コード例 #1
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = "";
    java.util.Enumeration<String> names = request.getParameterNames();
    if (names.hasMoreElements()) {
      param = names.nextElement(); // just grab first element
    }

    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String bar = thing.doSomething(param);

    try {
      java.nio.file.Path path =
          java.nio.file.Paths.get(org.owasp.benchmark.helpers.Utils.testfileDir + bar);
      java.io.InputStream is =
          java.nio.file.Files.newInputStream(path, java.nio.file.StandardOpenOption.READ);
    } catch (Exception e) {
      // OK to swallow any exception for now
      // TODO: Fix this, if possible.
      System.out.println("File exception caught and swallowed: " + e.getMessage());
    }
  }
コード例 #2
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = request.getHeader("foo");

    // Chain a bunch of propagators in sequence
    String a79675 = param; // assign
    StringBuilder b79675 = new StringBuilder(a79675); // stick in stringbuilder
    b79675.append(" SafeStuff"); // append some safe content
    b79675.replace(
        b79675.length() - "Chars".length(),
        b79675.length(),
        "Chars"); // replace some of the end content
    java.util.HashMap<String, Object> map79675 = new java.util.HashMap<String, Object>();
    map79675.put("key79675", b79675.toString()); // put in a collection
    String c79675 = (String) map79675.get("key79675"); // get it back out
    String d79675 = c79675.substring(0, c79675.length() - 1); // extract most of it
    String e79675 =
        new String(
            new sun.misc.BASE64Decoder()
                .decodeBuffer(
                    new sun.misc.BASE64Encoder()
                        .encode(d79675.getBytes()))); // B64 encode and decode it
    String f79675 = e79675.split(" ")[0]; // split it on a space
    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String g79675 = "barbarians_at_the_gate"; // This is static so this whole flow is 'safe'
    String bar = thing.doSomething(g79675); // reflection

    int r = new java.util.Random().nextInt();

    response.getWriter().println("Weak Randomness Test java.util.Random.nextInt() executed");
  }
コード例 #3
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    org.owasp.benchmark.helpers.SeparateClassRequest scr =
        new org.owasp.benchmark.helpers.SeparateClassRequest(request);
    String param = scr.getTheParameter("foo");

    // Chain a bunch of propagators in sequence
    String a93077 = param; // assign
    StringBuilder b93077 = new StringBuilder(a93077); // stick in stringbuilder
    b93077.append(" SafeStuff"); // append some safe content
    b93077.replace(
        b93077.length() - "Chars".length(),
        b93077.length(),
        "Chars"); // replace some of the end content
    java.util.HashMap<String, Object> map93077 = new java.util.HashMap<String, Object>();
    map93077.put("key93077", b93077.toString()); // put in a collection
    String c93077 = (String) map93077.get("key93077"); // get it back out
    String d93077 = c93077.substring(0, c93077.length() - 1); // extract most of it
    String e93077 =
        new String(
            new sun.misc.BASE64Decoder()
                .decodeBuffer(
                    new sun.misc.BASE64Encoder()
                        .encode(d93077.getBytes()))); // B64 encode and decode it
    String f93077 = e93077.split(" ")[0]; // split it on a space
    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String bar = thing.doSomething(f93077); // reflection

    java.io.File file = new java.io.File(bar);
  }
コード例 #4
0
    public String doSomething(String param) throws ServletException, IOException {

      // Chain a bunch of propagators in sequence
      String a85270 = param; // assign
      StringBuilder b85270 = new StringBuilder(a85270); // stick in stringbuilder
      b85270.append(" SafeStuff"); // append some safe content
      b85270.replace(
          b85270.length() - "Chars".length(),
          b85270.length(),
          "Chars"); // replace some of the end content
      java.util.HashMap<String, Object> map85270 = new java.util.HashMap<String, Object>();
      map85270.put("key85270", b85270.toString()); // put in a collection
      String c85270 = (String) map85270.get("key85270"); // get it back out
      String d85270 = c85270.substring(0, c85270.length() - 1); // extract most of it
      String e85270 =
          new String(
              new sun.misc.BASE64Decoder()
                  .decodeBuffer(
                      new sun.misc.BASE64Encoder()
                          .encode(d85270.getBytes()))); // B64 encode and decode it
      String f85270 = e85270.split(" ")[0]; // split it on a space
      org.owasp.benchmark.helpers.ThingInterface thing =
          org.owasp.benchmark.helpers.ThingFactory.createThing();
      String g85270 = "barbarians_at_the_gate"; // This is static so this whole flow is 'safe'
      String bar = thing.doSomething(g85270); // reflection

      return bar;
    }
コード例 #5
0
  private static String doSomething(String param) throws ServletException, IOException {

    // Chain a bunch of propagators in sequence
    String a47625 = param; // assign
    StringBuilder b47625 = new StringBuilder(a47625); // stick in stringbuilder
    b47625.append(" SafeStuff"); // append some safe content
    b47625.replace(
        b47625.length() - "Chars".length(),
        b47625.length(),
        "Chars"); // replace some of the end content
    java.util.HashMap<String, Object> map47625 = new java.util.HashMap<String, Object>();
    map47625.put("key47625", b47625.toString()); // put in a collection
    String c47625 = (String) map47625.get("key47625"); // get it back out
    String d47625 = c47625.substring(0, c47625.length() - 1); // extract most of it
    String e47625 =
        new String(
            new sun.misc.BASE64Decoder()
                .decodeBuffer(
                    new sun.misc.BASE64Encoder()
                        .encode(d47625.getBytes()))); // B64 encode and decode it
    String f47625 = e47625.split(" ")[0]; // split it on a space
    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String bar = thing.doSomething(f47625); // reflection

    return bar;
  }
コード例 #6
0
    public String doSomething(String param) throws ServletException, IOException {

      org.owasp.benchmark.helpers.ThingInterface thing =
          org.owasp.benchmark.helpers.ThingFactory.createThing();
      String bar = thing.doSomething(param);

      return bar;
    }
コード例 #7
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    javax.servlet.http.Cookie[] cookies = request.getCookies();

    String param = null;
    boolean foundit = false;
    if (cookies != null) {
      for (javax.servlet.http.Cookie cookie : cookies) {
        if (cookie.getName().equals("foo")) {
          param = cookie.getValue();
          foundit = true;
        }
      }
      if (!foundit) {
        // no cookie found in collection
        param = "";
      }
    } else {
      // no cookies
      param = "";
    }

    // Chain a bunch of propagators in sequence
    String a71491 = param; // assign
    StringBuilder b71491 = new StringBuilder(a71491); // stick in stringbuilder
    b71491.append(" SafeStuff"); // append some safe content
    b71491.replace(
        b71491.length() - "Chars".length(),
        b71491.length(),
        "Chars"); // replace some of the end content
    java.util.HashMap<String, Object> map71491 = new java.util.HashMap<String, Object>();
    map71491.put("key71491", b71491.toString()); // put in a collection
    String c71491 = (String) map71491.get("key71491"); // get it back out
    String d71491 = c71491.substring(0, c71491.length() - 1); // extract most of it
    String e71491 =
        new String(
            new sun.misc.BASE64Decoder()
                .decodeBuffer(
                    new sun.misc.BASE64Encoder()
                        .encode(d71491.getBytes()))); // B64 encode and decode it
    String f71491 = e71491.split(" ")[0]; // split it on a space
    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String bar = thing.doSomething(f71491); // reflection

    try {
      java.nio.file.Path path =
          java.nio.file.Paths.get(org.owasp.benchmark.helpers.Utils.testfileDir + bar);
      java.io.InputStream is =
          java.nio.file.Files.newInputStream(path, java.nio.file.StandardOpenOption.READ);
    } catch (Exception e) {
      // OK to swallow any exception for now
      // TODO: Fix this, if possible.
      System.out.println("File exception caught and swallowed: " + e.getMessage());
    }
  }
コード例 #8
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    String queryString = request.getQueryString();
    String paramval = "vector" + "=";
    int paramLoc = -1;
    if (queryString != null) paramLoc = queryString.indexOf(paramval);
    if (paramLoc == -1) {
      response
          .getWriter()
          .println(
              "getQueryString() couldn't find expected parameter '"
                  + "vector"
                  + "' in query string.");
      return;
    }

    String param =
        queryString.substring(
            paramLoc
                + paramval
                    .length()); // 1st assume "vector" param is last parameter in query string.
    // And then check to see if its in the middle of the query string and if so, trim off what comes
    // after.
    int ampersandLoc = queryString.indexOf("&", paramLoc);
    if (ampersandLoc != -1) {
      param = queryString.substring(paramLoc + paramval.length(), ampersandLoc);
    }
    param = java.net.URLDecoder.decode(param, "UTF-8");

    // Chain a bunch of propagators in sequence
    String a41898 = param; // assign
    StringBuilder b41898 = new StringBuilder(a41898); // stick in stringbuilder
    b41898.append(" SafeStuff"); // append some safe content
    b41898.replace(
        b41898.length() - "Chars".length(),
        b41898.length(),
        "Chars"); // replace some of the end content
    java.util.HashMap<String, Object> map41898 = new java.util.HashMap<String, Object>();
    map41898.put("key41898", b41898.toString()); // put in a collection
    String c41898 = (String) map41898.get("key41898"); // get it back out
    String d41898 = c41898.substring(0, c41898.length() - 1); // extract most of it
    String e41898 =
        new String(
            new sun.misc.BASE64Decoder()
                .decodeBuffer(
                    new sun.misc.BASE64Encoder()
                        .encode(d41898.getBytes()))); // B64 encode and decode it
    String f41898 = e41898.split(" ")[0]; // split it on a space
    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String bar = thing.doSomething(f41898); // reflection

    response.getWriter().print(bar);
  }
コード例 #9
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = "";
    java.util.Enumeration<String> headerNames = request.getHeaderNames();
    if (headerNames.hasMoreElements()) {
      param = headerNames.nextElement(); // just grab first element
    }

    // Chain a bunch of propagators in sequence
    String a11768 = param; // assign
    StringBuilder b11768 = new StringBuilder(a11768); // stick in stringbuilder
    b11768.append(" SafeStuff"); // append some safe content
    b11768.replace(
        b11768.length() - "Chars".length(),
        b11768.length(),
        "Chars"); // replace some of the end content
    java.util.HashMap<String, Object> map11768 = new java.util.HashMap<String, Object>();
    map11768.put("key11768", b11768.toString()); // put in a collection
    String c11768 = (String) map11768.get("key11768"); // get it back out
    String d11768 = c11768.substring(0, c11768.length() - 1); // extract most of it
    String e11768 =
        new String(
            new sun.misc.BASE64Decoder()
                .decodeBuffer(
                    new sun.misc.BASE64Encoder()
                        .encode(d11768.getBytes()))); // B64 encode and decode it
    String f11768 = e11768.split(" ")[0]; // split it on a space
    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String g11768 = "barbarians_at_the_gate"; // This is static so this whole flow is 'safe'
    String bar = thing.doSomething(g11768); // reflection

    // FILE URIs are tricky because they are different between Mac and Windows because of lack of
    // standardization.
    // Mac requires an extra slash for some reason.
    String startURIslashes = "";
    if (System.getProperty("os.name").indexOf("Windows") != -1)
      if (System.getProperty("os.name").indexOf("Windows") != -1) startURIslashes = "/";
      else startURIslashes = "//";

    try {
      java.net.URI fileURI =
          new java.net.URI(
              "file:"
                  + startURIslashes
                  + org.owasp.benchmark.helpers.Utils.testfileDir
                      .replace('\\', '/')
                      .replace(' ', '_')
                  + bar);
      new java.io.File(fileURI);
    } catch (java.net.URISyntaxException e) {
      throw new ServletException(e);
    }
  }
コード例 #10
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = request.getHeader("foo");

    // Chain a bunch of propagators in sequence
    String a89890 = param; // assign
    StringBuilder b89890 = new StringBuilder(a89890); // stick in stringbuilder
    b89890.append(" SafeStuff"); // append some safe content
    b89890.replace(
        b89890.length() - "Chars".length(),
        b89890.length(),
        "Chars"); // replace some of the end content
    java.util.HashMap<String, Object> map89890 = new java.util.HashMap<String, Object>();
    map89890.put("key89890", b89890.toString()); // put in a collection
    String c89890 = (String) map89890.get("key89890"); // get it back out
    String d89890 = c89890.substring(0, c89890.length() - 1); // extract most of it
    String e89890 =
        new String(
            new sun.misc.BASE64Decoder()
                .decodeBuffer(
                    new sun.misc.BASE64Encoder()
                        .encode(d89890.getBytes()))); // B64 encode and decode it
    String f89890 = e89890.split(" ")[0]; // split it on a space
    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String bar = thing.doSomething(f89890); // reflection

    String a1 = "";
    String a2 = "";
    String osName = System.getProperty("os.name");
    if (osName.indexOf("Windows") != -1) {
      a1 = "cmd.exe";
      a2 = "/c";
    } else {
      a1 = "sh";
      a2 = "-c";
    }
    String[] args = {a1, a2, "echo", bar};

    ProcessBuilder pb = new ProcessBuilder(args);

    try {
      Process p = pb.start();
      org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
    } catch (IOException e) {
      System.out.println(
          "Problem executing cmdi - java.lang.ProcessBuilder(java.lang.String[]) Test Case");
      throw new ServletException(e);
    }
  }
コード例 #11
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    javax.servlet.http.Cookie[] cookies = request.getCookies();

    String param = null;
    boolean foundit = false;
    if (cookies != null) {
      for (javax.servlet.http.Cookie cookie : cookies) {
        if (cookie.getName().equals("foo")) {
          param = cookie.getValue();
          foundit = true;
        }
      }
      if (!foundit) {
        // no cookie found in collection
        param = "";
      }
    } else {
      // no cookies
      param = "";
    }

    // Chain a bunch of propagators in sequence
    String a70124 = param; // assign
    StringBuilder b70124 = new StringBuilder(a70124); // stick in stringbuilder
    b70124.append(" SafeStuff"); // append some safe content
    b70124.replace(
        b70124.length() - "Chars".length(),
        b70124.length(),
        "Chars"); // replace some of the end content
    java.util.HashMap<String, Object> map70124 = new java.util.HashMap<String, Object>();
    map70124.put("key70124", b70124.toString()); // put in a collection
    String c70124 = (String) map70124.get("key70124"); // get it back out
    String d70124 = c70124.substring(0, c70124.length() - 1); // extract most of it
    String e70124 =
        new String(
            new sun.misc.BASE64Decoder()
                .decodeBuffer(
                    new sun.misc.BASE64Encoder()
                        .encode(d70124.getBytes()))); // B64 encode and decode it
    String f70124 = e70124.split(" ")[0]; // split it on a space
    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String bar = thing.doSomething(f70124); // reflection

    double stuff = new java.util.Random().nextGaussian();

    response.getWriter().println("Weak Randomness Test java.util.Random.nextGaussian() executed");
  }
コード例 #12
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    org.owasp.benchmark.helpers.SeparateClassRequest scr =
        new org.owasp.benchmark.helpers.SeparateClassRequest(request);
    String param = scr.getTheParameter("foo");

    // Chain a bunch of propagators in sequence
    String a32671 = param; // assign
    StringBuilder b32671 = new StringBuilder(a32671); // stick in stringbuilder
    b32671.append(" SafeStuff"); // append some safe content
    b32671.replace(
        b32671.length() - "Chars".length(),
        b32671.length(),
        "Chars"); // replace some of the end content
    java.util.HashMap<String, Object> map32671 = new java.util.HashMap<String, Object>();
    map32671.put("key32671", b32671.toString()); // put in a collection
    String c32671 = (String) map32671.get("key32671"); // get it back out
    String d32671 = c32671.substring(0, c32671.length() - 1); // extract most of it
    String e32671 =
        new String(
            new sun.misc.BASE64Decoder()
                .decodeBuffer(
                    new sun.misc.BASE64Encoder()
                        .encode(d32671.getBytes()))); // B64 encode and decode it
    String f32671 = e32671.split(" ")[0]; // split it on a space
    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String bar = thing.doSomething(f32671); // reflection

    try {
      java.security.SecureRandom secureRandomGenerator =
          java.security.SecureRandom.getInstance("SHA1PRNG");

      // Get 40 random bytes
      byte[] randomBytes = new byte[40];
      secureRandomGenerator.nextBytes(randomBytes);
      response.getWriter().println("Random bytes are: " + new String(randomBytes));

    } catch (java.security.NoSuchAlgorithmException e) {
      System.out.println("Problem executing SecureRandom.nextBytes() - TestCase");
      throw new ServletException(e);
    } finally {
      response
          .getWriter()
          .println("Randomness Test java.security.SecureRandom.nextBytes(byte[]) executed");
    }
  }
コード例 #13
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String[] values = request.getParameterValues("foo");
    String param;
    if (values.length != 0) param = request.getParameterValues("foo")[0];
    else param = null;

    // Chain a bunch of propagators in sequence
    String a74131 = param; // assign
    StringBuilder b74131 = new StringBuilder(a74131); // stick in stringbuilder
    b74131.append(" SafeStuff"); // append some safe content
    b74131.replace(
        b74131.length() - "Chars".length(),
        b74131.length(),
        "Chars"); // replace some of the end content
    java.util.HashMap<String, Object> map74131 = new java.util.HashMap<String, Object>();
    map74131.put("key74131", b74131.toString()); // put in a collection
    String c74131 = (String) map74131.get("key74131"); // get it back out
    String d74131 = c74131.substring(0, c74131.length() - 1); // extract most of it
    String e74131 =
        new String(
            new sun.misc.BASE64Decoder()
                .decodeBuffer(
                    new sun.misc.BASE64Encoder()
                        .encode(d74131.getBytes()))); // B64 encode and decode it
    String f74131 = e74131.split(" ")[0]; // split it on a space
    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String g74131 = "barbarians_at_the_gate"; // This is static so this whole flow is 'safe'
    String bar = thing.doSomething(g74131); // reflection

    try {
      javax.crypto.Cipher c = javax.crypto.Cipher.getInstance("DES/CBC/PKCS5Padding");
    } catch (java.security.NoSuchAlgorithmException e) {
      System.out.println(
          "Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String) Test Case");
      throw new ServletException(e);
    } catch (javax.crypto.NoSuchPaddingException e) {
      System.out.println(
          "Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String) Test Case");
      throw new ServletException(e);
    }
    response
        .getWriter()
        .println("Crypto Test javax.crypto.Cipher.getInstance(java.lang.String) executed");
  }
コード例 #14
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = "";
    java.util.Enumeration<String> names = request.getParameterNames();
    if (names.hasMoreElements()) {
      param = names.nextElement(); // just grab first element
    }

    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String bar = thing.doSomething(param);

    new java.io.File(bar, "/Test.txt");
  }
コード例 #15
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    java.util.Map<String, String[]> map = request.getParameterMap();
    String param = "";
    if (!map.isEmpty()) {
      param = map.get("foo")[0];
    }

    // Chain a bunch of propagators in sequence
    String a40600 = param; // assign
    StringBuilder b40600 = new StringBuilder(a40600); // stick in stringbuilder
    b40600.append(" SafeStuff"); // append some safe content
    b40600.replace(
        b40600.length() - "Chars".length(),
        b40600.length(),
        "Chars"); // replace some of the end content
    java.util.HashMap<String, Object> map40600 = new java.util.HashMap<String, Object>();
    map40600.put("key40600", b40600.toString()); // put in a collection
    String c40600 = (String) map40600.get("key40600"); // get it back out
    String d40600 = c40600.substring(0, c40600.length() - 1); // extract most of it
    String e40600 =
        new String(
            new sun.misc.BASE64Decoder()
                .decodeBuffer(
                    new sun.misc.BASE64Encoder()
                        .encode(d40600.getBytes()))); // B64 encode and decode it
    String f40600 = e40600.split(" ")[0]; // split it on a space
    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String g40600 = "barbarians_at_the_gate"; // This is static so this whole flow is 'safe'
    String bar = thing.doSomething(g40600); // reflection

    String sql = "SELECT * from USERS where USERNAME='******' and PASSWORD='******'";

    try {
      java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
      statement.addBatch(sql);
      int[] counts = statement.executeBatch();
    } catch (java.sql.SQLException e) {
      throw new ServletException(e);
    }
  }
コード例 #16
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    org.owasp.benchmark.helpers.SeparateClassRequest scr =
        new org.owasp.benchmark.helpers.SeparateClassRequest(request);
    String param = scr.getTheParameter("vector");
    if (param == null) param = "";

    // Chain a bunch of propagators in sequence
    String a59200 = param; // assign
    StringBuilder b59200 = new StringBuilder(a59200); // stick in stringbuilder
    b59200.append(" SafeStuff"); // append some safe content
    b59200.replace(
        b59200.length() - "Chars".length(),
        b59200.length(),
        "Chars"); // replace some of the end content
    java.util.HashMap<String, Object> map59200 = new java.util.HashMap<String, Object>();
    map59200.put("key59200", b59200.toString()); // put in a collection
    String c59200 = (String) map59200.get("key59200"); // get it back out
    String d59200 = c59200.substring(0, c59200.length() - 1); // extract most of it
    String e59200 =
        new String(
            new sun.misc.BASE64Decoder()
                .decodeBuffer(
                    new sun.misc.BASE64Encoder()
                        .encode(d59200.getBytes()))); // B64 encode and decode it
    String f59200 = e59200.split(" ")[0]; // split it on a space
    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String g59200 = "barbarians_at_the_gate"; // This is static so this whole flow is 'safe'
    String bar = thing.doSomething(g59200); // reflection

    java.io.File fileTarget =
        new java.io.File(new java.io.File(org.owasp.benchmark.helpers.Utils.testfileDir), bar);
    response.getWriter().write("Access to file: '" + fileTarget + "' created.");
    if (fileTarget.exists()) {
      response.getWriter().write(" And file already exists.");
    } else {
      response.getWriter().write(" But file doesn't exist yet.");
    }
  }
コード例 #17
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = request.getParameter("foo");

    // Chain a bunch of propagators in sequence
    String a26691 = param; // assign
    StringBuilder b26691 = new StringBuilder(a26691); // stick in stringbuilder
    b26691.append(" SafeStuff"); // append some safe content
    b26691.replace(
        b26691.length() - "Chars".length(),
        b26691.length(),
        "Chars"); // replace some of the end content
    java.util.HashMap<String, Object> map26691 = new java.util.HashMap<String, Object>();
    map26691.put("key26691", b26691.toString()); // put in a collection
    String c26691 = (String) map26691.get("key26691"); // get it back out
    String d26691 = c26691.substring(0, c26691.length() - 1); // extract most of it
    String e26691 =
        new String(
            new sun.misc.BASE64Decoder()
                .decodeBuffer(
                    new sun.misc.BASE64Encoder()
                        .encode(d26691.getBytes()))); // B64 encode and decode it
    String f26691 = e26691.split(" ")[0]; // split it on a space
    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String bar = thing.doSomething(f26691); // reflection

    String cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo");

    String[] argsEnv = {bar};
    Runtime r = Runtime.getRuntime();

    try {
      Process p = r.exec(cmd, argsEnv, new java.io.File(System.getProperty("user.dir")));
      org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
    } catch (IOException e) {
      System.out.println("Problem executing cmdi - TestCase");
      throw new ServletException(e);
    }
  }
コード例 #18
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    java.util.Map<String, String[]> map = request.getParameterMap();
    String param = "";
    if (!map.isEmpty()) {
      param = map.get("foo")[0];
    }

    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String bar = thing.doSomething(param);

    javax.servlet.http.Cookie cookie = new javax.servlet.http.Cookie("SomeCookie", "SomeValue");

    cookie.setSecure(false);

    response.addCookie(cookie);
  }
コード例 #19
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    java.util.Map<String, String[]> map = request.getParameterMap();
    String param = "";
    if (!map.isEmpty()) {
      param = map.get("foo")[0];
    }

    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String bar = thing.doSomething(param);

    java.security.Provider[] provider = java.security.Security.getProviders();
    javax.crypto.Cipher c;

    try {
      if (provider.length > 1) {
        c =
            javax.crypto.Cipher.getInstance(
                "DES/CBC/PKCS5PADDING", java.security.Security.getProvider("SunJCE"));
      } else {
        c =
            javax.crypto.Cipher.getInstance(
                "DES/CBC/PKCS5PADDING", java.security.Security.getProvider("SunJCE"));
      }
    } catch (java.security.NoSuchAlgorithmException e) {
      System.out.println(
          "Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String,java.security.Provider) Test Case");
      throw new ServletException(e);
    } catch (javax.crypto.NoSuchPaddingException e) {
      System.out.println(
          "Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String,java.security.Provider) Test Case");
      throw new ServletException(e);
    }
    response
        .getWriter()
        .println(
            "Crypto Test javax.crypto.Cipher.getInstance(java.lang.String,java.security.Provider) executed");
  }
コード例 #20
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    javax.servlet.http.Cookie[] cookies = request.getCookies();

    String param = null;
    boolean foundit = false;
    if (cookies != null) {
      for (javax.servlet.http.Cookie cookie : cookies) {
        if (cookie.getName().equals("foo")) {
          param = cookie.getValue();
          foundit = true;
        }
      }
      if (!foundit) {
        // no cookie found in collection
        param = "";
      }
    } else {
      // no cookies
      param = "";
    }

    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String bar = thing.doSomething(param);

    try {
      java.util.Random numGen = java.security.SecureRandom.getInstance("SHA1PRNG");
      double rand = getNextNumber(numGen);

    } catch (java.security.NoSuchAlgorithmException e) {
      System.out.println("Problem executing SecureRandom.nextDouble() - TestCase");
      throw new ServletException(e);
    }

    response
        .getWriter()
        .println("Weak Randomness Test java.security.SecureRandom.nextDouble() executed");
  }
コード例 #21
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    org.owasp.benchmark.helpers.SeparateClassRequest scr =
        new org.owasp.benchmark.helpers.SeparateClassRequest(request);
    String param = scr.getTheParameter("foo");

    // Chain a bunch of propagators in sequence
    String a20448 = param; // assign
    StringBuilder b20448 = new StringBuilder(a20448); // stick in stringbuilder
    b20448.append(" SafeStuff"); // append some safe content
    b20448.replace(
        b20448.length() - "Chars".length(),
        b20448.length(),
        "Chars"); // replace some of the end content
    java.util.HashMap<String, Object> map20448 = new java.util.HashMap<String, Object>();
    map20448.put("key20448", b20448.toString()); // put in a collection
    String c20448 = (String) map20448.get("key20448"); // get it back out
    String d20448 = c20448.substring(0, c20448.length() - 1); // extract most of it
    String e20448 =
        new String(
            new sun.misc.BASE64Decoder()
                .decodeBuffer(
                    new sun.misc.BASE64Encoder()
                        .encode(d20448.getBytes()))); // B64 encode and decode it
    String f20448 = e20448.split(" ")[0]; // split it on a space
    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String g20448 = "barbarians_at_the_gate"; // This is static so this whole flow is 'safe'
    String bar = thing.doSomething(g20448); // reflection

    javax.xml.xpath.XPathFactory xpf = javax.xml.xpath.XPathFactory.newInstance();
    javax.xml.xpath.XPath xp = xpf.newXPath();
    try {
      xp.compile(bar);
    } catch (javax.xml.xpath.XPathExpressionException e) {
      // OK to swallow
      System.out.println("XPath expression exception caught and swallowed: " + e.getMessage());
    }
  }
コード例 #22
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = request.getParameter("foo");

    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String bar = thing.doSomething(param);

    try {
      java.util.Random numGen = java.security.SecureRandom.getInstance("SHA1PRNG");
      boolean randNumber = numGen.nextBoolean();
    } catch (java.security.NoSuchAlgorithmException e) {
      System.out.println("Problem executing SecureRandom.nextBoolean() - TestCase");
      throw new ServletException(e);
    }

    response
        .getWriter()
        .println("Weak Randomness Test java.security.SecureRandom.nextBoolean() executed");
  }
コード例 #23
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    javax.servlet.http.Cookie[] theCookies = request.getCookies();

    String param = "";
    if (theCookies != null) {
      for (javax.servlet.http.Cookie theCookie : theCookies) {
        if (theCookie.getName().equals("vector")) {
          param = java.net.URLDecoder.decode(theCookie.getValue(), "UTF-8");
          break;
        }
      }
    }

    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String bar = thing.doSomething(param);

    try {
      String sql = "SELECT TOP 1 userid from USERS where USERNAME='******' and PASSWORD='******'";

      java.util.Map results =
          org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
      java.io.PrintWriter out = response.getWriter();
      out.write("Your results are: ");
      //		System.out.println("Your results are");
      out.write(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
      //		System.out.println(results.toString());
    } catch (org.springframework.dao.DataAccessException e) {
      if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
        response.getWriter().println("Error processing request.");
        return;
      } else throw new ServletException(e);
    }
  }
コード例 #24
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    java.util.Map<String, String[]> map = request.getParameterMap();
    String param = "";
    if (!map.isEmpty()) {
      param = map.get("foo")[0];
    }

    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String bar = thing.doSomething(param);

    String a1 = "";
    String a2 = "";
    String osName = System.getProperty("os.name");
    if (osName.indexOf("Windows") != -1) {
      a1 = "cmd.exe";
      a2 = "/c";
    } else {
      a1 = "sh";
      a2 = "-c";
    }
    String[] args = {a1, a2, "echo", bar};

    ProcessBuilder pb = new ProcessBuilder(args);

    try {
      Process p = pb.start();
      org.owasp.benchmark.helpers.Utils.printOSCommandResults(p);
    } catch (IOException e) {
      System.out.println(
          "Problem executing cmdi - java.lang.ProcessBuilder(java.lang.String[]) Test Case");
      throw new ServletException(e);
    }
  }
コード例 #25
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = "";
    java.util.Enumeration<String> headerNames = request.getHeaderNames();
    if (headerNames.hasMoreElements()) {
      param = headerNames.nextElement(); // just grab first element
    }

    // Chain a bunch of propagators in sequence
    String a54873 = param; // assign
    StringBuilder b54873 = new StringBuilder(a54873); // stick in stringbuilder
    b54873.append(" SafeStuff"); // append some safe content
    b54873.replace(
        b54873.length() - "Chars".length(),
        b54873.length(),
        "Chars"); // replace some of the end content
    java.util.HashMap<String, Object> map54873 = new java.util.HashMap<String, Object>();
    map54873.put("key54873", b54873.toString()); // put in a collection
    String c54873 = (String) map54873.get("key54873"); // get it back out
    String d54873 = c54873.substring(0, c54873.length() - 1); // extract most of it
    String e54873 =
        new String(
            new sun.misc.BASE64Decoder()
                .decodeBuffer(
                    new sun.misc.BASE64Encoder()
                        .encode(d54873.getBytes()))); // B64 encode and decode it
    String f54873 = e54873.split(" ")[0]; // split it on a space
    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String bar = thing.doSomething(f54873); // reflection

    Object[] obj = {bar, "b"};

    response.getWriter().printf("notfoo", obj);
  }
コード例 #26
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = "";
    java.util.Enumeration<String> headers = request.getHeaders("foo");
    if (headers.hasMoreElements()) {
      param = headers.nextElement(); // just grab first element
    }

    // Chain a bunch of propagators in sequence
    String a641 = param; // assign
    StringBuilder b641 = new StringBuilder(a641); // stick in stringbuilder
    b641.append(" SafeStuff"); // append some safe content
    b641.replace(
        b641.length() - "Chars".length(),
        b641.length(),
        "Chars"); // replace some of the end content
    java.util.HashMap<String, Object> map641 = new java.util.HashMap<String, Object>();
    map641.put("key641", b641.toString()); // put in a collection
    String c641 = (String) map641.get("key641"); // get it back out
    String d641 = c641.substring(0, c641.length() - 1); // extract most of it
    String e641 =
        new String(
            new sun.misc.BASE64Decoder()
                .decodeBuffer(
                    new sun.misc.BASE64Encoder()
                        .encode(d641.getBytes()))); // B64 encode and decode it
    String f641 = e641.split(" ")[0]; // split it on a space
    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String bar = thing.doSomething(f641); // reflection

    java.io.FileOutputStream fos =
        new java.io.FileOutputStream(
            new java.io.File(org.owasp.benchmark.helpers.Utils.testfileDir + bar), false);
  }
コード例 #27
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    String param = "";
    java.util.Enumeration<String> names = request.getParameterNames();
    if (names.hasMoreElements()) {
      param = names.nextElement(); // just grab first element
    }

    // Chain a bunch of propagators in sequence
    String a59716 = param; // assign
    StringBuilder b59716 = new StringBuilder(a59716); // stick in stringbuilder
    b59716.append(" SafeStuff"); // append some safe content
    b59716.replace(
        b59716.length() - "Chars".length(),
        b59716.length(),
        "Chars"); // replace some of the end content
    java.util.HashMap<String, Object> map59716 = new java.util.HashMap<String, Object>();
    map59716.put("key59716", b59716.toString()); // put in a collection
    String c59716 = (String) map59716.get("key59716"); // get it back out
    String d59716 = c59716.substring(0, c59716.length() - 1); // extract most of it
    String e59716 =
        new String(
            new sun.misc.BASE64Decoder()
                .decodeBuffer(
                    new sun.misc.BASE64Encoder()
                        .encode(d59716.getBytes()))); // B64 encode and decode it
    String f59716 = e59716.split(" ")[0]; // split it on a space
    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String g59716 = "barbarians_at_the_gate"; // This is static so this whole flow is 'safe'
    String bar = thing.doSomething(g59716); // reflection

    java.io.File file = new java.io.File(bar);
  }
コード例 #28
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    String queryString = request.getQueryString();
    String paramval = "vector" + "=";
    int paramLoc = -1;
    if (queryString != null) paramLoc = queryString.indexOf(paramval);
    if (paramLoc == -1) {
      response
          .getWriter()
          .println(
              "getQueryString() couldn't find expected parameter '"
                  + "vector"
                  + "' in query string.");
      return;
    }

    String param =
        queryString.substring(
            paramLoc
                + paramval
                    .length()); // 1st assume "vector" param is last parameter in query string.
    // And then check to see if its in the middle of the query string and if so, trim off what comes
    // after.
    int ampersandLoc = queryString.indexOf("&", paramLoc);
    if (ampersandLoc != -1) {
      param = queryString.substring(paramLoc + paramval.length(), ampersandLoc);
    }
    param = java.net.URLDecoder.decode(param, "UTF-8");

    // Chain a bunch of propagators in sequence
    String a54788 = param; // assign
    StringBuilder b54788 = new StringBuilder(a54788); // stick in stringbuilder
    b54788.append(" SafeStuff"); // append some safe content
    b54788.replace(
        b54788.length() - "Chars".length(),
        b54788.length(),
        "Chars"); // replace some of the end content
    java.util.HashMap<String, Object> map54788 = new java.util.HashMap<String, Object>();
    map54788.put("key54788", b54788.toString()); // put in a collection
    String c54788 = (String) map54788.get("key54788"); // get it back out
    String d54788 = c54788.substring(0, c54788.length() - 1); // extract most of it
    String e54788 =
        new String(
            new sun.misc.BASE64Decoder()
                .decodeBuffer(
                    new sun.misc.BASE64Encoder()
                        .encode(d54788.getBytes()))); // B64 encode and decode it
    String f54788 = e54788.split(" ")[0]; // split it on a space
    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String bar = thing.doSomething(f54788); // reflection

    double value = new java.util.Random().nextDouble();
    String rememberMeKey = Double.toString(value).substring(2); // Trim off the 0. at the front.

    String user = "******";
    String fullClassName = this.getClass().getName();
    String testCaseNumber =
        fullClassName.substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length());
    user += testCaseNumber;

    String cookieName = "rememberMe" + testCaseNumber;

    boolean foundUser = false;
    javax.servlet.http.Cookie[] cookies = request.getCookies();
    if (cookies != null) {
      for (int i = 0; !foundUser && i < cookies.length; i++) {
        javax.servlet.http.Cookie cookie = cookies[i];
        if (cookieName.equals(cookie.getName())) {
          if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
            foundUser = true;
          }
        }
      }
    }

    if (foundUser) {
      response.getWriter().println("Welcome back: " + user + "<br/>");
    } else {
      javax.servlet.http.Cookie rememberMe =
          new javax.servlet.http.Cookie(cookieName, rememberMeKey);
      rememberMe.setSecure(true);
      rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
      request.getSession().setAttribute(cookieName, rememberMeKey);
      response.addCookie(rememberMe);
      response
          .getWriter()
          .println(
              user
                  + " has been remembered with cookie: "
                  + rememberMe.getName()
                  + " whose value is: "
                  + rememberMe.getValue()
                  + "<br/>");
    }

    response.getWriter().println("Weak Randomness Test java.util.Random.nextDouble() executed");
  }
コード例 #29
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    String param = "";
    boolean flag = true;
    java.util.Enumeration<String> names = request.getHeaderNames();
    while (names.hasMoreElements() && flag) {
      String name = (String) names.nextElement();
      java.util.Enumeration<String> values = request.getHeaders(name);
      if (values != null) {
        while (values.hasMoreElements() && flag) {
          String value = (String) values.nextElement();
          if (value.equals("vector")) {
            param = name;
            flag = false;
          }
        }
      }
    }

    // Chain a bunch of propagators in sequence
    String a56080 = param; // assign
    StringBuilder b56080 = new StringBuilder(a56080); // stick in stringbuilder
    b56080.append(" SafeStuff"); // append some safe content
    b56080.replace(
        b56080.length() - "Chars".length(),
        b56080.length(),
        "Chars"); // replace some of the end content
    java.util.HashMap<String, Object> map56080 = new java.util.HashMap<String, Object>();
    map56080.put("key56080", b56080.toString()); // put in a collection
    String c56080 = (String) map56080.get("key56080"); // get it back out
    String d56080 = c56080.substring(0, c56080.length() - 1); // extract most of it
    String e56080 =
        new String(
            new sun.misc.BASE64Decoder()
                .decodeBuffer(
                    new sun.misc.BASE64Encoder()
                        .encode(d56080.getBytes()))); // B64 encode and decode it
    String f56080 = e56080.split(" ")[0]; // split it on a space
    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String g56080 = "barbarians_at_the_gate"; // This is static so this whole flow is 'safe'
    String bar = thing.doSomething(g56080); // reflection

    // Code based on example from:
    // http://examples.javacodegeeks.com/core-java/crypto/encrypt-decrypt-file-stream-with-des/
    // 16-byte initialization vector
    byte[] iv = {
      (byte) 0xB2, (byte) 0x12, (byte) 0xD5, (byte) 0xB2,
      (byte) 0x44, (byte) 0x21, (byte) 0xC3, (byte) 0xC3,
      (byte) 0xF3, (byte) 0x3C, (byte) 0x23, (byte) 0xB9,
      (byte) 0x9E, (byte) 0xC5, (byte) 0x77, (byte) 0x0B033
    };

    try {
      javax.crypto.Cipher c =
          javax.crypto.Cipher.getInstance(
              "AES/CBC/PKCS5PADDING", java.security.Security.getProvider("SunJCE"));

      // Prepare the cipher to encrypt
      javax.crypto.SecretKey key = javax.crypto.KeyGenerator.getInstance("AES").generateKey();
      java.security.spec.AlgorithmParameterSpec paramSpec =
          new javax.crypto.spec.IvParameterSpec(iv);
      c.init(javax.crypto.Cipher.ENCRYPT_MODE, key, paramSpec);

      // encrypt and store the results
      byte[] input = {(byte) '?'};
      Object inputParam = bar;
      if (inputParam instanceof String) input = ((String) inputParam).getBytes();
      if (inputParam instanceof java.io.InputStream) {
        byte[] strInput = new byte[1000];
        int i = ((java.io.InputStream) inputParam).read(strInput);
        if (i == -1) {
          response
              .getWriter()
              .println(
                  "This input source requires a POST, not a GET. Incompatible UI for the InputStream source.");
          return;
        }
        input = java.util.Arrays.copyOf(strInput, i);
      }
      byte[] result = c.doFinal(input);

      java.io.File fileTarget =
          new java.io.File(
              new java.io.File(org.owasp.benchmark.helpers.Utils.testfileDir), "passwordFile.txt");
      java.io.FileWriter fw =
          new java.io.FileWriter(fileTarget, true); // the true will append the new data
      fw.write(
          "secret_value=" + org.owasp.esapi.ESAPI.encoder().encodeForBase64(result, true) + "\n");
      fw.close();
      response
          .getWriter()
          .println(
              "Sensitive value: '"
                  + org.owasp.esapi.ESAPI.encoder().encodeForHTML(new String(input))
                  + "' encrypted and stored<br/>");

    } catch (java.security.NoSuchAlgorithmException e) {
      response
          .getWriter()
          .println(
              "Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String,java.security.Provider) Test Case");
      e.printStackTrace(response.getWriter());
      throw new ServletException(e);
    } catch (javax.crypto.NoSuchPaddingException e) {
      response
          .getWriter()
          .println(
              "Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String,java.security.Provider) Test Case");
      e.printStackTrace(response.getWriter());
      throw new ServletException(e);
    } catch (javax.crypto.IllegalBlockSizeException e) {
      response
          .getWriter()
          .println(
              "Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String,java.security.Provider) Test Case");
      e.printStackTrace(response.getWriter());
      throw new ServletException(e);
    } catch (javax.crypto.BadPaddingException e) {
      response
          .getWriter()
          .println(
              "Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String,java.security.Provider) Test Case");
      e.printStackTrace(response.getWriter());
      throw new ServletException(e);
    } catch (java.security.InvalidKeyException e) {
      response
          .getWriter()
          .println(
              "Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String,java.security.Provider) Test Case");
      e.printStackTrace(response.getWriter());
      throw new ServletException(e);
    } catch (java.security.InvalidAlgorithmParameterException e) {
      response
          .getWriter()
          .println(
              "Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String,java.security.Provider) Test Case");
      e.printStackTrace(response.getWriter());
      throw new ServletException(e);
    }
    response
        .getWriter()
        .println(
            "Crypto Test javax.crypto.Cipher.getInstance(java.lang.String,java.security.Provider) executed");
  }
コード例 #30
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    String param = request.getParameter("vector");
    if (param == null) param = "";

    // Chain a bunch of propagators in sequence
    String a49180 = param; // assign
    StringBuilder b49180 = new StringBuilder(a49180); // stick in stringbuilder
    b49180.append(" SafeStuff"); // append some safe content
    b49180.replace(
        b49180.length() - "Chars".length(),
        b49180.length(),
        "Chars"); // replace some of the end content
    java.util.HashMap<String, Object> map49180 = new java.util.HashMap<String, Object>();
    map49180.put("key49180", b49180.toString()); // put in a collection
    String c49180 = (String) map49180.get("key49180"); // get it back out
    String d49180 = c49180.substring(0, c49180.length() - 1); // extract most of it
    String e49180 =
        new String(
            new sun.misc.BASE64Decoder()
                .decodeBuffer(
                    new sun.misc.BASE64Encoder()
                        .encode(d49180.getBytes()))); // B64 encode and decode it
    String f49180 = e49180.split(" ")[0]; // split it on a space
    org.owasp.benchmark.helpers.ThingInterface thing =
        org.owasp.benchmark.helpers.ThingFactory.createThing();
    String bar = thing.doSomething(f49180); // reflection

    try {
      int randNumber = java.security.SecureRandom.getInstance("SHA1PRNG").nextInt(99);
      String rememberMeKey = Integer.toString(randNumber);

      String user = "******";
      String fullClassName = this.getClass().getName();
      String testCaseNumber =
          fullClassName.substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length());
      user += testCaseNumber;

      String cookieName = "rememberMe" + testCaseNumber;

      boolean foundUser = false;
      javax.servlet.http.Cookie[] cookies = request.getCookies();
      for (int i = 0; cookies != null && ++i < cookies.length && !foundUser; ) {
        javax.servlet.http.Cookie cookie = cookies[i];
        if (cookieName.equals(cookie.getName())) {
          if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
            foundUser = true;
          }
        }
      }

      if (foundUser) {
        response.getWriter().println("Welcome back: " + user + "<br/>");
      } else {
        javax.servlet.http.Cookie rememberMe =
            new javax.servlet.http.Cookie(cookieName, rememberMeKey);
        rememberMe.setSecure(true);
        request.getSession().setAttribute(cookieName, rememberMeKey);
        response.addCookie(rememberMe);
        response
            .getWriter()
            .println(
                user
                    + " has been remembered with cookie: "
                    + rememberMe.getName()
                    + " whose value is: "
                    + rememberMe.getValue()
                    + "<br/>");
      }

    } catch (java.security.NoSuchAlgorithmException e) {
      System.out.println("Problem executing SecureRandom.nextInt(int) - TestCase");
      throw new ServletException(e);
    }
    response
        .getWriter()
        .println("Weak Randomness Test java.security.SecureRandom.nextInt(int) executed");
  }