private void good1() throws Throwable { String fn = ".\\src\\testcases\\CWE379_File_Creation_in_Insecure_Dir\\basic\\insecureDir"; File dir = new File(fn); if (dir.exists()) { IO.writeLine("Directory already exists"); if (dir.delete()) { IO.writeLine("Directory deleted"); } else { return; } } if (!dir.getParentFile().canWrite()) { IO.writeLine("Cannot write to parent dir"); } /* FIX: explicitly set directory permissions */ dir.setExecutable(false, true); dir.setReadable(true); dir.setWritable(false, true); try { boolean success = dir.mkdir(); if (success) { IO.writeLine("Directory created"); File file = new File(dir.getAbsolutePath() + "\\newFile.txt"); file.createNewFile(); } } catch (Exception e) { System.out.println(e.getMessage()); } }
public void bad() throws Throwable { String fn = ".\\src\\testcases\\CWE379_File_Creation_in_Insecure_Dir\\insecureDir"; /* may have to be changed depending on script */ /* POSSIBLE FLAW: potentially insecure directory permissions */ File dir = new File(fn); if (dir.exists()) { IO.writeLine("Directory already exists"); if (dir.delete()) { IO.writeLine("Directory deleted"); } else { return; } } if (!dir.getParentFile().canWrite()) { IO.writeLine("Cannot write to parent dir"); } try { boolean success = dir.mkdir(); if (success) { IO.writeLine("Directory created"); File file = new File(dir.getAbsolutePath() + "\\newFile.txt"); file.createNewFile(); } } catch (Exception e) { System.out.println(e.getMessage()); } }
public static boolean copyDir(String fromDir, String toDir) throws IOException { File contentFile = new File(toDir + ".INIT"); if (!contentFile.exists()) { IO.copyDirTree(fromDir, toDir); contentFile.createNewFile(); return true; } return false; }
public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { // read the last post id here ....................... String url = req.getRequestURI(); String urlprt[] = url.split("/"); int urlcount = urlprt.length - 1; JSONParser parserPost = new JSONParser(); JSONObject post = null; String id = urlprt[urlcount]; // read the post here ............................. try { if (id != null) { Object objPost = parserPost.parse(new FileReader("..\\webapps\\Blog\\post\\" + id + ".json")); post = (JSONObject) objPost; JSONArray msg = (JSONArray) post.get("toapprove"); msg.add(req.getParameter("content")); post.remove("toapprove"); post.put("toapprove", msg); File file = new File("..\\webapps\\Blog\\post\\" + id + ".json"); file.createNewFile(); FileWriter filew = new FileWriter(file); filew.write(post.toJSONString()); filew.flush(); filew.close(); doGet(req, res); } } catch (Exception e) { res.setContentType("text/html"); PrintWriter out = res.getWriter(); out.println("get POST ......................"); out.println(e); out.println("......................"); } }