@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheValue("foo"); String bar = new Test().doSomething(param); String a1 = ""; String a2 = ""; String osName = System.getProperty("os.name"); if (osName.indexOf("Windows") != -1) { a1 = "cmd.exe"; a2 = "/c"; } else { a1 = "sh"; a2 = "-c"; } String[] args = {a1, a2, "echo", bar}; String[] argsEnv = {"foo=bar"}; Runtime r = Runtime.getRuntime(); try { Process p = r.exec(args, argsEnv, new java.io.File(System.getProperty("user.dir"))); org.owasp.benchmark.helpers.Utils.printOSCommandResults(p); } catch (IOException e) { System.out.println("Problem executing cmdi - TestCase"); throw new ServletException(e); } } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheValue("foo"); String bar = "safe!"; java.util.HashMap<String, Object> map72994 = new java.util.HashMap<String, Object>(); map72994.put("keyA-72994", "a_Value"); // put some stuff in the collection map72994.put("keyB-72994", param.toString()); // put it in a collection map72994.put("keyC", "another_Value"); // put some stuff in the collection bar = (String) map72994.get("keyB-72994"); // get it back out bar = (String) map72994.get("keyA-72994"); // get safe value back out try { java.util.Random numGen = java.security.SecureRandom.getInstance("SHA1PRNG"); boolean randNumber = getNextNumber(numGen); } catch (java.security.NoSuchAlgorithmException e) { System.out.println("Problem executing SecureRandom.nextBoolean() - TestCase"); throw new ServletException(e); } response .getWriter() .println("Weak Randomness Test java.security.SecureRandom.nextBoolean() executed"); }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheParameter("foo"); String bar = new Test().doSomething(param); String sql = "{call verifyUserPassword('foo','" + bar + "')}"; try { java.sql.Connection connection = org.owasp.benchmark.helpers.DatabaseHelper.getSqlConnection(); java.sql.CallableStatement statement = connection.prepareCall( sql, java.sql.ResultSet.TYPE_FORWARD_ONLY, java.sql.ResultSet.CONCUR_READ_ONLY, java.sql.ResultSet.CLOSE_CURSORS_AT_COMMIT); statement.execute(); } catch (java.sql.SQLException e) { throw new ServletException(e); } } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheParameter("foo"); String bar = new Test().doSomething(param); java.security.Provider[] provider = java.security.Security.getProviders(); javax.crypto.Cipher c; try { c = javax.crypto.Cipher.getInstance( "AES/CBC/PKCS5PADDING", java.security.Security.getProvider("SunJCE")); } catch (java.security.NoSuchAlgorithmException e) { System.out.println( "Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String,java.security.Provider) Test Case"); throw new ServletException(e); } catch (javax.crypto.NoSuchPaddingException e) { System.out.println( "Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String,java.security.Provider) Test Case"); throw new ServletException(e); } response .getWriter() .println( "Crypto Test javax.crypto.Cipher.getInstance(java.lang.String,java.security.Provider) executed"); } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheValue("foo"); String bar = param.split(" ")[0]; try { java.security.MessageDigest md = java.security.MessageDigest.getInstance("SHA1", "SUN"); } catch (java.security.NoSuchAlgorithmException e) { System.out.println( "Problem executing hash - TestCase java.security.MessageDigest.getInstance(java.lang.String,java.lang.String)"); throw new ServletException(e); } catch (java.security.NoSuchProviderException e) { System.out.println( "Problem executing hash - TestCase java.security.MessageDigest.getInstance(java.lang.String,java.lang.String)"); throw new ServletException(e); } response .getWriter() .println( "Hash Test java.security.MessageDigest.getInstance(java.lang.String,java.lang.String) executed"); }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheValue("foo"); String bar = param; if (param.length() > 1) { bar = param.substring(0, param.length() - 1); } // FILE URIs are tricky because they are different between Mac and Windows because of lack of // standardization. // Mac requires an extra slash for some reason. String startURIslashes = ""; if (System.getProperty("os.name").indexOf("Windows") != -1) if (System.getProperty("os.name").indexOf("Windows") != -1) startURIslashes = "/"; else startURIslashes = "//"; try { java.net.URI fileURI = new java.net.URI( "file:" + startURIslashes + org.owasp.benchmark.helpers.Utils.testfileDir .replace('\\', '/') .replace(' ', '_') + bar); new java.io.File(fileURI); } catch (java.net.URISyntaxException e) { throw new ServletException(e); } }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheParameter("foo"); // Chain a bunch of propagators in sequence String a93077 = param; // assign StringBuilder b93077 = new StringBuilder(a93077); // stick in stringbuilder b93077.append(" SafeStuff"); // append some safe content b93077.replace( b93077.length() - "Chars".length(), b93077.length(), "Chars"); // replace some of the end content java.util.HashMap<String, Object> map93077 = new java.util.HashMap<String, Object>(); map93077.put("key93077", b93077.toString()); // put in a collection String c93077 = (String) map93077.get("key93077"); // get it back out String d93077 = c93077.substring(0, c93077.length() - 1); // extract most of it String e93077 = new String( new sun.misc.BASE64Decoder() .decodeBuffer( new sun.misc.BASE64Encoder() .encode(d93077.getBytes()))); // B64 encode and decode it String f93077 = e93077.split(" ")[0]; // split it on a space org.owasp.benchmark.helpers.ThingInterface thing = org.owasp.benchmark.helpers.ThingFactory.createThing(); String bar = thing.doSomething(f93077); // reflection java.io.File file = new java.io.File(bar); }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheValue("foo"); String bar = "safe!"; java.util.HashMap<String, Object> map13216 = new java.util.HashMap<String, Object>(); map13216.put("keyA-13216", "a Value"); // put some stuff in the collection map13216.put("keyB-13216", param.toString()); // put it in a collection map13216.put("keyC", "another Value"); // put some stuff in the collection bar = (String) map13216.get("keyB-13216"); // get it back out String sql = "{call verifyUserPassword('foo','" + bar + "')}"; try { java.sql.Connection connection = org.owasp.benchmark.helpers.DatabaseHelper.getSqlConnection(); java.sql.CallableStatement statement = connection.prepareCall(sql); statement.execute(); } catch (java.sql.SQLException e) { throw new ServletException(e); } }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheParameter("foo"); String bar = new Test().doSomething(param); try { java.util.Random numGen = java.security.SecureRandom.getInstance("SHA1PRNG"); // Get 40 random bytes byte[] randomBytes = new byte[40]; getNextNumber(numGen, randomBytes); response.getWriter().println("Random bytes are: " + new String(randomBytes)); } catch (java.security.NoSuchAlgorithmException e) { System.out.println("Problem executing SecureRandom.nextBytes() - TestCase"); throw new ServletException(e); } finally { response .getWriter() .println("Randomness Test java.security.SecureRandom.nextBytes(byte[]) executed"); } }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheParameter("foo"); String bar = doSomething(param); java.security.Provider[] provider = java.security.Security.getProviders(); java.security.MessageDigest md; try { if (provider.length > 1) { md = java.security.MessageDigest.getInstance("SHA1", provider[0]); } else { md = java.security.MessageDigest.getInstance("SHA1", "SUN"); } } catch (java.security.NoSuchAlgorithmException e) { System.out.println( "Problem executing hash - TestCase java.security.MessageDigest.getInstance(java.lang.String,java.security.Provider)"); throw new ServletException(e); } catch (java.security.NoSuchProviderException e) { System.out.println( "Problem executing hash - TestCase java.security.MessageDigest.getInstance(java.lang.String,java.security.Provider)"); throw new ServletException(e); } response .getWriter() .println( "Hash Test java.security.MessageDigest.getInstance(java.lang.String,java.security.Provider) executed"); } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheParameter("foo"); String bar = new Test().doSomething(param); try { java.util.Properties Benchmarkprops = new java.util.Properties(); Benchmarkprops.load( this.getClass().getClassLoader().getResourceAsStream("Benchmark.properties")); String algorithm = Benchmarkprops.getProperty("cryptoAlg2", "AES/ECB/PKCS5Padding"); javax.crypto.Cipher c = javax.crypto.Cipher.getInstance(algorithm); } catch (java.security.NoSuchAlgorithmException e) { System.out.println( "Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String) Test Case"); throw new ServletException(e); } catch (javax.crypto.NoSuchPaddingException e) { System.out.println( "Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String) Test Case"); throw new ServletException(e); } response .getWriter() .println("Crypto Test javax.crypto.Cipher.getInstance(java.lang.String) executed"); } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheParameter("vector"); if (param == null) param = ""; String bar = "safe!"; java.util.HashMap<String, Object> map51510 = new java.util.HashMap<String, Object>(); map51510.put("keyA-51510", "a_Value"); // put some stuff in the collection map51510.put("keyB-51510", param); // put it in a collection map51510.put("keyC", "another_Value"); // put some stuff in the collection bar = (String) map51510.get("keyB-51510"); // get it back out bar = (String) map51510.get("keyA-51510"); // get safe value back out String cmd = ""; String osName = System.getProperty("os.name"); if (osName.indexOf("Windows") != -1) { cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo"); } Runtime r = Runtime.getRuntime(); try { Process p = r.exec(cmd + bar); org.owasp.benchmark.helpers.Utils.printOSCommandResults(p, response); } catch (IOException e) { System.out.println("Problem executing cmdi - TestCase"); throw new ServletException(e); } }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheParameter("vector"); if (param == null) param = ""; String bar = doSomething(param); byte[] bytes = new byte[10]; new java.util.Random().nextBytes(bytes); String rememberMeKey = org.owasp.esapi.ESAPI.encoder().encodeForBase64(bytes, true); String user = "******"; String fullClassName = this.getClass().getName(); String testCaseNumber = fullClassName.substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length()); user += testCaseNumber; String cookieName = "rememberMe" + testCaseNumber; boolean foundUser = false; javax.servlet.http.Cookie[] cookies = request.getCookies(); if (cookies != null) { for (int i = 0; !foundUser && i < cookies.length; i++) { javax.servlet.http.Cookie cookie = cookies[i]; if (cookieName.equals(cookie.getName())) { if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) { foundUser = true; } } } } if (foundUser) { response.getWriter().println("Welcome back: " + user + "<br/>"); } else { javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey); rememberMe.setSecure(true); rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName()); request.getSession().setAttribute(cookieName, rememberMeKey); response.addCookie(rememberMe); response .getWriter() .println( user + " has been remembered with cookie: " + rememberMe.getName() + " whose value is: " + rememberMe.getValue() + "<br/>"); } response.getWriter().println("Weak Randomness Test java.util.Random.nextBytes() executed"); } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheValue("vector"); String bar = doSomething(param); try { java.util.Properties benchmarkprops = new java.util.Properties(); benchmarkprops.load( this.getClass().getClassLoader().getResourceAsStream("benchmark.properties")); String algorithm = benchmarkprops.getProperty("hashAlg2", "SHA5"); java.security.MessageDigest md = java.security.MessageDigest.getInstance(algorithm); byte[] input = {(byte) '?'}; Object inputParam = bar; if (inputParam instanceof String) input = ((String) inputParam).getBytes(); if (inputParam instanceof java.io.InputStream) { byte[] strInput = new byte[1000]; int i = ((java.io.InputStream) inputParam).read(strInput); if (i == -1) { response .getWriter() .println( "This input source requires a POST, not a GET. Incompatible UI for the InputStream source."); return; } input = java.util.Arrays.copyOf(strInput, i); } md.update(input); byte[] result = md.digest(); java.io.File fileTarget = new java.io.File( new java.io.File(org.owasp.benchmark.helpers.Utils.testfileDir), "passwordFile.txt"); java.io.FileWriter fw = new java.io.FileWriter(fileTarget, true); // the true will append the new data fw.write( "hash_value=" + org.owasp.esapi.ESAPI.encoder().encodeForBase64(result, true) + "\n"); fw.close(); response .getWriter() .println( "Sensitive value '" + org.owasp.esapi.ESAPI.encoder().encodeForHTML(new String(input)) + "' hashed and stored<br/>"); } catch (java.security.NoSuchAlgorithmException e) { System.out.println("Problem executing hash - TestCase"); throw new ServletException(e); } response .getWriter() .println("Hash Test java.security.MessageDigest.getInstance(java.lang.String) executed"); } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheParameter("foo"); String bar; String guess = "ABC"; char switchTarget = guess.charAt(2); // Simple case statement that assigns param to bar on conditions 'A' or 'C' switch (switchTarget) { case 'A': bar = param; break; case 'B': bar = "bobs_your_uncle"; break; case 'C': case 'D': bar = param; break; default: bar = "bobs_your_uncle"; break; } java.security.Provider[] provider = java.security.Security.getProviders(); java.security.MessageDigest md; try { if (provider.length > 1) { md = java.security.MessageDigest.getInstance("sha-384", provider[0]); } else { md = java.security.MessageDigest.getInstance("sha-384", "SUN"); } } catch (java.security.NoSuchAlgorithmException e) { System.out.println( "Problem executing hash - TestCase java.security.MessageDigest.getInstance(java.lang.String,java.security.Provider)"); throw new ServletException(e); } catch (java.security.NoSuchProviderException e) { System.out.println( "Problem executing hash - TestCase java.security.MessageDigest.getInstance(java.lang.String,java.security.Provider)"); throw new ServletException(e); } response .getWriter() .println( "Hash Test java.security.MessageDigest.getInstance(java.lang.String,java.security.Provider) executed"); }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheParameter("foo"); String bar = org.owasp.esapi.ESAPI.encoder().encodeForHTML(param); response.getWriter().write(bar); }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheValue("foo"); String bar = doSomething(param); response.getWriter().print(bar.toCharArray()); } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheValue("foo"); String bar = doSomething(param); java.io.File file = new java.io.File(bar); } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheValue("foo"); String bar = param; // javax.servlet.http.HttpSession.putValue(java.lang.String^,java.lang.Object) request.getSession().putValue(bar, "foo"); }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheValue("foo"); String bar = doSomething(param); // javax.servlet.http.HttpSession.setAttribute(java.lang.String,java.lang.Object^) request.getSession().setAttribute("foo", bar); } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheParameter("foo"); String bar = new Test().doSomething(param); Object[] obj = {"a", "b"}; response.getWriter().printf(bar, obj); } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheValue("foo"); String bar = new Test().doSomething(param); Object[] obj = {"a", bar}; response.getWriter().format(java.util.Locale.US, "notfoo", obj); } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheParameter("foo"); String bar = new Test().doSomething(param); double rand = new java.util.Random().nextDouble(); response.getWriter().println("Weak Randomness Test java.util.Random.nextDouble() executed"); } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheParameter("foo"); // Chain a bunch of propagators in sequence String a32671 = param; // assign StringBuilder b32671 = new StringBuilder(a32671); // stick in stringbuilder b32671.append(" SafeStuff"); // append some safe content b32671.replace( b32671.length() - "Chars".length(), b32671.length(), "Chars"); // replace some of the end content java.util.HashMap<String, Object> map32671 = new java.util.HashMap<String, Object>(); map32671.put("key32671", b32671.toString()); // put in a collection String c32671 = (String) map32671.get("key32671"); // get it back out String d32671 = c32671.substring(0, c32671.length() - 1); // extract most of it String e32671 = new String( new sun.misc.BASE64Decoder() .decodeBuffer( new sun.misc.BASE64Encoder() .encode(d32671.getBytes()))); // B64 encode and decode it String f32671 = e32671.split(" ")[0]; // split it on a space org.owasp.benchmark.helpers.ThingInterface thing = org.owasp.benchmark.helpers.ThingFactory.createThing(); String bar = thing.doSomething(f32671); // reflection try { java.security.SecureRandom secureRandomGenerator = java.security.SecureRandom.getInstance("SHA1PRNG"); // Get 40 random bytes byte[] randomBytes = new byte[40]; secureRandomGenerator.nextBytes(randomBytes); response.getWriter().println("Random bytes are: " + new String(randomBytes)); } catch (java.security.NoSuchAlgorithmException e) { System.out.println("Problem executing SecureRandom.nextBytes() - TestCase"); throw new ServletException(e); } finally { response .getWriter() .println("Randomness Test java.security.SecureRandom.nextBytes(byte[]) executed"); } }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheParameter("foo"); String bar = doSomething(param); int length = 1; if (bar != null) { length = bar.length(); response.getWriter().write(bar, 0, length - 1); } } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheValue("foo"); String bar = new Test().doSomething(param); javax.servlet.http.Cookie cookie = new javax.servlet.http.Cookie("SomeCookie", "SomeValue"); cookie.setSecure(false); response.addCookie(cookie); } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheValue("foo"); String bar = doSomething(param); try { javax.naming.directory.DirContext dc = org.owasp.benchmark.helpers.Utils.getDirContext(); dc.search("name", bar, new javax.naming.directory.SearchControls()); } catch (javax.naming.NamingException e) { throw new ServletException(e); } } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheParameter("foo"); String bar; // Simple if statement that assigns param to bar on true condition int i = 196; if ((500 / 42) + i > 200) bar = param; else bar = "This should never happen"; response.getWriter().print(bar.toCharArray()); }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheParameter("vector"); if (param == null) param = ""; // Chain a bunch of propagators in sequence String a59200 = param; // assign StringBuilder b59200 = new StringBuilder(a59200); // stick in stringbuilder b59200.append(" SafeStuff"); // append some safe content b59200.replace( b59200.length() - "Chars".length(), b59200.length(), "Chars"); // replace some of the end content java.util.HashMap<String, Object> map59200 = new java.util.HashMap<String, Object>(); map59200.put("key59200", b59200.toString()); // put in a collection String c59200 = (String) map59200.get("key59200"); // get it back out String d59200 = c59200.substring(0, c59200.length() - 1); // extract most of it String e59200 = new String( new sun.misc.BASE64Decoder() .decodeBuffer( new sun.misc.BASE64Encoder() .encode(d59200.getBytes()))); // B64 encode and decode it String f59200 = e59200.split(" ")[0]; // split it on a space org.owasp.benchmark.helpers.ThingInterface thing = org.owasp.benchmark.helpers.ThingFactory.createThing(); String g59200 = "barbarians_at_the_gate"; // This is static so this whole flow is 'safe' String bar = thing.doSomething(g59200); // reflection java.io.File fileTarget = new java.io.File(new java.io.File(org.owasp.benchmark.helpers.Utils.testfileDir), bar); response.getWriter().write("Access to file: '" + fileTarget + "' created."); if (fileTarget.exists()) { response.getWriter().write(" And file already exists."); } else { response.getWriter().write(" But file doesn't exist yet."); } }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest(request); String param = scr.getTheParameter("foo"); String bar = doSomething(param); javax.xml.xpath.XPathFactory xpf = javax.xml.xpath.XPathFactory.newInstance(); javax.xml.xpath.XPath xp = xpf.newXPath(); try { xp.compile(bar); } catch (javax.xml.xpath.XPathExpressionException e) { // OK to swallow System.out.println("XPath expression exception caught and swallowed: " + e.getMessage()); } } // end doPost