private static void doGetCWE6(HttpServletRequest request, HttpServletResponse response) { try { /* BEGIN-AUTOGENERATED-SERVLET-TESTS-6 */ (new testcases.CWE600_Fail_Catch_Exceptions .CWE600_Fail_Catch_Exceptions__Servlet_getParameter_01()) .runTest(request, response); /* END-AUTOGENERATED-SERVLET-TESTS-6 */ } catch (Throwable t) { /* this will only happen on an IOException or something (the runTest for the test cases will catch any exceptions from the test cases). So, we just abort * and write to the console (since we can't write to the response without possibly throwing another exception) */ System.out.println(" Caught thowable from doGetCWE6 "); System.out.println(" Throwable's message = " + t.getMessage()); System.out.println("Stack trace below"); StackTraceElement stes[] = t.getStackTrace(); for (StackTraceElement ste : stes) { System.out.println(" " + ste.toString()); } } }
private static void doGetCWE4(HttpServletRequest request, HttpServletResponse response) { try { /* BEGIN-AUTOGENERATED-SERVLET-TESTS-4 */ (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakPathServlet_01()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakPathServlet_02()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakPathServlet_03()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakPathServlet_04()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakPathServlet_05()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakPathServlet_06()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakPathServlet_07()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakPathServlet_08()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakPathServlet_09()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakPathServlet_10()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakPathServlet_11()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakPathServlet_12()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakPathServlet_13()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakPathServlet_14()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakPathServlet_15()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakPathServlet_16()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakPathServlet_17()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakPathServlet_19()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_01()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_02()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_03()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_04()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_05()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_06()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_07()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_08()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_09()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_10()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_11()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_12()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_13()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_14()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_15()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_16()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_17()) .runTest(request, response); (new testcases.CWE497_Information_Leak_of_System_Data .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_19()) .runTest(request, response); /* END-AUTOGENERATED-SERVLET-TESTS-4 */ } catch (Throwable t) { /* this will only happen on an IOException or something (the runTest for the test cases will catch any exceptions from the test cases). So, we just abort * and write to the console (since we can't write to the response without possibly throwing another exception) */ System.out.println(" Caught thowable from doGetCWE4 "); System.out.println(" Throwable's message = " + t.getMessage()); System.out.println("Stack trace below"); StackTraceElement stes[] = t.getStackTrace(); for (StackTraceElement ste : stes) { System.out.println(" " + ste.toString()); } } }
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { try { response.setHeader("Cache-Control", "no-cache"); response.setCharacterEncoding("UTF-8"); String task = request.getParameter("task"); Element data = null; // process help request if (request.getParameter("help") != null) data = getDescription(task); // redirect to home page if there is no task if (data == null && task == null) { response.setContentType("text/html"); response .getWriter() .append( "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\"><html><head><meta http-equiv=\"REFRESH\" content=\"0;url=" + context.getInitParameter("server_path") + "></head><body></body></html>"); return; } // process definition request if (data == null && task.equals("define")) { int id = resolveIntegerArg(request.getParameter("id"), -1); int length = resolveIntegerArg(request.getParameter("length"), definer.getDefaultLength()); int format = resolveIntegerArg(request.getParameter("format"), definer.getDefaultFormat()); int maxImageWidth = resolveIntegerArg( request.getParameter("maxImageWidth"), definer.getDefaultMaxImageWidth()); int maxImageHeight = resolveIntegerArg( request.getParameter("maxImageHeight"), definer.getDefaultMaxImageHeight()); int linkDestination = resolveIntegerArg( request.getParameter("linkDestination"), definer.getDefaultLinkDestination()); boolean getImages = resolveBooleanArg(request.getParameter("getImages"), false); data = definer.getDefinition( id, length, format, linkDestination, getImages, maxImageWidth, maxImageHeight); } // all of the remaining tasks require data to be cached, so lets make sure that is finished // before continuing. if (!cachingThread.isOk()) throw new ServletException("Could not cache wikipedia data"); double progress = cachingThread.getProgress(); if (data == null && (progress < 1 || task.equals("progress"))) { // still caching up data, not ready to return a response yet. data = doc.createElement("loading"); data.setAttribute("progress", df.format(progress)); task = "loading"; } // process search request if (data == null && task.equals("search")) { String term = request.getParameter("term"); String id = request.getParameter("id"); int linkLimit = resolveIntegerArg(request.getParameter("linkLimit"), searcher.getDefaultMaxLinkCount()); int senseLimit = resolveIntegerArg( request.getParameter("senseLimit"), searcher.getDefaultMaxSenseCount()); if (id == null) data = searcher.doSearch(term, linkLimit, senseLimit); else data = searcher.doSearch(Integer.parseInt(id), linkLimit); } // process compare request if (data == null && task.equals("compare")) { String term1 = request.getParameter("term1"); String term2 = request.getParameter("term2"); int linkLimit = resolveIntegerArg(request.getParameter("linkLimit"), comparer.getDefaultMaxLinkCount()); boolean details = resolveBooleanArg(request.getParameter("details"), comparer.getDefaultShowDetails()); data = comparer.getRelatedness(term1, term2, details, linkLimit); } // process wikify request if (data == null && task.equals("wikify")) { if (this.wikifier == null) throw new ServletException( "Wikifier is not available. You must configure the servlet so that it has access to link detection and disambiguation models."); String source = request.getParameter("source"); int sourceMode = resolveIntegerArg(request.getParameter("sourceMode"), Wikifier.SOURCE_AUTODETECT); String linkColor = request.getParameter("linkColor"); String baseColor = request.getParameter("baseColor"); double minProb = resolveDoubleArg( request.getParameter("minProbability"), wikifier.getDefaultMinProbability()); int repeatMode = resolveIntegerArg(request.getParameter("repeatMode"), wikifier.getDefaultRepeatMode()); boolean showTooltips = resolveBooleanArg( request.getParameter("showTooltips"), wikifier.getDefaultShowTooltips()); String bannedTopics = request.getParameter("bannedTopics"); boolean wrapInXml = resolveBooleanArg(request.getParameter("wrapInXml"), true); if (wrapInXml) { data = wikifier.wikifyAndWrapInXML( source, sourceMode, minProb, repeatMode, bannedTopics, baseColor, linkColor, showTooltips); } else { response.setContentType("text/html"); response .getWriter() .append( wikifier.wikify( source, sourceMode, minProb, repeatMode, bannedTopics, baseColor, linkColor, showTooltips)); return; } } if (data == null) throw new Exception("Unknown Task"); // wrap data Element wrapper = doc.createElement("WikipediaMinerResponse"); wrapper.setAttribute("server_path", context.getInitParameter("server_path")); wrapper.setAttribute("service_name", context.getInitParameter("service_name")); wrapper.appendChild(data); data = wrapper; // Transform or serialize xml data as appropriate Transformer tf = null; if (request.getParameter("xml") == null) { // we need to transform the data into html tf = transformersByName.get(task); if (request.getParameter("help") != null) tf = transformersByName.get("help"); } if (tf == null) { // we need to serialize the data as xml tf = transformersByName.get("serializer"); response.setContentType("application/xml"); } else { // output will be transformed to html response.setContentType("text/html"); response .getWriter() .append( "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\" \"http://www.w3.org/TR/html4/strict.dtd\">\n"); } tf.transform(new DOMSource(data), new StreamResult(response.getWriter())); } catch (Exception error) { response.reset(); response.setContentType("application/xml"); response.setHeader("Cache-Control", "no-cache"); response.setCharacterEncoding("UTF8"); Element xmlError = doc.createElement("Error"); if (error.getMessage() != null) xmlError.setAttribute("message", error.getMessage()); Element xmlStackTrace = doc.createElement("StackTrace"); xmlError.appendChild(xmlStackTrace); for (StackTraceElement ste : error.getStackTrace()) { Element xmlSte = doc.createElement("StackTraceElement"); xmlSte.setAttribute("message", ste.toString()); xmlStackTrace.appendChild(xmlSte); } try { transformersByName .get("serializer") .transform(new DOMSource(xmlError), new StreamResult(response.getWriter())); } catch (Exception e) { // TODO: something for when an error is thrown processing an error???? } ; } }
public Writer getErrorReport( Writer to, final HttpServletRequest request, CharTransformer escape) throws IOException { final Writer logMsg = new StringWriter(); final Writer tee = new org.mmbase.util.ChainedWriter(to, logMsg); Writer msg = tee; LinkedList<Throwable> stack = getStack(); String ticket = new Date().toString(); Map<String, String> props; try { props = org.mmbase.util.ApplicationContextReader.getProperties("mmbase_errorpage"); } catch (javax.naming.NamingException ne) { props = Collections.emptyMap(); log.info(ne); } if (request != null) { { msg.append("Headers\n----------\n"); // request properties for (Object name : Collections.list(request.getHeaderNames())) { msg.append( escape.transform( name + ": " + escape.transform(request.getHeader((String) name)) + "\n")); } } { msg.append("\nAttributes\n----------\n"); Pattern p = requestIgnore; if (p == null && props.get("request_ignore") != null) { p = Pattern.compile(props.get("request_ignore")); } for (Object name : Collections.list(request.getAttributeNames())) { if (p == null || !p.matcher((String) name).matches()) { msg.append( escape.transform(name + ": " + request.getAttribute((String) name) + "\n")); } } } if (Boolean.TRUE.equals(showSession) || (showSession == null && !"false".equals(props.get("show_session")))) { HttpSession ses = request.getSession(false); if (ses != null) { msg.append("\nSession\n----------\n"); Pattern p = sessionIgnore; if (p == null && props.get("session_ignore") != null) { p = Pattern.compile(props.get("session_ignore")); } for (Object name : Collections.list(ses.getAttributeNames())) { if (p == null || !p.matcher((String) name).matches()) { msg.append(escape.transform(name + ": " + ses.getAttribute((String) name) + "\n")); } } } } } msg.append("\n"); msg.append("Misc. properties\n----------\n"); if (request != null) { msg.append("method: ").append(escape.transform(request.getMethod())).append("\n"); msg.append("querystring: ").append(escape.transform(request.getQueryString())).append("\n"); msg.append("requesturl: ") .append(escape.transform(request.getRequestURL().toString())) .append("\n"); } if (Boolean.TRUE.equals(showMMBaseVersion) || (showMMBaseVersion == null && !"false".equals(props.get("show_mmbase_version")))) { msg.append("mmbase version: ").append(org.mmbase.Version.get()).append("\n"); } msg.append("status: ").append("").append(String.valueOf(status)).append("\n\n"); if (request != null) { msg.append("Parameters\n----------\n"); // request parameters Enumeration en = request.getParameterNames(); while (en.hasMoreElements()) { String name = (String) en.nextElement(); msg.append(name) .append(": ") .append(escape.transform(request.getParameter(name))) .append("\n"); } } msg.append("\nException ") .append(ticket) .append("\n----------\n\n") .append( exception != null ? (escape.transform(exception.getClass().getName())) : "NO EXCEPTION") .append(": "); int wroteCauses = 0; while (!stack.isEmpty()) { Throwable t = stack.removeFirst(); // add stack stacktraces if (t != null) { if (stack.isEmpty()) { // write last message always msg = tee; } String message = t.getMessage(); if (msg != tee) { to.append("\n=== skipped(see log) : ") .append(escape.transform(t.getClass().getName())) .append(": ") .append(message) .append("\n"); } msg.append("\n\n").append(escape.transform(t.getClass().getName() + ": " + message)); StackTraceElement[] stackTrace = t.getStackTrace(); for (StackTraceElement e : stackTrace) { msg.append("\n at ").append(escape.transform(e.toString())); } if (!stack.isEmpty()) { msg.append("\n-------caused:\n"); } wroteCauses++; if (wroteCauses >= MAX_CAUSES) { msg = logMsg; } } } // write errors to log if (status == 500) { try { if (props.get("to") != null && props.get("to").length() > 0) { javax.naming.Context initCtx = new javax.naming.InitialContext(); javax.naming.Context envCtx = (javax.naming.Context) initCtx.lookup("java:comp/env"); Object mailSession = envCtx.lookup("mail/Session"); Class sessionClass = Class.forName("javax.mail.Session"); Class recipientTypeClass = Class.forName("javax.mail.Message$RecipientType"); Class messageClass = Class.forName("javax.mail.internet.MimeMessage"); Object mail = messageClass.getConstructor(sessionClass).newInstance(mailSession); messageClass .getMethod("addRecipients", recipientTypeClass, String.class) .invoke(mail, recipientTypeClass.getDeclaredField("TO").get(null), props.get("to")); messageClass.getMethod("setSubject", String.class).invoke(mail, ticket); mail.getClass().getMethod("setText", String.class).invoke(mail, logMsg.toString()); Class.forName("javax.mail.Transport") .getMethod("send", Class.forName("javax.mail.Message")) .invoke(null, mail); tee.append("\nmailed to (").append(String.valueOf(props)).append(")"); } } catch (Exception nnfe) { tee.append("\nnot mailed (").append(String.valueOf(nnfe)).append(")"); if (log.isDebugEnabled()) { log.debug(nnfe.getMessage(), nnfe); } } log.error("TICKET " + ticket + ":\n" + logMsg); } return to; }