Java HttpServletResponse.addHeader примеры использования

Пример #1

Файл: CWE113_HTTP_Response_Splitting__getQueryStringServlet_addHeaderServlet_17.java Проект: CheckmarxGitHub/GitFun

  public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;

    /* We need to have one source outside of a for loop in order
    to prevent the Java compiler from generating an error because
    data is uninitialized */

    Logger log_bad = Logger.getLogger("local-logger");
    data = "";

    /* parse the query string for value of 'id' */
    String id_str = null;
    StringTokenizer st = new StringTokenizer(request.getQueryString(), "&");
    while (st.hasMoreTokens()) {
      String token = st.nextToken();
      int i = token.indexOf("=");
      if ((i > 0) && (i < (token.length() - 1)) && (token.substring(0, i).equals("id"))) {
        id_str = token.substring(i + 1);
        break;
      }
    }

    if (id_str != null) {
      Connection conn = null;
      PreparedStatement statement = null;
      ResultSet rs = null;
      try {
        int id = Integer.parseInt(id_str);
        conn = IO.getDBConnection();
        statement = conn.prepareStatement("select * from pages where id=?");
        /* FLAW: no check to see whether the user has privileges to view the data */
        statement.setInt(1, id);
        rs = statement.executeQuery();
        data = rs.toString();
      } catch (SQLException se) {
        log_bad.warning("Error");
      } finally {
        /* clean up database objects */
        try {
          if (rs != null) {
            rs.close();
          }
        } catch (SQLException se) {
          log_bad.warning("Error closing rs");
        } finally {
          try {
            if (statement != null) {
              statement.close();
            }
          } catch (SQLException se) {
            log_bad.warning("Error closing statement");
          } finally {
            try {
              if (conn != null) {
                conn.close();
              }
            } catch (SQLException se) {
              log_bad.warning("Error closing conn");
            }
          }
        }
      }
    }

    for (int for_index_i = 0; for_index_i < 0; for_index_i++) {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
      java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
      /* FIX: Use a hardcoded string */
      data = "foo";
    }

    for (int for_index_j = 0; for_index_j < 1; for_index_j++) {
      /* POTENTIAL FLAW: Input from file not verified */
      response.addHeader("Location", "/author.jsp?lang=" + data);
    }

    for (int for_index_k = 0; for_index_k < 0; for_index_k++) {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
      /* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
      data = URLEncoder.encode(data, "UTF-16");
      response.addHeader("Location", "/author.jsp?lang=" + data);
    }
  }