示例#1
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    String param = request.getHeader("vector");
    if (param == null) param = "";

    String bar;

    // Simple ? condition that assigns constant to bar on true condition
    int num = 106;

    bar = (7 * 18) + num > 200 ? "This_should_always_happen" : param;

    org.owasp.benchmark.helpers.LDAPManager ads = new org.owasp.benchmark.helpers.LDAPManager();
    try {
      response.setContentType("text/html");
      String base = "ou=users,ou=system";
      javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
      sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
      String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
      Object[] filters = new Object[] {"The streetz 4 Ms bar"};

      javax.naming.directory.DirContext ctx = ads.getDirContext();
      javax.naming.directory.InitialDirContext idc = (javax.naming.directory.InitialDirContext) ctx;
      javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
          idc.search(base, filter, filters, sc);
      while (results.hasMore()) {
        javax.naming.directory.SearchResult sr =
            (javax.naming.directory.SearchResult) results.next();
        javax.naming.directory.Attributes attrs = sr.getAttributes();

        javax.naming.directory.Attribute attr = attrs.get("uid");
        javax.naming.directory.Attribute attr2 = attrs.get("street");
        if (attr != null) {
          response
              .getWriter()
              .write(
                  "LDAP query results:<br>"
                      + " Record found with name "
                      + attr.get()
                      + "<br>"
                      + "Address: "
                      + attr2.get()
                      + "<br>");
          System.out.println("record found " + attr.get());
        }
      }
    } catch (javax.naming.NamingException e) {
      throw new ServletException(e);
    } finally {
      try {
        ads.closeDirContext();
      } catch (Exception e) {
        throw new ServletException(e);
      }
    }
  }
示例#2
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    String param = request.getParameter("vector");
    if (param == null) param = "";

    String bar = doSomething(param);

    org.owasp.benchmark.helpers.LDAPManager ads = new org.owasp.benchmark.helpers.LDAPManager();
    try {
      response.setContentType("text/html");
      String base = "ou=users,ou=system";
      javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
      sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
      String filter = "(&(objectclass=person)(uid=" + bar + "))";

      javax.naming.directory.DirContext ctx = ads.getDirContext();
      javax.naming.directory.InitialDirContext idc = (javax.naming.directory.InitialDirContext) ctx;
      javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
          idc.search(base, filter, sc);

      while (results.hasMore()) {
        javax.naming.directory.SearchResult sr =
            (javax.naming.directory.SearchResult) results.next();
        javax.naming.directory.Attributes attrs = sr.getAttributes();

        javax.naming.directory.Attribute attr = attrs.get("uid");
        javax.naming.directory.Attribute attr2 = attrs.get("street");
        if (attr != null) {
          response
              .getWriter()
              .write(
                  "LDAP query results:<br>"
                      + " Record found with name "
                      + attr.get()
                      + "<br>"
                      + "Address: "
                      + attr2.get()
                      + "<br>");
          System.out.println("record found " + attr.get());
        }
      }
    } catch (javax.naming.NamingException e) {
      throw new ServletException(e);
    } finally {
      try {
        ads.closeDirContext();
      } catch (Exception e) {
        throw new ServletException(e);
      }
    }
  } // end doPost