public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) {
try {
String target = ((HttpServletRequest) request).getRequestURI();
HttpSession session = ((HttpServletRequest) request).getSession();
if (session == null) {
/* まだ認証されていない */
session = ((HttpServletRequest) request).getSession(true);
session.setAttribute("target", target);
((HttpServletResponse) response).sendRedirect("/refrigerator/LoginPage");
} else {
Object loginCheck = session.getAttribute("login");
if (loginCheck == null) {
/* まだ認証されていない */
session.setAttribute("target", target);
((HttpServletResponse) response).sendRedirect("/refrigerator/LoginPage");
}
}
chain.doFilter(request, response);
} catch (ServletException se) {
} catch (IOException e) {
}
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
PrintWriter out = response.getWriter();
out.print("<html><head><title>Page2</title></head><body>");
Users tmpUser = null;
HttpSession session;
tmpUser = usersService.findByLogin(request.getParameter("login"));
if (tmpUser != null) {
if ((tmpUser.getPassword()).equals(request.getParameter("password"))) {
session = request.getSession(true);
session.setAttribute("users", tmpUser);
response.sendRedirect("http://localhost:8080/orders");
} else {
out.print("Access denied :(");
}
} else {
String login = request.getParameter("login");
String pass = request.getParameter("password");
tmpUser = new Users(login, pass);
usersService.saveUsers(tmpUser);
session = request.getSession(true);
session.setAttribute("users", tmpUser);
response.sendRedirect("http://localhost:8080/orders");
}
out.print("</body></html>");
}
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String title = "Reading All Request Parameters";
out.println(
ServletUtilities.headWithTitle(title)
+ "<BODY BGCOLOR=\"#FDF5E6\">\n"
+ "<H1 ALIGN=CENTER>"
+ title
+ "</H1>\n"
+ "<TABLE BORDER=1 ALIGN=CENTER>\n"
+ "<TR BGCOLOR=\"#FFAD00\">\n"
+ "<TH>Parameter Name<TH>Parameter Value(s)");
Enumeration paramNames = request.getParameterNames();
while (paramNames.hasMoreElements()) {
String paramName = (String) paramNames.nextElement();
out.println("<TR><TD>" + paramName + "\n<TD>");
String[] paramValues = request.getParameterValues(paramName);
if (paramValues.length == 1) {
String paramValue = paramValues[0];
if (paramValue.length() == 0) out.print("<I>No Value</I>");
else out.print(paramValue);
} else {
out.println("<UL>");
for (int i = 0; i < paramValues.length; i++) {
out.println("<LI>" + paramValues[i]);
}
out.println("</UL>");
}
}
out.println("</TABLE>\n</BODY></HTML>");
}
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
resp.setContentType("text/html");
PrintWriter out = resp.getWriter();
UserService userService = UserServiceFactory.getUserService();
if (userService.isUserLoggedIn()) {
User user = userService.getCurrentUser();
out.println("<p>You are signed in as " + user.getNickname() + ". ");
if (userService.isUserAdmin()) {
out.println("You are an administrator. ");
}
out.println("<a href=\"" + userService.createLogoutURL("/") + "\">Sign out</a>.</p>");
} else {
out.println(
"<p>You are not signed in to Google Accounts. "
+ "<a href=\""
+ userService.createLoginURL(req.getRequestURI())
+ "\">Sign in</a>.</p>");
}
out.println(
"<ul>"
+ "<li><a href=\"/\">/</a></li>"
+ "<li><a href=\"/required\">/required</a></li>"
+ "<li><a href=\"/admin\">/admin</a></li>"
+ "</ul>");
SimpleDateFormat fmt = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss.SSSSSS");
fmt.setTimeZone(new SimpleTimeZone(0, ""));
out.println("<p>The time is: " + fmt.format(new Date()) + "</p>");
}
/**
* Attempts to send an internal server error HTTP error, if possible. Otherwise simply pushes the
* exception message to the output stream.
*
* @param message Message to be printed to the logger and to the output stream.
* @param t Exception that caused the error.
*/
protected void filterError(String message, Throwable t) {
log.error("XSLT filter error: " + message, t);
if (false == origResponse.isCommitted()) {
// Reset the buffer and previous status code.
origResponse.reset();
origResponse.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
origResponse.setContentType("text/html; charset=UTF-8");
}
// Response committed. Just push the error to the output stream.
try {
final OutputStream os = origResponse.getOutputStream();
final PrintWriter osw = new PrintWriter(new OutputStreamWriter(os, "iso8859-1"));
osw.write("<html><body><!-- " + XSLTFilterConstants.ERROR_TOKEN + " -->");
osw.write("<h1 style=\"color: red; margin-top: 1em;\">");
osw.write("Internal server exception");
osw.write("</h1>");
osw.write("<b>URI</b>: " + origRequest.getRequestURI() + "\n<br/><br/>");
serializeException(osw, t);
if (t instanceof ServletException && ((ServletException) t).getRootCause() != null) {
osw.write("<br/><br/><h2>ServletException root cause:</h2>");
serializeException(osw, ((ServletException) t).getRootCause());
}
osw.write("</body></html>");
osw.flush();
} catch (IOException e) {
// Not much to do in such case (connection broken most likely).
log.debug("Filter error could not be returned to client.");
}
}
public void doGet(HttpServletRequest rq, HttpServletResponse rs) {
PrintWriter pw = null;
try {
pw = rs.getWriter();
rs.setContentType("application/json");
OperatorBLInterface operatorInterface = new Operator();
LoyaltyApplication loyaltyApplication = new LoyaltyApplication();
boolean found = loyaltyApplication.operatorExists(Integer.parseInt(rq.getParameter("code")));
pw.println("{");
pw.println("\"success\":true,");
pw.println("\"found\":" + found);
pw.println("}");
} catch (ApplicationException ae) {
System.out.println(ae);
pw.println("{");
pw.println("\"success\":false,");
pw.println("\"errorMessage\":" + "\"" + ae + "\"");
pw.println("}");
} catch (Exception e) {
System.out.println(e);
}
}
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
resp.setContentType("text/html");
resp.getWriter().println("<a href='/'>Back to home</a><br/>");
resp.getWriter().println("This is the admin page for making system updates.");
resp.getWriter()
.println("Please expect the system to take about 15 seconds to perform these actions.");
NascarConfig config = NascarConfigSingleton.get();
Race race = config.getRace();
resp.getWriter()
.println(
String.format(
"<h3>Current race: %d - %d (%s)</h3>",
race.getYear(), race.getWeek(), race.getRaceName()));
resp.getWriter().println("<form method='POST'>");
resp.getWriter()
.println(
"<p>Click the following magic button after the race results are in to prepare the system for the new week.</p>");
resp.getWriter().println("<input type='hidden' name='action' value='nextrace'/>");
resp.getWriter()
.println("<button type='submit'>Calculate Results and go to next Race</button></form>");
resp.getWriter().println("<form method='POST'>");
String lineupString = config.getCanEditLineup() ? "Lineups are unlocked" : "Lineups are locked";
resp.getWriter().println(lineupString);
resp.getWriter().println("<input type='hidden' name='action' value='toggleeditable'/>");
String lineupText = config.getCanEditLineup() ? "Lock lineups" : "Unlock lineups";
resp.getWriter().println("<button type='submit'>" + lineupText + "</button></form>");
resp.getWriter().println("<BR/>Last operation: " + LAST_OPERATION_MESSAGE);
}
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
String pathInfo = req.getPathInfo();
if (pathInfo.equals("/")) {
HttpSession session = req.getSession();
if (session == null) {
resp.setStatus(401);
return;
}
String username = (String) session.getAttribute("username");
if (username == null) {
resp.setStatus(401);
return;
}
Map userMap = loadUserSettingsMap(username);
if (userMap == null) {
resp.setStatus(401);
return;
}
Enumeration parameterNames = req.getParameterNames();
while (parameterNames.hasMoreElements()) {
String parameterName = (String) parameterNames.nextElement();
userMap.put(parameterName, req.getParameter(parameterName));
}
saveUserSettingsMap(username, userMap);
return;
}
super.doPost(req, resp);
}
public void doGet(HttpServletRequest rq, HttpServletResponse rs) {
PrintWriter pw = null;
try {
pw = rs.getWriter();
rs.setContentType("application/json");
LoyaltyApplication loyaltyApplication = new LoyaltyApplication();
loyaltyApplication.removeOperator(Integer.parseInt(rq.getParameter("code")));
pw.println("{");
pw.println("\"success\":true,");
pw.println("\"message\":\"removed\"");
pw.println("}");
} catch (ApplicationException ae) {
System.out.println(ae);
pw.println("{");
pw.println("\"success\":false,");
pw.println("\"errorMessage\":" + "\"" + ae + "\"");
pw.println("}");
} catch (IOException ioe) {
System.out.println(ioe);
}
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
try {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
/*String n=request.getParameter("username");
out.print("Welcome "+n);*/
String name = request.getParameter("name");
String dob = request.getParameter("dob");
String address = request.getParameter("address");
String email = request.getParameter("email");
HttpSession session = request.getSession(true);
String userid = (String) session.getAttribute("theName");
int AccNo = 0;
String AccMsg = "";
DbCommunication db_comm = new DbCommunication();
AccNo = db_comm.accountCreation(name, dob, address, email, userid);
// db_comm.accountCreation(name,email);
AccMsg = "Account created successfully. Account number is:" + AccNo;
// out.println(AccMsg);
String redirectURL = "accountCreationPage.jsp";
response.sendRedirect(redirectURL);
session.setAttribute("AccCreationalMsgStatus", "set");
session.setAttribute("AccCreationalMsg", AccMsg);
} catch (Exception e) {
System.out.println(e);
}
}
private void callMethodForMultiPart(HttpServletRequest req, HttpServletResponse resp)
throws Exception {
String pinfo = req.getPathInfo();
int pos = pinfo.indexOf('.');
String cname = pinfo.substring(1, pos).replace('/', '.');
String mname = pinfo.substring(pos + 1);
MultiPartMap map = new MultiPartMap();
FileItemIterator ite = new FileUpload().getItemIterator(req);
while (ite.hasNext()) {
FileItemStream item = ite.next();
if (item.isFormField()) {
map.put(item.getFieldName(), IOUtil.streamToString(item.openStream(), "UTF-8"));
} else {
FileItem val =
new FileItem(
item.getFileName(), item.getContentType(), IOUtil.streamToBytes(item.openStream()));
map.put(item.getFieldName(), val);
}
}
Class clazz = Class.forName(cname);
Class[] types = new Class[] {MultiPartMap.class};
Method method = clazz.getMethod(mname, types);
if (method == null) {
throw new RuntimeException("Not found method " + mname + "(Map)");
}
Object result = method.invoke(null, map);
resp.setContentType(MIME_HTML + ";charset=utf-8");
resp.getWriter().write(result.toString());
}
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String title = "Showing Request Headers";
StringBuilder sb = new StringBuilder();
sb.append("<html>\n<head>\n");
sb.append("<title>" + title + "</title>\n");
sb.append("</head>\n");
sb.append("<body bgcolor='#FDF5E6'>\n");
sb.append("<h1 align='center'>" + title + "</h1>\n");
sb.append("<b> Request Method: </b>" + request.getMethod() + "<br>\n");
sb.append("<b> Request URI: </b>" + request.getRequestURI() + "<br>\n");
sb.append("<b> Request Protocol: </b>" + request.getProtocol() + "<br>\n");
sb.append("<table border=1 align='center'>\n");
sb.append("<tr bgcolor='#FFAD00'>\n");
sb.append("<th> Header Name </th><th> Header Value </th></tr>\n");
Enumeration headerNames = request.getHeaderNames();
while (headerNames.hasMoreElements()) {
String headerName = (String) headerNames.nextElement();
sb.append("<tr><td>" + headerName + "</td>");
sb.append("<td>" + request.getHeader(headerName) + "</td></tr>\n");
}
sb.append("</table>\n");
sb.append("</body></html>");
out.println(sb.toString());
out.close();
}
/* goodG2B() - use goodsource and badsink by changing the "if" so that
* both branches use the GoodSource */
private void goodG2B(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (IO.staticReturnsTrueOrFalse()) {
/* FIX: Use a hardcoded string */
data = "foo";
} else {
/* FIX: Use a hardcoded string */
data = "foo";
}
if (data != null) {
/* This prevents \r\n (and other chars) and should prevent incidentals such
* as HTTP Response Splitting and HTTP Header Injection.
*/
URI uri;
try {
uri = new URI(data);
} catch (URISyntaxException exceptURISyntax) {
response.getWriter().write("Invalid redirect URL");
return;
}
/* POTENTIAL FLAW: redirect is sent verbatim; escape the string to prevent ancillary issues like XSS, Response splitting etc */
response.sendRedirect(data);
return;
}
}
public void service(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
try {
userObj = new User();
tmsManager = new TMSManager();
RequestDispatcher rd1 = request.getRequestDispatcher("./header");
rd1.include(request, response);
out.println("<html><head><title>UpdateUser</title></head>");
out.println("<body onload=onSubmit() bgcolor =\"#ffcc00\">");
out.println("<form method =\"POST\" action =\"./updateUser\" ><br><br><br>");
out.println("<table border = 1 width = \"40%\" align = \"center\" bgcolor = \"#bbccff\">");
out.println("<caption><b>UpdateUser</b></caption>");
out.println("<tr><td style = font face: verdana>Enter User ID</td>");
out.println("<td><input type = \"text\" name = \"user_id\" ></td></tr>");
out.println(
"<tr><td colspan = 2 align = \"center\"><input type = \"submit\" name = \"Submit\" value = \"Submit\">");
out.println("<input type = \"Reset\" name = \"Reset\" value = \"Clear\"></td></tr>");
out.println("</table>");
out.println("</body></html>");
// String user_id = request.getParameter("user_id");
// userObj = tmsManager.getUser(user_id);
} catch (Exception e) {
System.out.println(e.getMessage());
}
RequestDispatcher rd2 = request.getRequestDispatcher("./footer");
rd2.include(request, response);
}
public void service(HttpServletRequest req, HttpServletResponse res)
throws IOException, ServletException {
res.setHeader("A", "a");
res.setHeader("Content-Length", "0");
res.setHeader("B", "b");
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (IO.static_returns_t_or_f()) {
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
} else {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
}
if (IO.static_returns_t_or_f()) {
/* POTENTIAL FLAW: Input from file not verified */
response.addHeader("Location", "/author.jsp?lang=" + data);
} else {
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
data = URLEncoder.encode(data, "UTF-16");
response.addHeader("Location", "/author.jsp?lang=" + data);
}
}
/* goodB2G() - use badsource and goodsink by changing the second "if" so that
both branches use the GoodSink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (IO.static_returns_t_or_f()) {
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
} else {
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
}
if (IO.static_returns_t_or_f()) {
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
data = URLEncoder.encode(data, "UTF-16");
response.addHeader("Location", "/author.jsp?lang=" + data);
} else {
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
data = URLEncoder.encode(data, "UTF-16");
response.addHeader("Location", "/author.jsp?lang=" + data);
}
}
/* goodG2B2() - use goodsource and badsink by reversing statements in if */
private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (IO.STATIC_FINAL_TRUE) {
/* FIX: Use a hardcoded string */
data = "foo";
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
}
if (data != null) {
/* This prevents \r\n (and other chars) and should prevent incidentals such
* as HTTP Response Splitting and HTTP Header Injection.
*/
URI uri;
try {
uri = new URI(data);
} catch (URISyntaxException exceptURISyntax) {
response.getWriter().write("Invalid redirect URL");
return;
}
/* POTENTIAL FLAW: redirect is sent verbatim; escape the string to prevent ancillary issues like XSS, Response splitting etc */
response.sendRedirect(data);
return;
}
}
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
res.setContentType("text/html");
PrintWriter out = res.getWriter();
Enumeration values = req.getParameterNames();
String name = "";
String value = "";
String id = "";
while (values.hasMoreElements()) {
name = ((String) values.nextElement()).trim();
value = req.getParameter(name).trim();
if (name.equals("id")) id = value;
}
if (url.equals("")) {
url = getServletContext().getInitParameter("url");
cas_url = getServletContext().getInitParameter("cas_url");
}
HttpSession session = null;
session = req.getSession(false);
if (session != null) {
session.invalidate();
}
res.sendRedirect(cas_url);
return;
}
/* goodG2B() - use goodsource and badsink by changing the conditions on the first and second while statements */
private void goodG2B(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
boolean local_f = false;
while (true) {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
break;
}
while (local_f) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
/* get environment variable ADD */
data = System.getenv("ADD");
break;
}
while (true) {
Cookie cookieSink = new Cookie("lang", data);
/* POTENTIAL FLAW: Input not verified before inclusion in the cookie */
response.addCookie(cookieSink);
break;
}
while (local_f) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Cookie cookieSink = new Cookie("lang", URLEncoder.encode(data, "UTF-16"));
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
response.addCookie(cookieSink);
break;
}
}
protected void doDelete(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
String pathInfo = req.getPathInfo();
HttpSession session = req.getSession();
if (session == null) {
resp.setStatus(401);
return;
}
String username = (String) session.getAttribute("username");
if (username == null) {
resp.setStatus(401);
return;
}
Map userMap = loadUserSettingsMap(username);
if (userMap == null) {
resp.setStatus(401);
return;
}
if (pathInfo.equals("/")) {
userMap.clear();
}
String key = pathInfo.substring(1);
userMap.remove(key);
saveUserSettingsMap(username, userMap);
return;
}
// Set an appropriate CORS header if requested and if allowed
private void setCorsHeader(HttpServletRequest pReq, HttpServletResponse pResp) {
String origin = requestHandler.extractCorsOrigin(pReq.getHeader("Origin"));
if (origin != null) {
pResp.setHeader("Access-Control-Allow-Origin", origin);
pResp.setHeader("Access-Control-Allow-Credentials", "true");
}
}
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws IOException, ServletException {
res.setContentType("text/html");
try {
PrintWriter pw = res.getWriter();
pw.println("<html><head><TITLE>Web-Enabled Automated Manufacturing System</TITLE></head>");
pw.println(
"<body><br><br><br><form name=modifyuser method=post action='http://peers:8080/servlet/showUser')");
v = U.allUsers();
pw.println("<table align='center' border=0> <tr><td>");
pw.println(
"Select User Name To Modify</td><td><SELECT id=select1 name=uid style='HEIGHT: 22px; LEFT: 74px; TOP: 222px; WIDTH: 155px'>");
pw.println("<OPTION selected value=''></OPTION>");
for (i = 0; i < v.size(); i++)
pw.println(
"<OPTION value="
+ (String) v.elementAt(i)
+ ">"
+ (String) v.elementAt(i)
+ "</OPTION>");
pw.println(
"</SELECT></td></tr><tr><td></td><td><input type='submit' name='submit' value='Submit'></td></tr></table></form></body></html>");
pw.flush();
pw.close();
} catch (Exception e) {
}
}
/* goodG2B1() - use goodsource and badsink by changing first 5==5 to 5!=5 */
private void goodG2B1(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
/* INCIDENTAL: CWE 570 Statement is Always False */
if (5 != 5) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
} else {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
}
/* INCIDENTAL: CWE 571 Statement is Always True */
if (5 == 5) {
Cookie cookieSink = new Cookie("lang", data);
/* POTENTIAL FLAW: Input not verified before inclusion in the cookie */
response.addCookie(cookieSink);
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Cookie cookieSink = new Cookie("lang", URLEncoder.encode(data, "UTF-16"));
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
response.addCookie(cookieSink);
}
}
@Override
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
String thisUsersId = req.getParameter("userId");
if ("true".equals(req.getParameter("pingAlive"))) {
updateLastAliveTime(thisUsersId);
} else {
ObjectMapper mapper = new ObjectMapper();
ArrayNode usersArray = mapper.createArrayNode();
for (Map.Entry<String, User> userEntry : users.entrySet()) {
if (!thisUsersId.equals(userEntry.getKey())) {
User user = userEntry.getValue();
Date now = new Date();
if ((now.getTime() - user.getLastAliveTime().getTime()) / 1000 <= 10) {
ObjectNode userJson = mapper.createObjectNode();
userJson.put("user_id", userEntry.getKey());
userJson.put("user_name", user.getName());
usersArray.add(userJson);
}
}
}
ObjectNode usersJson = mapper.createObjectNode();
usersJson.put("opponents", usersArray);
resp.setContentType("application/json; charset=UTF-8");
mapper.writeValue(resp.getWriter(), usersJson);
}
}
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html; charset=UTF-8");
Tools.sendDisableCacheHeaders(response);
final PrintWriter out = response.getWriter();
out.println("<html>");
out.println(" <body>");
Cookie cookie = getCookie("carlos-cookie-test", request);
if (cookie == null) {
print(out, "No cookie set.");
} else {
print(out, "<b>Cookie ID</b>: " + cookie.getName() + "<br>");
print(out, "<b>Value</b>: " + cookie.getValue() + "<br>");
refreshCookie(cookie, response);
}
out.println(" <br>");
out.println(" <form method=\"post\">");
out.println(" <input type=\"submit\" value=\"create\" name=\"button\"><br><br>");
out.println(" <input type=\"submit\" value=\"delete\" name=\"button\"><br><br>");
out.println(" <input type=\"submit\" value=\"no-pass\" name=\"button\"><br>");
out.println(" </form>");
out.println(" </body>");
out.println("</html>");
out.close();
}
public void doGet(HttpServletRequest solicitacao, HttpServletResponse resposta)
throws IOException, ServletException {
resposta.setContentType("text/html");
PrintWriter out = resposta.getWriter();
out.println("<html>");
out.println("<body>");
out.println("<center>");
out.println("<h1>Insira os dados para a criação do cookie</h1>");
out.println("</center>");
out.println("<table border='0' width='400'>");
out.println("<tr>");
out.println("<td>");
out.println("<form method='post' action='ExemploCookies'>");
out.println("<font face='verdana' size='2'>");
out.println("Nome do cookie: < / font > ");
out.println("<input type='text' name='nome' size = '20'>");
out.println("<br>");
out.println("<font face='verdana' size='2'>");
out.println("Valor do cookie: < / font > ");
out.println("<input type='text' name='valor' size ='20'><br > ");
out.println("</td>");
out.println("</tr>");
out.println("<tr>");
out.println("<td align='center'>");
out.println("<input type='submit' value='Criar' name = 'S1'>");
out.println(" ");
out.println("<input type='reset' value='Limpar' name = 'S2'>");
out.println("</td>");
out.println("</tr>");
out.println("</table>");
out.println("</body>");
out.println("</html>");
}
/* goodG2B() - use goodsource and badsink by moving BadSource and BadSink to after return */
private void goodG2B(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
{
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
/* POTENTIAL FLAW: Input not verified before inclusion in header */
response.setHeader("Location", "/author.jsp?lang=" + data);
}
if (true) return; /* INCIDENTAL: CWE 571 Expression is Always True.
We need the "if(true)" because the Java Language Spec requires that
unreachable code generate a compiler error */
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
{
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from request */
data = request.getParameter("name");
/* POTENTIAL FLAW: Input not verified before inclusion in header */
response.setHeader("Location", "/author.jsp?lang=" + data);
}
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// POST method only used for tracked login operation
HttpSession session = request.getSession();
response.setContentType("text/plain");
PrintWriter out = response.getWriter();
// Get the username and password from request
String username = request.getParameter("id");
String password = request.getParameter("pwd");
Long id = 0L;
try {
id = Long.parseLong(username);
} catch (Exception ex) {
}
if (username != null && password != null) {
// Login into tracked system
CTracked ctracked = db.loginTrackedFromMobile(id, password).getResult();
if (ctracked != null) {
// Login successful
out.print("OK," + ctracked.getUsername());
session.setAttribute("device_id", ctracked.getUsername());
log.info(ctracked + " : logined!");
}
}
}
/* goodB2G() - use badsource and goodsink by switching statements around return */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from request */
data = request.getParameter("name");
{
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
data = URLEncoder.encode(data, "UTF-16");
response.setHeader("Location", "/author.jsp?lang=" + data);
}
if (true) return; /* INCIDENTAL: CWE 571 Expression is Always True.
We need the "if(true)" because the Java Language Spec requires that
unreachable code generate a compiler error */
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
{
/* POTENTIAL FLAW: Input not verified before inclusion in header */
response.setHeader("Location", "/author.jsp?lang=" + data);
}
}
