Java Code Examples for javax.servlet.http.HttpServletResponse#setContentType()

The following examples show how to use javax.servlet.http.HttpServletResponse#setContentType() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ServletV1P0.java    From FROST-Server with GNU Lesser General Public License v3.0 6 votes vote down vote up
private void processGetRequest(HttpServletRequest request, HttpServletResponse response) {
    response.setContentType("application/json");
    response.setCharacterEncoding(ENCODING);
    String pathInfo = request.getPathInfo();
    if (StringHelper.isNullOrEmpty(pathInfo) || pathInfo.equals("/")) {
        executeService(RequestTypeUtils.GET_CAPABILITIES, request, response);
    } else {
        CoreSettings coreSettings = (CoreSettings) request.getServletContext().getAttribute(TAG_CORE_SETTINGS);
        PluginService plugin = coreSettings.getPluginManager().getServiceForPath(pathInfo);
        if (plugin == null) {
            executeService(RequestTypeUtils.READ, request, response);
        } else {
            String requestType = plugin.getRequestTypeFor(pathInfo, HttpMethod.fromString(request.getMethod()));
            executeService(requestType, request, response);
        }

    }
}
 
Example 2
Source File: LogoutHandler.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
protected void writeLogoutImage(HttpServletResponse response) {
    InputStream inputStream = this.getClass().getClassLoader().getResourceAsStream("logout.jpg");
    if (inputStream == null) {
        LOG.warn("Could not write logout.jpg");
        return;
    }
    int read = 0;
    byte[] buf = new byte[1024];
    try (ServletOutputStream responseOutputStream = response.getOutputStream()) {
        response.setContentType("image/jpeg");
        while ((read = inputStream.read(buf)) != -1) {
            responseOutputStream.write(buf, 0, read);
        }
        responseOutputStream.flush();
    } catch (IOException e) {
        LOG.error("Could not send logout image: {}", e.getMessage());
    }
}
 
Example 3
Source File: QueryMovieSessionAction.java    From MovieManager with Apache License 2.0 6 votes vote down vote up
@Override
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
	request.setCharacterEncoding("utf-8");
	response.setContentType("text/html;charset=utf-8");
	SessionService sessionService = new SessionServiceImpl();
	CinemaService cinemaService = new CinemaServiceImpl();
	HttpSession session = request.getSession();
	SeatUtil seat = new SeatUtil();
	int cinemaId = Integer.parseInt(request.getParameter("cinemaId"));
	int movieId = Integer.parseInt(request.getParameter("movieId"));
	seat.setCinema_Id(cinemaId);
	seat.setMovie_Id(movieId);
	
	List queryMovieSession = sessionService.queryMovieSession(seat);
	Cinema queryCinemaById = cinemaService.queryCinemaById(cinemaId);
	session.setAttribute("movieSession", queryMovieSession);
	session.setAttribute("SingleCinema", queryCinemaById);
	
	response.sendRedirect("/MovieManager/selectSeat.jsp");
}
 
Example 4
Source File: HttpdocWebSupport.java    From httpdoc with Apache License 2.0 5 votes vote down vote up
public void handle(Document document, HttpServletRequest request, HttpServletResponse response) throws Exception {
    Map<String, String[]> map = request.getParameterMap();
    response.setCharacterEncoding(charset);
    response.setContentType(contentType != null ? contentType : serializer.getType() + "; charset=" + charset);
    Format clone = IOKit.clone(format);
    assign("format", clone, map);
    Map<String, Object> doc = converter.convert(document, clone);
    serializer.serialize(doc, response.getOutputStream());
}
 
Example 5
Source File: BenchmarkTest02169.java    From Benchmark with GNU General Public License v2.0 5 votes vote down vote up
@Override
	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		response.setContentType("text/html;charset=UTF-8");

		String param = request.getParameter("BenchmarkTest02169");
		if (param == null) param = "";

		String bar = doSomething(request, param);
		
		String sql = "{call " + bar + "}";
						
		try {
			java.sql.Connection connection = org.owasp.benchmark.helpers.DatabaseHelper.getSqlConnection();
			java.sql.CallableStatement statement = connection.prepareCall( sql, java.sql.ResultSet.TYPE_FORWARD_ONLY, 
							java.sql.ResultSet.CONCUR_READ_ONLY );
			java.sql.ResultSet rs = statement.executeQuery();
            org.owasp.benchmark.helpers.DatabaseHelper.printResults(rs, sql, response);
		} catch (java.sql.SQLException e) {
			if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
        		response.getWriter().println(
"Error processing request."
);
        		return;
        	}
			else throw new ServletException(e);
		}
	}
 
Example 6
Source File: Sanitizers4.java    From JAADAS with GNU General Public License v3.0 5 votes vote down vote up
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
    String name = req.getParameter(FIELD_NAME);
    String clean = clean(name);
    
    writer = resp.getWriter();
    resp.setContentType("text/html");
    
    writer.println("<html>" + name  + "</html>");                  /* BAD */
    writer.println("<html>" + clean + "</html>");                  /* BAD */        
}
 
Example 7
Source File: ComUnsubscribe.java    From openemm with GNU Affero General Public License v3.0 5 votes vote down vote up
private final void showUnsubscriptionLandingPage(final ComExtensibleUID uid, final HttpServletRequest request, final HttpServletResponse response) {
	try {
		CaseInsensitiveMap<String, Object> params = new CaseInsensitiveMap<>();
		final UserFormExecutionResult result = userFormExecuteService.executeForm(uid.getCompanyID(), "unsubscribe", request, params, false);
		
		response.setContentType(result.responseMimeType);
		
		response.getWriter().println(result.responseContent);
		response.getWriter().flush();
	} catch(final Exception e) {
		logger.error("Error showing landing page for unsubscription", e);
	}
}
 
Example 8
Source File: BenchmarkTest01833.java    From Benchmark with GNU General Public License v2.0 5 votes vote down vote up
@Override
	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		response.setContentType("text/html;charset=UTF-8");

		javax.servlet.http.Cookie[] theCookies = request.getCookies();
		
		String param = "noCookieValueSupplied";
		if (theCookies != null) {
			for (javax.servlet.http.Cookie theCookie : theCookies) {
				if (theCookie.getName().equals("BenchmarkTest01833")) {
					param = java.net.URLDecoder.decode(theCookie.getValue(), "UTF-8");
					break;
				}
			}
		}

		String bar = doSomething(request, param);
		
		java.io.File fileTarget = new java.io.File(org.owasp.benchmark.helpers.Utils.testfileDir, bar);
		response.getWriter().println(
"Access to file: '" + org.owasp.esapi.ESAPI.encoder().encodeForHTML(fileTarget.toString()) + "' created." 
);
		if (fileTarget.exists()) {
			response.getWriter().println(
" And file already exists."
);
		} else { response.getWriter().println(
" But file doesn't exist yet."
); }
	}
 
Example 9
Source File: SystemController.java    From kylin with Apache License 2.0 5 votes vote down vote up
@RequestMapping(value = "/threadDump", method = RequestMethod.GET, produces = { "application/json" })
@ResponseBody
public void threadDump(HttpServletResponse response) {
    response.setContentType("text/plain;charset=utf-8");
    try (OutputStream outputStream = response.getOutputStream()) {
        printThreadInfo(new PrintStream(outputStream, false, "UTF-8"), "Thread Dump");
    } catch (IOException e) {
        logger.error("exception when get stack trace", e);
    }
}
 
Example 10
Source File: JRImageServlet.java    From Knowage-Server with GNU Affero General Public License v3.0 5 votes vote down vote up
public void service(HttpServletRequest request, HttpServletResponse response)
		throws IOException, ServletException {
	logger.debug("IN");
	HttpSession session = request.getSession(true);

	java.text.SimpleDateFormat dateFormat = new SimpleDateFormat(
			"EEE, dd MMM yyyy HH:mm:ss");
	Calendar cal = Calendar.getInstance();
	cal.add(Calendar.MINUTE, 10); // Adding 10 minute to current date time
	Date date = cal.getTime();
	String dateString = dateFormat.format(date) + " GMT";
	logger.debug(dateString);
	response.setDateHeader("Expires", date.getTime());
	// response.setHeader("Expires", "Sat, 6 May 2010 12:00:00 GMT");
	response.setHeader("Cache-Control", "max-age=600");

	response.setContentType("image/png");
	response.setHeader("Content-Type", "image/png");

	String mapName = request.getParameter("mapname");
	Map imagesMap = (Map) session.getAttribute(mapName);
	if (imagesMap != null) {
		String imageName = request.getParameter("image");
		if (imageName != null) {
			byte[] imageData = (byte[]) imagesMap.get(imageName);
			imagesMap.remove(imageName);
			if (imagesMap.isEmpty()) {
				session.removeAttribute(mapName);
			}
			response.setContentLength(imageData.length);
			ServletOutputStream ouputStream = response.getOutputStream();
			ouputStream.write(imageData, 0, imageData.length);
			ouputStream.flush();
			ouputStream.close();
		}
	}

	logger.debug("OUT");
}
 
Example 11
Source File: ErrorController.java    From yes-cart with Apache License 2.0 5 votes vote down vote up
@RequestMapping(value = "/500")
public void error500(final HttpServletRequest request, final HttpServletResponse response) throws IOException {

    response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
    response.setContentType("application/json");
    response.setCharacterEncoding("UTF-8");

    final StringBuilder error = new StringBuilder();
    error.append("{\"error\":\"Server error\"}");
    response.getWriter().write(error.toString());

}
 
Example 12
Source File: RegisterAction.java    From Films with Apache License 2.0 5 votes vote down vote up
public ActionForward regCheck(ActionMapping mapping, ActionForm form,
		HttpServletRequest request, HttpServletResponse response) throws IOException {
	String email = request.getParameter("email") ;
	request.setCharacterEncoding("utf-8");
	response.setContentType("text/html;charset=utf-8");
	PrintWriter out = response.getWriter();
	if(userService.checkEmail(email)){
		out.println("�����ѱ�ע�ᣬ�뻻һ������ע�ᣡ");//email already exist,please change a email to keep register	
	}else{
		out.println("����δ��ʹ�ã������ע�� ��");	//the email never be use 
	}
	return null;
}
 
Example 13
Source File: HelloServlet.java    From app-maven-plugin with Apache License 2.0 5 votes vote down vote up
@Override
public void service(HttpServletRequest req, HttpServletResponse resp)
    throws IOException {
  resp.setContentType("text/plain");

  // no cache
  resp.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
  resp.setHeader("Pragma", "no-cache"); // HTTP 1.0.
  resp.setHeader("Expires", "0"); // Proxies.

  resp.getWriter().print("Hello from the App Engine Flexible project.");
}
 
Example 14
Source File: BenchmarkTest02417.java    From Benchmark with GNU General Public License v2.0 4 votes vote down vote up
@Override
	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		response.setContentType("text/html;charset=UTF-8");

		org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest( request );
		String param = scr.getTheParameter("BenchmarkTest02417");
		if (param == null) param = "";

		String bar = doSomething(request, param);
		
		double value = new java.util.Random().nextDouble();
		String rememberMeKey = Double.toString(value).substring(2); // Trim off the 0. at the front.
		
		String user = "Donna";
		String fullClassName = this.getClass().getName();
		String testCaseNumber = fullClassName.substring(fullClassName.lastIndexOf('.')+1+"BenchmarkTest".length());
		user+= testCaseNumber;
		
		String cookieName = "rememberMe" + testCaseNumber;
		
		boolean foundUser = false;
		javax.servlet.http.Cookie[] cookies = request.getCookies();
		if (cookies != null) {
			for (int i = 0; !foundUser && i < cookies.length; i++) {
				javax.servlet.http.Cookie cookie = cookies[i];
				if (cookieName.equals(cookie.getName())) {
					if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
						foundUser = true;
					}
				}
			}
		}
		
		if (foundUser) {
			response.getWriter().println(
"Welcome back: " + user + "<br/>"
);
			
		} else {			
			javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey);
			rememberMe.setSecure(true);
//			rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
			rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet 
														 // e.g., /benchmark/sql-01/BenchmarkTest01001
			request.getSession().setAttribute(cookieName, rememberMeKey);
			response.addCookie(rememberMe);
			response.getWriter().println(
				user + " has been remembered with cookie: " + rememberMe.getName() 
					+ " whose value is: " + rememberMe.getValue() + "<br/>"
			);
		}
		
		response.getWriter().println(
"Weak Randomness Test java.util.Random.nextDouble() executed"
);
	}
 
Example 15
Source File: BenchmarkTest01141.java    From Benchmark with GNU General Public License v2.0 4 votes vote down vote up
@Override
	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		response.setContentType("text/html;charset=UTF-8");
	
		String param = "";
		java.util.Enumeration<String> names = request.getHeaderNames();
		while (names.hasMoreElements()) {
			String name = (String) names.nextElement();
			
			if(org.owasp.benchmark.helpers.Utils.commonHeaders.contains(name)){
				continue;
			}
			
			java.util.Enumeration<String> values = request.getHeaders(name);
			if (values != null && values.hasMoreElements()) {
				param = name;
				break;
			}
		}
		// Note: We don't URL decode header names because people don't normally do that

		String bar = new Test().doSomething(request, param);
		
		try {
			long l = java.security.SecureRandom.getInstance("SHA1PRNG").nextLong();
			String rememberMeKey = Long.toString(l);
			
			String user = "SafeLogan";
			String fullClassName = this.getClass().getName();
			String testCaseNumber = fullClassName.substring(fullClassName.lastIndexOf('.')+1+"BenchmarkTest".length());
			user+= testCaseNumber;
			
			String cookieName = "rememberMe" + testCaseNumber;
			
			boolean foundUser = false;
			javax.servlet.http.Cookie[] cookies = request.getCookies();
			if (cookies != null) {
				for (int i = 0; !foundUser && i < cookies.length; i++) {
					javax.servlet.http.Cookie cookie = cookies[i];
					if (cookieName.equals(cookie.getName())) {
						if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
							foundUser = true;
						}
					}
				}
			}

			if (foundUser) {
				response.getWriter().println(
"Welcome back: " + user + "<br/>"
);
			} else {			
				javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey);
				rememberMe.setSecure(true);
	//			rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
				rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet 
															 // e.g., /benchmark/sql-01/BenchmarkTest01001
				request.getSession().setAttribute(cookieName, rememberMeKey);
				response.addCookie(rememberMe);
response.getWriter().println(
user + " has been remembered with cookie: " + rememberMe.getName() 
						+ " whose value is: " + rememberMe.getValue() + "<br/>"
);
			}
	    } catch (java.security.NoSuchAlgorithmException e) {
			System.out.println("Problem executing SecureRandom.nextLong() - TestCase");
			throw new ServletException(e);
	    }		
		response.getWriter().println(
"Weak Randomness Test java.security.SecureRandom.nextLong() executed"
);

	}
 
Example 16
Source File: BenchmarkTest00179.java    From Benchmark with GNU General Public License v2.0 4 votes vote down vote up
@Override
	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		response.setContentType("text/html;charset=UTF-8");
	
		String param = "";
		if (request.getHeader("BenchmarkTest00179") != null) {
			param = request.getHeader("BenchmarkTest00179");
		}
		
		// URL Decode the header value since req.getHeader() doesn't. Unlike req.getParameter().
		param = java.net.URLDecoder.decode(param, "UTF-8");
		
		
		String bar = org.apache.commons.lang.StringEscapeUtils.escapeHtml(param);
		
		
		try {
			double rand = java.security.SecureRandom.getInstance("SHA1PRNG").nextDouble();
			
			String rememberMeKey = Double.toString(rand).substring(2); // Trim off the 0. at the front.
			
			String user = "SafeDonna";
			String fullClassName = this.getClass().getName();
			String testCaseNumber = fullClassName.substring(fullClassName.lastIndexOf('.')+1+"BenchmarkTest".length());
			user+= testCaseNumber;
			
			String cookieName = "rememberMe" + testCaseNumber;
			
			boolean foundUser = false;
			javax.servlet.http.Cookie[] cookies = request.getCookies();
			if (cookies != null) {
				for (int i = 0; !foundUser && i < cookies.length; i++) {
					javax.servlet.http.Cookie cookie = cookies[i];
					if (cookieName.equals(cookie.getName())) {
						if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
							foundUser = true;
						}
					}
				}
			}

			
			if (foundUser) {
				response.getWriter().println(
"Welcome back: " + user + "<br/>"
);
			
			} else {			
				javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey);
				rememberMe.setSecure(true);
	//			rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
				rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet 
															 // e.g., /benchmark/sql-01/BenchmarkTest01001
				request.getSession().setAttribute(cookieName, rememberMeKey);
response.addCookie(rememberMe);
response.getWriter().println(
user + " has been remembered with cookie: " + rememberMe.getName() 
						+ " whose value is: " + rememberMe.getValue() + "<br/>"
);
			}
	    } catch (java.security.NoSuchAlgorithmException e) {
			System.out.println("Problem executing SecureRandom.nextDouble() - TestCase");
			throw new ServletException(e);
	    }
		response.getWriter().println(
"Weak Randomness Test java.security.SecureRandom.nextDouble() executed"
);
	}
 
Example 17
Source File: BenchmarkTest00029.java    From Benchmark with GNU General Public License v2.0 4 votes vote down vote up
@Override
	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		// some code
		response.setContentType("text/html;charset=UTF-8");
		

		java.util.Map<String,String[]> map = request.getParameterMap();
		String param = "";
		if (!map.isEmpty()) {
			String[] values = map.get("BenchmarkTest00029");
			if (values != null) param = values[0];
		}
		

		
		try {
		    java.util.Properties benchmarkprops = new java.util.Properties();
		    benchmarkprops.load(this.getClass().getClassLoader().getResourceAsStream("benchmark.properties"));
			String algorithm = benchmarkprops.getProperty("hashAlg1", "SHA512");
			java.security.MessageDigest md = java.security.MessageDigest.getInstance(algorithm);
			byte[] input = { (byte)'?' };
			Object inputParam = param;
			if (inputParam instanceof String) input = ((String) inputParam).getBytes();
			if (inputParam instanceof java.io.InputStream) {
				byte[] strInput = new byte[1000];
				int i = ((java.io.InputStream) inputParam).read(strInput);
				if (i == -1) {
					response.getWriter().println(
"This input source requires a POST, not a GET. Incompatible UI for the InputStream source."
);
					return;
				}
				input = java.util.Arrays.copyOf(strInput, i);
			}			
			md.update(input);
			
			byte[] result = md.digest();
			java.io.File fileTarget = new java.io.File(
					new java.io.File(org.owasp.benchmark.helpers.Utils.testfileDir),"passwordFile.txt");
			java.io.FileWriter fw = new java.io.FileWriter(fileTarget,true); //the true will append the new data
			    fw.write("hash_value=" + org.owasp.esapi.ESAPI.encoder().encodeForBase64(result, true) + "\n");
			fw.close();
			response.getWriter().println(
"Sensitive value '" + org.owasp.esapi.ESAPI.encoder().encodeForHTML(new String(input)) + "' hashed and stored<br/>"
);

		} catch (java.security.NoSuchAlgorithmException e) {
			System.out.println("Problem executing hash - TestCase");
			throw new ServletException(e);
		}
		
		response.getWriter().println(
"Hash Test java.security.MessageDigest.getInstance(java.lang.String) executed"
);
	}
 
Example 18
Source File: BenchmarkTest00080.java    From Benchmark with GNU General Public License v2.0 4 votes vote down vote up
@Override
	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		response.setContentType("text/html;charset=UTF-8");
	
		javax.servlet.http.Cookie[] theCookies = request.getCookies();
		
		String param = "noCookieValueSupplied";
		if (theCookies != null) {
			for (javax.servlet.http.Cookie theCookie : theCookies) {
				if (theCookie.getName().equals("BenchmarkTest00080")) {
					param = java.net.URLDecoder.decode(theCookie.getValue(), "UTF-8");
					break;
				}
			}
		}
		
		
		String bar = org.springframework.web.util.HtmlUtils.htmlEscape(param);
		
		
		float rand = new java.util.Random().nextFloat();
		String rememberMeKey = Float.toString(rand).substring(2); // Trim off the 0. at the front.
		
		String user = "Floyd";
		String fullClassName = this.getClass().getName();
		String testCaseNumber = fullClassName.substring(fullClassName.lastIndexOf('.')+1+"BenchmarkTest".length());
		user+= testCaseNumber;
		
		String cookieName = "rememberMe" + testCaseNumber;
		
		boolean foundUser = false;
		javax.servlet.http.Cookie[] cookies = request.getCookies();
		if (cookies != null) {
			for (int i = 0; !foundUser && i < cookies.length; i++) {
				javax.servlet.http.Cookie cookie = cookies[i];
				if (cookieName.equals(cookie.getName())) {
					if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
						foundUser = true;
					}
				}
			}
		}
		
		if (foundUser) {
			response.getWriter().println(
"Welcome back: " + user + "<br/>"
);
		} else {			
			javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey);
			rememberMe.setSecure(true);
//			rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
			rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet 
														 // e.g., /benchmark/sql-01/BenchmarkTest01001
			request.getSession().setAttribute(cookieName, rememberMeKey);
			response.addCookie(rememberMe);
			response.getWriter().println(
				user + " has been remembered with cookie: " + rememberMe.getName() 
					+ " whose value is: " + rememberMe.getValue() + "<br/>"
			);

		}
		
		response.getWriter().println(
"Weak Randomness Test java.util.Random.nextFloat() executed"
);
	}
 
Example 19
Source File: BenchmarkTest00939.java    From Benchmark with GNU General Public License v2.0 4 votes vote down vote up
@Override
	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		response.setContentType("text/html;charset=UTF-8");
	
		org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest( request );
		String param = scr.getTheValue("BenchmarkTest00939");
		
		
		String bar;
		String guess = "ABC";
		char switchTarget = guess.charAt(2);
		
		// Simple case statement that assigns param to bar on conditions 'A', 'C', or 'D'
		switch (switchTarget) {
		  case 'A':
		        bar = param;
		        break;
		  case 'B': 
		        bar = "bobs_your_uncle";
		        break;
		  case 'C':
		  case 'D':        
		        bar = param;
		        break;
		  default:
		        bar = "bobs_your_uncle";
		        break;
		}
		
		
		String sql = "INSERT INTO users (username, password) VALUES ('foo','"+ bar + "')";
				
		try {
			java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
			int count = statement.executeUpdate( sql, new int[] {1,2} );
            org.owasp.benchmark.helpers.DatabaseHelper.outputUpdateComplete(sql, response);
		} catch (java.sql.SQLException e) {
			if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
        		response.getWriter().println(
"Error processing request."
);
        		return;
        	}
			else throw new ServletException(e);
		}
	}
 
Example 20
Source File: BenchmarkTest01611.java    From Benchmark with GNU General Public License v2.0 4 votes vote down vote up
@Override
	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		response.setContentType("text/html;charset=UTF-8");
	
		String[] values = request.getParameterValues("BenchmarkTest01611");
		String param;
		if (values != null && values.length > 0)
		  param = values[0];
		else param = "";

		String bar = new Test().doSomething(request, param);
		
	    try {
		    java.security.SecureRandom secureRandomGenerator = java.security.SecureRandom.getInstance("SHA1PRNG");
		
		    // Get 40 random bytes
		    byte[] randomBytes = new byte[40];
		    secureRandomGenerator.nextBytes(randomBytes);
		    
	        String rememberMeKey = org.owasp.esapi.ESAPI.encoder().encodeForBase64(randomBytes, true);
	
			String user = "SafeByron";
			String fullClassName = this.getClass().getName();
			String testCaseNumber = fullClassName.substring(fullClassName.lastIndexOf('.')+1+"BenchmarkTest".length());
			user+= testCaseNumber;
			
			String cookieName = "rememberMe" + testCaseNumber;
			
			boolean foundUser = false;
			javax.servlet.http.Cookie[] cookies = request.getCookies();
			if (cookies != null) {
				for (int i = 0; !foundUser && i < cookies.length; i++) {
					javax.servlet.http.Cookie cookie = cookies[i];
					if (cookieName.equals(cookie.getName())) {
						if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
							foundUser = true;
						}
					}
				}
			}
			
			if (foundUser) {
				response.getWriter().println(
"Welcome back: " + user + "<br/>"
);
			
			} else {			
				javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey);
				rememberMe.setSecure(true);
	//			rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
				rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet 
															 // e.g., /benchmark/sql-01/BenchmarkTest01001
				request.getSession().setAttribute(cookieName, rememberMeKey);
response.addCookie(rememberMe);
response.getWriter().println(
user + " has been remembered with cookie: " + rememberMe.getName() 
						+ " whose value is: " + rememberMe.getValue() + "<br/>"
);
			}  
	    } catch (java.security.NoSuchAlgorithmException e) {
			System.out.println("Problem executing SecureRandom.nextBytes() - TestCase");
			throw new ServletException(e);
	    } finally {
			response.getWriter().println(
"Randomness Test java.security.SecureRandom.nextBytes(byte[]) executed"
);
	    }
	}