private void saveToDb() { Connection con = null; PreparedStatement pstmt = null; try { con = DbConnectionManager.getConnection(); pstmt = con.prepareStatement(UPDATE_WARE); System.out.println(UPDATE_WARE); pstmt.setString(1, StringUtils.toChinese(this.Pname)); pstmt.setString(2, StringUtils.toChinese(this.Pmodel)); pstmt.setString(3, StringUtils.toChinese(this.Pcost)); pstmt.setString(4, StringUtils.toChinese(this.Pheft)); pstmt.setString(5, StringUtils.toChinese(this.Pfacturer)); pstmt.setString(6, StringUtils.toChinese(this.Pnote)); pstmt.setInt(7, this.Status); pstmt.setInt(8, this.Id); pstmt.executeUpdate(); } catch (SQLException sqle) { System.err.println("错误位置: DbWare.java:saveToDb(): " + sqle); sqle.printStackTrace(); } finally { try { pstmt.close(); } catch (Exception e) { e.printStackTrace(); } try { con.close(); } catch (Exception e) { e.printStackTrace(); } } }
private void insertIntoDb() { Connection con = null; PreparedStatement pstmt = null; try { con = DbConnectionManager.getConnection(); pstmt = con.prepareStatement(INSERT_WARE); pstmt.setInt(1, this.Id); pstmt.setString(2, StringUtils.toChinese(this.Pname)); pstmt.setString(3, StringUtils.toChinese(this.Pmodel)); pstmt.setString(4, StringUtils.toChinese(this.Pcost)); pstmt.setString(5, StringUtils.toChinese(this.Pheft)); pstmt.setString(6, StringUtils.toChinese(this.Pfacturer)); pstmt.setString(7, StringUtils.toChinese(this.Pnote)); pstmt.setString(8, StringUtils.toChinese(this.Createdate)); pstmt.setInt(9, this.Status); pstmt.executeUpdate(); } catch (SQLException sqle) { System.err.println("错误位置: Dbware:insertIntoDb()-" + sqle); sqle.printStackTrace(); } finally { try { pstmt.close(); } catch (Exception e) { e.printStackTrace(); } try { con.close(); } catch (Exception e) { e.printStackTrace(); } } }
/* goodG2B() - use goodsource and badsink */ public void goodG2BSink(String data) throws Throwable { Connection dbConnection = null; Statement sqlStatement = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); /* POTENTIAL FLAW: data concatenated into SQL statement used in executeUpdate(), which could result in SQL Injection */ int rowCount = sqlStatement.executeUpdate( "insert into users (status) values ('updated') where name='" + data + "'"); IO.writeLine("Updated " + rowCount + " rows successfully."); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } }
/* goodG2B() - uses goodsource and badsink */ private void goodG2B() throws Throwable { String data; /* FIX: Use a hardcoded string */ data = "foo"; Connection dbConnection = null; try { dbConnection = IO.getDBConnection(); /* POTENTIAL FLAW: Set the catalog name with the value of data * allowing a nonexistent catalog name or unauthorized access to a portion of the DB */ dbConnection.setCatalog(data); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } }
/* goodG2B1() - use goodsource and badsink by setting the variable to false instead of true */ private void goodG2B1(HttpServletRequest request, HttpServletResponse response) throws Throwable { String data; goodG2B1_private = false; data = goodG2B1_source(request, response); Connection dbConnection = null; try { dbConnection = IO.getDBConnection(); /* POTENTIAL FLAW: Set the catalog name with the value of data * allowing a nonexistent catalog name or unauthorized access to a portion of the DB */ dbConnection.setCatalog(data); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } }
/* goodG2B2() - use goodsource and badsink by reversing statements in if */ private void goodG2B2() throws Throwable { String data; if (PRIVATE_STATIC_FINAL_FIVE == 5) { /* FIX: Use a hardcoded string */ data = "foo"; } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } Connection dbConnection = null; try { dbConnection = IO.getDBConnection(); /* POTENTIAL FLAW: Set the catalog name with the value of data * allowing a nonexistent catalog name or unauthorized access to a portion of the DB */ dbConnection.setCatalog(data); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } }
public String checkValidLogin(String myUserName, String myPW) { try { Class.forName(javaSQLDriverPath); Connection conn = (Connection) DriverManager.getConnection(ConnectionPath, ConnectionUser, ConnectionPW); Statement st = conn.createStatement(); String query = "Select * from User"; ResultSet rs = st.executeQuery(query); while (rs.next()) { // return rs.getString("Username"); if (myUserName.equals(rs.getString("Username"))) { if (myPW.equals(rs.getString("Password"))) { setUserVariables(myUserName); return "success"; } else { return "wrongPassword"; } } } rs.close(); st.close(); conn.close(); return "userNotFound"; } catch (Exception e) { return e.getMessage(); } }
/* goodG2B1() - use goodsource and badsink by setting the static variable to false instead of true */ private void goodG2B1() throws Throwable { String data; goodG2B1PublicStatic = false; data = (new CWE15_External_Control_of_System_or_Configuration_Setting__PropertiesFile_22b()) .goodG2B1Source(); Connection dbConnection = null; try { dbConnection = IO.getDBConnection(); /* POTENTIAL FLAW: Set the catalog name with the value of data * allowing a nonexistent catalog name or unauthorized access to a portion of the DB */ dbConnection.setCatalog(data); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } }
/* goodB2G1() - use badsource and goodsink by changing second IO.STATIC_FINAL_FIVE==5 to IO.STATIC_FINAL_FIVE!=5 */ private void goodB2G1() throws Throwable { String data; if (IO.STATIC_FINAL_FIVE == 5) { /* get environment variable ADD */ /* POTENTIAL FLAW: Read data from an environment variable */ data = System.getenv("ADD"); } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } if (IO.STATIC_FINAL_FIVE != 5) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ IO.writeLine("Benign, fixed string"); } else { if (data != null) { String names[] = data.split("-"); int successCount = 0; Connection dbConnection = null; PreparedStatement sqlStatement = null; try { /* FIX: Use prepared statement and executeBatch (properly) */ dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.prepareStatement("update users set hitcount=hitcount+1 where name=?"); for (int i = 0; i < names.length; i++) { sqlStatement.setString(1, names[i]); sqlStatement.addBatch(); } int resultsArray[] = sqlStatement.executeBatch(); for (int i = 0; i < names.length; i++) { if (resultsArray[i] > 0) { successCount++; } } IO.writeLine("Succeeded in " + successCount + " out of " + names.length + " queries."); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } } }
/* uses badsource and badsink */ public void bad() throws Throwable { String data; /* get system property user.home */ /* POTENTIAL FLAW: Read data from a system property */ data = System.getProperty("user.home"); Connection dbConnection = null; try { dbConnection = IO.getDBConnection(); /* POTENTIAL FLAW: Set the catalog name with the value of data * allowing a nonexistent catalog name or unauthorized access to a portion of the DB */ dbConnection.setCatalog(data); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } }
private void DELToDb() { Connection con = null; PreparedStatement pstmt = null; try { con = DbConnectionManager.getConnection(); pstmt = con.prepareStatement(Del_ware); System.out.println(Del_ware); pstmt.setInt(1, this.Status); pstmt.setInt(2, this.Id); pstmt.executeUpdate(); } catch (SQLException sqle) { System.err.println("错误位置: DbShop.java:DELToDb(): " + sqle); sqle.printStackTrace(); } finally { try { pstmt.close(); } catch (Exception e) { e.printStackTrace(); } try { con.close(); } catch (Exception e) { e.printStackTrace(); } } }
/* goodB2G1() - use badsource and goodsink by changing second IO.staticTrue to IO.staticFalse */ private void goodB2G1() throws Throwable { String data; if (IO.staticTrue) { /* get environment variable ADD */ /* POTENTIAL FLAW: Read data from an environment variable */ data = System.getenv("ADD"); } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } if (IO.staticFalse) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ IO.writeLine("Benign, fixed string"); } else { Connection dbConnection = null; PreparedStatement sqlStatement = null; ResultSet resultSet = null; try { /* FIX: Use prepared statement and executeQuery (properly) */ dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.prepareStatement("select * from users where name=?"); sqlStatement.setString(1, data); resultSet = sqlStatement.executeQuery(); IO.writeLine(resultSet.getRow()); /* Use ResultSet in some way */ } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (resultSet != null) { resultSet.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql); } try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } }
/** * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods. * * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); PrintWriter out = response.getWriter(); String username = request.getParameter("username"); String password = request.getParameter("password"); Statement stmt; ResultSet rs; Connection con = null; try { Class.forName("com.mysql.jdbc.Driver"); String connectionUrl = "jdbc:mysql://localhost/myflickr?" + "user=root&password=123456"; con = DriverManager.getConnection(connectionUrl); if (con != null) { System.out.println("connected to mysql"); } } catch (SQLException e) { System.out.println("SQL Exception: " + e.toString()); } catch (ClassNotFoundException cE) { System.out.println("Class Not Found Exception: " + cE.toString()); } try { stmt = con.createStatement(); System.out.println("SELECT * FROM flickrusers WHERE name='" + username + "'"); rs = stmt.executeQuery("SELECT * FROM flickrusers WHERE name='" + username + "'"); while (rs.next()) { if (rs.getObject(1).toString().equals(username)) { out.println("<h1>To username pou epileksate uparxei hdh</h1>"); out.println("<a href=\"project3.html\">parakalw dokimaste kapoio allo.</a>"); stmt.close(); rs.close(); return; } } stmt.close(); rs.close(); stmt = con.createStatement(); if (!stmt.execute("INSERT INTO flickrusers VALUES('" + username + "', '" + password + "')")) { out.println("<h1>Your registration is completed " + username + "</h1>"); out.println("<a href=\"index.jsp\">go to the login menu</a>"); registerListener.Register(username); } else { out.println("<h1>To username pou epileksate uparxei hdh</h1>"); out.println("<a href=\"project3.html\">Register</a>"); } } catch (SQLException e) { throw new ServletException("Servlet Could not display records.", e); } }
/* goodG2B() - use goodsource and badsink */ private void goodG2B() throws Throwable { String data_copy; { String data; java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger"); /* FIX: Use a hardcoded string */ data = "foo"; data_copy = data; } { String data = data_copy; Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; Statement sqlstatement = null; ResultSet sqlrs = null; try { conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.createStatement(); /* POTENTIAL FLAW: take user input and place into dynamic sql query */ sqlrs = sqlstatement.executeQuery("select * from users where name='" + data + "'"); IO.writeString(sqlrs.toString()); } catch (SQLException se) { log2.warning("Error getting database connection"); } finally { try { if (sqlrs != null) { sqlrs.close(); } } catch (SQLException e) { log2.warning("Error closing sqlrs"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } } } }
/** * Determine whether or a not a User with the supplied researcherID exists * * @param username The researcherID to test * @return true if the user exists, false if not * @throws SQLException if a database error was encountered */ public static boolean userExists(int researcherID) throws SQLException { boolean returnVal = false; // Get our connection to the database. Connection conn = DBConnectionManager.getConnection("yrc"); PreparedStatement stmt = null; ResultSet rs = null; try { stmt = conn.prepareStatement("SELECT researcherID FROM tblUsers WHERE researcherID = ?"); stmt.setInt(1, researcherID); rs = stmt.executeQuery(); // No rows returned. if (!rs.next()) { returnVal = false; } else { returnVal = true; } rs.close(); rs = null; stmt.close(); stmt = null; conn.close(); conn = null; } finally { // Always make sure result sets and statements are closed, // and the connection is returned to the pool if (rs != null) { try { rs.close(); } catch (SQLException e) {; } rs = null; } if (stmt != null) { try { stmt.close(); } catch (SQLException e) {; } stmt = null; } if (conn != null) { try { conn.close(); } catch (SQLException e) {; } conn = null; } } return returnVal; }
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */ private void goodB2G2(HttpServletRequest request, HttpServletResponse response) throws Throwable { String data; if (privateFive == 5) { data = ""; /* initialize data in case id is not in query string */ /* POTENTIAL FLAW: Parse id param out of the URL querystring (without using getParameter()) */ { StringTokenizer tokenizer = new StringTokenizer(request.getQueryString(), "&"); while (tokenizer.hasMoreTokens()) { String token = tokenizer.nextToken(); /* a token will be like "id=foo" */ if (token.startsWith("id=")) /* check if we have the "id" parameter" */ { data = token.substring(3); /* set data to "foo" */ break; /* exit while loop */ } } } } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } if (privateFive == 5) { Connection dbConnection = null; PreparedStatement sqlStatement = null; try { /* FIX: Use prepared statement and execute (properly) */ dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.prepareStatement( "insert into users (status) values ('updated') where name=?"); sqlStatement.setString(1, data); Boolean result = sqlStatement.execute(); if (result) { IO.writeLine("Name, " + data + ", updated successfully"); } else { IO.writeLine("Unable to update records for user: "******"Error getting database connection", exceptSql); } finally { try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } }
/* goodB2G1() - use badsource and goodsink by changing second privateTrue to privateFalse */ private void goodB2G1(HttpServletRequest request, HttpServletResponse response) throws Throwable { String data; if (privateTrue) { /* POTENTIAL FLAW: Read data from a querystring using getParameter */ data = request.getParameter("name"); } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } if (privateFalse) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ IO.writeLine("Benign, fixed string"); } else { Connection dbConnection = null; PreparedStatement sqlStatement = null; try { /* FIX: Use prepared statement and execute (properly) */ dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.prepareStatement( "insert into users (status) values ('updated') where name=?"); sqlStatement.setString(1, data); Boolean result = sqlStatement.execute(); if (result) { IO.writeLine("Name, " + data + ", updated successfully"); } else { IO.writeLine("Unable to update records for user: "******"Error getting database connection", exceptSql); } finally { try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } }
/* goodG2B() - use goodsource and badsink */ private void goodG2B() throws Throwable { String dataCopy; { String data; /* FIX: Use a hardcoded string */ data = "foo"; dataCopy = data; } { String data = dataCopy; if (data != null) { String names[] = data.split("-"); int successCount = 0; Connection dbConnection = null; Statement sqlStatement = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); for (int i = 0; i < names.length; i++) { /* POTENTIAL FLAW: data concatenated into SQL statement used in executeBatch(), which could result in SQL Injection */ sqlStatement.addBatch( "update users set hitcount=hitcount+1 where name='" + names[i] + "'"); } int resultsArray[] = sqlStatement.executeBatch(); for (int i = 0; i < names.length; i++) { if (resultsArray[i] > 0) { successCount++; } } IO.writeLine("Succeeded in " + successCount + " out of " + names.length + " queries."); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statament", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } } }
/* goodG2B1() - use goodsource and badsink by changing first IO.STATIC_FINAL_FIVE==5 to IO.STATIC_FINAL_FIVE!=5 */ private void goodG2B1() throws Throwable { String data; if (IO.STATIC_FINAL_FIVE != 5) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } else { /* FIX: Use a hardcoded string */ data = "foo"; } if (IO.STATIC_FINAL_FIVE == 5) { if (data != null) { String names[] = data.split("-"); int successCount = 0; Connection dbConnection = null; Statement sqlStatement = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); for (int i = 0; i < names.length; i++) { /* POTENTIAL FLAW: data concatenated into SQL statement used in executeBatch(), which could result in SQL Injection */ sqlStatement.addBatch( "update users set hitcount=hitcount+1 where name='" + names[i] + "'"); } int resultsArray[] = sqlStatement.executeBatch(); for (int i = 0; i < names.length; i++) { if (resultsArray[i] > 0) { successCount++; } } IO.writeLine("Succeeded in " + successCount + " out of " + names.length + " queries."); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statament", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } } }
/* goodG2B() - use goodsource and badsink */ private void goodG2B(HttpServletRequest request, HttpServletResponse response) throws Throwable { String dataCopy; { String data; /* FIX: Use a hardcoded string */ data = "foo"; dataCopy = data; } { String data = dataCopy; Connection dbConnection = null; Statement sqlStatement = null; ResultSet resultSet = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); /* POTENTIAL FLAW: data concatenated into SQL statement used in executeQuery(), which could result in SQL Injection */ resultSet = sqlStatement.executeQuery("select * from users where name='" + data + "'"); IO.writeLine(resultSet.getRow()); /* Use ResultSet in some way */ } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (resultSet != null) { resultSet.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql); } try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } }
/* goodG2B() - use goodsource and badsink */ public void goodG2BSink(byte[] dataSerialized) throws Throwable { /* unserialize data */ ByteArrayInputStream streamByteArrayInput = null; ObjectInputStream streamObjectInput = null; try { streamByteArrayInput = new ByteArrayInputStream(dataSerialized); streamObjectInput = new ObjectInputStream(streamByteArrayInput); String data = (String) streamObjectInput.readObject(); Connection dbConnection = null; try { dbConnection = IO.getDBConnection(); /* POTENTIAL FLAW: Set the catalog name with the value of data * allowing a nonexistent catalog name or unauthorized access to a portion of the DB */ dbConnection.setCatalog(data); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "IOException in deserialization", exceptIO); } catch (ClassNotFoundException exceptClassNotFound) { IO.logger.log( Level.WARNING, "ClassNotFoundException in deserialization", exceptClassNotFound); } finally { /* clean up stream reading objects */ try { if (streamObjectInput != null) { streamObjectInput.close(); } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error closing ObjectInputStream", exceptIO); } try { if (streamByteArrayInput != null) { streamByteArrayInput.close(); } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error closing ByteArrayInputStream", exceptIO); } } }
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); Connection conn = null; PreparedStatement pstmt = null; try { System.out.println("Enrollno: 130050131049"); // STEP 2: Register JDBC driver Class.forName(JDBC_DRIVER); // STEP 3: Open a connection System.out.println("Connecting to a selected database..."); conn = DriverManager.getConnection(DB_URL, USER, PASS); System.out.println("Connected database successfully..."); // STEP 2: Executing query String sql = "SELECT * FROM logindetails WHERE name = ?"; pstmt = conn.prepareStatement(sql); pstmt.setString(1, "Krut"); ResultSet rs = pstmt.executeQuery(); out.print("| <b>Name</b>| "); out.print("<b>Password</b>| "); out.println("</br>\n-------------------------------</br>"); while (rs.next()) { out.println(); out.print("| " + rs.getString(1)); out.print("| " + rs.getString(2) + "|"); out.println("</br>"); } } catch (SQLException se) { // Handle errors for JDBC se.printStackTrace(); } catch (Exception e) { // Handle errors for Class.forName e.printStackTrace(); } finally { // finally block used to close resources try { if (pstmt != null) conn.close(); } catch (SQLException se) { } // do nothing try { if (conn != null) conn.close(); } catch (SQLException se) { se.printStackTrace(); } // end finally try } // end try }
/* goodB2G() - use badsource and goodsink */ public void goodB2G_sink(String data_array[]) throws Throwable { String data = data_array[2]; String names[] = data.split("-"); int iSuccess = 0; Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; PreparedStatement sqlstatement = null; try { /* FIX: use prepared sqlstatement */ conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.prepareStatement("update users set hitcount=hitcount+1 where name=?"); for (int i = 0; i < names.length; ++i) { sqlstatement.setString(1, names[i]); sqlstatement.addBatch(); } int dbResults[] = sqlstatement.executeBatch(); for (int i = 0; i < names.length; ++i) { if (dbResults[i] > 0) { iSuccess++; } } IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries."); } catch (SQLException se) { log2.warning("Error getting database connection"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } }
public void bad() throws Throwable { String data; if (IO.staticTrue) { /* get environment variable ADD */ /* POTENTIAL FLAW: Read data from an environment variable */ data = System.getenv("ADD"); } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } if (IO.staticTrue) { Connection dbConnection = null; Statement sqlStatement = null; ResultSet resultSet = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); /* POTENTIAL FLAW: data concatenated into SQL statement used in executeQuery(), which could result in SQL Injection */ resultSet = sqlStatement.executeQuery("select * from users where name='" + data + "'"); IO.writeLine(resultSet.getRow()); /* Use ResultSet in some way */ } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (resultSet != null) { resultSet.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql); } try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } }
/* goodG2B1() - use goodsource and badsink by changing first IO.STATIC_FINAL_FIVE==5 to IO.STATIC_FINAL_FIVE!=5 */ private void goodG2B1() throws Throwable { String data; if (IO.STATIC_FINAL_FIVE != 5) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } else { /* FIX: Use a hardcoded string */ data = "foo"; } if (IO.STATIC_FINAL_FIVE == 5) { Connection dbConnection = null; Statement sqlStatement = null; ResultSet resultSet = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); /* POTENTIAL FLAW: data concatenated into SQL statement used in executeQuery(), which could result in SQL Injection */ resultSet = sqlStatement.executeQuery("select * from users where name='" + data + "'"); IO.writeLine(resultSet.getRow()); /* Use ResultSet in some way */ } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (resultSet != null) { resultSet.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql); } try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } }
/* goodB2G1() - use badsource and goodsink by setting the static variable to false instead of true */ public void goodB2G1Sink(String data) throws Throwable { if (CWE89_SQL_Injection__Environment_executeBatch_22a.goodB2G1PublicStatic) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } else { if (data != null) { String names[] = data.split("-"); int successCount = 0; Connection dbConnection = null; PreparedStatement sqlStatement = null; try { /* FIX: Use prepared statement and executeBatch (properly) */ dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.prepareStatement("update users set hitcount=hitcount+1 where name=?"); for (int i = 0; i < names.length; i++) { sqlStatement.setString(1, names[i]); sqlStatement.addBatch(); } int resultsArray[] = sqlStatement.executeBatch(); for (int i = 0; i < names.length; i++) { if (resultsArray[i] > 0) { successCount++; } } IO.writeLine("Succeeded in " + successCount + " out of " + names.length + " queries."); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } } }
/* goodB2G1() - use badsource and goodsink by setting the static variable to false instead of true */ public void goodB2G1Sink(String data) throws Throwable { if (CWE89_SQL_Injection__connect_tcp_executeQuery_22a.goodB2G1PublicStatic) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } else { Connection dbConnection = null; PreparedStatement sqlStatement = null; ResultSet resultSet = null; try { /* FIX: Use prepared statement and executeQuery (properly) */ dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.prepareStatement("select * from users where name=?"); sqlStatement.setString(1, data); resultSet = sqlStatement.executeQuery(); IO.writeLine(resultSet.getRow()); /* Use ResultSet in some way */ } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (resultSet != null) { resultSet.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql); } try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } }
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); PrintWriter out = response.getWriter(); try { Class.forName("com.mysql.jdbc.Driver").newInstance(); Connection con = DriverManager.getConnection(Utility.connection, Utility.username, Utility.password); String email = request.getParameter("email_id"); String number = ""; boolean exists = false; String user_name = ""; int user_id = -1; String str1 = "SELECT USER_ID,NAME,PHONE_NUMBER FROM USERS WHERE EMAIL_ID=?"; PreparedStatement prep1 = con.prepareStatement(str1); prep1.setString(1, email); ResultSet rs1 = prep1.executeQuery(); if (rs1.next()) { exists = true; user_id = rs1.getInt("USER_ID"); user_name = rs1.getString("NAME"); number = rs1.getString("PHONE_NUMBER"); } int verification = 0; JSONObject data = new JSONObject(); if (exists) { verification = (int) (Math.random() * 9535641 % 999999); System.out.println("Number " + number + "\nVerification: " + verification); SMSProvider.sendSMS( number, "Your One Time Verification Code for PeopleConnect Is " + verification); } data.put("user_name", user_name); data.put("user_id", user_id); data.put("verification_code", "" + verification); data.put("phone_number", number); String toSend = data.toJSONString(); out.print(toSend); System.out.println(toSend); } catch (Exception e) { e.printStackTrace(); } finally { out.close(); } }
/* goodG2B() - use goodsource and badsink */ public void goodG2B_sink(String data_array[]) throws Throwable { String data = data_array[2]; String names[] = data.split("-"); int iSuccess = 0; Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; Statement sqlstatement = null; try { conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.createStatement(); for (int i = 0; i < names.length; ++i) { /* POTENTIAL FLAW: take user input and place into dynamic sql query */ sqlstatement.addBatch("update users set hitcount=hitcount+1 where name='" + names[i] + "'"); } int dbResults[] = sqlstatement.executeBatch(); for (int i = 0; i < names.length; ++i) { if (dbResults[i] > 0) { iSuccess++; } } IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries."); } catch (SQLException se) { log2.warning("Error getting database connection"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } }
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */ private void goodB2G2() throws Throwable { String data; if (PRIVATE_STATIC_FINAL_TRUE) { /* get environment variable ADD */ /* POTENTIAL FLAW: Read data from an environment variable */ data = System.getenv("ADD"); } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } if (PRIVATE_STATIC_FINAL_TRUE) { Connection dbConnection = null; PreparedStatement sqlStatement = null; try { /* FIX: Use prepared statement and execute (properly) */ dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.prepareStatement( "insert into users (status) values ('updated') where name=?"); sqlStatement.setString(1, data); Boolean result = sqlStatement.execute(); if (result) { IO.writeLine("Name, " + data + ", updated successfully"); } else { IO.writeLine("Unable to update records for user: "******"Error getting database connection", exceptSql); } finally { try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } }