/* goodB2G() - use badsource and goodsink by changing the second "if" so that
both branches use the GoodSink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (IO.static_returns_t_or_f()) {
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
} else {
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
}
if (IO.static_returns_t_or_f()) {
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
data = URLEncoder.encode(data, "UTF-16");
response.addHeader("Location", "/author.jsp?lang=" + data);
} else {
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
data = URLEncoder.encode(data, "UTF-16");
response.addHeader("Location", "/author.jsp?lang=" + data);
}
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
HttpSession session = req.getSession();
String exitParam = req.getParameter("exit");
String deleteParam = req.getParameter("delete");
String settingsParam = req.getParameter("settings");
if ("settings".equals(settingsParam)) {
resp.sendRedirect("/profileSettings");
return;
}
if ("exit".equals(exitParam)) {
// обнуляем куку
Cookie[] cookies = req.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
if (cookie.getName().equals("remember")) {
cookie.setMaxAge(0);
cookie.setValue(null);
resp.addCookie(cookie);
break;
}
}
}
session.setAttribute("user_a", null);
resp.sendRedirect("/login");
}
if ("delete".equals(deleteParam)) {
// обнуляем куку
Cookie[] cookies = req.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
if (cookie.getName().equals("remember")) {
cookie.setMaxAge(0);
cookie.setValue(null);
resp.addCookie(cookie);
break;
}
}
}
try {
UserRepository.deleteUser((User) session.getAttribute("user_a"));
} catch (SQLException e) {
req.setAttribute("message", "Some problems with server");
resp.sendRedirect("/profile");
e.printStackTrace();
}
session.setAttribute("user_a", null);
resp.sendRedirect("/welcome");
}
}
/* goodG2B1() - use goodsource and badsink by changing first 5==5 to 5!=5 */
private void goodG2B1(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
/* INCIDENTAL: CWE 570 Statement is Always False */
if (5 != 5) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
} else {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
}
/* INCIDENTAL: CWE 571 Statement is Always True */
if (5 == 5) {
Cookie cookieSink = new Cookie("lang", data);
/* POTENTIAL FLAW: Input not verified before inclusion in the cookie */
response.addCookie(cookieSink);
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Cookie cookieSink = new Cookie("lang", URLEncoder.encode(data, "UTF-16"));
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
response.addCookie(cookieSink);
}
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (IO.static_returns_t_or_f()) {
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
} else {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
}
if (IO.static_returns_t_or_f()) {
/* POTENTIAL FLAW: Input from file not verified */
response.addHeader("Location", "/author.jsp?lang=" + data);
} else {
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
data = URLEncoder.encode(data, "UTF-16");
response.addHeader("Location", "/author.jsp?lang=" + data);
}
}
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
if (request.getParameter("setcookie") != null) {
Cookie cookie = new Cookie("Learningjava", "Cookies!");
cookie.setMaxAge(3600);
response.addCookie(cookie);
out.println("<html><body><h1>Cookie Set...</h1>");
} else {
out.println("<html><body>");
Cookie[] cookies = request.getCookies();
if (cookies.length == 0) {
out.println("<h1>No cookies found...</h1>");
} else {
for (int i = 0; i < cookies.length; i++)
out.print(
"<h1>Name: "
+ cookies[i].getName()
+ "<br>"
+ "Value: "
+ cookies[i].getValue()
+ "</h1>");
}
out.println(
"<p><a href=\""
+ request.getRequestURI()
+ "?setcookie=true\">"
+ "Reset the Learning Java cookie.</a>");
}
out.println("</body></html>");
}
/* goodB2G() - use badsource and goodsink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data;
data = Integer.MIN_VALUE; /* initialize data in case there are no cookies */
/* Read data from cookies */
{
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
/* POTENTIAL FLAW: Read data from the first cookie value */
String stringNumber = cookieSources[0].getValue();
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception reading data from cookie",
exceptNumberFormat);
}
}
}
(new CWE129_Improper_Validation_of_Array_Index__getCookies_Servlet_array_write_no_check_53b())
.goodB2GSink(data, request, response);
}
@Override
public Cookie getCookie(final String name) {
for (final javax.servlet.http.Cookie c : req.getCookies()) {
if (c.getName().equals(name)) return new BXServletCookie(c);
}
return null;
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data_copy;
{
int data;
Logger log_bad = Logger.getLogger("local-logger");
/* init Data$ */
data = -1;
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
String s_data = cookieSources[0].getValue();
data = Integer.parseInt(s_data.trim());
}
data_copy = data;
}
{
int data = data_copy;
/* POTENTIAL FLAW: Zero modulus will cause an issue. An integer division will
result in an exception. */
IO.writeLine("100%" + String.valueOf(data) + " = " + (100 % data) + "\n");
}
}
/* goodB2G() - use badsource and goodsink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data_copy;
{
int data;
Logger log_bad = Logger.getLogger("local-logger");
/* init Data$ */
data = -1;
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
String s_data = cookieSources[0].getValue();
data = Integer.parseInt(s_data.trim());
}
data_copy = data;
}
{
int data = data_copy;
/* FIX: test for a zero modulus */
if (data != 0) {
IO.writeLine("100%" + String.valueOf(data) + " = " + (100 % data) + "\n");
} else {
IO.writeLine("This would result in a modulo by zero");
}
}
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
{
try {
int iConversion = Integer.valueOf(data);
} catch (Exception e) {
e.printStackTrace(); /* POTENTIAL FLAW: Print stack trace on error */
}
}
if (true) return; /* INCIDENTAL: CWE 571 Expression is Always True.
We need the "if(true)" because the Java Language Spec requires that
unreachable code generate a compiler error */
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
{
try {
int iConversion = Integer.valueOf(data);
} catch (Exception e) {
IO.writeLine("There was an error parsing the string"); /* FIX: print a generic message */
}
}
}
/* goodG2B2() - use goodsource and badsink by reversing statements in if */
private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (IO.static_t) {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
}
if (data != null) {
/* POTENTIAL FLAW: script code (e.g. id=<script>alert('xss')</script>) is sent to the client; The built-in J2EE server automatically does some HTML entity encoding. Therefore, to test this, change response.sendError to response.getWriter().println and remove the 404,
*/
response.sendError(404, "<br>bad() - Parameter name has value " + data);
}
}
/* uses badsource and badsink */
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int dataCopy;
{
int data;
data = Integer.MIN_VALUE; /* initialize data in case there are no cookies */
/* Read data from cookies */
{
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
/* POTENTIAL FLAW: Read data from the first cookie value */
String stringNumber = cookieSources[0].getValue();
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception reading data from cookie",
exceptNumberFormat);
}
}
}
dataCopy = data;
}
{
int data = dataCopy;
/* POTENTIAL FLAW: Create a HashSet using data as the initial size. data may be very large, creating memory issues */
HashSet intHashSet = new HashSet(data);
}
}
private void worker(HttpServletRequest request, HttpServletResponse response) throws IOException {
System.out.println("Login servlet!");
JSONObject answer = new JSONObject();
String user, pass, session = null;
Cookie[] cookies = request.getCookies();
if (cookies != null)
for (Cookie cookie : cookies)
if (cookie.getName().equals("JSESSIONID")) session = cookie.getValue();
try {
// Auth by cookie session
if (session != null) {
authenticationBySession(response, answer, session);
} else {
// try auth by pass and name
if (request.getAttribute("user") != null && request.getAttribute("pass") != null) {
user = request.getAttribute("user").toString();
pass = request.getAttribute("pass").toString();
System.out.println(user + " / " + pass);
authenticationByPassword(request, response, answer, user, pass);
} else {
answer.put("answer", "Bad request. No fields \"user\" or \"pass\" in request!");
answer.put("code", 400);
}
}
} catch (Exception e) {
answer.put("answer", "Server error: " + e.toString());
answer.put("code", 500);
e.getStackTrace();
}
PrintWriter out = response.getWriter();
out.write(answer.toString());
}
/* goodG2B2() - use goodsource and badsink by reversing statements in if */
private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (IO.static_final_t) {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
}
String root = "C:\\uploads\\";
/* POTENTIAL FLAW: no validation of concatenated value */
File fIn = new File(root + data);
if (fIn.exists() && fIn.isFile()) {
IO.writeLine(new BufferedReader(new FileReader(fIn)).readLine());
}
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int count;
if (PRIVATE_STATIC_FINAL_TRUE) {
count = Integer.MIN_VALUE; /* initialize count in case there are no cookies */
/* Read count from cookies */
{
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
/* POTENTIAL FLAW: Read count from the first cookie value */
String stringNumber = cookieSources[0].getValue();
try {
count = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception reading count from cookie",
exceptNumberFormat);
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure count is inititialized before the Sink to avoid compiler errors */
count = 0;
}
if (PRIVATE_STATIC_FINAL_TRUE) {
int i = 0;
/* POTENTIAL FLAW: For loop using count as the loop variant and no validation */
for (i = 0; i < count; i++) {
IO.writeLine("Hello");
}
}
}
private void invalidateCookies(HttpServletRequest request, HttpServletResponse response) {
Cookie[] c = request.getCookies();
for (Cookie cookie : c) {
cookie.setMaxAge(0);
LOGGER.info(TextUtils.merge("Invalidate cookie: {0}", cookie.getName()));
response.addCookie(cookie);
}
}
/* goodG2B() - use goodsource and badsink by moving BadSource and BadSink to after return */
private void goodG2B(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
{
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
if (data != null) {
/* This prevents \r\n (and other chars) and should prevent incidentals such
* as HTTP Response Splitting and HTTP Header Injection.
*/
URI u;
try {
u = new URI(data);
} catch (URISyntaxException e) {
response.getWriter().write("Invalid redirect URL");
return;
}
/* POTENTIAL FLAW: redirect is sent verbatim; escape the string to prevent ancillary issues like XSS, Response splitting etc */
response.sendRedirect(data);
return;
}
}
if (true) return; /* INCIDENTAL: CWE 571 Expression is Always True.
We need the "if(true)" because the Java Language Spec requires that
unreachable code generate a compiler error */
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
{
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
if (data != null) {
/* This prevents \r\n (and other chars) and should prevent incidentals such
* as HTTP Response Splitting and HTTP Header Injection.
*/
URI u;
try {
u = new URI(data);
} catch (URISyntaxException e) {
response.getWriter().write("Invalid redirect URL");
return;
}
/* POTENTIAL FLAW: redirect is sent verbatim; escape the string to prevent ancillary issues like XSS, Response splitting etc */
response.sendRedirect(data);
return;
}
}
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data;
data = Integer.MIN_VALUE; /* initialize data in case there are no cookies */
/* Read data from cookies */
{
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
/* POTENTIAL FLAW: Read data from the first cookie value */
String stringNumber = cookieSources[0].getValue();
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception reading data from cookie",
exceptNumberFormat);
}
}
}
/* serialize data to a byte array */
ByteArrayOutputStream streamByteArrayOutput = null;
ObjectOutput outputObject = null;
try {
streamByteArrayOutput = new ByteArrayOutputStream();
outputObject = new ObjectOutputStream(streamByteArrayOutput);
outputObject.writeObject(data);
byte[] dataSerialized = streamByteArrayOutput.toByteArray();
(new CWE129_Improper_Validation_of_Array_Index__getCookies_Servlet_array_size_75b())
.badSink(dataSerialized, request, response);
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "IOException in serialization", exceptIO);
} finally {
/* clean up stream writing objects */
try {
if (outputObject != null) {
outputObject.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing ObjectOutputStream", exceptIO);
}
try {
if (streamByteArrayOutput != null) {
streamByteArrayOutput.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing ByteArrayOutputStream", exceptIO);
}
}
}
// getBrowserInfiniteCookie
public static String getBrowserInfiniteCookie(HttpServletRequest request) {
Cookie[] cookieJar = request.getCookies();
if (cookieJar != null) {
for (Cookie cookie : cookieJar) {
if (cookie.getName().equals("infinitecookie")) {
return cookie.getValue() + ";";
}
}
}
return null;
} // TESTED
/* goodB2G() - use BadSource and GoodSink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int count;
count = Integer.MIN_VALUE; /* initialize count in case there are no cookies */
/* Read count from cookies */
{
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
/* POTENTIAL FLAW: Read count from the first cookie value */
String stringNumber = cookieSources[0].getValue();
try {
count = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception reading count from cookie",
exceptNumberFormat);
}
}
}
/* serialize count to a byte array */
ByteArrayOutputStream streamByteArrayOutput = null;
ObjectOutput outputObject = null;
try {
streamByteArrayOutput = new ByteArrayOutputStream();
outputObject = new ObjectOutputStream(streamByteArrayOutput);
outputObject.writeObject(count);
byte[] countSerialized = streamByteArrayOutput.toByteArray();
(new CWE400_Resource_Exhaustion__getCookies_Servlet_write_75b())
.goodB2GSink(countSerialized, request, response);
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "IOException in serialization", exceptIO);
} finally {
/* clean up stream writing objects */
try {
if (outputObject != null) {
outputObject.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing ObjectOutputStream", exceptIO);
}
try {
if (streamByteArrayOutput != null) {
streamByteArrayOutput.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing ByteArrayOutputStream", exceptIO);
}
}
}
private Cookie getCookie(String name, HttpServletRequest request) {
Cookie[] cookies = request.getCookies();
if (cookies == null) {
return null;
}
for (int i = 0; i < cookies.length; i++) {
if (cookies[i].getName().equals(name)) {
return cookies[i];
}
}
return null;
}
/* goodB2G() - use badsource and goodsink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
goodB2G_sink(data, request, response);
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
data = ""; /* initialize data in case there are no cookies */
/* Read data from cookies */
{
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
/* POTENTIAL FLAW: Read data from the first cookie value */
data = cookieSources[0].getValue();
}
}
(new CWE89_SQL_Injection__getCookies_Servlet_executeUpdate_68b()).badSink(request, response);
}
/* goodG2B2() - use goodsource and badsink by reversing statements in first if */
private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data;
/* INCIDENTAL: CWE 571 Statement is Always True */
if (IO.static_final_t) {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded number that won't cause underflow, overflow,
divide by zero, or loss-of-precision issues */
data = 2;
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
/* init Data$ */
data = -1;
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
String s_data = cookieSources[0].getValue();
data = Integer.parseInt(s_data.trim());
}
}
/* INCIDENTAL: CWE 571 Statement is Always True */
if (IO.static_final_t) {
int valueToMult = (new SecureRandom()).nextInt(98) + 2; /* multiply by at least 2 */
if (data > 0) /* ensure we don't have an underflow */ {
/* POTENTIAL FLAW: if (data*valueToMult) > MAX_VALUE, this will overflow */
int result = (data * valueToMult);
IO.writeLine("result: " + result);
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
int valueToMult = (new SecureRandom()).nextInt(98) + 2; /* multiply by at least 2 */
if (data > 0) /* ensure we don't have an underflow */ {
int result = 0;
/* FIX: Add a check to prevent an overflow from occurring */
if (data <= (Integer.MAX_VALUE / valueToMult)) {
result = (data * valueToMult);
IO.writeLine("result: " + result);
} else {
IO.writeLine("Input value is too large to perform multiplication.");
}
}
}
}
/* goodG2B2() - use goodsource and badsink by reversing statements in first if */
private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (IO.static_five == 5) {
data = "5";
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
}
if (IO.static_five == 5) {
int loopNum;
try {
loopNum = Integer.parseInt(data);
} catch (NumberFormatException nfe) {
IO.writeLine("Invalid response. Numeric input expected. Assuming 1.");
loopNum = 1;
}
for (int i = 0; i < loopNum; i++) {
/* POTENTIAL FLAW: user supplied input used for loop counter test */
IO.writeLine("hello world");
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
int loopNum;
try {
loopNum = Integer.parseInt(data);
} catch (NumberFormatException nfe) {
IO.writeLine("Invalid response. Numeric input expected. Assuming 1.");
loopNum = 1;
}
/* FIX: loop number thresholds validated */
if (loopNum >= 0 && loopNum <= 5) {
for (int i = 0; i < loopNum; i++) {
IO.writeLine("hello world");
}
}
}
}
public String bad_source(HttpServletRequest request, HttpServletResponse response)
throws Throwable {
String data;
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
return data;
}
public void doPost(HttpServletRequest req, HttpServletResponse res)
throws IOException, ServletException {
ArrayList<String> ar = new ArrayList<String>();
boolean flag = false;
Cookie[] cArr = req.getCookies();
if (cArr != null) {
for (int i = 0; i < cArr.length; i++) {
Cookie c0 = cArr[i];
if (c0.getName().equals("Name") && !c0.getValue().equals("Logout")) {
res.sendRedirect("index.html");
flag = true;
}
}
}
if (flag == false) res.sendRedirect("Login.html");
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
data = ""; /* initialize data in case there are no cookies */
/* Read data from cookies */
{
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
/* POTENTIAL FLAW: Read data from the first cookie value */
data = cookieSources[0].getValue();
}
}
(new CWE470_Unsafe_Reflection__getCookies_Servlet_53b()).badSink(data, request, response);
}
/* goodB2G() - use badsource and goodsink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
(new CWE113_HTTP_Response_Splitting__getCookiesServlet_addHeaderServlet_52b())
.goodB2G_sink(data, request, response);
}
/* goodB2G() - use badsource and goodsink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
(new CWE352_Cross_Site_Request_Forgery__getCookiesServlet_71b())
.goodB2G_sink((Object) data, request, response);
}
