar};
ProcessBuilder pb = new ProcessBuilder(args);
try {
Process p = pb.start();
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p, response);
} catch (IOException e) {
System.out.println(
"Problem executing cmdi - java.lang.ProcessBuilder(java.lang.String[]) Test Case");
throw new ServletException(e);
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheValue("foo");
String bar = doSomething(param);
try {
javax.naming.directory.DirContext dc = org.owasp.benchmark.helpers.Utils.getDirContext();
dc.search("name", bar, new javax.naming.directory.SearchControls());
} catch (javax.naming.NamingException e) {
throw new ServletException(e);
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
java.util.Map<String, String[]> map = request.getParameterMap();
String param = "";
if (!map.isEmpty()) {
String[] values = map.get("vector");
if (values != null) param = values[0];
}
String bar = new Test().doSomething(param);
try {
java.io.FileInputStream file =
new java.io.FileInputStream(
org.owasp.benchmark.helpers.Utils.getFileFromClasspath(
"employees.xml", this.getClass().getClassLoader()));
javax.xml.parsers.DocumentBuilderFactory builderFactory =
javax.xml.parsers.DocumentBuilderFactory.newInstance();
javax.xml.parsers.DocumentBuilder builder = builderFactory.newDocumentBuilder();
org.w3c.dom.Document xmlDocument = builder.parse(file);
javax.xml.xpath.XPathFactory xpf = javax.xml.xpath.XPathFactory.newInstance();
javax.xml.xpath.XPath xp = xpf.newXPath();
String expression = "/Employees/Employee[@emplid='" + bar + "']";
response.getWriter().println("Your query results are: <br/>");
org.w3c.dom.NodeList nodeList =
(org.w3c.dom.NodeList)
xp.compile(expression).evaluate(xmlDocument, javax.xml.xpath.XPathConstants.NODESET);
for (int i = 0; i < nodeList.getLength(); i++) {
org.w3c.dom.Element value = (org.w3c.dom.Element) nodeList.item(i);
response.getWriter().println(value.getTextContent() + "<br/>");
}
} catch (javax.xml.xpath.XPathExpressionException e) {
// OK to swallow
System.out.println("XPath expression exception caught and swallowed: " + e.getMessage());
} catch (javax.xml.parsers.ParserConfigurationException e) {
System.out.println("XPath expression exception caught and swallowed: " + e.getMessage());
} catch (org.xml.sax.SAXException e) {
System.out.println("XPath expression exception caught and swallowed: " + e.getMessage());
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheValue("foo");
StringBuilder sbxyz66124 = new StringBuilder(param);
String bar = sbxyz66124.append("_SafeStuff").toString();
try {
javax.naming.directory.InitialDirContext idc =
org.owasp.benchmark.helpers.Utils.getInitialDirContext();
Object[] filterArgs = {"a", "b"};
idc.search("name", bar, filterArgs, new javax.naming.directory.SearchControls());
} catch (javax.naming.NamingException e) {
throw new ServletException(e);
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
java.util.Map<String, String[]> map = request.getParameterMap();
String param = "";
if (!map.isEmpty()) {
param = map.get("foo")[0];
}
String bar = new Test().doSomething(param);
try {
javax.naming.directory.DirContext dc = org.owasp.benchmark.helpers.Utils.getDirContext();
Object[] filterArgs = {"a", "b"};
dc.search("name", bar, filterArgs, new javax.naming.directory.SearchControls());
} catch (javax.naming.NamingException e) {
throw new ServletException(e);
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String param = "";
java.util.Enumeration<String> headers = request.getHeaders("foo");
if (headers.hasMoreElements()) {
param = headers.nextElement(); // just grab first element
}
String bar = new Test().doSomething(param);
try {
javax.naming.directory.InitialDirContext idc =
org.owasp.benchmark.helpers.Utils.getInitialDirContext();
idc.search("name", bar, new javax.naming.directory.SearchControls());
} catch (javax.naming.NamingException e) {
throw new ServletException(e);
}
} // end doPost
