/* uses badsource and badsink */
public void bad() throws Throwable {
String data;
if (privateTrue) {
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
data = System.getProperty("user.home");
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
}
String osCommand;
if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) {
/* running on Windows */
osCommand = "c:\\WINDOWS\\SYSTEM32\\cmd.exe /c dir ";
} else {
/* running on non-Windows */
osCommand = "/bin/ls ";
}
/* POTENTIAL FLAW: command injection */
Process process = Runtime.getRuntime().exec(osCommand + data);
process.waitFor();
}
// Velocity init
public static void initVelocity() {
if (velocityCatch == null) {
System.out.println("init VM");
velocityCatch = new Object();
Properties props = new Properties();
props.setProperty("input.encoding", "UTF-8");
props.setProperty("output.encoding", "UTF-8");
if (getConfig().getChild("vmtemplatepath") != null) {
props.setProperty("file.resource.loader.path", getConfig().getChildText("vmtemplatepath"));
}
if (System.getProperty("vmtemplatepath") != null) {
props.setProperty("file.resource.loader.path", System.getProperty("vmtemplatepath"));
// Velocity.setProperty(RuntimeConstants.FILE_RESOURCE_LOADER_PATH,
// System.getProperty("vmtemplatepath"));//oder new FIle()?
}
System.out.println("vmtemplatepath=" + props.getProperty("vmtemplatepath"));
try {
Velocity.setProperty(Velocity.RUNTIME_LOG_LOGSYSTEM, VeloLog.getInstance());
Velocity.init(props);
} catch (Exception ex) {
ex.printStackTrace();
}
}
}
/**
* Constructor.
*
* @param rq request
* @param rs response
* @throws IOException I/O exception
*/
public HTTPContext(final HttpServletRequest rq, final HttpServletResponse rs) throws IOException {
req = rq;
res = rs;
final String m = rq.getMethod();
method = HTTPMethod.get(m);
final StringBuilder uri = new StringBuilder(req.getRequestURL());
final String qs = req.getQueryString();
if (qs != null) uri.append('?').append(qs);
log(false, m, uri);
// set UTF8 as default encoding (can be overwritten)
res.setCharacterEncoding(UTF8);
segments = toSegments(req.getPathInfo());
path = join(0);
user = System.getProperty(DBUSER);
pass = System.getProperty(DBPASS);
// set session-specific credentials
final String auth = req.getHeader(AUTHORIZATION);
if (auth != null) {
final String[] values = auth.split(" ");
if (values[0].equals(BASIC)) {
final String[] cred = Base64.decode(values[1]).split(":", 2);
if (cred.length != 2) throw new LoginException(NOPASSWD);
user = cred[0];
pass = cred[1];
} else {
throw new LoginException(WHICHAUTH, values[0]);
}
}
}
/* goodB2G1() - use badsource and goodsink by changing second privateReturnsTrue() to privateReturnsFalse() */
private void goodB2G1() throws Throwable {
String data;
if (privateReturnsTrue()) {
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
data = System.getProperty("user.home");
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
}
if (privateReturnsFalse()) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
IO.writeLine("Benign, fixed string");
} else {
String xmlFile = null;
if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) {
/* running on Windows */
xmlFile = "\\src\\testcases\\CWE643_Xpath Injection\\CWE643_Xpath_Injection__Helper.xml";
} else {
/* running on non-Windows */
xmlFile = "./src/testcases/CWE643_Xpath Injection/CWE643_Xpath_Injection__Helper.xml";
}
if (data != null) {
/* assume username||password as source */
String[] tokens = data.split("||");
if (tokens.length < 2) {
return;
}
/* FIX: validate input using StringEscapeUtils */
String username = StringEscapeUtils.escapeXml(tokens[0]);
String password = StringEscapeUtils.escapeXml(tokens[1]);
/* build xpath */
XPath xPath = XPathFactory.newInstance().newXPath();
InputSource inputXml = new InputSource(xmlFile);
String query =
"//users/user[name/text()='"
+ username
+ "' and pass/text()='"
+ password
+ "']"
+ "/secret/text()";
String secret = (String) xPath.evaluate(query, inputXml, XPathConstants.STRING);
}
}
}
/* uses badsource and badsink */
public void bad() throws Throwable {
int dataCopy;
{
int data;
data = Integer.MIN_VALUE; /* Initialize data */
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
{
String stringNumber = System.getProperty("user.home");
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing data from string",
exceptNumberFormat);
}
}
dataCopy = data;
}
{
int data = dataCopy;
/* POTENTIAL FLAW: Create a HashMap using data as the initial size. data may be very large, creating memory issues */
HashMap intHashMap = new HashMap(data);
}
}
public void action(String data) throws Throwable {
String xmlFile = null;
if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) {
/* running on Windows */
xmlFile = "\\src\\testcases\\CWE643_Xpath Injection\\CWE643_Xpath_Injection__Helper.xml";
} else {
/* running on non-Windows */
xmlFile = "./src/testcases/CWE643_Xpath Injection/CWE643_Xpath_Injection__Helper.xml";
}
if (data != null) {
/* assume username||password as source */
String[] tokens = data.split("||");
if (tokens.length < 2) {
return;
}
String username = tokens[0];
String password = tokens[1];
/* build xpath */
XPath xPath = XPathFactory.newInstance().newXPath();
InputSource inputXml = new InputSource(xmlFile);
/* INCIDENTAL: CWE180 Incorrect Behavior Order: Validate Before Canonicalize
* The user input should be canonicalized before validation. */
/* POTENTIAL FLAW: user input is used without validate */
String query =
"//users/user[name/text()='"
+ username
+ "' and pass/text()='"
+ password
+ "']"
+ "/secret/text()";
String secret = (String) xPath.evaluate(query, inputXml, XPathConstants.STRING);
}
}
public void bad() throws Throwable {
String data;
switch (6) {
case 6:
/* POTENTIAL FLAW: data may be set to null */
data = System.getProperty("CWE690");
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
break;
}
switch (7) {
case 7:
/* POTENTIAL FLAW: data could be null */
if (data.equals("CWE690")) {
IO.writeLine("data is CWE690");
}
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
IO.writeLine("Benign, fixed string");
break;
}
}
/* goodB2G2() - use badsource and goodsink by reversing the blocks in the second switch */
private void goodB2G2() throws Throwable {
String data;
switch (6) {
case 6:
/* POTENTIAL FLAW: data may be set to null */
data = System.getProperty("CWE690");
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
break;
}
switch (7) {
case 7:
/* FIX: call equals() on string literal (that is not null) */
if ("CWE690".equals(data)) {
IO.writeLine("data is CWE690");
}
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
IO.writeLine("Benign, fixed string");
break;
}
}
public void bad() throws Throwable {
int data;
if (IO.staticReturnsTrue()) {
data = Integer.MIN_VALUE; /* Initialize data */
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
{
String stringNumber = System.getProperty("user.home");
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing data from string",
exceptNumberFormat);
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = 0;
}
if (IO.staticReturnsTrue()) {
/* POTENTIAL FLAW: if data == Integer.MIN_VALUE, this will overflow */
int result = (int) (data - 1);
IO.writeLine("result: " + result);
}
}
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */
private void goodB2G2() throws Throwable {
int data;
if (IO.staticReturnsTrue()) {
data = Integer.MIN_VALUE; /* Initialize data */
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
{
String stringNumber = System.getProperty("user.home");
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing data from string",
exceptNumberFormat);
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = 0;
}
if (IO.staticReturnsTrue()) {
/* FIX: Add a check to prevent an overflow from occurring */
if (data > Integer.MIN_VALUE) {
int result = (int) (data - 1);
IO.writeLine("result: " + result);
} else {
IO.writeLine("data value is too small to perform subtraction.");
}
}
}
/* goodB2G() - use badsource and goodsink */
private void goodB2G() throws Throwable {
int data;
data = Integer.MIN_VALUE; /* Initialize data */
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
{
String stringNumber = System.getProperty("user.home");
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING, "Number format exception parsing data from string", exceptNumberFormat);
}
}
/* Need to ensure that the array is of size > 3 and < 101 due to the GoodSource and the large_fixed BadSource */
int array[] = {0, 1, 2, 3, 4};
/* FIX: Verify index before writing to array at location data */
if (data >= 0 && data < array.length) {
array[data] = 42;
} else {
IO.writeLine("Array index out of bounds");
}
}
public void bad() throws Throwable {
int data;
data = Integer.MIN_VALUE; /* Initialize data */
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
{
String stringNumber = System.getProperty("user.home");
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING, "Number format exception parsing data from string", exceptNumberFormat);
}
}
/* Need to ensure that the array is of size > 3 and < 101 due to the GoodSource and the large_fixed BadSource */
int array[] = {0, 1, 2, 3, 4};
/* POTENTIAL FLAW: Attempt to write to array at location data, which may be outside the array bounds */
array[data] = 42;
/* Skip reading back data from array since that may be another out of bounds operation */
}
/* goodG2B2() - use goodsource and badsink by reversing statements in if */
private void goodG2B2() throws Throwable {
String data;
if (IO.static_returns_t()) {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
data = ""; /* init data */
File f = new File("C:\\data.txt");
BufferedReader buffread = null;
FileReader fread = null;
try {
/* read string from file into data */
fread = new FileReader(f);
buffread = new BufferedReader(fread);
data = buffread.readLine(); // This will be reading the first "line" of the file, which
// could be very long if there are little or no newlines in the file\
} catch (IOException ioe) {
log_bad.warning("Error with stream reading");
} catch (NumberFormatException nfe) {
log_bad.warning("Error with number parsing");
} finally {
/* clean up stream reading objects */
try {
if (buffread != null) {
buffread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing buffread");
} finally {
try {
if (fread != null) {
fread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing fread");
}
}
}
}
String osCommand;
if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) {
/* running on Windows */
osCommand = "c:\\WINDOWS\\SYSTEM32\\cmd.exe /c dir ";
} else {
/* running on non-Windows */
osCommand = "/bin/ls ";
}
/* POTENTIAL FLAW: command injection */
Process p = Runtime.getRuntime().exec(osCommand + data);
p.waitFor();
}
/* uses badsource and badsink */
public void bad() throws Throwable {
String data;
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
data = System.getProperty("user.home");
Connection dbConnection = null;
try {
dbConnection = IO.getDBConnection();
/* POTENTIAL FLAW: Set the catalog name with the value of data
* allowing a nonexistent catalog name or unauthorized access to a portion of the DB */
dbConnection.setCatalog(data);
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql);
} finally {
try {
if (dbConnection != null) {
dbConnection.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
}
}
}
/* goodG2B1() - use goodsource and badsink by changing privateTrue to privateFalse */
private void goodG2B1() throws Throwable {
String data;
if (privateFalse) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
} else {
/* FIX: Use a hardcoded string */
data = "foo";
}
String osCommand;
if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) {
/* running on Windows */
osCommand = "c:\\WINDOWS\\SYSTEM32\\cmd.exe /c dir ";
} else {
/* running on non-Windows */
osCommand = "/bin/ls ";
}
/* POTENTIAL FLAW: command injection */
Process process = Runtime.getRuntime().exec(osCommand + data);
process.waitFor();
}
public void bad() throws Throwable {
int data;
if (IO.STATIC_FINAL_TRUE) {
data = Integer.MIN_VALUE; /* Initialize data */
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
{
String stringNumber = System.getProperty("user.home");
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing data from string",
exceptNumberFormat);
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = 0;
}
if (IO.STATIC_FINAL_TRUE) {
/* Need to ensure that the array is of size > 3 and < 101 due to the GoodSource and the large_fixed BadSource */
int array[] = {0, 1, 2, 3, 4};
/* POTENTIAL FLAW: Verify that data < array.length, but don't verify that data > 0, so may be attempting to read out of the array bounds */
if (data < array.length) {
IO.writeLine(array[data]);
} else {
IO.writeLine("Array index out of bounds");
}
}
}
public void bad() throws Throwable {
int data;
if (privateReturnsTrue()) {
data = Integer.MIN_VALUE; /* Initialize data */
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
{
String stringNumber = System.getProperty("user.home");
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing data from string",
exceptNumberFormat);
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = 0;
}
if (privateReturnsTrue()) {
/* Need to ensure that the array is of size > 3 and < 101 due to the GoodSource and the large_fixed BadSource */
int array[] = {0, 1, 2, 3, 4};
/* POTENTIAL FLAW: Attempt to read from array at location data, which may be outside the array bounds */
IO.writeLine(array[data]);
}
}
/* uses badsource and badsink */
public void bad() throws Throwable {
String data;
/* get environment variable ADD */
/* POTENTIAL FLAW: Read data from an environment variable */
data = System.getenv("ADD");
String root;
if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) {
/* running on Windows */
root = "C:\\uploads\\";
} else {
/* running on non-Windows */
root = "/home/user/uploads/";
}
if (data != null) {
/* POTENTIAL FLAW: no validation of concatenated value */
File file = new File(root + data);
FileInputStream streamFileInputSink = null;
InputStreamReader readerInputStreamSink = null;
BufferedReader readerBufferdSink = null;
if (file.exists() && file.isFile()) {
try {
streamFileInputSink = new FileInputStream(file);
readerInputStreamSink = new InputStreamReader(streamFileInputSink, "UTF-8");
readerBufferdSink = new BufferedReader(readerInputStreamSink);
IO.writeLine(readerBufferdSink.readLine());
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error with stream reading", exceptIO);
} finally {
/* Close stream reading objects */
try {
if (readerBufferdSink != null) {
readerBufferdSink.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing BufferedReader", exceptIO);
}
try {
if (readerInputStreamSink != null) {
readerInputStreamSink.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing InputStreamReader", exceptIO);
}
try {
if (streamFileInputSink != null) {
streamFileInputSink.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing FileInputStream", exceptIO);
}
}
}
}
}
// For war agent needs to be switched on
private boolean listenForDiscoveryMcRequests(Configuration pConfig) {
// Check for system props, system env and agent config
boolean sysProp =
System.getProperty("jolokia." + ConfigKey.DISCOVERY_ENABLED.getKeyValue()) != null;
boolean env = System.getenv("JOLOKIA_DISCOVERY") != null;
boolean config = pConfig.getAsBoolean(ConfigKey.DISCOVERY_ENABLED);
return sysProp || env || config;
}
public String badSource() throws Throwable {
String data;
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
data = System.getProperty("user.home");
return data;
}
public void bad() throws Throwable {
String data;
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
data = System.getProperty("user.home");
(new CWE23_Relative_Path_Traversal__Property_71b()).badSink((Object) data);
}
// Fireup tomcat and register this servlet
public static void main(String[] args) throws LifecycleException, SQLException {
Tomcat tomcat = new Tomcat();
tomcat.setPort(8080);
File base = new File(System.getProperty("java.io.tmpdir"));
Context rootCtx = tomcat.addContext("/", base.getAbsolutePath());
Tomcat.addServlet(rootCtx, "log", new LogService());
rootCtx.addServletMapping("/*", "log");
tomcat.start();
tomcat.getServer().await();
}
public String getClassPath() {
StringBuffer cpath = new StringBuffer();
String sep = System.getProperty("path.separator");
for (int i = 0; i < jars.size(); i++) {
cpath.append((String) jars.elementAt(i) + sep);
}
return cpath.toString();
}
/* goodB2G() - use badsource and goodsink */
private void goodB2G() throws Throwable {
String data;
/* POTENTIAL FLAW: data may be set to null */
data = System.getProperty("CWE690");
Container dataContainer = new Container();
dataContainer.containerOne = data;
(new CWE690_NULL_Deref_From_Return__System_getProperty_trim_67b()).goodB2GSink(dataContainer);
}
/* goodB2G() - use badsource and goodsink */
private void goodB2G() throws Throwable {
String data;
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
data = System.getProperty("user.home");
dataGoodB2G = data;
goodB2GSink();
}
public void bad() throws Throwable {
String data;
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
data = System.getProperty("user.home");
dataBad = data;
badSink();
}
/* goodG2B2() - use goodsource and badsink by reversing the blocks in the first switch */
private void goodG2B2() throws Throwable {
String data;
switch (6) {
case 6:
/* FIX: Use a hardcoded string */
data = "foo";
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
break;
}
switch (7) {
case 7:
String xmlFile = null;
if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) {
/* running on Windows */
xmlFile = "\\src\\testcases\\CWE643_Xpath Injection\\CWE643_Xpath_Injection__Helper.xml";
} else {
/* running on non-Windows */
xmlFile = "./src/testcases/CWE643_Xpath Injection/CWE643_Xpath_Injection__Helper.xml";
}
if (data != null) {
/* assume username||password as source */
String[] tokens = data.split("||");
if (tokens.length < 2) {
return;
}
String username = tokens[0];
String password = tokens[1];
/* build xpath */
XPath xPath = XPathFactory.newInstance().newXPath();
InputSource inputXml = new InputSource(xmlFile);
/* INCIDENTAL: CWE180 Incorrect Behavior Order: Validate Before Canonicalize
* The user input should be canonicalized before validation. */
/* POTENTIAL FLAW: user input is used without validate */
String query =
"//users/user[name/text()='"
+ username
+ "' and pass/text()='"
+ password
+ "']"
+ "/secret/text()";
String secret = (String) xPath.evaluate(query, inputXml, XPathConstants.STRING);
}
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
IO.writeLine("Benign, fixed string");
break;
}
}
// Try to find an URL for system props or config
private String findAgentUrl(Configuration pConfig) {
// System property has precedence
String url = System.getProperty("jolokia." + ConfigKey.DISCOVERY_AGENT_URL.getKeyValue());
if (url == null) {
url = System.getenv("JOLOKIA_DISCOVERY_AGENT_URL");
if (url == null) {
url = pConfig.get(ConfigKey.DISCOVERY_AGENT_URL);
}
}
return NetworkUtil.replaceExpression(url);
}
private void setSysTime(long ctrTime) throws IOException {
DateFormat dateTimeFmt = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
String dt = dateTimeFmt.format(new Date(ctrTime))
String[] cmd = {"date", "-s", dt};
String osType = System.getProperty("os.name").toLowerCase();
if (osType.contains("linux")) {
LOGGER.debug("setting system time {} as {} on driver {}", ctrTime, dt, driver.getDriverInfo().getName());
Runtime.getRuntime().exec(cmd);
} else {
LOGGER.warn("os type on driver {} is {}!",
driver.getDriverInfo().getName(), osType);
}
}
public void action(String data) throws Throwable {
String osCommand;
if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) {
/* running on Windows */
osCommand = "c:\\WINDOWS\\SYSTEM32\\cmd.exe /c dir ";
} else {
/* running on non-Windows */
osCommand = "/bin/ls ";
}
/* POTENTIAL FLAW: command injection */
Process process = Runtime.getRuntime().exec(osCommand + data);
process.waitFor();
}