Java HttpServletResponse.addHeader 예제들

예제 #1

파일: CWE113_HTTP_Response_Splitting__getParameter_Servlet_addHeaderServlet_12.java 프로젝트: JulietTestSuite/Juliet

  public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;
    if (IO.staticReturnsTrueOrFalse()) {
      /* POTENTIAL FLAW: Read data from a querystring using getParameter */
      data = request.getParameter("name");
    } else {

      /* FIX: Use a hardcoded string */
      data = "foo";
    }

    if (IO.staticReturnsTrueOrFalse()) {
      /* POTENTIAL FLAW: Input from file not verified */
      if (data != null) {
        response.addHeader("Location", "/author.jsp?lang=" + data);
      }
    } else {

      /* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
      if (data != null) {
        data = URLEncoder.encode(data, "UTF-8");
        response.addHeader("Location", "/author.jsp?lang=" + data);
      }
    }
  }

예제 #2

파일: CWE113_HTTP_Response_Splitting__getCookiesServlet_addHeaderServlet_12.java 프로젝트: CheckmarxGitHub/GitFun

  public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;
    if (IO.static_returns_t_or_f()) {
      Logger log_bad = Logger.getLogger("local-logger");
      /* read parameter from cookie */
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        data = cookieSources[0].getValue();
      } else {
        data = null;
      }
    } else {

      java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");

      /* FIX: Use a hardcoded string */
      data = "foo";
    }
    if (IO.static_returns_t_or_f()) {
      /* POTENTIAL FLAW: Input from file not verified */
      response.addHeader("Location", "/author.jsp?lang=" + data);
    } else {

      /* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
      data = URLEncoder.encode(data, "UTF-16");
      response.addHeader("Location", "/author.jsp?lang=" + data);
    }
  }

예제 #3

파일: CWE113_HTTP_Response_Splitting__getParameter_Servlet_addHeaderServlet_12.java 프로젝트: JulietTestSuite/Juliet

  /* goodB2G() - use badsource and goodsink by changing the second "if" so that
   * both branches use the GoodSink */
  private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;
    if (IO.staticReturnsTrueOrFalse()) {
      /* POTENTIAL FLAW: Read data from a querystring using getParameter */
      data = request.getParameter("name");
    } else {

      /* POTENTIAL FLAW: Read data from a querystring using getParameter */
      data = request.getParameter("name");
    }

    if (IO.staticReturnsTrueOrFalse()) {
      /* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
      if (data != null) {
        data = URLEncoder.encode(data, "UTF-8");
        response.addHeader("Location", "/author.jsp?lang=" + data);
      }
    } else {

      /* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
      if (data != null) {
        data = URLEncoder.encode(data, "UTF-8");
        response.addHeader("Location", "/author.jsp?lang=" + data);
      }
    }
  }

예제 #4

파일: CWE113_HTTP_Response_Splitting__getCookiesServlet_addHeaderServlet_12.java 프로젝트: CheckmarxGitHub/GitFun

  /* goodB2G() - use badsource and goodsink by changing the second "if" so that
  both branches use the GoodSink */
  private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;
    if (IO.static_returns_t_or_f()) {
      Logger log_bad = Logger.getLogger("local-logger");
      /* read parameter from cookie */
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        data = cookieSources[0].getValue();
      } else {
        data = null;
      }
    } else {

      Logger log_bad = Logger.getLogger("local-logger");

      /* read parameter from cookie */
      Cookie cookieSources[] = request.getCookies();
      if (cookieSources != null) {
        data = cookieSources[0].getValue();
      } else {
        data = null;
      }
    }
    if (IO.static_returns_t_or_f()) {
      /* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
      data = URLEncoder.encode(data, "UTF-16");
      response.addHeader("Location", "/author.jsp?lang=" + data);
    } else {

      /* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
      data = URLEncoder.encode(data, "UTF-16");
      response.addHeader("Location", "/author.jsp?lang=" + data);
    }
  }

예제 #5

파일: CWE113_HTTP_Response_Splitting__URLConnection_addHeaderServlet_12.java 프로젝트: CheckmarxGitHub/GitFun

  public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;
    if (IO.static_returns_t_or_f()) {
      Logger log_bad = Logger.getLogger("local-logger");
      data = ""; /* init data */
      URLConnection conn = (new URL("http://www.example.org/")).openConnection();
      BufferedReader buffread = null;
      InputStreamReader instrread = null;
      try {
        /* read input from URLConnection */
        instrread = new InputStreamReader(conn.getInputStream());
        buffread = new BufferedReader(instrread);
        data = buffread.readLine(); // This will be reading the first "line" of the response body,
        // which could be very long if there are no newlines in the HTML
      } catch (IOException ioe) {
        log_bad.warning("Error with stream reading");
      } finally {
        /* clean up stream reading objects */
        try {
          if (buffread != null) {
            buffread.close();
          }
        } catch (IOException ioe) {
          log_bad.warning("Error closing buffread");
        } finally {
          try {
            if (instrread != null) {
              instrread.close();
            }
          } catch (IOException ioe) {
            log_bad.warning("Error closing instrread");
          }
        }
      }
    } else {

      java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");

      /* FIX: Use a hardcoded string */
      data = "foo";
    }
    if (IO.static_returns_t_or_f()) {
      /* POTENTIAL FLAW: Input from file not verified */
      response.addHeader("Location", "/author.jsp?lang=" + data);
    } else {

      /* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
      data = URLEncoder.encode(data, "UTF-16");
      response.addHeader("Location", "/author.jsp?lang=" + data);
    }
  }

예제 #6

파일: GZIPResponseStream.java 프로젝트: isl/FeXML

  public void close() throws IOException {
    if (closed) {
      throw new IOException("This output stream has already been closed");
    }
    gzipstream.finish();

    byte[] bytes = baos.toByteArray();

    response.addHeader("Content-Length", Integer.toString(bytes.length));
    response.addHeader("Content-Encoding", "gzip");
    output.write(bytes);
    output.flush();
    output.close();
    closed = true;
  }

예제 #7

파일: ServletRequest.java 프로젝트: BackupTheBerlios/esxx-svn

 public static void setContentLength(HttpServletResponse sres, long length) {
   if (length <= Integer.MAX_VALUE) {
     sres.setContentLength((int) length);
   } else {
     sres.addHeader("Content-Length", Long.toString(length));
   }
 }

예제 #8

파일: CWE113_HTTP_Response_Splitting__getCookiesServlet_addHeaderServlet_41.java 프로젝트: CheckmarxGitHub/GitFun

  private void goodB2G_sink(String data, HttpServletRequest request, HttpServletResponse response)
      throws Throwable {

    /* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
    data = URLEncoder.encode(data, "UTF-16");
    response.addHeader("Location", "/author.jsp?lang=" + data);
  }

예제 #9

파일: CWE113_HTTP_Response_Splitting__fromFile_addHeaderServlet_68b.java 프로젝트: CheckmarxGitHub/GitFun

  /* goodG2B() - use goodsource and badsink */
  public void goodG2B_sink(HttpServletRequest request, HttpServletResponse response)
      throws Throwable {
    String data = CWE113_HTTP_Response_Splitting__fromFile_addHeaderServlet_68a.data;

    /* POTENTIAL FLAW: Input from file not verified */
    response.addHeader("Location", "/author.jsp?lang=" + data);
  }

예제 #10

파일: CWE113_HTTP_Response_Splitting__PropertiesFile_addHeaderServlet_09.java 프로젝트: CheckmarxGitHub/GitFun

  /* goodG2B2() - use goodsource and badsink by reversing statements in first if */
  private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;
    /* INCIDENTAL: CWE 571 Statement is Always True */
    if (IO.static_final_t) {
      java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
      /* FIX: Use a hardcoded string */
      data = "foo";
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

      Logger log_bad = Logger.getLogger("local-logger");

      data = ""; /* init data */

      /* retrieve the property */
      Properties props = new Properties();
      FileInputStream finstr = null;
      try {
        finstr = new FileInputStream("../common/config.properties");
        props.load(finstr);

        data = props.getProperty("data");
      } catch (IOException ioe) {
        log_bad.warning("Error with stream reading");
      } finally {
        /* clean up stream reading objects */
        try {
          if (finstr != null) {
            finstr.close();
          }
        } catch (IOException ioe) {
          log_bad.warning("Error closing buffread");
        }
      }
    }
    /* INCIDENTAL: CWE 571 Statement is Always True */
    if (IO.static_final_t) {
      /* POTENTIAL FLAW: Input from file not verified */
      response.addHeader("Location", "/author.jsp?lang=" + data);
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

      /* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
      data = URLEncoder.encode(data, "UTF-16");
      response.addHeader("Location", "/author.jsp?lang=" + data);
    }
  }

예제 #11

파일: CWE113_HTTP_Response_Splitting__File_addHeaderServlet_42.java 프로젝트: JulietTestSuite/Juliet

  public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data = badSource(request, response);

    /* POTENTIAL FLAW: Input from file not verified */
    if (data != null) {
      response.addHeader("Location", "/author.jsp?lang=" + data);
    }
  }

예제 #12

파일: CWE113_HTTP_Response_Splitting__fromFile_addHeaderServlet_68b.java 프로젝트: CheckmarxGitHub/GitFun

  /* goodB2G() - use badsource and goodsink */
  public void goodB2G_sink(HttpServletRequest request, HttpServletResponse response)
      throws Throwable {
    String data = CWE113_HTTP_Response_Splitting__fromFile_addHeaderServlet_68a.data;

    /* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
    data = URLEncoder.encode(data, "UTF-16");
    response.addHeader("Location", "/author.jsp?lang=" + data);
  }

예제 #13

파일: CWE113_HTTP_Response_Splitting__Environment_addHeaderServlet_51b.java 프로젝트: JulietTestSuite/Juliet

  /* goodG2B() - use goodsource and badsink */
  public void goodG2BSink(String data, HttpServletRequest request, HttpServletResponse response)
      throws Throwable {

    /* POTENTIAL FLAW: Input from file not verified */
    if (data != null) {
      response.addHeader("Location", "/author.jsp?lang=" + data);
    }
  }

예제 #14

파일: CWE113_HTTP_Response_Splitting__database_addHeaderServlet_01.java 프로젝트: JulietTestSuite/Juliet

  /* goodB2G() - use badsource and goodsink */
  private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;

    data = ""; /* Initialize data */

    /* Read data from a database */
    {
      Connection connection = null;
      PreparedStatement preparedStatement = null;
      ResultSet resultSet = null;

      try {
        /* setup the connection */
        connection = IO.getDBConnection();

        /* prepare and execute a (hardcoded) query */
        preparedStatement = connection.prepareStatement("select name from users where id=0");
        resultSet = preparedStatement.executeQuery();

        /* POTENTIAL FLAW: Read data from a database query resultset */
        data = resultSet.getString(1);
      } catch (SQLException exceptSql) {
        IO.logger.log(Level.WARNING, "Error with SQL statement", exceptSql);
      } finally {
        /* Close database objects */
        try {
          if (resultSet != null) {
            resultSet.close();
          }
        } catch (SQLException exceptSql) {
          IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql);
        }

        try {
          if (preparedStatement != null) {
            preparedStatement.close();
          }
        } catch (SQLException exceptSql) {
          IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql);
        }

        try {
          if (connection != null) {
            connection.close();
          }
        } catch (SQLException exceptSql) {
          IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
        }
      }
    }

    /* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
    if (data != null) {
      data = URLEncoder.encode(data, "UTF-8");
      response.addHeader("Location", "/author.jsp?lang=" + data);
    }
  }

예제 #15

파일: CWE113_HTTP_Response_Splitting__File_addHeaderServlet_42.java 프로젝트: JulietTestSuite/Juliet

  private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data = goodB2GSource(request, response);

    /* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
    if (data != null) {
      data = URLEncoder.encode(data, "UTF-8");
      response.addHeader("Location", "/author.jsp?lang=" + data);
    }
  }

예제 #16

파일: CWE113_HTTP_Response_Splitting__database_addHeaderServlet_61a.java 프로젝트: JulietTestSuite/Juliet

  /* goodG2B() - use goodsource and badsink */
  private void goodG2B(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data =
        (new CWE113_HTTP_Response_Splitting__database_addHeaderServlet_61b())
            .goodG2BSource(request, response);

    /* POTENTIAL FLAW: Input from file not verified */
    if (data != null) {
      response.addHeader("Location", "/author.jsp?lang=" + data);
    }
  }

예제 #17

파일: CWE113_HTTP_Response_Splitting__getCookies_Servlet_addHeaderServlet_72b.java 프로젝트: JulietTestSuite/Juliet

  public void badSink(
      Vector<String> dataVector, HttpServletRequest request, HttpServletResponse response)
      throws Throwable {
    String data = dataVector.remove(2);

    /* POTENTIAL FLAW: Input from file not verified */
    if (data != null) {
      response.addHeader("Location", "/author.jsp?lang=" + data);
    }
  }

예제 #18

파일: CWE113_HTTP_Response_Splitting__File_addHeaderServlet_66b.java 프로젝트: JulietTestSuite/Juliet

  /* goodB2G() - use badsource and goodsink */
  public void goodB2GSink(
      String dataArray[], HttpServletRequest request, HttpServletResponse response)
      throws Throwable {
    String data = dataArray[2];

    /* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
    if (data != null) {
      data = URLEncoder.encode(data, "UTF-8");
      response.addHeader("Location", "/author.jsp?lang=" + data);
    }
  }

예제 #19

파일: CWE113_HTTP_Response_Splitting__database_addHeaderServlet_01.java 프로젝트: JulietTestSuite/Juliet

  /* goodG2B() - use goodsource and badsink */
  private void goodG2B(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;

    /* FIX: Use a hardcoded string */
    data = "foo";

    /* POTENTIAL FLAW: Input from file not verified */
    if (data != null) {
      response.addHeader("Location", "/author.jsp?lang=" + data);
    }
  }

예제 #20

파일: BaseController.java 프로젝트: thomasf/jahspotify

 protected void writeResponseGenericWithDate(
     final HttpServletResponse httpServletResponse,
     final Date lastModified,
     final int expirationTime,
     final Object object) {
   Gson gson = new Gson();
   try {
     httpServletResponse.setContentType("application/json; charset=utf-8");
     if (lastModified != null) {
       httpServletResponse.addHeader("Expires", createDateHeader(expirationTime));
       httpServletResponse.addHeader("Last-Modified", toHttpDate(lastModified));
     }
     _log.debug("Serializing: " + object);
     final PrintWriter writer = httpServletResponse.getWriter();
     gson.toJson(object, writer);
     writer.flush();
     writer.close();
   } catch (Exception e) {
     _log.error("Error while writing response: " + e.getMessage(), e);
   }
 }

예제 #21

파일: CWE113_HTTP_Response_Splitting__console_readLine_addHeaderServlet_02.java 프로젝트: JulietTestSuite/Juliet

  /* goodB2G1() - use badsource and goodsink by changing second true to false */
  private void goodB2G1(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;
    if (true) {
      data = ""; /* Initialize data */
      {
        InputStreamReader readerInputStream = null;
        BufferedReader readerBuffered = null;
        /* read user input from console with readLine */
        try {
          readerInputStream = new InputStreamReader(System.in, "UTF-8");
          readerBuffered = new BufferedReader(readerInputStream);
          /* POTENTIAL FLAW: Read data from the console using readLine */
          data = readerBuffered.readLine();
        } catch (IOException exceptIO) {
          IO.logger.log(Level.WARNING, "Error with stream reading", exceptIO);
        } finally {
          try {
            if (readerBuffered != null) {
              readerBuffered.close();
            }
          } catch (IOException exceptIO) {
            IO.logger.log(Level.WARNING, "Error closing BufferedReader", exceptIO);
          }

          try {
            if (readerInputStream != null) {
              readerInputStream.close();
            }
          } catch (IOException exceptIO) {
            IO.logger.log(Level.WARNING, "Error closing InputStreamReader", exceptIO);
          }
        }
      }
      /* NOTE: Tools may report a flaw here because buffread and isr are not closed.  Unfortunately, closing those will close System.in, which will cause any future attempts to read from the console to fail and throw an exception */
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run
       * but ensure data is inititialized before the Sink to avoid compiler errors */
      data = null;
    }

    if (false) {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
      IO.writeLine("Benign, fixed string");
    } else {

      /* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
      if (data != null) {
        data = URLEncoder.encode(data, "UTF-8");
        response.addHeader("Location", "/author.jsp?lang=" + data);
      }
    }
  }

예제 #22

파일: CWE113_HTTP_Response_Splitting__console_readLine_addHeaderServlet_31.java 프로젝트: JulietTestSuite/Juliet

  /* goodB2G() - use badsource and goodsink */
  private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String dataCopy;
    {
      String data;

      data = ""; /* Initialize data */

      {
        InputStreamReader readerInputStream = null;
        BufferedReader readerBuffered = null;

        /* read user input from console with readLine */
        try {
          readerInputStream = new InputStreamReader(System.in, "UTF-8");
          readerBuffered = new BufferedReader(readerInputStream);

          /* POTENTIAL FLAW: Read data from the console using readLine */
          data = readerBuffered.readLine();
        } catch (IOException exceptIO) {
          IO.logger.log(Level.WARNING, "Error with stream reading", exceptIO);
        } finally {
          try {
            if (readerBuffered != null) {
              readerBuffered.close();
            }
          } catch (IOException exceptIO) {
            IO.logger.log(Level.WARNING, "Error closing BufferedReader", exceptIO);
          }

          try {
            if (readerInputStream != null) {
              readerInputStream.close();
            }
          } catch (IOException exceptIO) {
            IO.logger.log(Level.WARNING, "Error closing InputStreamReader", exceptIO);
          }
        }
      }
      /* NOTE: Tools may report a flaw here because buffread and isr are not closed.  Unfortunately, closing those will close System.in, which will cause any future attempts to read from the console to fail and throw an exception */

      dataCopy = data;
    }
    {
      String data = dataCopy;

      /* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
      if (data != null) {
        data = URLEncoder.encode(data, "UTF-8");
        response.addHeader("Location", "/author.jsp?lang=" + data);
      }
    }
  }

예제 #23

파일: CWE113_HTTP_Response_Splitting__URLConnection_addHeaderServlet_12.java 프로젝트: CheckmarxGitHub/GitFun

  /* goodG2B() - use goodsource and badsink by changing the first "if" so that
  both branches use the GoodSource */
  private void goodG2B(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;
    if (IO.static_returns_t_or_f()) {
      java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
      /* FIX: Use a hardcoded string */
      data = "foo";
    } else {

      java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");

      /* FIX: Use a hardcoded string */
      data = "foo";
    }
    if (IO.static_returns_t_or_f()) {
      /* POTENTIAL FLAW: Input from file not verified */
      response.addHeader("Location", "/author.jsp?lang=" + data);
    } else {

      /* POTENTIAL FLAW: Input from file not verified */
      response.addHeader("Location", "/author.jsp?lang=" + data);
    }
  }

예제 #24

파일: CWE113_HTTP_Response_Splitting__getQueryString_Servlet_addHeaderServlet_22b.java 프로젝트: JulietTestSuite/Juliet

 /* goodG2B() - use goodsource and badsink */
 public void goodG2BSink(String data, HttpServletRequest request, HttpServletResponse response)
     throws Throwable {
   if (CWE113_HTTP_Response_Splitting__getQueryString_Servlet_addHeaderServlet_22a
       .goodG2BPublicStatic) {
     /* POTENTIAL FLAW: Input from file not verified */
     if (data != null) {
       response.addHeader("Location", "/author.jsp?lang=" + data);
     }
   } else {
     /* INCIDENTAL: CWE 561 Dead Code, the code below will never run
      * but ensure data is inititialized before the Sink to avoid compiler errors */
     data = null;
   }
 }

예제 #25

파일: CWE113_HTTP_Response_Splitting__getQueryString_Servlet_addHeaderServlet_22b.java 프로젝트: JulietTestSuite/Juliet

 /* goodB2G2() - use badsource and goodsink by reversing the blocks in the if in the sink function */
 public void goodB2G2Sink(String data, HttpServletRequest request, HttpServletResponse response)
     throws Throwable {
   if (CWE113_HTTP_Response_Splitting__getQueryString_Servlet_addHeaderServlet_22a
       .goodB2G2PublicStatic) {
     /* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
     if (data != null) {
       data = URLEncoder.encode(data, "UTF-8");
       response.addHeader("Location", "/author.jsp?lang=" + data);
     }
   } else {
     /* INCIDENTAL: CWE 561 Dead Code, the code below will never run
      * but ensure data is inititialized before the Sink to avoid compiler errors */
     data = null;
   }
 }

예제 #26

파일: CWE113_HTTP_Response_Splitting__console_readLine_addHeaderServlet_02.java 프로젝트: JulietTestSuite/Juliet

  /* goodG2B2() - use goodsource and badsink by reversing statements in first if */
  private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;
    if (true) {
      /* FIX: Use a hardcoded string */
      data = "foo";
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run
       * but ensure data is inititialized before the Sink to avoid compiler errors */
      data = null;
    }

    if (true) {
      /* POTENTIAL FLAW: Input from file not verified */
      if (data != null) {
        response.addHeader("Location", "/author.jsp?lang=" + data);
      }
    }
  }

예제 #27

파일: CWE113_HTTP_Response_Splitting__database_addHeaderServlet_75b.java 프로젝트: JulietTestSuite/Juliet

  /* goodB2G() - use BadSource and GoodSink */
  public void goodB2GSink(
      byte[] dataSerialized, HttpServletRequest request, HttpServletResponse response)
      throws Throwable {
    /* unserialize data */
    ByteArrayInputStream streamByteArrayInput = null;
    ObjectInputStream streamObjectInput = null;

    try {
      streamByteArrayInput = new ByteArrayInputStream(dataSerialized);
      streamObjectInput = new ObjectInputStream(streamByteArrayInput);
      String data = (String) streamObjectInput.readObject();

      /* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
      if (data != null) {
        data = URLEncoder.encode(data, "UTF-8");
        response.addHeader("Location", "/author.jsp?lang=" + data);
      }

    } catch (IOException exceptIO) {
      IO.logger.log(Level.WARNING, "IOException in deserialization", exceptIO);
    } catch (ClassNotFoundException exceptClassNotFound) {
      IO.logger.log(
          Level.WARNING, "ClassNotFoundException in deserialization", exceptClassNotFound);
    } finally {
      /* clean up stream reading objects */
      try {
        if (streamObjectInput != null) {
          streamObjectInput.close();
        }
      } catch (IOException exceptIO) {
        IO.logger.log(Level.WARNING, "Error closing ObjectInputStream", exceptIO);
      }

      try {
        if (streamByteArrayInput != null) {
          streamByteArrayInput.close();
        }
      } catch (IOException exceptIO) {
        IO.logger.log(Level.WARNING, "Error closing ByteArrayInputStream", exceptIO);
      }
    }
  }

예제 #28

파일: CWE113_HTTP_Response_Splitting__database_addHeaderServlet_75b.java 프로젝트: JulietTestSuite/Juliet

  /* goodG2B() - use GoodSource and BadSink */
  public void goodG2BSink(
      byte[] dataSerialized, HttpServletRequest request, HttpServletResponse response)
      throws Throwable {
    /* unserialize data */
    ByteArrayInputStream streamByteArrayInput = null;
    ObjectInputStream streamObjectInput = null;

    try {
      streamByteArrayInput = new ByteArrayInputStream(dataSerialized);
      streamObjectInput = new ObjectInputStream(streamByteArrayInput);
      String data = (String) streamObjectInput.readObject();

      /* POTENTIAL FLAW: Input from file not verified */
      if (data != null) {
        response.addHeader("Location", "/author.jsp?lang=" + data);
      }

    } catch (IOException exceptIO) {
      IO.logger.log(Level.WARNING, "IOException in deserialization", exceptIO);
    } catch (ClassNotFoundException exceptClassNotFound) {
      IO.logger.log(
          Level.WARNING, "ClassNotFoundException in deserialization", exceptClassNotFound);
    } finally {
      /* clean up stream reading objects */
      try {
        if (streamObjectInput != null) {
          streamObjectInput.close();
        }
      } catch (IOException exceptIO) {
        IO.logger.log(Level.WARNING, "Error closing ObjectInputStream", exceptIO);
      }

      try {
        if (streamByteArrayInput != null) {
          streamByteArrayInput.close();
        }
      } catch (IOException exceptIO) {
        IO.logger.log(Level.WARNING, "Error closing ByteArrayInputStream", exceptIO);
      }
    }
  }

예제 #29

파일: HostedSiteServlet.java 프로젝트: skniteilus/orion.server

 private void addContentTypeHeader(HttpServletResponse resp, IPath path) {
   String mimeType = getServletContext().getMimeType(path.lastSegment());
   if (mimeType != null) resp.addHeader("Content-Type", mimeType);
 }

예제 #30

파일: HostedSiteServlet.java 프로젝트: skniteilus/orion.server

 private void addEditHeaders(HttpServletResponse resp, IHostedSite site, IPath path) {
   resp.addHeader(
       "X-Edit-Server", site.getEditServerUrl() + "/edit/edit.html#"); // $NON-NLS-1$ //$NON-NLS-2$
   resp.addHeader("X-Edit-Token", FILE_SERVLET_ALIAS + path.toString()); // $NON-NLS-1$
 }