public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    int data_copy;
    {
      int data;

      Logger log_bad = Logger.getLogger("local-logger");

      /* init Data$ */
      data = -1;

      /* read parameter from cookie */
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        String s_data = cookieSources[0].getValue();
        data = Integer.parseInt(s_data.trim());
      }

      data_copy = data;
    }
    {
      int data = data_copy;

      /* POTENTIAL FLAW: Zero modulus will cause an issue.  An integer division will
      result in an exception.  */
      IO.writeLine("100%" + String.valueOf(data) + " = " + (100 % data) + "\n");
    }
  }
  /* goodB2G() - use badsource and goodsink */
  private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    int data_copy;
    {
      int data;

      Logger log_bad = Logger.getLogger("local-logger");

      /* init Data$ */
      data = -1;

      /* read parameter from cookie */
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        String s_data = cookieSources[0].getValue();
        data = Integer.parseInt(s_data.trim());
      }

      data_copy = data;
    }
    {
      int data = data_copy;

      /* FIX: test for a zero modulus */
      if (data != 0) {
        IO.writeLine("100%" + String.valueOf(data) + " = " + (100 % data) + "\n");
      } else {
        IO.writeLine("This would result in a modulo by zero");
      }
    }
  }
  public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;

    Logger log_bad = Logger.getLogger("local-logger");

    /* read parameter from cookie */
    Cookie cookieSources[] = request.getCookies();
    if (cookieSources != null) {
      data = cookieSources[0].getValue();
    } else {
      data = null;
    }

    bad_sink(data, request, response);
  }
  /* goodG2B2() - use goodsource and badsink by reversing statements in first if */
  private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;
    if (IO.static_five == 5) {
      data = "5";
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

      Logger log_bad = Logger.getLogger("local-logger");

      /* read parameter from cookie */
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        data = cookieSources[0].getValue();
      } else {
        data = null;
      }
    }
    if (IO.static_five == 5) {
      int loopNum;
      try {
        loopNum = Integer.parseInt(data);
      } catch (NumberFormatException nfe) {
        IO.writeLine("Invalid response. Numeric input expected. Assuming 1.");
        loopNum = 1;
      }
      for (int i = 0; i < loopNum; i++) {
        /* POTENTIAL FLAW: user supplied input used for loop counter test */
        IO.writeLine("hello world");
      }
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

      int loopNum;
      try {
        loopNum = Integer.parseInt(data);
      } catch (NumberFormatException nfe) {
        IO.writeLine("Invalid response. Numeric input expected. Assuming 1.");
        loopNum = 1;
      }

      /* FIX: loop number thresholds validated */
      if (loopNum >= 0 && loopNum <= 5) {
        for (int i = 0; i < loopNum; i++) {
          IO.writeLine("hello world");
        }
      }
    }
  }
  /* goodG2B2() - use goodsource and badsink by reversing statements in first if */
  private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    int data;
    /* INCIDENTAL: CWE 571 Statement is Always True */
    if (IO.static_final_t) {
      java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
      /* FIX: Use a hardcoded number that won't cause underflow, overflow,
      divide by zero, or loss-of-precision issues */
      data = 2;
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

      Logger log_bad = Logger.getLogger("local-logger");

      /* init Data$ */
      data = -1;

      /* read parameter from cookie */
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        String s_data = cookieSources[0].getValue();
        data = Integer.parseInt(s_data.trim());
      }
    }
    /* INCIDENTAL: CWE 571 Statement is Always True */
    if (IO.static_final_t) {
      int valueToMult = (new SecureRandom()).nextInt(98) + 2; /* multiply by at least 2 */
      if (data > 0) /* ensure we don't have an underflow */ {
        /* POTENTIAL FLAW: if (data*valueToMult) > MAX_VALUE, this will overflow */
        int result = (data * valueToMult);
        IO.writeLine("result: " + result);
      }
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

      int valueToMult = (new SecureRandom()).nextInt(98) + 2; /* multiply by at least 2 */

      if (data > 0) /* ensure we don't have an underflow */ {
        int result = 0;
        /* FIX: Add a check to prevent an overflow from occurring */
        if (data <= (Integer.MAX_VALUE / valueToMult)) {
          result = (data * valueToMult);
          IO.writeLine("result: " + result);
        } else {
          IO.writeLine("Input value is too large to perform multiplication.");
        }
      }
    }
  }
コード例 #6
0
ファイル: LoginAn.java プロジェクト: WaleedAshraf/UserProj
 public void doPost(HttpServletRequest req, HttpServletResponse res)
     throws IOException, ServletException {
   ArrayList<String> ar = new ArrayList<String>();
   boolean flag = false;
   Cookie[] cArr = req.getCookies();
   if (cArr != null) {
     for (int i = 0; i < cArr.length; i++) {
       Cookie c0 = cArr[i];
       if (c0.getName().equals("Name") && !c0.getValue().equals("Logout")) {
         res.sendRedirect("index.html");
         flag = true;
       }
     }
   }
   if (flag == false) res.sendRedirect("Login.html");
 }
  public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    int data;

    Logger log_bad = Logger.getLogger("local-logger");

    /* init Data$ */
    data = -1;

    /* read parameter from cookie */
    Cookie cookieSources[] = request.getCookies();
    if (cookieSources != null) {
      String s_data = cookieSources[0].getValue();
      data = Integer.parseInt(s_data.trim());
    }

    (new CWE369_Divide_By_Zero__getCookiesServlet_divide_54b()).bad_sink(data, request, response);
  }
  /* goodB2G() - use badsource and goodsink */
  private int goodB2G_source(HttpServletRequest request, HttpServletResponse response)
      throws Throwable {
    int data;

    Logger log_bad = Logger.getLogger("local-logger");

    /* init Data$ */
    data = -1;

    /* read parameter from cookie */
    Cookie cookieSources[] = request.getCookies();
    if (cookieSources != null) {
      String s_data = cookieSources[0].getValue();
      data = Integer.parseInt(s_data.trim());
    }

    return data;
  }
  /* goodB2G2() - use badsource and goodsink by reversing statements in second if  */
  private void goodB2G2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    int data;
    /* INCIDENTAL: CWE 571 Statement is Always True */
    if (private_returns_t()) {
      Logger log_bad = Logger.getLogger("local-logger");
      /* init Data$ */
      data = -1;
      /* read parameter from cookie */
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        String s_data = cookieSources[0].getValue();
        data = Integer.parseInt(s_data.trim());
      }
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

      java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");

      /* FIX: Use a hardcoded number that won't cause underflow, overflow,
      divide by zero, or loss-of-precision issues */
      data = 2;
    }
    /* INCIDENTAL: CWE 571 Statement is Always True */
    if (private_returns_t()) {
      int result = 0;
      int valueToAdd = (new SecureRandom()).nextInt(99) + 1; /* adding at least 1 */
      /* FIX: Add a check to prevent an overflow from occurring */
      if (data <= (Integer.MAX_VALUE - valueToAdd)) {
        result = (data + valueToAdd);
        IO.writeLine("result: " + result);
      } else {
        IO.writeLine("Input value is too large to perform addition.");
      }
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

      int valueToAdd = (new SecureRandom()).nextInt(99) + 1; /* adding at least 1 */

      /* POTENTIAL FLAW: if (data+valueToAdd) > MAX_VALUE, this will overflow */
      int result = (data + valueToAdd);

      IO.writeLine("result: " + result);
    }
  }
  private String bad_source(HttpServletRequest request, HttpServletResponse response)
      throws Throwable {
    String data;

    if (badPrivate) {
      data = ""; /* initialize data in case there are no cookies */
      /* Read data from cookies */
      {
        Cookie cookieSources[] = request.getCookies();
        if (cookieSources != null) {
          /* POTENTIAL FLAW: Read data from the first cookie value */
          data = cookieSources[0].getValue();
        }
      }
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run
       * but ensure data is inititialized before the Sink to avoid compiler errors */
      data = null;
    }

    return data;
  }
  /* goodG2B2() - use goodsource and badsink by reversing statements in first if */
  private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    int data;
    /* INCIDENTAL: CWE 571 Statement is Always True */
    if (5 == 5) {
      java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
      /* FIX: Use a hardcoded number that won't cause underflow, overflow,
      divide by zero, or loss-of-precision issues */
      data = 2;
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

      Logger log_bad = Logger.getLogger("local-logger");

      /* init Data$ */
      data = -1;

      /* read parameter from cookie */
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        String s_data = cookieSources[0].getValue();
        data = Integer.parseInt(s_data.trim());
      }
    }
    /* INCIDENTAL: CWE 571 Statement is Always True */
    if (5 == 5) {
      /* POTENTIAL FLAW: Zero denominator will cause an issue.  An integer division will
      result in an exception. */
      IO.writeLine("bad: 100/" + String.valueOf(data) + " = " + (100 / data) + "\n");
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

      /* FIX: test for a zero denominator */
      if (data != 0) {
        IO.writeLine("100/" + String.valueOf(data) + " = " + (100 / data) + "\n");
      } else {
        IO.writeLine("This would result in a divide by zero");
      }
    }
  }
  /* goodB2G2() - use badsource and goodsink by reversing statements in second if  */
  private void goodB2G2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;
    /* INCIDENTAL: CWE 571 Statement is Always True */
    if (private_final_five == 5) {
      Logger log_bad = Logger.getLogger("local-logger");
      /* read parameter from cookie */
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        data = cookieSources[0].getValue();
      } else {
        data = null;
      }
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

      java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");

      /* FIX: Use a hardcoded string */
      data = "foo";
    }
    /* INCIDENTAL: CWE 571 Statement is Always True */
    if (private_final_five == 5) {
      String names[] = data.split("-");
      int iSuccess = 0;
      Logger log2 = Logger.getLogger("local-logger");
      Connection conn_tmp2 = null;
      PreparedStatement sqlstatement = null;
      try {
        /* FIX: use prepared sqlstatement */
        conn_tmp2 = IO.getDBConnection();
        sqlstatement =
            conn_tmp2.prepareStatement("update users set hitcount=hitcount+1 where name=?");
        for (int i = 0; i < names.length; ++i) {
          sqlstatement.setString(1, names[i]);
          sqlstatement.addBatch();
        }
        int dbResults[] = sqlstatement.executeBatch();
        for (int i = 0; i < names.length; ++i) {
          if (dbResults[i] > 0) {
            iSuccess++;
          }
        }
        IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries.");
      } catch (SQLException se) {
        log2.warning("Error getting database connection");
      } finally {
        try {
          if (sqlstatement != null) {
            sqlstatement.close();
          }
        } catch (SQLException e) {
          log2.warning("Error closing sqlstatement");
        } finally {
          try {
            if (conn_tmp2 != null) {
              conn_tmp2.close();
            }
          } catch (SQLException e) {
            log2.warning("Error closing conn_tmp2");
          }
        }
      }
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

      String names[] = data.split("-");
      int iSuccess = 0;

      Logger log2 = Logger.getLogger("local-logger");

      Connection conn_tmp2 = null;
      Statement sqlstatement = null;

      try {
        conn_tmp2 = IO.getDBConnection();
        sqlstatement = conn_tmp2.createStatement();

        for (int i = 0; i < names.length; ++i) {
          /* POTENTIAL FLAW: take user input and place into dynamic sql query */
          sqlstatement.addBatch(
              "update users set hitcount=hitcount+1 where name='" + names[i] + "'");
        }

        int dbResults[] = sqlstatement.executeBatch();

        for (int i = 0; i < names.length; ++i) {
          if (dbResults[i] > 0) {
            iSuccess++;
          }
        }

        IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries.");
      } catch (SQLException se) {
        log2.warning("Error getting database connection");
      } finally {
        try {
          if (sqlstatement != null) {
            sqlstatement.close();
          }
        } catch (SQLException e) {
          log2.warning("Error closing sqlstatement");
        } finally {
          try {
            if (conn_tmp2 != null) {
              conn_tmp2.close();
            }
          } catch (SQLException e) {
            log2.warning("Error closing conn_tmp2");
          }
        }
      }
    }
  }