private void good1() throws Throwable {
String fn = ".\\src\\testcases\\CWE379_File_Creation_in_Insecure_Dir\\basic\\insecureDir";
File dir = new File(fn);
if (dir.exists()) {
IO.writeLine("Directory already exists");
if (dir.delete()) {
IO.writeLine("Directory deleted");
} else {
return;
}
}
if (!dir.getParentFile().canWrite()) {
IO.writeLine("Cannot write to parent dir");
}
/* FIX: explicitly set directory permissions */
dir.setExecutable(false, true);
dir.setReadable(true);
dir.setWritable(false, true);
try {
boolean success = dir.mkdir();
if (success) {
IO.writeLine("Directory created");
File file = new File(dir.getAbsolutePath() + "\\newFile.txt");
file.createNewFile();
}
} catch (Exception e) {
System.out.println(e.getMessage());
}
}
public void bad() throws Throwable {
String fn =
".\\src\\testcases\\CWE379_File_Creation_in_Insecure_Dir\\insecureDir"; /* may have to be changed depending on script */
/* POSSIBLE FLAW: potentially insecure directory permissions */
File dir = new File(fn);
if (dir.exists()) {
IO.writeLine("Directory already exists");
if (dir.delete()) {
IO.writeLine("Directory deleted");
} else {
return;
}
}
if (!dir.getParentFile().canWrite()) {
IO.writeLine("Cannot write to parent dir");
}
try {
boolean success = dir.mkdir();
if (success) {
IO.writeLine("Directory created");
File file = new File(dir.getAbsolutePath() + "\\newFile.txt");
file.createNewFile();
}
} catch (Exception e) {
System.out.println(e.getMessage());
}
}
public static boolean copyDir(String fromDir, String toDir) throws IOException {
File contentFile = new File(toDir + ".INIT");
if (!contentFile.exists()) {
IO.copyDirTree(fromDir, toDir);
contentFile.createNewFile();
return true;
}
return false;
}
public void doPost(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
// read the last post id here .......................
String url = req.getRequestURI();
String urlprt[] = url.split("/");
int urlcount = urlprt.length - 1;
JSONParser parserPost = new JSONParser();
JSONObject post = null;
String id = urlprt[urlcount];
// read the post here .............................
try {
if (id != null) {
Object objPost =
parserPost.parse(new FileReader("..\\webapps\\Blog\\post\\" + id + ".json"));
post = (JSONObject) objPost;
JSONArray msg = (JSONArray) post.get("toapprove");
msg.add(req.getParameter("content"));
post.remove("toapprove");
post.put("toapprove", msg);
File file = new File("..\\webapps\\Blog\\post\\" + id + ".json");
file.createNewFile();
FileWriter filew = new FileWriter(file);
filew.write(post.toJSONString());
filew.flush();
filew.close();
doGet(req, res);
}
} catch (Exception e) {
res.setContentType("text/html");
PrintWriter out = res.getWriter();
out.println("get POST ......................");
out.println(e);
out.println("......................");
}
}