/* good2() reverses the bodies in the if statement */
  private void good2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    if (IO.static_returns_t()) {
      Logger tcLog = Logger.getLogger("cwe_testcases_logger");
      if (request.getParameter("username") == null) {
        return;
      }
      String username = request.getParameter("username");
      if (username.matches("[a-zA-Z0-9]*")) {
        HttpSession session = request.getSession(true);
        /* FIX: logged message does not contain session id */
        tcLog.log(Level.FINEST, "Username: "******" Session ID:" + session.getId());
      } else {
        response.getWriter().println("Invalid characters");
      }
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

      Logger tcLog = Logger.getLogger("cwe_testcases_logger");
      if (request.getParameter("username") == null) {
        return;
      }

      String username = request.getParameter("username");

      if (username.matches("[a-zA-Z0-9]*")) {
        HttpSession session = request.getSession(true);
        /* FLAW: leak session ID to debug log */
        tcLog.log(Level.FINEST, "Username: "******" Session ID:" + session.getId());
      } else {
        response.getWriter().println("Invalid characters");
      }
    }
  }
コード例 #2
0
ファイル: Enqueue.java プロジェクト: ankita-singh/CS263
  protected void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    String key = request.getParameter("keyname");
    String keyvalue = request.getParameter("value");

    // Add the task to the default queue.
    Queue queue = QueueFactory.getDefaultQueue();
    queue.add(
        TaskOptions.Builder.withUrl("/worker").param("keyname", key).param("value", keyvalue));

    response.sendRedirect("/done.html");
  }
 private void getServices(HttpServletResponse res) {
   InputStream is = null;
   try {
     URL url = ctx.getResource(resourcesDir + XHP_CONFIG);
     // use classpath if not found locally.
     if (url == null)
       url = XmlHttpProxyServlet.class.getResource(classpathResourcesDir + XHP_CONFIG);
     is = url.openStream();
   } catch (Exception ex) {
     try {
       getLogger().severe("XmlHttpProxyServlet error loading xhp.json : " + ex);
       PrintWriter writer = res.getWriter();
       writer.write(
           "XmlHttpProxyServlet Error: Error loading xhp.json. Make sure it is available in the /resources directory of your applicaton.");
       writer.flush();
     } catch (Exception iox) {
     }
   }
   services = xhp.loadServices(is);
 }
コード例 #4
0
ファイル: UserAction.java プロジェクト: Dinduks/Jetrix
  protected void service(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    String action = request.getParameter("action");
    String name = request.getParameter("name");

    String redirect = "/user.jsp?name=" + name;
    Client client = ClientRepository.getInstance().getClient(name);

    if ("kick".equals(action)) {
      logger.info(
          client.getUser().getName()
              + " ("
              + client.getInetAddress()
              + ") has been kicked by "
              + request.getRemoteUser()
              + " ("
              + request.getRemoteHost()
              + ")");
    } else if ("ban".equals(action)) {
      Banlist banlist = Banlist.getInstance();
      banlist.ban(client.getInetAddress().getHostAddress());

      logger.info(
          client.getUser().getName()
              + " ("
              + client.getInetAddress()
              + ") has been banned by "
              + request.getRemoteUser()
              + " ("
              + request.getRemoteHost()
              + ")");

      // save the server configuration
      Server.getInstance().getConfig().save();
    }

    client.disconnect();

    response.sendRedirect("/channel.jsp?name=" + client.getChannel().getConfig().getName());
  }
  public void doProcess(HttpServletRequest req, HttpServletResponse res, boolean isPost) {
    StringBuffer bodyContent = null;
    OutputStream out = null;
    PrintWriter writer = null;
    String serviceKey = null;

    try {
      BufferedReader in = req.getReader();
      String line = null;
      while ((line = in.readLine()) != null) {
        if (bodyContent == null) bodyContent = new StringBuffer();
        bodyContent.append(line);
      }
    } catch (Exception e) {
    }
    try {
      if (requireSession) {
        // check to see if there was a session created for this request
        // if not assume it was from another domain and blow up
        // Wrap this to prevent Portlet exeptions
        HttpSession session = req.getSession(false);
        if (session == null) {
          res.setStatus(HttpServletResponse.SC_FORBIDDEN);
          return;
        }
      }
      serviceKey = req.getParameter("id");
      // only to preven regressions - Remove before 1.0
      if (serviceKey == null) serviceKey = req.getParameter("key");
      // check if the services have been loaded or if they need to be reloaded
      if (services == null || configUpdated()) {
        getServices(res);
      }
      String urlString = null;
      String xslURLString = null;
      String userName = null;
      String password = null;
      String format = "json";
      String callback = req.getParameter("callback");
      String urlParams = req.getParameter("urlparams");
      String countString = req.getParameter("count");
      // encode the url to prevent spaces from being passed along
      if (urlParams != null) {
        urlParams = urlParams.replace(' ', '+');
      }

      try {
        if (services.has(serviceKey)) {
          JSONObject service = services.getJSONObject(serviceKey);
          // default to the service default if no url parameters are specified
          if (urlParams == null && service.has("defaultURLParams")) {
            urlParams = service.getString("defaultURLParams");
          }
          String serviceURL = service.getString("url");
          // build the URL
          if (urlParams != null && serviceURL.indexOf("?") == -1) {
            serviceURL += "?";
          } else if (urlParams != null) {
            serviceURL += "&";
          }
          String apikey = "";
          if (service.has("username")) userName = service.getString("username");
          if (service.has("password")) password = service.getString("password");
          if (service.has("apikey")) apikey = service.getString("apikey");
          urlString = serviceURL + apikey;
          if (urlParams != null) urlString += "&" + urlParams;
          if (service.has("xslStyleSheet")) {
            xslURLString = service.getString("xslStyleSheet");
          }
        }
        // code for passing the url directly through instead of using configuration file
        else if (req.getParameter("url") != null) {
          String serviceURL = req.getParameter("url");
          // build the URL
          if (urlParams != null && serviceURL.indexOf("?") == -1) {
            serviceURL += "?";
          } else if (urlParams != null) {
            serviceURL += "&";
          }
          urlString = serviceURL;
          if (urlParams != null) urlString += urlParams;
        } else {
          writer = res.getWriter();
          if (serviceKey == null)
            writer.write("XmlHttpProxyServlet Error: id parameter specifying serivce required.");
          else
            writer.write(
                "XmlHttpProxyServlet Error : service for id '" + serviceKey + "' not  found.");
          writer.flush();
          return;
        }
      } catch (Exception ex) {
        getLogger().severe("XmlHttpProxyServlet Error loading service: " + ex);
      }

      Map paramsMap = new HashMap();
      paramsMap.put("format", format);
      // do not allow for xdomain unless the context level setting is enabled.
      if (callback != null && allowXDomain) {
        paramsMap.put("callback", callback);
      }
      if (countString != null) {
        paramsMap.put("count", countString);
      }

      InputStream xslInputStream = null;

      if (urlString == null) {
        writer = res.getWriter();
        writer.write(
            "XmlHttpProxyServlet parameters:  id[Required] urlparams[Optional] format[Optional] callback[Optional]");
        writer.flush();
        return;
      }
      // default to JSON
      res.setContentType(responseContentType);
      out = res.getOutputStream();
      // get the stream for the xsl stylesheet
      if (xslURLString != null) {
        // check the web root for the resource
        URL xslURL = null;
        xslURL = ctx.getResource(resourcesDir + "xsl/" + xslURLString);
        // if not in the web root check the classpath
        if (xslURL == null) {
          xslURL =
              XmlHttpProxyServlet.class.getResource(classpathResourcesDir + "xsl/" + xslURLString);
        }
        if (xslURL != null) {
          xslInputStream = xslURL.openStream();
        } else {
          String message =
              "Could not locate the XSL stylesheet provided for service id "
                  + serviceKey
                  + ". Please check the XMLHttpProxy configuration.";
          getLogger().severe(message);
          try {
            out.write(message.getBytes());
            out.flush();
            return;
          } catch (java.io.IOException iox) {
          }
        }
      }
      if (!isPost) {
        xhp.doGet(urlString, out, xslInputStream, paramsMap, userName, password);
      } else {
        if (bodyContent == null)
          getLogger()
              .info(
                  "XmlHttpProxyServlet attempting to post to url "
                      + urlString
                      + " with no body content");
        xhp.doPost(
            urlString,
            out,
            xslInputStream,
            paramsMap,
            bodyContent.toString(),
            req.getContentType(),
            userName,
            password);
      }
    } catch (Exception iox) {
      iox.printStackTrace();
      getLogger().severe("XmlHttpProxyServlet: caught " + iox);
      try {
        writer = res.getWriter();
        writer.write(iox.toString());
        writer.flush();
      } catch (java.io.IOException ix) {
        ix.printStackTrace();
      }
      return;
    } finally {
      try {
        if (out != null) out.close();
        if (writer != null) writer.close();
      } catch (java.io.IOException iox) {
      }
    }
  }
コード例 #6
0
  @Override
  public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
    resp.setContentType("text/html");
    resp.getWriter().println("<html><body>");

    String keyname = req.getParameter("keyname");
    String value = req.getParameter("value");

    DatastoreService datastore = DatastoreServiceFactory.getDatastoreService();
    // Using the synchronous cache.
    MemcacheService syncCache = MemcacheServiceFactory.getMemcacheService();
    syncCache.setErrorHandler(ErrorHandlers.getConsistentLogAndContinue(Level.INFO));

    // display every element of kind TaskData for /datastore
    if (req.getParameterMap().isEmpty()) {
      // querying from datastore
      resp.getWriter().println("<h3>Datastore results:</h3>");
      List<String> listOfKeys = new ArrayList<String>();
      Query q = new Query("TaskData");
      PreparedQuery pq = datastore.prepare(q);
      for (Entity result : pq.asIterable()) {
        String datastore_key = result.getKey().getName();
        String taskData_value = (String) result.getProperty("value");
        Date taskData_date = (Date) result.getProperty("date");
        resp.getWriter()
            .println(
                "<p>keyname = "
                    + datastore_key
                    + "  value = "
                    + taskData_value
                    + " date = "
                    + taskData_date.toString()
                    + "</p>");
        listOfKeys.add(datastore_key);
      }
      // check which of the keys exist in memcache
      String memcache_value;
      resp.getWriter().println("<h3>Memcache results:</h3>");
      for (String datastore_key : listOfKeys) {
        memcache_value = (String) syncCache.get(datastore_key);
        if (memcache_value != null) {
          // String decoded = new String(memcache_value, "UTF-8");
          resp.getWriter()
              .println("<p>keyname = " + datastore_key + " value = " + memcache_value + "</p>");
        }
      }
    }

    // display element of kind TaskData with key=keyname
    else if (keyname != null && value == null) {

      // first check in the cache
      String memcache_value = (String) syncCache.get(keyname); // Read from cache.
      // Get value from datastore
      Key task_key = KeyFactory.createKey("TaskData", keyname);
      try {
        Entity tne = datastore.get(task_key);
        if (memcache_value == null) {
          resp.getWriter().println("<h2>Datastore</h2>");
        } else {
          resp.getWriter().println("<h2>Both</h2>");
        }

      } catch (EntityNotFoundException e) {
        resp.getWriter().println("<h2>Neither</h2>");
      }
    }

    // store element of kind TaskData with key=keyname and value=value
    else if (keyname != null && value != null) {
      Entity tne = new Entity("TaskData", keyname);
      tne.setProperty("value", value);
      tne.setProperty("date", new Date());
      datastore.put(tne);
      syncCache.put(keyname, value); // Populate cache.
      resp.getWriter()
          .println("<h2>Stored " + keyname + " and " + value + " in Datastore and Memcache</h2>");
    } else {

      resp.getWriter().println("<h2>You entered wrong query parameters</h2>");
    }

    /*
       Entity tne = new Entity("TaskData", "Person");
    alice.setProperty("gender", "female");
    alice.setProperty("age", 20);
    */

    resp.getWriter().println("</body></html>");
  }
  // The tck uses only get & post requests
  protected void processTCKReq(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    LOGGER.entering(LOG_CLASS, "servlet entry");

    PortletRequest portletReq = (PortletRequest) request.getAttribute("javax.portlet.request");
    PortletResponse portletResp = (PortletResponse) request.getAttribute("javax.portlet.response");
    PortletConfig portletConfig = (PortletConfig) request.getAttribute("javax.portlet.config");
    long svtTid = Thread.currentThread().getId();
    long reqTid = (Long) portletReq.getAttribute(THREADID_ATTR);

    PrintWriter writer = ((MimeResponse) portletResp).getWriter();

    JSR286DispatcherReqRespTestCaseDetails tcd = new JSR286DispatcherReqRespTestCaseDetails();

    // Create result objects for the tests

    /* TestCase: V2DispatcherReqRespTests4_SPEC2_19_IncludeServletResourceResponse_containsHeader */
    /* Details: "In a target servlet of a include in the Resource phase,    */
    /* the method HttpServletResponse.containsHeader must return false"     */
    TestResult tr0 =
        tcd.getTestResultFailed(
            V2DISPATCHERREQRESPTESTS4_SPEC2_19_INCLUDESERVLETRESOURCERESPONSE_CONTAINSHEADER);
    try {
      boolean ok = response.containsHeader("Accept");
      tr0.setTcSuccess(ok == false);
    } catch (Exception e) {
      tr0.appendTcDetail(e.toString());
    }
    tr0.writeTo(writer);

    /* TestCase: V2DispatcherReqRespTests4_SPEC2_19_IncludeServletResourceResponse_encodeRedirectURL1 */
    /* Details: "In a target servlet of a include in the Resource phase,    */
    /* the method HttpServletResponse.encodeRedirectURL must return null"   */
    TestResult tr1 =
        tcd.getTestResultFailed(
            V2DISPATCHERREQRESPTESTS4_SPEC2_19_INCLUDESERVLETRESOURCERESPONSE_ENCODEREDIRECTURL1);
    try {
      String isval = response.encodeRedirectURL("http://www.cnn.com/");
      CompareUtils.stringsEqual(isval, null, tr1);
    } catch (Exception e) {
      tr1.appendTcDetail(e.toString());
    }
    tr1.writeTo(writer);

    /* TestCase: V2DispatcherReqRespTests4_SPEC2_19_IncludeServletResourceResponse_encodeRedirectUrl */
    /* Details: "In a target servlet of a include in the Resource phase,    */
    /* the method HttpServletResponse.encodeRedirectUrl must return null"   */
    TestResult tr2 =
        tcd.getTestResultFailed(
            V2DISPATCHERREQRESPTESTS4_SPEC2_19_INCLUDESERVLETRESOURCERESPONSE_ENCODEREDIRECTURL);
    try {
      String isval = response.encodeRedirectUrl("http://www.cnn.com/");
      CompareUtils.stringsEqual(isval, null, tr2);
    } catch (Exception e) {
      tr2.appendTcDetail(e.toString());
    }
    tr2.writeTo(writer);

    /* TestCase: V2DispatcherReqRespTests4_SPEC2_19_IncludeServletResourceResponse_encodeURL1 */
    /* Details: "In a target servlet of a include in the Resource phase,    */
    /* the method HttpServletResponse.encodeURL must provide the same       */
    /* functionality as ResourceResponse.encodeURL"                         */
    TestResult tr3 =
        tcd.getTestResultFailed(
            V2DISPATCHERREQRESPTESTS4_SPEC2_19_INCLUDESERVLETRESOURCERESPONSE_ENCODEURL1);
    try {
      String turl = "http://www.apache.org/";
      String hval = (String) response.encodeURL(turl);
      String pval = (String) portletResp.encodeURL(turl);
      CompareUtils.stringsEqual("HttpServletResponse", hval, "ResourceResponse", pval, tr3);
    } catch (Exception e) {
      tr3.appendTcDetail(e.toString());
    }
    tr3.writeTo(writer);

    /* TestCase: V2DispatcherReqRespTests4_SPEC2_19_IncludeServletResourceResponse_encodeUrl */
    /* Details: "In a target servlet of a include in the Resource phase,    */
    /* the method HttpServletResponse.encodeUrl must provide the same       */
    /* functionality as ResourceResponse.encodeURL"                         */
    TestResult tr4 =
        tcd.getTestResultFailed(
            V2DISPATCHERREQRESPTESTS4_SPEC2_19_INCLUDESERVLETRESOURCERESPONSE_ENCODEURL);
    try {
      String turl = "http://www.apache.org/";
      String hval = (String) response.encodeUrl(turl);
      String pval = (String) portletResp.encodeURL(turl);
      CompareUtils.stringsEqual("HttpServletResponse", hval, "ResourceResponse", pval, tr4);
    } catch (Exception e) {
      tr4.appendTcDetail(e.toString());
    }
    tr4.writeTo(writer);

    /* TestCase: V2DispatcherReqRespTests4_SPEC2_19_IncludeServletResourceResponse_getBufferSize */
    /* Details: "In a target servlet of a include in the Resource phase,    */
    /* the method HttpServletResponse.getBufferSize must provide the same   */
    /* functionality as ResourceResponse.getBufferSize"                     */
    TestResult tr5 =
        tcd.getTestResultFailed(
            V2DISPATCHERREQRESPTESTS4_SPEC2_19_INCLUDESERVLETRESOURCERESPONSE_GETBUFFERSIZE);
    try {
      int hval = response.getBufferSize();
      int pval = ((ResourceResponse) portletResp).getBufferSize();
      String str =
          "Value "
              + hval
              + " from "
              + "HttpServletResponse"
              + " does not equal value "
              + pval
              + " + ResourceResponse";
      if (hval != pval) {
        tr5.appendTcDetail(str);
      }
      tr5.setTcSuccess(hval == pval);
    } catch (Exception e) {
      tr5.appendTcDetail(e.toString());
    }
    tr5.writeTo(writer);

    /* TestCase: V2DispatcherReqRespTests4_SPEC2_19_IncludeServletResourceResponse_getCharacterEncoding */
    /* Details: "In a target servlet of a include in the Resource phase,    */
    /* the method HttpServletResponse.getCharacterEncoding must provide     */
    /* the same functionality as ResourceResponse.getCharacterEncoding"     */
    TestResult tr6 =
        tcd.getTestResultFailed(
            V2DISPATCHERREQRESPTESTS4_SPEC2_19_INCLUDESERVLETRESOURCERESPONSE_GETCHARACTERENCODING);
    try {
      String hval = response.getCharacterEncoding();
      String pval = ((ResourceResponse) portletResp).getCharacterEncoding();
      CompareUtils.stringsEqual("HttpServletResponse", hval, "ResourceResponse", pval, tr6);
    } catch (Exception e) {
      tr6.appendTcDetail(e.toString());
    }
    tr6.writeTo(writer);

    /* TestCase: V2DispatcherReqRespTests4_SPEC2_19_IncludeServletResourceResponse_getContentType */
    /* Details: "In a target servlet of a include in the Resource phase,    */
    /* the method HttpServletResponse.getContentType must provide the       */
    /* same functionality as ResourceResponse.getContentType"               */
    TestResult tr7 =
        tcd.getTestResultFailed(
            V2DISPATCHERREQRESPTESTS4_SPEC2_19_INCLUDESERVLETRESOURCERESPONSE_GETCONTENTTYPE);
    try {
      String hval = response.getContentType();
      String pval = ((ResourceResponse) portletResp).getContentType();
      CompareUtils.stringsEqual("HttpServletResponse", hval, "ResourceResponse", pval, tr7);
    } catch (Exception e) {
      tr7.appendTcDetail(e.toString());
    }
    tr7.writeTo(writer);

    /* TestCase: V2DispatcherReqRespTests4_SPEC2_19_IncludeServletResourceResponse_getLocale */
    /* Details: "In a target servlet of a include in the Resource phase,    */
    /* the method HttpServletResponse.getLocale must provide the same       */
    /* functionality as ResourceResponse.getLocale"                         */
    TestResult tr8 =
        tcd.getTestResultFailed(
            V2DISPATCHERREQRESPTESTS4_SPEC2_19_INCLUDESERVLETRESOURCERESPONSE_GETLOCALE);
    try {
      Locale hl = response.getLocale();
      Locale pl = ((MimeResponse) portletResp).getLocale();
      String hval = hl.getDisplayName();
      String pval = pl.getDisplayName();
      CompareUtils.stringsEqual("HttpServletResponse", hval, "ResourceResponse", pval, tr8);
    } catch (Exception e) {
      tr8.appendTcDetail(e.toString());
    }
    tr8.writeTo(writer);

    /* TestCase: V2DispatcherReqRespTests4_SPEC2_19_IncludeServletResourceResponse_isCommitted */
    /* Details: "In a target servlet of a include in the Resource phase,    */
    /* the method HttpServletResponse.isCommitted must provide the same     */
    /* functionality as ResourceResponse.isCommitted"                       */
    TestResult tr9 =
        tcd.getTestResultFailed(
            V2DISPATCHERREQRESPTESTS4_SPEC2_19_INCLUDESERVLETRESOURCERESPONSE_ISCOMMITTED);
    try {
      boolean hval = response.isCommitted();
      boolean pval = ((ResourceResponse) portletResp).isCommitted();
      String str =
          "Value "
              + hval
              + " from "
              + "HttpServletResponse"
              + " does not equal value "
              + pval
              + " + ResourceResponse";
      if (hval != pval) {
        tr9.appendTcDetail(str);
      }
      tr9.setTcSuccess(hval == pval);
    } catch (Exception e) {
      tr9.appendTcDetail(e.toString());
    }
    tr9.writeTo(writer);
  }
コード例 #8
0
ファイル: LifecycleImpl.java プロジェクト: dlitz/resin
  private boolean sendError(FacesContext context, String lifecycle, Exception e) {
    for (Throwable cause = e; cause != null; cause = cause.getCause()) {
      if (cause instanceof DisplayableException) {
        if (e instanceof RuntimeException) throw (RuntimeException) e;
        else throw new FacesException(e);
      } else if (cause instanceof ServletException) throw new FacesException(e);
      else if (cause instanceof JspException) throw new FacesException(e);
    }

    ExternalContext extContext = context.getExternalContext();
    Object response = extContext.getResponse();

    if (!(response instanceof HttpServletResponse)) {
      context.renderResponse();

      if (e instanceof RuntimeException) throw (RuntimeException) e;
      else throw new RuntimeException(e);
    }

    log.log(Level.WARNING, e.toString(), e);

    HttpServletResponse res = (HttpServletResponse) response;

    try {
      context.renderResponse();
      context.responseComplete();

      res.setStatus(500, "JSF Exception");
      res.setContentType("text/html");

      PrintWriter out = res.getWriter();

      out.println("<body>");

      out.println("<h3>JSF exception detected in " + lifecycle + " phase</h3>");

      String msg = e.getMessage();
      out.println("<span style='color:red;font:bold'>" + Html.escapeHtml(msg) + "</span><br/>");

      out.println("<h3>Context: " + context.getViewRoot() + "</h3>");
      out.println("<code><pre>");

      String errorId = null;

      if (e instanceof FacesException && msg.startsWith("id=")) {
        int p = msg.indexOf(' ');
        errorId = msg.substring(3, p);
      }

      printComponentTree(out, errorId, context, context.getViewRoot(), 0);

      out.println("</pre></code>");

      if (!Alarm.isTest()) {
        out.println("<h3>Stack Trace</h3>");
        out.println("<pre>");
        if (e.getCause() != null) e.getCause().printStackTrace(out);
        else e.printStackTrace(out);
        out.println("</pre>");
      }

      out.println("</body>");

      // clear, so we don't just loop
      Application app = context.getApplication();

      ViewHandler view = app.getViewHandler();

      UIViewRoot viewRoot = context.getViewRoot();

      viewRoot = view.createView(context, viewRoot.getViewId());

      context.setViewRoot(viewRoot);

      // view.writeState(context); // XXX: no need to output state, but review.

      return true;
    } catch (IOException e1) {
      throw new RuntimeException(e);
    }
  }