@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheParameter("vector"); if (param == null) param = ""; String bar = "safe!"; java.util.HashMap<String, Object> map51510 = new java.util.HashMap<String, Object>(); map51510.put("keyA-51510", "a_Value"); // put some stuff in the collection map51510.put("keyB-51510", param); // put it in a collection map51510.put("keyC", "another_Value"); // put some stuff in the collection bar = (String) map51510.get("keyB-51510"); // get it back out bar = (String) map51510.get("keyA-51510"); // get safe value back out String cmd = ""; String osName = System.getProperty("os.name"); if (osName.indexOf("Windows") != -1) { cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo"); } Runtime r = Runtime.getRuntime(); try { Process p = r.exec(cmd + bar); org.owasp.benchmark.helpers.Utils.printOSCommandResults(p, response); } catch (IOException e) { System.out.println("Problem executing cmdi - TestCase"); throw new ServletException(e); } }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String param = ""; java.util.Enumeration<String> headers = request.getHeaders("foo"); if (headers.hasMoreElements()) { param = headers.nextElement(); // just grab first element } String bar = doSomething(param); String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo") + bar; String[] argsEnv = {"Foo=bar"}; Runtime r = Runtime.getRuntime(); try { Process p = r.exec(cmd, argsEnv); org.owasp.benchmark.helpers.Utils.printOSCommandResults(p); } catch (IOException e) { System.out.println("Problem executing cmdi - TestCase"); throw new ServletException(e); } } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); java.util.Map<String, String[]> map = request.getParameterMap(); String param = ""; if (!map.isEmpty()) { String[] values = map.get("vector"); if (values != null) param = values[0]; } String bar = new Test().doSomething(param); String cmd = org.owasp.benchmark.helpers.Utils.getInsecureOSCommandString( this.getClass().getClassLoader()); String[] argsEnv = {bar}; Runtime r = Runtime.getRuntime(); try { Process p = r.exec(cmd, argsEnv, new java.io.File(System.getProperty("user.dir"))); org.owasp.benchmark.helpers.Utils.printOSCommandResults(p, response); } catch (IOException e) { System.out.println("Problem executing cmdi - TestCase"); throw new ServletException(e); } } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String[] values = request.getParameterValues("foo"); String param; if (values.length != 0) param = request.getParameterValues("foo")[0]; else param = null; String bar = param; if (param.length() > 1) { StringBuilder sbxyz23220 = new StringBuilder(param); bar = sbxyz23220.replace(param.length() - "Z".length(), param.length(), "Z").toString(); } String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo") + bar; String[] argsEnv = {"Foo=bar"}; Runtime r = Runtime.getRuntime(); try { Process p = r.exec(cmd, argsEnv); org.owasp.benchmark.helpers.Utils.printOSCommandResults(p); } catch (IOException e) { System.out.println("Problem executing cmdi - TestCase"); throw new ServletException(e); } }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String param = ""; java.util.Enumeration<String> headers = request.getHeaders("foo"); if (headers.hasMoreElements()) { param = headers.nextElement(); // just grab first element } String bar; // Simple ? condition that assigns param to bar on false condition int i = 106; bar = (7 * 42) - i > 200 ? "This should never happen" : param; String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo") + bar; String[] argsEnv = {"Foo=bar"}; Runtime r = Runtime.getRuntime(); try { Process p = r.exec(cmd, argsEnv, new java.io.File(System.getProperty("user.dir"))); org.owasp.benchmark.helpers.Utils.printOSCommandResults(p); } catch (IOException e) { System.out.println("Problem executing cmdi - TestCase"); throw new ServletException(e); } }
public String getToolTime(String toolName) { String[] results = new String[3]; String time = null; List<String> lines = Utils.getLinesFromFile( Utils.getFileFromClasspath(CSV_TIMES_FILE, this.getClass().getClassLoader())); for (String i : lines) { if (i.contains(toolName)) { results = i.split(";"); time = results[2].replaceAll("\"", ""); // System.out.println(time.split("\\.")[0]); return time.split("\\.")[0]; } } return ""; }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // some code String param = request.getHeader("foo"); String a1 = ""; String a2 = ""; String osName = System.getProperty("os.name"); if (osName.indexOf("Windows") != -1) { a1 = "cmd.exe"; a2 = "/c"; } else { a1 = "sh"; a2 = "-c"; } String[] args = {a1, a2, "echo", param}; ProcessBuilder pb = new ProcessBuilder(); pb.command(args); try { Process p = pb.start(); org.owasp.benchmark.helpers.Utils.printOSCommandResults(p); } catch (IOException e) { System.out.println( "Problem executing cmdi - java.lang.ProcessBuilder(java.util.List) Test Case"); throw new ServletException(e); } }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); String[] values = request.getParameterValues("vector"); String param; if (values != null && values.length > 0) param = values[0]; else param = ""; String bar = "safe!"; java.util.HashMap<String, Object> map33225 = new java.util.HashMap<String, Object>(); map33225.put("keyA-33225", "a Value"); // put some stuff in the collection map33225.put("keyB-33225", param); // put it in a collection map33225.put("keyC", "another Value"); // put some stuff in the collection bar = (String) map33225.get("keyB-33225"); // get it back out // javax.servlet.http.HttpSession.putValue(java.lang.String,java.lang.Object^) request.getSession().putValue("userid", bar); response .getWriter() .println( "Item: 'userid' with value: '" + org.owasp.benchmark.helpers.Utils.encodeForHTML(bar) + "' saved in session."); }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String param = request.getHeader("foo"); String bar = new Test().doSomething(param); String a1 = ""; String a2 = ""; String osName = System.getProperty("os.name"); if (osName.indexOf("Windows") != -1) { a1 = "cmd.exe"; a2 = "/c"; } else { a1 = "sh"; a2 = "-c"; } String[] args = {a1, a2, "echo", bar}; String[] argsEnv = {"foo=bar"}; Runtime r = Runtime.getRuntime(); try { Process p = r.exec(args, argsEnv, new java.io.File(System.getProperty("user.dir"))); org.owasp.benchmark.helpers.Utils.printOSCommandResults(p); } catch (IOException e) { System.out.println("Problem executing cmdi - TestCase"); throw new ServletException(e); } } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String param = request.getHeader("foo"); String bar = doSomething(param); java.util.List<String> argList = new java.util.ArrayList<String>(); String osName = System.getProperty("os.name"); if (osName.indexOf("Windows") != -1) { argList.add("cmd.exe"); argList.add("/c"); } else { argList.add("sh"); argList.add("-c"); } argList.add("echo"); argList.add(bar); ProcessBuilder pb = new ProcessBuilder(argList); try { Process p = pb.start(); org.owasp.benchmark.helpers.Utils.printOSCommandResults(p); } catch (IOException e) { System.out.println( "Problem executing cmdi - java.lang.ProcessBuilder(java.util.List) Test Case"); throw new ServletException(e); } } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); String param = ""; java.util.Enumeration<String> headers = request.getHeaders("vector"); if (headers.hasMoreElements()) { param = headers.nextElement(); // just grab first element } String bar = ""; if (param != null) { bar = new String( new sun.misc.BASE64Decoder() .decodeBuffer(new sun.misc.BASE64Encoder().encode(param.getBytes()))); } String cmd = ""; String a1 = ""; String a2 = ""; String[] args = null; String osName = System.getProperty("os.name"); if (osName.indexOf("Windows") != -1) { a1 = "cmd.exe"; a2 = "/c"; cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo"); args = new String[] {a1, a2, cmd, bar}; } else { a1 = "sh"; a2 = "-c"; cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ping -c1"); args = new String[] {a1, a2, cmd + bar}; } Runtime r = Runtime.getRuntime(); try { Process p = r.exec(args); org.owasp.benchmark.helpers.Utils.printOSCommandResults(p, response); } catch (IOException e) { System.out.println("Problem executing cmdi - TestCase"); throw new ServletException(e); } }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); String param = ""; java.util.Enumeration<String> headers = request.getHeaders("vector"); if (headers.hasMoreElements()) { param = headers.nextElement(); // just grab first element } String bar; // Simple ? condition that assigns param to bar on false condition int num = 106; bar = (7 * 42) - num > 200 ? "This should never happen" : param; String cmd = ""; String a1 = ""; String a2 = ""; String[] args = null; String osName = System.getProperty("os.name"); if (osName.indexOf("Windows") != -1) { a1 = "cmd.exe"; a2 = "/c"; cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo"); args = new String[] {a1, a2, cmd, bar}; } else { a1 = "sh"; a2 = "-c"; cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ping -c1"); args = new String[] {a1, a2, cmd + bar}; } Runtime r = Runtime.getRuntime(); try { Process p = r.exec(args); org.owasp.benchmark.helpers.Utils.printOSCommandResults(p, response); } catch (IOException e) { System.out.println("Problem executing cmdi - TestCase"); throw new ServletException(e); } }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { javax.servlet.http.Cookie[] cookies = request.getCookies(); String param = null; boolean foundit = false; if (cookies != null) { for (javax.servlet.http.Cookie cookie : cookies) { if (cookie.getName().equals("foo")) { param = cookie.getValue(); foundit = true; } } if (!foundit) { // no cookie found in collection param = ""; } } else { // no cookies param = ""; } java.util.List<String> valuesList = new java.util.ArrayList<String>(); valuesList.add("safe"); valuesList.add(param); valuesList.add("moresafe"); valuesList.remove(0); // remove the 1st safe value String bar = valuesList.get(1); // get the last 'safe' value String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo") + bar; String[] argsEnv = {"Foo=bar"}; Runtime r = Runtime.getRuntime(); try { Process p = r.exec(cmd, argsEnv, new java.io.File(System.getProperty("user.dir"))); org.owasp.benchmark.helpers.Utils.printOSCommandResults(p); } catch (IOException e) { System.out.println("Problem executing cmdi - TestCase"); throw new ServletException(e); } }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { javax.servlet.http.Cookie[] cookies = request.getCookies(); String param = null; boolean foundit = false; if (cookies != null) { for (javax.servlet.http.Cookie cookie : cookies) { if (cookie.getName().equals("foo")) { param = cookie.getValue(); foundit = true; } } if (!foundit) { // no cookie found in collection param = ""; } } else { // no cookies param = ""; } String bar = new String( new sun.misc.BASE64Decoder() .decodeBuffer(new sun.misc.BASE64Encoder().encode(param.getBytes()))); String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo"); String[] argsEnv = {bar}; Runtime r = Runtime.getRuntime(); try { Process p = r.exec(cmd, argsEnv, new java.io.File(System.getProperty("user.dir"))); org.owasp.benchmark.helpers.Utils.printOSCommandResults(p); } catch (IOException e) { System.out.println("Problem executing cmdi - TestCase"); throw new ServletException(e); } }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheParameter("vector"); if (param == null) param = ""; String bar = new Test().doSomething(param); String cmd = ""; String a1 = ""; String a2 = ""; String[] args = null; String osName = System.getProperty("os.name"); if (osName.indexOf("Windows") != -1) { a1 = "cmd.exe"; a2 = "/c"; cmd = "echo "; args = new String[] {a1, a2, cmd, bar}; } else { a1 = "sh"; a2 = "-c"; cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls"); args = new String[] {a1, a2, cmd + bar}; } String[] argsEnv = {"foo=bar"}; Runtime r = Runtime.getRuntime(); try { Process p = r.exec(args, argsEnv); org.owasp.benchmark.helpers.Utils.printOSCommandResults(p, response); } catch (IOException e) { System.out.println("Problem executing cmdi - TestCase"); throw new ServletException(e); } } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String param = request.getParameter("foo"); // Chain a bunch of propagators in sequence String a26691 = param; // assign StringBuilder b26691 = new StringBuilder(a26691); // stick in stringbuilder b26691.append(" SafeStuff"); // append some safe content b26691.replace( b26691.length() - "Chars".length(), b26691.length(), "Chars"); // replace some of the end content java.util.HashMap<String, Object> map26691 = new java.util.HashMap<String, Object>(); map26691.put("key26691", b26691.toString()); // put in a collection String c26691 = (String) map26691.get("key26691"); // get it back out String d26691 = c26691.substring(0, c26691.length() - 1); // extract most of it String e26691 = new String( new sun.misc.BASE64Decoder() .decodeBuffer( new sun.misc.BASE64Encoder() .encode(d26691.getBytes()))); // B64 encode and decode it String f26691 = e26691.split(" ")[0]; // split it on a space org.owasp.benchmark.helpers.ThingInterface thing = org.owasp.benchmark.helpers.ThingFactory.createThing(); String bar = thing.doSomething(f26691); // reflection String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo"); String[] argsEnv = {bar}; Runtime r = Runtime.getRuntime(); try { Process p = r.exec(cmd, argsEnv, new java.io.File(System.getProperty("user.dir"))); org.owasp.benchmark.helpers.Utils.printOSCommandResults(p); } catch (IOException e) { System.out.println("Problem executing cmdi - TestCase"); throw new ServletException(e); } }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String param = request.getHeader("foo"); String bar = new Test().doSomething(param); String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo") + bar; String[] argsEnv = {"Foo=bar"}; Runtime r = Runtime.getRuntime(); try { Process p = r.exec(cmd, argsEnv); org.owasp.benchmark.helpers.Utils.printOSCommandResults(p); } catch (IOException e) { System.out.println("Problem executing cmdi - TestCase"); throw new ServletException(e); } } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String param = request.getHeader("foo"); // Chain a bunch of propagators in sequence String a89890 = param; // assign StringBuilder b89890 = new StringBuilder(a89890); // stick in stringbuilder b89890.append(" SafeStuff"); // append some safe content b89890.replace( b89890.length() - "Chars".length(), b89890.length(), "Chars"); // replace some of the end content java.util.HashMap<String, Object> map89890 = new java.util.HashMap<String, Object>(); map89890.put("key89890", b89890.toString()); // put in a collection String c89890 = (String) map89890.get("key89890"); // get it back out String d89890 = c89890.substring(0, c89890.length() - 1); // extract most of it String e89890 = new String( new sun.misc.BASE64Decoder() .decodeBuffer( new sun.misc.BASE64Encoder() .encode(d89890.getBytes()))); // B64 encode and decode it String f89890 = e89890.split(" ")[0]; // split it on a space org.owasp.benchmark.helpers.ThingInterface thing = org.owasp.benchmark.helpers.ThingFactory.createThing(); String bar = thing.doSomething(f89890); // reflection String a1 = ""; String a2 = ""; String osName = System.getProperty("os.name"); if (osName.indexOf("Windows") != -1) { a1 = "cmd.exe"; a2 = "/c"; } else { a1 = "sh"; a2 = "-c"; } String[] args = {a1, a2, "echo", bar}; ProcessBuilder pb = new ProcessBuilder(args); try { Process p = pb.start(); org.owasp.benchmark.helpers.Utils.printOSCommandResults(p); } catch (IOException e) { System.out.println( "Problem executing cmdi - java.lang.ProcessBuilder(java.lang.String[]) Test Case"); throw new ServletException(e); } }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); javax.servlet.http.Cookie[] theCookies = request.getCookies(); String param = null; boolean foundit = false; if (theCookies != null) { for (javax.servlet.http.Cookie theCookie : theCookies) { if (theCookie.getName().equals("vector")) { param = java.net.URLDecoder.decode(theCookie.getValue(), "UTF-8"); foundit = true; } } if (!foundit) { // no cookie found in collection param = ""; } } else { // no cookies param = ""; } String bar = new Test().doSomething(param); try { java.io.FileInputStream file = new java.io.FileInputStream( org.owasp.benchmark.helpers.Utils.getFileFromClasspath( "employees.xml", this.getClass().getClassLoader())); javax.xml.parsers.DocumentBuilderFactory builderFactory = javax.xml.parsers.DocumentBuilderFactory.newInstance(); javax.xml.parsers.DocumentBuilder builder = builderFactory.newDocumentBuilder(); org.w3c.dom.Document xmlDocument = builder.parse(file); javax.xml.xpath.XPathFactory xpf = javax.xml.xpath.XPathFactory.newInstance(); javax.xml.xpath.XPath xp = xpf.newXPath(); response.getWriter().println("Your query results are: <br/>"); String expression = "/Employees/Employee[@emplid='" + bar + "']"; response.getWriter().println(xp.evaluate(expression, xmlDocument) + "<br/>"); } catch (javax.xml.xpath.XPathExpressionException e) { // OK to swallow System.out.println("XPath expression exception caught and swallowed: " + e.getMessage()); } catch (javax.xml.parsers.ParserConfigurationException e) { System.out.println("XPath expression exception caught and swallowed: " + e.getMessage()); } catch (org.xml.sax.SAXException e) { System.out.println("XPath expression exception caught and swallowed: " + e.getMessage()); } } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { javax.servlet.http.Cookie[] cookies = request.getCookies(); String param = null; boolean foundit = false; if (cookies != null) { for (javax.servlet.http.Cookie cookie : cookies) { if (cookie.getName().equals("foo")) { param = cookie.getValue(); foundit = true; } } if (!foundit) { // no cookie found in collection param = ""; } } else { // no cookies param = ""; } String bar = param; if (param.length() > 1) { StringBuilder sbxyz80074 = new StringBuilder(param); bar = sbxyz80074.replace(param.length() - "Z".length(), param.length(), "Z").toString(); } String a1 = ""; String a2 = ""; String osName = System.getProperty("os.name"); if (osName.indexOf("Windows") != -1) { a1 = "cmd.exe"; a2 = "/c"; } else { a1 = "sh"; a2 = "-c"; } String[] args = {a1, a2, "echo", bar}; Runtime r = Runtime.getRuntime(); try { Process p = r.exec(args); org.owasp.benchmark.helpers.Utils.printOSCommandResults(p); } catch (IOException e) { System.out.println("Problem executing cmdi - TestCase"); throw new ServletException(e); } }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String param = request.getHeader("foo"); StringBuilder sbxyz47510 = new StringBuilder(param); String bar = sbxyz47510.append("_SafeStuff").toString(); String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo"); String[] argsEnv = {bar}; Runtime r = Runtime.getRuntime(); try { Process p = r.exec(cmd, argsEnv, new java.io.File(System.getProperty("user.dir"))); org.owasp.benchmark.helpers.Utils.printOSCommandResults(p); } catch (IOException e) { System.out.println("Problem executing cmdi - TestCase"); throw new ServletException(e); } }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { javax.servlet.http.Cookie[] cookies = request.getCookies(); String param = null; boolean foundit = false; if (cookies != null) { for (javax.servlet.http.Cookie cookie : cookies) { if (cookie.getName().equals("foo")) { param = cookie.getValue(); foundit = true; } } if (!foundit) { // no cookie found in collection param = ""; } } else { // no cookies param = ""; } String bar = new Test().doSomething(param); String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo"); Runtime r = Runtime.getRuntime(); try { Process p = r.exec(cmd + bar); org.owasp.benchmark.helpers.Utils.printOSCommandResults(p); } catch (IOException e) { System.out.println("Problem executing cmdi - TestCase"); throw new ServletException(e); } } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheValue("foo"); String bar = new Test().doSomething(param); String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo") + bar; String[] argsEnv = {"Foo=bar"}; Runtime r = Runtime.getRuntime(); try { Process p = r.exec(cmd, argsEnv, new java.io.File(System.getProperty("user.dir"))); org.owasp.benchmark.helpers.Utils.printOSCommandResults(p); } catch (IOException e) { System.out.println("Problem executing cmdi - TestCase"); throw new ServletException(e); } } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String param = request.getHeader("foo"); String bar = new Test().doSomething(param); try { javax.naming.directory.InitialDirContext idc = org.owasp.benchmark.helpers.Utils.getInitialDirContext(); idc.search("name", bar, new javax.naming.directory.SearchControls()); } catch (javax.naming.NamingException e) { throw new ServletException(e); } } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); String param = ""; boolean flag = true; java.util.Enumeration<String> names = request.getParameterNames(); while (names.hasMoreElements() && flag) { String name = (String) names.nextElement(); String[] values = request.getParameterValues(name); if (values != null) { for (int i = 0; i < values.length && flag; i++) { String value = values[i]; if (value.equals("vector")) { param = name; flag = false; } } } } String bar = doSomething(param); String a1 = ""; String a2 = ""; String osName = System.getProperty("os.name"); if (osName.indexOf("Windows") != -1) { a1 = "cmd.exe"; a2 = "/c"; } else { a1 = "sh"; a2 = "-c"; } String[] args = {a1, a2, "echo " + bar}; ProcessBuilder pb = new ProcessBuilder(args); try { Process p = pb.start(); org.owasp.benchmark.helpers.Utils.printOSCommandResults(p, response); } catch (IOException e) { System.out.println( "Problem executing cmdi - java.lang.ProcessBuilder(java.lang.String[]) Test Case"); throw new ServletException(e); } } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheValue("foo"); String bar = doSomething(param); try { javax.naming.directory.DirContext dc = org.owasp.benchmark.helpers.Utils.getDirContext(); dc.search("name", bar, new javax.naming.directory.SearchControls()); } catch (javax.naming.NamingException e) { throw new ServletException(e); } } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); java.util.Map<String, String[]> map = request.getParameterMap(); String param = ""; if (!map.isEmpty()) { String[] values = map.get("vector"); if (values != null) param = values[0]; } String bar = new Test().doSomething(param); try { java.io.FileInputStream file = new java.io.FileInputStream( org.owasp.benchmark.helpers.Utils.getFileFromClasspath( "employees.xml", this.getClass().getClassLoader())); javax.xml.parsers.DocumentBuilderFactory builderFactory = javax.xml.parsers.DocumentBuilderFactory.newInstance(); javax.xml.parsers.DocumentBuilder builder = builderFactory.newDocumentBuilder(); org.w3c.dom.Document xmlDocument = builder.parse(file); javax.xml.xpath.XPathFactory xpf = javax.xml.xpath.XPathFactory.newInstance(); javax.xml.xpath.XPath xp = xpf.newXPath(); String expression = "/Employees/Employee[@emplid='" + bar + "']"; response.getWriter().println("Your query results are: <br/>"); org.w3c.dom.NodeList nodeList = (org.w3c.dom.NodeList) xp.compile(expression).evaluate(xmlDocument, javax.xml.xpath.XPathConstants.NODESET); for (int i = 0; i < nodeList.getLength(); i++) { org.w3c.dom.Element value = (org.w3c.dom.Element) nodeList.item(i); response.getWriter().println(value.getTextContent() + "<br/>"); } } catch (javax.xml.xpath.XPathExpressionException e) { // OK to swallow System.out.println("XPath expression exception caught and swallowed: " + e.getMessage()); } catch (javax.xml.parsers.ParserConfigurationException e) { System.out.println("XPath expression exception caught and swallowed: " + e.getMessage()); } catch (org.xml.sax.SAXException e) { System.out.println("XPath expression exception caught and swallowed: " + e.getMessage()); } } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheValue("foo"); StringBuilder sbxyz66124 = new StringBuilder(param); String bar = sbxyz66124.append("_SafeStuff").toString(); try { javax.naming.directory.InitialDirContext idc = org.owasp.benchmark.helpers.Utils.getInitialDirContext(); Object[] filterArgs = {"a", "b"}; idc.search("name", bar, filterArgs, new javax.naming.directory.SearchControls()); } catch (javax.naming.NamingException e) { throw new ServletException(e); } }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { java.util.Map<String, String[]> map = request.getParameterMap(); String param = ""; if (!map.isEmpty()) { param = map.get("foo")[0]; } String bar = new Test().doSomething(param); try { javax.naming.directory.DirContext dc = org.owasp.benchmark.helpers.Utils.getDirContext(); Object[] filterArgs = {"a", "b"}; dc.search("name", bar, filterArgs, new javax.naming.directory.SearchControls()); } catch (javax.naming.NamingException e) { throw new ServletException(e); } } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String param = ""; java.util.Enumeration<String> headers = request.getHeaders("foo"); if (headers.hasMoreElements()) { param = headers.nextElement(); // just grab first element } String bar = new Test().doSomething(param); try { javax.naming.directory.InitialDirContext idc = org.owasp.benchmark.helpers.Utils.getInitialDirContext(); idc.search("name", bar, new javax.naming.directory.SearchControls()); } catch (javax.naming.NamingException e) { throw new ServletException(e); } } // end doPost