@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheValue("foo");
String bar = new Test().doSomething(param);
String a1 = "";
String a2 = "";
String osName = System.getProperty("os.name");
if (osName.indexOf("Windows") != -1) {
a1 = "cmd.exe";
a2 = "/c";
} else {
a1 = "sh";
a2 = "-c";
}
String[] args = {a1, a2, "echo", bar};
String[] argsEnv = {"foo=bar"};
Runtime r = Runtime.getRuntime();
try {
Process p = r.exec(args, argsEnv, new java.io.File(System.getProperty("user.dir")));
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
} catch (IOException e) {
System.out.println("Problem executing cmdi - TestCase");
throw new ServletException(e);
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheValue("foo");
String bar = "safe!";
java.util.HashMap<String, Object> map72994 = new java.util.HashMap<String, Object>();
map72994.put("keyA-72994", "a_Value"); // put some stuff in the collection
map72994.put("keyB-72994", param.toString()); // put it in a collection
map72994.put("keyC", "another_Value"); // put some stuff in the collection
bar = (String) map72994.get("keyB-72994"); // get it back out
bar = (String) map72994.get("keyA-72994"); // get safe value back out
try {
java.util.Random numGen = java.security.SecureRandom.getInstance("SHA1PRNG");
boolean randNumber = getNextNumber(numGen);
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println("Problem executing SecureRandom.nextBoolean() - TestCase");
throw new ServletException(e);
}
response
.getWriter()
.println("Weak Randomness Test java.security.SecureRandom.nextBoolean() executed");
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = new Test().doSomething(param);
String sql = "{call verifyUserPassword('foo','" + bar + "')}";
try {
java.sql.Connection connection =
org.owasp.benchmark.helpers.DatabaseHelper.getSqlConnection();
java.sql.CallableStatement statement =
connection.prepareCall(
sql,
java.sql.ResultSet.TYPE_FORWARD_ONLY,
java.sql.ResultSet.CONCUR_READ_ONLY,
java.sql.ResultSet.CLOSE_CURSORS_AT_COMMIT);
statement.execute();
} catch (java.sql.SQLException e) {
throw new ServletException(e);
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = new Test().doSomething(param);
java.security.Provider[] provider = java.security.Security.getProviders();
javax.crypto.Cipher c;
try {
c =
javax.crypto.Cipher.getInstance(
"AES/CBC/PKCS5PADDING", java.security.Security.getProvider("SunJCE"));
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println(
"Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String,java.security.Provider) Test Case");
throw new ServletException(e);
} catch (javax.crypto.NoSuchPaddingException e) {
System.out.println(
"Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String,java.security.Provider) Test Case");
throw new ServletException(e);
}
response
.getWriter()
.println(
"Crypto Test javax.crypto.Cipher.getInstance(java.lang.String,java.security.Provider) executed");
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheValue("foo");
String bar = param.split(" ")[0];
try {
java.security.MessageDigest md = java.security.MessageDigest.getInstance("SHA1", "SUN");
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println(
"Problem executing hash - TestCase java.security.MessageDigest.getInstance(java.lang.String,java.lang.String)");
throw new ServletException(e);
} catch (java.security.NoSuchProviderException e) {
System.out.println(
"Problem executing hash - TestCase java.security.MessageDigest.getInstance(java.lang.String,java.lang.String)");
throw new ServletException(e);
}
response
.getWriter()
.println(
"Hash Test java.security.MessageDigest.getInstance(java.lang.String,java.lang.String) executed");
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheValue("foo");
String bar = param;
if (param.length() > 1) {
bar = param.substring(0, param.length() - 1);
}
// FILE URIs are tricky because they are different between Mac and Windows because of lack of
// standardization.
// Mac requires an extra slash for some reason.
String startURIslashes = "";
if (System.getProperty("os.name").indexOf("Windows") != -1)
if (System.getProperty("os.name").indexOf("Windows") != -1) startURIslashes = "/";
else startURIslashes = "//";
try {
java.net.URI fileURI =
new java.net.URI(
"file:"
+ startURIslashes
+ org.owasp.benchmark.helpers.Utils.testfileDir
.replace('\\', '/')
.replace(' ', '_')
+ bar);
new java.io.File(fileURI);
} catch (java.net.URISyntaxException e) {
throw new ServletException(e);
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
// Chain a bunch of propagators in sequence
String a93077 = param; // assign
StringBuilder b93077 = new StringBuilder(a93077); // stick in stringbuilder
b93077.append(" SafeStuff"); // append some safe content
b93077.replace(
b93077.length() - "Chars".length(),
b93077.length(),
"Chars"); // replace some of the end content
java.util.HashMap<String, Object> map93077 = new java.util.HashMap<String, Object>();
map93077.put("key93077", b93077.toString()); // put in a collection
String c93077 = (String) map93077.get("key93077"); // get it back out
String d93077 = c93077.substring(0, c93077.length() - 1); // extract most of it
String e93077 =
new String(
new sun.misc.BASE64Decoder()
.decodeBuffer(
new sun.misc.BASE64Encoder()
.encode(d93077.getBytes()))); // B64 encode and decode it
String f93077 = e93077.split(" ")[0]; // split it on a space
org.owasp.benchmark.helpers.ThingInterface thing =
org.owasp.benchmark.helpers.ThingFactory.createThing();
String bar = thing.doSomething(f93077); // reflection
java.io.File file = new java.io.File(bar);
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheValue("foo");
String bar = "safe!";
java.util.HashMap<String, Object> map13216 = new java.util.HashMap<String, Object>();
map13216.put("keyA-13216", "a Value"); // put some stuff in the collection
map13216.put("keyB-13216", param.toString()); // put it in a collection
map13216.put("keyC", "another Value"); // put some stuff in the collection
bar = (String) map13216.get("keyB-13216"); // get it back out
String sql = "{call verifyUserPassword('foo','" + bar + "')}";
try {
java.sql.Connection connection =
org.owasp.benchmark.helpers.DatabaseHelper.getSqlConnection();
java.sql.CallableStatement statement = connection.prepareCall(sql);
statement.execute();
} catch (java.sql.SQLException e) {
throw new ServletException(e);
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = new Test().doSomething(param);
try {
java.util.Random numGen = java.security.SecureRandom.getInstance("SHA1PRNG");
// Get 40 random bytes
byte[] randomBytes = new byte[40];
getNextNumber(numGen, randomBytes);
response.getWriter().println("Random bytes are: " + new String(randomBytes));
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println("Problem executing SecureRandom.nextBytes() - TestCase");
throw new ServletException(e);
} finally {
response
.getWriter()
.println("Randomness Test java.security.SecureRandom.nextBytes(byte[]) executed");
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = doSomething(param);
java.security.Provider[] provider = java.security.Security.getProviders();
java.security.MessageDigest md;
try {
if (provider.length > 1) {
md = java.security.MessageDigest.getInstance("SHA1", provider[0]);
} else {
md = java.security.MessageDigest.getInstance("SHA1", "SUN");
}
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println(
"Problem executing hash - TestCase java.security.MessageDigest.getInstance(java.lang.String,java.security.Provider)");
throw new ServletException(e);
} catch (java.security.NoSuchProviderException e) {
System.out.println(
"Problem executing hash - TestCase java.security.MessageDigest.getInstance(java.lang.String,java.security.Provider)");
throw new ServletException(e);
}
response
.getWriter()
.println(
"Hash Test java.security.MessageDigest.getInstance(java.lang.String,java.security.Provider) executed");
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = new Test().doSomething(param);
try {
java.util.Properties Benchmarkprops = new java.util.Properties();
Benchmarkprops.load(
this.getClass().getClassLoader().getResourceAsStream("Benchmark.properties"));
String algorithm = Benchmarkprops.getProperty("cryptoAlg2", "AES/ECB/PKCS5Padding");
javax.crypto.Cipher c = javax.crypto.Cipher.getInstance(algorithm);
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println(
"Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String) Test Case");
throw new ServletException(e);
} catch (javax.crypto.NoSuchPaddingException e) {
System.out.println(
"Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String) Test Case");
throw new ServletException(e);
}
response
.getWriter()
.println("Crypto Test javax.crypto.Cipher.getInstance(java.lang.String) executed");
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("vector");
if (param == null) param = "";
String bar = "safe!";
java.util.HashMap<String, Object> map51510 = new java.util.HashMap<String, Object>();
map51510.put("keyA-51510", "a_Value"); // put some stuff in the collection
map51510.put("keyB-51510", param); // put it in a collection
map51510.put("keyC", "another_Value"); // put some stuff in the collection
bar = (String) map51510.get("keyB-51510"); // get it back out
bar = (String) map51510.get("keyA-51510"); // get safe value back out
String cmd = "";
String osName = System.getProperty("os.name");
if (osName.indexOf("Windows") != -1) {
cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo");
}
Runtime r = Runtime.getRuntime();
try {
Process p = r.exec(cmd + bar);
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p, response);
} catch (IOException e) {
System.out.println("Problem executing cmdi - TestCase");
throw new ServletException(e);
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("vector");
if (param == null) param = "";
String bar = doSomething(param);
byte[] bytes = new byte[10];
new java.util.Random().nextBytes(bytes);
String rememberMeKey = org.owasp.esapi.ESAPI.encoder().encodeForBase64(bytes, true);
String user = "******";
String fullClassName = this.getClass().getName();
String testCaseNumber =
fullClassName.substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length());
user += testCaseNumber;
String cookieName = "rememberMe" + testCaseNumber;
boolean foundUser = false;
javax.servlet.http.Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (int i = 0; !foundUser && i < cookies.length; i++) {
javax.servlet.http.Cookie cookie = cookies[i];
if (cookieName.equals(cookie.getName())) {
if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
foundUser = true;
}
}
}
}
if (foundUser) {
response.getWriter().println("Welcome back: " + user + "<br/>");
} else {
javax.servlet.http.Cookie rememberMe =
new javax.servlet.http.Cookie(cookieName, rememberMeKey);
rememberMe.setSecure(true);
rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
request.getSession().setAttribute(cookieName, rememberMeKey);
response.addCookie(rememberMe);
response
.getWriter()
.println(
user
+ " has been remembered with cookie: "
+ rememberMe.getName()
+ " whose value is: "
+ rememberMe.getValue()
+ "<br/>");
}
response.getWriter().println("Weak Randomness Test java.util.Random.nextBytes() executed");
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheValue("vector");
String bar = doSomething(param);
try {
java.util.Properties benchmarkprops = new java.util.Properties();
benchmarkprops.load(
this.getClass().getClassLoader().getResourceAsStream("benchmark.properties"));
String algorithm = benchmarkprops.getProperty("hashAlg2", "SHA5");
java.security.MessageDigest md = java.security.MessageDigest.getInstance(algorithm);
byte[] input = {(byte) '?'};
Object inputParam = bar;
if (inputParam instanceof String) input = ((String) inputParam).getBytes();
if (inputParam instanceof java.io.InputStream) {
byte[] strInput = new byte[1000];
int i = ((java.io.InputStream) inputParam).read(strInput);
if (i == -1) {
response
.getWriter()
.println(
"This input source requires a POST, not a GET. Incompatible UI for the InputStream source.");
return;
}
input = java.util.Arrays.copyOf(strInput, i);
}
md.update(input);
byte[] result = md.digest();
java.io.File fileTarget =
new java.io.File(
new java.io.File(org.owasp.benchmark.helpers.Utils.testfileDir), "passwordFile.txt");
java.io.FileWriter fw =
new java.io.FileWriter(fileTarget, true); // the true will append the new data
fw.write(
"hash_value=" + org.owasp.esapi.ESAPI.encoder().encodeForBase64(result, true) + "\n");
fw.close();
response
.getWriter()
.println(
"Sensitive value '"
+ org.owasp.esapi.ESAPI.encoder().encodeForHTML(new String(input))
+ "' hashed and stored<br/>");
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println("Problem executing hash - TestCase");
throw new ServletException(e);
}
response
.getWriter()
.println("Hash Test java.security.MessageDigest.getInstance(java.lang.String) executed");
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar;
String guess = "ABC";
char switchTarget = guess.charAt(2);
// Simple case statement that assigns param to bar on conditions 'A' or 'C'
switch (switchTarget) {
case 'A':
bar = param;
break;
case 'B':
bar = "bobs_your_uncle";
break;
case 'C':
case 'D':
bar = param;
break;
default:
bar = "bobs_your_uncle";
break;
}
java.security.Provider[] provider = java.security.Security.getProviders();
java.security.MessageDigest md;
try {
if (provider.length > 1) {
md = java.security.MessageDigest.getInstance("sha-384", provider[0]);
} else {
md = java.security.MessageDigest.getInstance("sha-384", "SUN");
}
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println(
"Problem executing hash - TestCase java.security.MessageDigest.getInstance(java.lang.String,java.security.Provider)");
throw new ServletException(e);
} catch (java.security.NoSuchProviderException e) {
System.out.println(
"Problem executing hash - TestCase java.security.MessageDigest.getInstance(java.lang.String,java.security.Provider)");
throw new ServletException(e);
}
response
.getWriter()
.println(
"Hash Test java.security.MessageDigest.getInstance(java.lang.String,java.security.Provider) executed");
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = org.owasp.esapi.ESAPI.encoder().encodeForHTML(param);
response.getWriter().write(bar);
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheValue("foo");
String bar = doSomething(param);
response.getWriter().print(bar.toCharArray());
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheValue("foo");
String bar = doSomething(param);
java.io.File file = new java.io.File(bar);
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheValue("foo");
String bar = param;
// javax.servlet.http.HttpSession.putValue(java.lang.String^,java.lang.Object)
request.getSession().putValue(bar, "foo");
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheValue("foo");
String bar = doSomething(param);
// javax.servlet.http.HttpSession.setAttribute(java.lang.String,java.lang.Object^)
request.getSession().setAttribute("foo", bar);
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = new Test().doSomething(param);
Object[] obj = {"a", "b"};
response.getWriter().printf(bar, obj);
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheValue("foo");
String bar = new Test().doSomething(param);
Object[] obj = {"a", bar};
response.getWriter().format(java.util.Locale.US, "notfoo", obj);
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = new Test().doSomething(param);
double rand = new java.util.Random().nextDouble();
response.getWriter().println("Weak Randomness Test java.util.Random.nextDouble() executed");
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
// Chain a bunch of propagators in sequence
String a32671 = param; // assign
StringBuilder b32671 = new StringBuilder(a32671); // stick in stringbuilder
b32671.append(" SafeStuff"); // append some safe content
b32671.replace(
b32671.length() - "Chars".length(),
b32671.length(),
"Chars"); // replace some of the end content
java.util.HashMap<String, Object> map32671 = new java.util.HashMap<String, Object>();
map32671.put("key32671", b32671.toString()); // put in a collection
String c32671 = (String) map32671.get("key32671"); // get it back out
String d32671 = c32671.substring(0, c32671.length() - 1); // extract most of it
String e32671 =
new String(
new sun.misc.BASE64Decoder()
.decodeBuffer(
new sun.misc.BASE64Encoder()
.encode(d32671.getBytes()))); // B64 encode and decode it
String f32671 = e32671.split(" ")[0]; // split it on a space
org.owasp.benchmark.helpers.ThingInterface thing =
org.owasp.benchmark.helpers.ThingFactory.createThing();
String bar = thing.doSomething(f32671); // reflection
try {
java.security.SecureRandom secureRandomGenerator =
java.security.SecureRandom.getInstance("SHA1PRNG");
// Get 40 random bytes
byte[] randomBytes = new byte[40];
secureRandomGenerator.nextBytes(randomBytes);
response.getWriter().println("Random bytes are: " + new String(randomBytes));
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println("Problem executing SecureRandom.nextBytes() - TestCase");
throw new ServletException(e);
} finally {
response
.getWriter()
.println("Randomness Test java.security.SecureRandom.nextBytes(byte[]) executed");
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = doSomething(param);
int length = 1;
if (bar != null) {
length = bar.length();
response.getWriter().write(bar, 0, length - 1);
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheValue("foo");
String bar = new Test().doSomething(param);
javax.servlet.http.Cookie cookie = new javax.servlet.http.Cookie("SomeCookie", "SomeValue");
cookie.setSecure(false);
response.addCookie(cookie);
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheValue("foo");
String bar = doSomething(param);
try {
javax.naming.directory.DirContext dc = org.owasp.benchmark.helpers.Utils.getDirContext();
dc.search("name", bar, new javax.naming.directory.SearchControls());
} catch (javax.naming.NamingException e) {
throw new ServletException(e);
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar;
// Simple if statement that assigns param to bar on true condition
int i = 196;
if ((500 / 42) + i > 200) bar = param;
else bar = "This should never happen";
response.getWriter().print(bar.toCharArray());
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("vector");
if (param == null) param = "";
// Chain a bunch of propagators in sequence
String a59200 = param; // assign
StringBuilder b59200 = new StringBuilder(a59200); // stick in stringbuilder
b59200.append(" SafeStuff"); // append some safe content
b59200.replace(
b59200.length() - "Chars".length(),
b59200.length(),
"Chars"); // replace some of the end content
java.util.HashMap<String, Object> map59200 = new java.util.HashMap<String, Object>();
map59200.put("key59200", b59200.toString()); // put in a collection
String c59200 = (String) map59200.get("key59200"); // get it back out
String d59200 = c59200.substring(0, c59200.length() - 1); // extract most of it
String e59200 =
new String(
new sun.misc.BASE64Decoder()
.decodeBuffer(
new sun.misc.BASE64Encoder()
.encode(d59200.getBytes()))); // B64 encode and decode it
String f59200 = e59200.split(" ")[0]; // split it on a space
org.owasp.benchmark.helpers.ThingInterface thing =
org.owasp.benchmark.helpers.ThingFactory.createThing();
String g59200 = "barbarians_at_the_gate"; // This is static so this whole flow is 'safe'
String bar = thing.doSomething(g59200); // reflection
java.io.File fileTarget =
new java.io.File(new java.io.File(org.owasp.benchmark.helpers.Utils.testfileDir), bar);
response.getWriter().write("Access to file: '" + fileTarget + "' created.");
if (fileTarget.exists()) {
response.getWriter().write(" And file already exists.");
} else {
response.getWriter().write(" But file doesn't exist yet.");
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
org.owasp.benchmark.helpers.SeparateClassRequest scr =
new org.owasp.benchmark.helpers.SeparateClassRequest(request);
String param = scr.getTheParameter("foo");
String bar = doSomething(param);
javax.xml.xpath.XPathFactory xpf = javax.xml.xpath.XPathFactory.newInstance();
javax.xml.xpath.XPath xp = xpf.newXPath();
try {
xp.compile(bar);
} catch (javax.xml.xpath.XPathExpressionException e) {
// OK to swallow
System.out.println("XPath expression exception caught and swallowed: " + e.getMessage());
}
} // end doPost
