示例#1
0
  private static void doGetCWE6(HttpServletRequest request, HttpServletResponse response) {
    try {
      /* BEGIN-AUTOGENERATED-SERVLET-TESTS-6 */
      (new testcases.CWE600_Fail_Catch_Exceptions
              .CWE600_Fail_Catch_Exceptions__Servlet_getParameter_01())
          .runTest(request, response);
      /* END-AUTOGENERATED-SERVLET-TESTS-6 */
    } catch (Throwable t) {

      /* this will only happen on an IOException or something (the runTest for the test cases will catch any exceptions from the test cases).  So, we just abort
       * and write to the console (since we can't write to the response without possibly throwing another exception)
       */

      System.out.println(" Caught thowable from doGetCWE6 ");

      System.out.println(" Throwable's message = " + t.getMessage());

      System.out.println("Stack trace below");

      StackTraceElement stes[] = t.getStackTrace();

      for (StackTraceElement ste : stes) {
        System.out.println("  " + ste.toString());
      }
    }
  }
示例#2
0
  private static void doGetCWE4(HttpServletRequest request, HttpServletResponse response) {
    try {
      /* BEGIN-AUTOGENERATED-SERVLET-TESTS-4 */
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakPathServlet_01())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakPathServlet_02())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakPathServlet_03())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakPathServlet_04())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakPathServlet_05())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakPathServlet_06())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakPathServlet_07())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakPathServlet_08())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakPathServlet_09())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakPathServlet_10())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakPathServlet_11())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakPathServlet_12())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakPathServlet_13())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakPathServlet_14())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakPathServlet_15())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakPathServlet_16())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakPathServlet_17())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakPathServlet_19())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_01())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_02())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_03())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_04())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_05())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_06())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_07())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_08())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_09())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_10())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_11())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_12())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_13())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_14())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_15())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_16())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_17())
          .runTest(request, response);
      (new testcases.CWE497_Information_Leak_of_System_Data
              .CWE497_Information_Leak_of_System_Data__leakStacktraceServlet_19())
          .runTest(request, response);
      /* END-AUTOGENERATED-SERVLET-TESTS-4 */
    } catch (Throwable t) {

      /* this will only happen on an IOException or something (the runTest for the test cases will catch any exceptions from the test cases).  So, we just abort
       * and write to the console (since we can't write to the response without possibly throwing another exception)
       */

      System.out.println(" Caught thowable from doGetCWE4 ");

      System.out.println(" Throwable's message = " + t.getMessage());

      System.out.println("Stack trace below");

      StackTraceElement stes[] = t.getStackTrace();

      for (StackTraceElement ste : stes) {
        System.out.println("  " + ste.toString());
      }
    }
  }
  public void doGet(HttpServletRequest request, HttpServletResponse response)
      throws IOException, ServletException {

    try {

      response.setHeader("Cache-Control", "no-cache");
      response.setCharacterEncoding("UTF-8");

      String task = request.getParameter("task");

      Element data = null;

      // process help request
      if (request.getParameter("help") != null) data = getDescription(task);

      // redirect to home page if there is no task
      if (data == null && task == null) {
        response.setContentType("text/html");
        response
            .getWriter()
            .append(
                "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\"><html><head><meta http-equiv=\"REFRESH\" content=\"0;url="
                    + context.getInitParameter("server_path")
                    + "></head><body></body></html>");
        return;
      }

      // process definition request
      if (data == null && task.equals("define")) {
        int id = resolveIntegerArg(request.getParameter("id"), -1);
        int length = resolveIntegerArg(request.getParameter("length"), definer.getDefaultLength());
        int format = resolveIntegerArg(request.getParameter("format"), definer.getDefaultFormat());
        int maxImageWidth =
            resolveIntegerArg(
                request.getParameter("maxImageWidth"), definer.getDefaultMaxImageWidth());
        int maxImageHeight =
            resolveIntegerArg(
                request.getParameter("maxImageHeight"), definer.getDefaultMaxImageHeight());
        int linkDestination =
            resolveIntegerArg(
                request.getParameter("linkDestination"), definer.getDefaultLinkDestination());
        boolean getImages = resolveBooleanArg(request.getParameter("getImages"), false);

        data =
            definer.getDefinition(
                id, length, format, linkDestination, getImages, maxImageWidth, maxImageHeight);
      }

      // all of the remaining tasks require data to be cached, so lets make sure that is finished
      // before continuing.
      if (!cachingThread.isOk()) throw new ServletException("Could not cache wikipedia data");

      double progress = cachingThread.getProgress();
      if (data == null && (progress < 1 || task.equals("progress"))) {
        // still caching up data, not ready to return a response yet.

        data = doc.createElement("loading");
        data.setAttribute("progress", df.format(progress));
        task = "loading";
      }

      // process search request
      if (data == null && task.equals("search")) {
        String term = request.getParameter("term");
        String id = request.getParameter("id");
        int linkLimit =
            resolveIntegerArg(request.getParameter("linkLimit"), searcher.getDefaultMaxLinkCount());
        int senseLimit =
            resolveIntegerArg(
                request.getParameter("senseLimit"), searcher.getDefaultMaxSenseCount());

        if (id == null) data = searcher.doSearch(term, linkLimit, senseLimit);
        else data = searcher.doSearch(Integer.parseInt(id), linkLimit);
      }

      // process compare request
      if (data == null && task.equals("compare")) {
        String term1 = request.getParameter("term1");
        String term2 = request.getParameter("term2");
        int linkLimit =
            resolveIntegerArg(request.getParameter("linkLimit"), comparer.getDefaultMaxLinkCount());
        boolean details =
            resolveBooleanArg(request.getParameter("details"), comparer.getDefaultShowDetails());

        data = comparer.getRelatedness(term1, term2, details, linkLimit);
      }

      // process wikify request
      if (data == null && task.equals("wikify")) {

        if (this.wikifier == null)
          throw new ServletException(
              "Wikifier is not available. You must configure the servlet so that it has access to link detection and disambiguation models.");

        String source = request.getParameter("source");
        int sourceMode =
            resolveIntegerArg(request.getParameter("sourceMode"), Wikifier.SOURCE_AUTODETECT);
        String linkColor = request.getParameter("linkColor");
        String baseColor = request.getParameter("baseColor");
        double minProb =
            resolveDoubleArg(
                request.getParameter("minProbability"), wikifier.getDefaultMinProbability());
        int repeatMode =
            resolveIntegerArg(request.getParameter("repeatMode"), wikifier.getDefaultRepeatMode());
        boolean showTooltips =
            resolveBooleanArg(
                request.getParameter("showTooltips"), wikifier.getDefaultShowTooltips());
        String bannedTopics = request.getParameter("bannedTopics");

        boolean wrapInXml = resolveBooleanArg(request.getParameter("wrapInXml"), true);

        if (wrapInXml) {
          data =
              wikifier.wikifyAndWrapInXML(
                  source,
                  sourceMode,
                  minProb,
                  repeatMode,
                  bannedTopics,
                  baseColor,
                  linkColor,
                  showTooltips);
        } else {
          response.setContentType("text/html");
          response
              .getWriter()
              .append(
                  wikifier.wikify(
                      source,
                      sourceMode,
                      minProb,
                      repeatMode,
                      bannedTopics,
                      baseColor,
                      linkColor,
                      showTooltips));
          return;
        }
      }

      if (data == null) throw new Exception("Unknown Task");

      // wrap data
      Element wrapper = doc.createElement("WikipediaMinerResponse");
      wrapper.setAttribute("server_path", context.getInitParameter("server_path"));
      wrapper.setAttribute("service_name", context.getInitParameter("service_name"));
      wrapper.appendChild(data);

      data = wrapper;

      // Transform or serialize xml data as appropriate

      Transformer tf = null;

      if (request.getParameter("xml") == null) {
        // we need to transform the data into html
        tf = transformersByName.get(task);

        if (request.getParameter("help") != null) tf = transformersByName.get("help");
      }

      if (tf == null) {
        // we need to serialize the data as xml
        tf = transformersByName.get("serializer");
        response.setContentType("application/xml");
      } else {
        // output will be transformed to html
        response.setContentType("text/html");
        response
            .getWriter()
            .append(
                "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\" \"http://www.w3.org/TR/html4/strict.dtd\">\n");
      }

      tf.transform(new DOMSource(data), new StreamResult(response.getWriter()));

    } catch (Exception error) {
      response.reset();
      response.setContentType("application/xml");
      response.setHeader("Cache-Control", "no-cache");
      response.setCharacterEncoding("UTF8");

      Element xmlError = doc.createElement("Error");
      if (error.getMessage() != null) xmlError.setAttribute("message", error.getMessage());

      Element xmlStackTrace = doc.createElement("StackTrace");
      xmlError.appendChild(xmlStackTrace);

      for (StackTraceElement ste : error.getStackTrace()) {

        Element xmlSte = doc.createElement("StackTraceElement");
        xmlSte.setAttribute("message", ste.toString());
        xmlStackTrace.appendChild(xmlSte);
      }
      try {
        transformersByName
            .get("serializer")
            .transform(new DOMSource(xmlError), new StreamResult(response.getWriter()));
      } catch (Exception e) {
        // TODO: something for when an error is thrown processing an error????

      }
      ;
    }
  }
示例#4
0
    public Writer getErrorReport(
        Writer to, final HttpServletRequest request, CharTransformer escape) throws IOException {
      final Writer logMsg = new StringWriter();
      final Writer tee = new org.mmbase.util.ChainedWriter(to, logMsg);
      Writer msg = tee;

      LinkedList<Throwable> stack = getStack();
      String ticket = new Date().toString();

      Map<String, String> props;
      try {
        props = org.mmbase.util.ApplicationContextReader.getProperties("mmbase_errorpage");
      } catch (javax.naming.NamingException ne) {
        props = Collections.emptyMap();
        log.info(ne);
      }

      if (request != null) {
        {
          msg.append("Headers\n----------\n");
          // request properties
          for (Object name : Collections.list(request.getHeaderNames())) {
            msg.append(
                escape.transform(
                    name + ": " + escape.transform(request.getHeader((String) name)) + "\n"));
          }
        }
        {
          msg.append("\nAttributes\n----------\n");
          Pattern p = requestIgnore;
          if (p == null && props.get("request_ignore") != null) {
            p = Pattern.compile(props.get("request_ignore"));
          }
          for (Object name : Collections.list(request.getAttributeNames())) {
            if (p == null || !p.matcher((String) name).matches()) {
              msg.append(
                  escape.transform(name + ": " + request.getAttribute((String) name) + "\n"));
            }
          }
        }
        if (Boolean.TRUE.equals(showSession)
            || (showSession == null && !"false".equals(props.get("show_session")))) {
          HttpSession ses = request.getSession(false);
          if (ses != null) {
            msg.append("\nSession\n----------\n");
            Pattern p = sessionIgnore;
            if (p == null && props.get("session_ignore") != null) {
              p = Pattern.compile(props.get("session_ignore"));
            }
            for (Object name : Collections.list(ses.getAttributeNames())) {
              if (p == null || !p.matcher((String) name).matches()) {
                msg.append(escape.transform(name + ": " + ses.getAttribute((String) name) + "\n"));
              }
            }
          }
        }
      }
      msg.append("\n");
      msg.append("Misc. properties\n----------\n");

      if (request != null) {
        msg.append("method: ").append(escape.transform(request.getMethod())).append("\n");
        msg.append("querystring: ").append(escape.transform(request.getQueryString())).append("\n");
        msg.append("requesturl: ")
            .append(escape.transform(request.getRequestURL().toString()))
            .append("\n");
      }
      if (Boolean.TRUE.equals(showMMBaseVersion)
          || (showMMBaseVersion == null && !"false".equals(props.get("show_mmbase_version")))) {
        msg.append("mmbase version: ").append(org.mmbase.Version.get()).append("\n");
      }
      msg.append("status: ").append("").append(String.valueOf(status)).append("\n\n");

      if (request != null) {
        msg.append("Parameters\n----------\n");
        // request parameters
        Enumeration en = request.getParameterNames();
        while (en.hasMoreElements()) {
          String name = (String) en.nextElement();
          msg.append(name)
              .append(": ")
              .append(escape.transform(request.getParameter(name)))
              .append("\n");
        }
      }
      msg.append("\nException ")
          .append(ticket)
          .append("\n----------\n\n")
          .append(
              exception != null
                  ? (escape.transform(exception.getClass().getName()))
                  : "NO EXCEPTION")
          .append(": ");

      int wroteCauses = 0;
      while (!stack.isEmpty()) {

        Throwable t = stack.removeFirst();
        // add stack stacktraces
        if (t != null) {
          if (stack.isEmpty()) { // write last message always
            msg = tee;
          }
          String message = t.getMessage();
          if (msg != tee) {
            to.append("\n=== skipped(see log)  : ")
                .append(escape.transform(t.getClass().getName()))
                .append(": ")
                .append(message)
                .append("\n");
          }

          msg.append("\n\n").append(escape.transform(t.getClass().getName() + ": " + message));
          StackTraceElement[] stackTrace = t.getStackTrace();
          for (StackTraceElement e : stackTrace) {
            msg.append("\n        at ").append(escape.transform(e.toString()));
          }
          if (!stack.isEmpty()) {
            msg.append("\n-------caused:\n");
          }
          wroteCauses++;
          if (wroteCauses >= MAX_CAUSES) {
            msg = logMsg;
          }
        }
      }
      // write errors to  log
      if (status == 500) {
        try {
          if (props.get("to") != null && props.get("to").length() > 0) {
            javax.naming.Context initCtx = new javax.naming.InitialContext();
            javax.naming.Context envCtx = (javax.naming.Context) initCtx.lookup("java:comp/env");
            Object mailSession = envCtx.lookup("mail/Session");
            Class sessionClass = Class.forName("javax.mail.Session");
            Class recipientTypeClass = Class.forName("javax.mail.Message$RecipientType");
            Class messageClass = Class.forName("javax.mail.internet.MimeMessage");
            Object mail = messageClass.getConstructor(sessionClass).newInstance(mailSession);
            messageClass
                .getMethod("addRecipients", recipientTypeClass, String.class)
                .invoke(mail, recipientTypeClass.getDeclaredField("TO").get(null), props.get("to"));
            messageClass.getMethod("setSubject", String.class).invoke(mail, ticket);
            mail.getClass().getMethod("setText", String.class).invoke(mail, logMsg.toString());
            Class.forName("javax.mail.Transport")
                .getMethod("send", Class.forName("javax.mail.Message"))
                .invoke(null, mail);
            tee.append("\nmailed to (").append(String.valueOf(props)).append(")");
          }

        } catch (Exception nnfe) {
          tee.append("\nnot mailed (").append(String.valueOf(nnfe)).append(")");
          if (log.isDebugEnabled()) {
            log.debug(nnfe.getMessage(), nnfe);
          }
        }
        log.error("TICKET " + ticket + ":\n" + logMsg);
      }
      return to;
    }