@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
String param = request.getHeader("vector");
if (param == null) param = "";
String bar;
// Simple ? condition that assigns constant to bar on true condition
int num = 106;
bar = (7 * 18) + num > 200 ? "This_should_always_happen" : param;
org.owasp.benchmark.helpers.LDAPManager ads = new org.owasp.benchmark.helpers.LDAPManager();
try {
response.setContentType("text/html");
String base = "ou=users,ou=system";
javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
Object[] filters = new Object[] {"The streetz 4 Ms bar"};
javax.naming.directory.DirContext ctx = ads.getDirContext();
javax.naming.directory.InitialDirContext idc = (javax.naming.directory.InitialDirContext) ctx;
javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
idc.search(base, filter, filters, sc);
while (results.hasMore()) {
javax.naming.directory.SearchResult sr =
(javax.naming.directory.SearchResult) results.next();
javax.naming.directory.Attributes attrs = sr.getAttributes();
javax.naming.directory.Attribute attr = attrs.get("uid");
javax.naming.directory.Attribute attr2 = attrs.get("street");
if (attr != null) {
response
.getWriter()
.write(
"LDAP query results:<br>"
+ " Record found with name "
+ attr.get()
+ "<br>"
+ "Address: "
+ attr2.get()
+ "<br>");
System.out.println("record found " + attr.get());
}
}
} catch (javax.naming.NamingException e) {
throw new ServletException(e);
} finally {
try {
ads.closeDirContext();
} catch (Exception e) {
throw new ServletException(e);
}
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
String param = request.getParameter("vector");
if (param == null) param = "";
String bar = doSomething(param);
org.owasp.benchmark.helpers.LDAPManager ads = new org.owasp.benchmark.helpers.LDAPManager();
try {
response.setContentType("text/html");
String base = "ou=users,ou=system";
javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person)(uid=" + bar + "))";
javax.naming.directory.DirContext ctx = ads.getDirContext();
javax.naming.directory.InitialDirContext idc = (javax.naming.directory.InitialDirContext) ctx;
javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
idc.search(base, filter, sc);
while (results.hasMore()) {
javax.naming.directory.SearchResult sr =
(javax.naming.directory.SearchResult) results.next();
javax.naming.directory.Attributes attrs = sr.getAttributes();
javax.naming.directory.Attribute attr = attrs.get("uid");
javax.naming.directory.Attribute attr2 = attrs.get("street");
if (attr != null) {
response
.getWriter()
.write(
"LDAP query results:<br>"
+ " Record found with name "
+ attr.get()
+ "<br>"
+ "Address: "
+ attr2.get()
+ "<br>");
System.out.println("record found " + attr.get());
}
}
} catch (javax.naming.NamingException e) {
throw new ServletException(e);
} finally {
try {
ads.closeDirContext();
} catch (Exception e) {
throw new ServletException(e);
}
}
} // end doPost