Java Code Examples for javax.servlet.http.HttpServletRequest#getParameterNames()

The following examples show how to use javax.servlet.http.HttpServletRequest#getParameterNames() . These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: Tomcat8-Source-Read   File: TestRequest.java    License: MIT License 6 votes vote down vote up
/**
 * Only interested in the parameters and values for POST requests.
 */
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
        throws ServletException, IOException {
    // Just echo the parameters and values back as plain text
    resp.setContentType("text/plain");

    PrintWriter out = resp.getWriter();

    // Assume one value per attribute
    Enumeration<String> names = req.getParameterNames();
    while (names.hasMoreElements()) {
        String name = names.nextElement();
        out.println(name + "=" + req.getParameter(name));
    }
}
 
Example 2
Source Project: haven-platform   File: HttpProxy.java    License: Apache License 2.0 6 votes vote down vote up
private HttpEntity createEntity(HttpServletRequest servletRequest) throws IOException {
    final String contentType = servletRequest.getContentType();
    // body with 'application/x-www-form-urlencoded' is handled by tomcat therefore we cannot
    // obtain it through input stream and need some workaround
    if (ContentType.APPLICATION_FORM_URLENCODED.getMimeType().equals(contentType)) {
        List<NameValuePair> entries = new ArrayList<>();
        // obviously that we also copy params from url, but we cannot differentiate its
        Enumeration<String> names = servletRequest.getParameterNames();
        while (names.hasMoreElements()) {
            String name = names.nextElement();
            entries.add(new BasicNameValuePair(name, servletRequest.getParameter(name)));
        }
        return new UrlEncodedFormEntity(entries, servletRequest.getCharacterEncoding());
    }

    // Add the input entity (streamed)
    //  note: we don't bother ensuring we close the servletInputStream since the container handles it
    return new InputStreamEntity(servletRequest.getInputStream(),
            servletRequest.getContentLength(),
            ContentType.create(contentType));
}
 
Example 3
/**
 * Set the admin login next url
 * 
 * @param request
 *            the HTTP request
 */
public void setLoginNextUrl( HttpServletRequest request )
{
    String strNextUrl = request.getRequestURI( );
    UrlItem url = new UrlItem( strNextUrl );
    Enumeration enumParams = request.getParameterNames( );

    while ( enumParams.hasMoreElements( ) )
    {
        String strParamName = (String) enumParams.nextElement( );
        url.addParameter( strParamName, request.getParameter( strParamName ) );
    }

    HttpSession session = request.getSession( true );
    session.setAttribute( ATTRIBUTE_ADMIN_LOGIN_NEXT_URL, url.getUrl( ) );
}
 
Example 4
Source Project: javabase   File: LoginInterceptor.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * 异步将访问信息丢到卡夫卡
 * @param request
 * @throws Exception
    */
private void saveLogToKafka(HttpServletRequest request) throws Exception {
	// TODO 按照约定好的格式存放日志数据
	Map<String, String> map = new HashMap<>();
	map.put("userId", (String) request.getSession().getAttribute(GlobalConstant.USE_ID));
	map.put("ip", ApiTools.getIpAddr(request));
	map.put("url", request.getRequestURI());
	map.put("time", DateUtils.getDateTime());
	map.put("agent", request.getHeader("USER-AGENT"));
	StringBuilder stringBuilder = new StringBuilder();
	stringBuilder.append("参数:");
	Enumeration<String> paramers = request.getParameterNames();
	while (paramers.hasMoreElements()) {
		String key = paramers.nextElement();
		stringBuilder.append(key + "=" + request.getParameter(key));
	}
	map.put("paramers", stringBuilder.toString());
	log.info("saveToKafka : " + JSONObject.toJSONString(map));
	kafkaClientUtil.send(JSONObject.toJSONString(map));
}
 
Example 5
Source Project: rice   File: WebUtils.java    License: Educational Community License v2.0 5 votes vote down vote up
/**
 * Iterates through and logs (at the given level) all attributes and
 * parameters of the given request onto the given Logger
 * 
 * @param request
 * @param logger
 */
public static void logRequestContents(Logger logger, Level level, HttpServletRequest request) {
	if (logger.isEnabledFor(level)) {
		logger.log(level, "--------------------");
		logger.log(level, "HttpRequest attributes:");
		for (Enumeration e = request.getAttributeNames(); e.hasMoreElements();) {
			String attrName = (String) e.nextElement();
			Object attrValue = request.getAttribute(attrName);

			if (attrValue.getClass().isArray()) {
				logCollection(logger, level, attrName, Arrays.asList((Object[]) attrValue));
			}
			else if (attrValue instanceof Collection) {
				logCollection(logger, level, attrName, (Collection) attrValue);
			}
			else if (attrValue instanceof Map) {
				logMap(logger, level, attrName, (Map) attrValue);
			}
			else {
				logObject(logger, level, attrName, attrValue);
			}
		}

		logger.log(level, "--------------------");
		logger.log(level, "HttpRequest parameters:");
		for (Enumeration i = request.getParameterNames(); i.hasMoreElements();) {
			String paramName = (String) i.nextElement();
			String[] paramValues = (String[]) request.getParameterValues(paramName);

			logArray(logger, level, paramName, paramValues);
		}

		logger.log(level, "--------------------");
	}
}
 
Example 6
@Override
protected void doGet(
	HttpServletRequest request, HttpServletResponse response)
	throws IOException, ServletException {

	if (_log.isInfoEnabled()) {
		_log.info("VNPostNGSPServlet doGet");
	} else {
		System.out.println("VNPostNGSPServlet doGet sys");
	}

	try {
		Enumeration<String> enumeration = request.getParameterNames();
		Map<String, Object> modelMap = new HashMap<>();
		while (enumeration.hasMoreElements()) {
			String parameterName = enumeration.nextElement();
			modelMap.put(
				parameterName, request.getParameter(parameterName));
			_log.info(
				parameterName +
					"=" +
					request.getParameter(parameterName));
		}
		String tokenUrl = request.getParameter("tokenUrl");
		String consumer_key = request.getParameter("consumer_key");
		String secret_key = request.getParameter("secret_key");
		System.out.println(tokenUrl + consumer_key + secret_key);
		getToken(tokenUrl, consumer_key, secret_key);
	}
	catch (Exception e) {
		_log.error(e);
	}

	_writeSampleHTML(response);
}
 
Example 7
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
	response.setContentType("text/html;charset=UTF-8");

	String param = "";
	boolean flag = true;
	java.util.Enumeration<String> names = request.getParameterNames();
	while (names.hasMoreElements() && flag) {
		String name = (String) names.nextElement();		    	
		String[] values = request.getParameterValues(name);
		if (values != null) {
			for(int i=0;i<values.length && flag; i++){
				String value = values[i];
				if (value.equals("BenchmarkTest02341")) {
					param = name;
				    flag = false;
				}
			}
		}
	}

	String bar = doSomething(request, param);
	
	String cmd = org.owasp.benchmark.helpers.Utils.getInsecureOSCommandString(this.getClass().getClassLoader());
	String[] args = {cmd};
       String[] argsEnv = { bar };
       
	Runtime r = Runtime.getRuntime();

	try {
		Process p = r.exec(args, argsEnv, new java.io.File(System.getProperty("user.dir")));
		org.owasp.benchmark.helpers.Utils.printOSCommandResults(p, response);
	} catch (IOException e) {
		System.out.println("Problem executing cmdi - TestCase");
		response.getWriter().println(
		  org.owasp.esapi.ESAPI.encoder().encodeForHTML(e.getMessage())
		);
		return;
	}
}
 
Example 8
/**
 * Gets mailing lists from request.
 */
protected Vector<String> getMailinglistsFromRequest(HttpServletRequest req) {
	String aParam = null;
	Vector<String> mailingLists = new Vector<>();
	Enumeration<String> e = req.getParameterNames();
	while (e.hasMoreElements()) {
		aParam = e.nextElement();
		if (aParam.startsWith("agn_mlid_")) {
			mailingLists.add(aParam.substring(9));
		}
	}
	return mailingLists;
}
 
Example 9
/**
 * dingTalkMessage:(发送钉钉消息)
 * @author: airufei
 * @date:2018/1/3 18:08
 * @return:
 */
private void dingTalkMessage(HttpServletRequest request, Throwable throwable) {
    Enumeration<String> enu = request.getParameterNames();
    String requestUrl = request.getRequestURI();
    StringBuilder sb = new StringBuilder();
    while (enu.hasMoreElements()) {
        String paraName = enu.nextElement();
        sb.append(" " + paraName + ":" + request.getParameter(paraName));
    }
    String stackMessage = StringUtil.getExceptionMsg(throwable);
    String url = StringUtil.getSystemUrl(request) + requestUrl;
    logger.error(stackMessage);
    sysCommonService.sendDingMessage(requestUrl,sb.toString(),null,stackMessage,this.getClass());
}
 
Example 10
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
	response.setContentType("text/html;charset=UTF-8");

	String param = "";
	boolean flag = true;
	java.util.Enumeration<String> names = request.getParameterNames();
	while (names.hasMoreElements() && flag) {
		String name = (String) names.nextElement();		    	
		String[] values = request.getParameterValues(name);
		if (values != null) {
			for(int i=0;i<values.length && flag; i++){
				String value = values[i];
				if (value.equals("BenchmarkTest01444")) {
					param = name;
				    flag = false;
				}
			}
		}
	}

	String bar = new Test().doSomething(request, param);
	
	String cmd = org.owasp.benchmark.helpers.Utils.getInsecureOSCommandString(this.getClass().getClassLoader());
       
	String[] argsEnv = { bar };
	Runtime r = Runtime.getRuntime();

	try {
		Process p = r.exec(cmd, argsEnv);
		org.owasp.benchmark.helpers.Utils.printOSCommandResults(p, response);
	} catch (IOException e) {
		System.out.println("Problem executing cmdi - TestCase");
		response.getWriter().println(
		  org.owasp.esapi.ESAPI.encoder().encodeForHTML(e.getMessage())
		);
		return;
	}
}
 
Example 11
@Override
public void doPost(HttpServletRequest req, HttpServletResponse resp)
    throws ServletException, IOException {
  String text = req.getParameter("data");
  String sourceLang = req.getParameter("sourceLang");
  String targetLang = req.getParameter("targetLang");

  Enumeration<String> paramNames = req.getParameterNames();
  while (paramNames.hasMoreElements()) {
    String paramName = paramNames.nextElement();
    logger.warning("Param name: " + paramName + " = " + req.getParameter(paramName));
  }

  Publisher publisher = (Publisher) getServletContext().getAttribute("publisher");

  PubsubMessage pubsubMessage =
      PubsubMessage.newBuilder()
          .setData(ByteString.copyFromUtf8(text))
          .putAttributes("sourceLang", sourceLang)
          .putAttributes("targetLang", targetLang)
          .build();

  try {
    publisher.publish(pubsubMessage).get();
  } catch (InterruptedException | ExecutionException e) {
    throw new ServletException("Exception publishing message to topic.", e);
  }

  resp.sendRedirect("/");
}
 
Example 12
@Override
	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		response.setContentType("text/html;charset=UTF-8");
	
		String param = "";
		boolean flag = true;
		java.util.Enumeration<String> names = request.getParameterNames();
		while (names.hasMoreElements() && flag) {
			String name = (String) names.nextElement();		    	
			String[] values = request.getParameterValues(name);
			if (values != null) {
				for(int i=0;i<values.length && flag; i++){
					String value = values[i];
					if (value.equals("BenchmarkTest01463")) {
						param = name;
					    flag = false;
					}
				}
			}
		}

		String bar = new Test().doSomething(request, param);
		
		String sql = "{call " + bar + "}";
				
		try {
			java.sql.Connection connection = org.owasp.benchmark.helpers.DatabaseHelper.getSqlConnection();
			java.sql.CallableStatement statement = connection.prepareCall( sql, java.sql.ResultSet.TYPE_FORWARD_ONLY, 
							java.sql.ResultSet.CONCUR_READ_ONLY, java.sql.ResultSet.CLOSE_CURSORS_AT_COMMIT );
			java.sql.ResultSet rs = statement.executeQuery();
            org.owasp.benchmark.helpers.DatabaseHelper.printResults(rs, sql, response);
        } catch (java.sql.SQLException e) {
        	if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
        		response.getWriter().println(
"Error processing request."
);
        		return;
        	}
			else throw new ServletException(e);
		}
	}
 
Example 13
private HttpTestData parseTestData(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {

            HttpTestData data = new HttpTestData();
            data.setCode(200);
            data.setOrigin(req.getRemoteAddr());
            data.setUrl(req.getRequestURL().toString());

            Enumeration<String> parameterNames = req.getParameterNames();
            while (parameterNames.hasMoreElements()) {
                String paramName = parameterNames.nextElement();
                String[] paramValues = req.getParameterValues(paramName);
                switch (paramName) {
                    case "code": {
                        data.setCode(Integer.parseInt(paramValues[0]));
                        break;
                    }
                    case "delay": {
                        data.setDelay(Integer.parseInt(paramValues[0]));
                        break;
                    }
                }
                data.getArgs().put(paramName, paramValues);
            }
            Enumeration<String> headerNames = req.getHeaderNames();
            while (headerNames.hasMoreElements()) {
                String headerName = headerNames.nextElement();
                Enumeration<String> headerValues = req.getHeaders(headerName);
                List<String> headerList = new ArrayList<>();
                while (headerValues.hasMoreElements()) {
                    headerList.add(headerValues.nextElement());
                }
                data.getHeaders().put(headerName, headerList.toArray(new String[]{}));
            }

            data.setBody(IOUtils.toString(req.getReader()));

            if (data.getDelay() > 0) {
                try {
                    Thread.sleep(data.getDelay());
                } catch (InterruptedException e) {
                    //Ignore
                }
            }

            return data;
        }
 
Example 14
Source Project: unitime   File: CalendarServlet.java    License: Apache License 2.0 4 votes vote down vote up
HttpParams(HttpServletRequest request) {
	for (Enumeration e = request.getParameterNames(); e.hasMoreElements(); ) {
		String name = (String)e.nextElement();
		iParams.put(name, request.getParameterValues(name));
	}
}
 
Example 15
@Override
	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		response.setContentType("text/html;charset=UTF-8");

		String param = "";
		boolean flag = true;
		java.util.Enumeration<String> names = request.getParameterNames();
		while (names.hasMoreElements() && flag) {
			String name = (String) names.nextElement();		    	
			String[] values = request.getParameterValues(name);
			if (values != null) {
				for(int i=0;i<values.length && flag; i++){
					String value = values[i];
					if (value.equals("BenchmarkTest02345")) {
						param = name;
					    flag = false;
					}
				}
			}
		}

		String bar = doSomething(request, param);
		
	    try {
		    java.util.Random numGen = java.security.SecureRandom.getInstance("SHA1PRNG");
		
		    // Get 40 random bytes
		    byte[] randomBytes = new byte[40];
		    getNextNumber(numGen, randomBytes);
		    
	        String rememberMeKey = org.owasp.esapi.ESAPI.encoder().encodeForBase64(randomBytes, true);
	
			String user = "SafeBystander";
			String fullClassName = this.getClass().getName();
			String testCaseNumber = fullClassName.substring(fullClassName.lastIndexOf('.')+1+"BenchmarkTest".length());
			user+= testCaseNumber;
			
			String cookieName = "rememberMe" + testCaseNumber;
			
			boolean foundUser = false;
			javax.servlet.http.Cookie[] cookies = request.getCookies();
			if (cookies != null) {
				for (int i = 0; !foundUser && i < cookies.length; i++) {
					javax.servlet.http.Cookie cookie = cookies[i];
					if (cookieName.equals(cookie.getName())) {
						if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
							foundUser = true;
						}
					}
				}
			}

			
			if (foundUser) {
				response.getWriter().println(
"Welcome back: " + user + "<br/>"
);
			} else {			
				javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey);
				rememberMe.setSecure(true);
	//			rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
				rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet 
															 // e.g., /benchmark/sql-01/BenchmarkTest01001
				request.getSession().setAttribute(cookieName, rememberMeKey);
				response.addCookie(rememberMe);
response.getWriter().println(
user + " has been remembered with cookie: " + rememberMe.getName() 
						+ " whose value is: " + rememberMe.getValue() + "<br/>"
);
			}    
	    } catch (java.security.NoSuchAlgorithmException e) {
			System.out.println("Problem executing SecureRandom.nextBytes() - TestCase");
			throw new ServletException(e);
	    } finally {
			response.getWriter().println(
"Randomness Test java.security.SecureRandom.nextBytes(byte[]) executed"
);
	    }
	}
 
Example 16
/**
 * format this message as a string
 *   TODO mmccune - fill out the email properly with the entire
 *                  request values
 * @return Text of email.
 */
public String toText() {
    StringWriter sw = new StringWriter();
    PrintWriter out = new PrintWriter(sw);
    LocalizationService ls = LocalizationService.getInstance();
    HttpServletRequest request = getRequest();
    User user = getUser();

    if (request != null) {
        out.println(ls.getMessage("traceback message header"));
        out.print(request.getMethod());
        out.println(" " + request.getRequestURI());
        out.println();
        out.print(ls.getMessage("date", getUserLocale()));
        out.print(":");
        out.println(ls.getBasicDate());
        out.print(ls.getMessage("headers", getUserLocale()));
        out.println(":");
        Enumeration e = request.getHeaderNames();
        while (e.hasMoreElements()) {
            String headerName = (String) e.nextElement();
            out.print("  ");
            out.print(headerName);
            out.print(": ");
            out.println(request.getHeader(headerName));
        }
        out.println();
        out.print(ls.getMessage("request", getUserLocale()));
        out.println(":");
        out.println(request.toString());

        if (request.getMethod() != null &&
                request.getMethod().equals("POST")) {
            out.print(ls.getMessage("form variables", getUserLocale()));
            out.println(":");
            Enumeration ne = request.getParameterNames();
            while (ne.hasMoreElements()) {
                String paramName = (String) ne.nextElement();
                out.print("  ");
                out.print(paramName);
                out.print(": ");
                if (paramName.equals("password")) {
                    out.println(HASHES);
                }
                else {
                    out.println(request.getParameter(paramName));
                }
            }
            out.println();
        }
    }
    else {
        out.print(ls.getMessage("date", getUserLocale()));
        out.print(":");
        out.println(ls.getBasicDate());
        out.println();
        out.print(ls.getMessage("request", getUserLocale()));
        out.println(":");
        out.println("No request information");
        out.println();
    }

    out.println();

    out.print(ls.getMessage("user info"));
    out.println(":");
    if (user != null) {
        out.println(user.toString());
    }
    else {
        out.println(ls.getMessage("no user loggedin", getUserLocale()));
    }
    out.println();
    out.print(ls.getMessage("exception", getUserLocale()));
    out.println(":");
    if (throwable != null) {
        throwable.printStackTrace(out);
    }
    else {
        out.println("no throwable");
    }
    out.close();
    return sw.toString();
}
 
Example 17
@Override
protected HashMap<String, Object> getTemplateContext(Template template, HttpServletRequest req, HttpMethod method, String action, User user) throws ActionException {
    String editAction=req.getParameter("editaction");
    if(editAction==null || editAction.length()==0) editAction="userlist";
    
    HashMap<String,Object> params=super.getTemplateContext(template, req, method, action, user);
    
    String userName=req.getParameter("user");
    if(userName!=null) userName=userName.trim();
    if(userName!=null && userName.length()==0) userName=null;
    
    User userObject=null;
    String view="userlist";
    String error=null;
    try{
        if(editAction.equals("userlist")){
            // no side effects, do nothing
        }
        else if(editAction.equals("viewuser")){
            view="user";
            // just check that the user is valid
            if(userName!=null) userObject=userStore.getUser(userName);
        }
        else if(editAction.equals("edituser") || editAction.equals("edituserlist")){
            view="user";
            if(editAction.equals("edituserlist")) view="userlist";

            if(userName!=null) {
                userObject=userStore.getUser(userName);
                if(userObject!=null){

                    Enumeration<String> paramNames=req.getParameterNames();
                    while(paramNames.hasMoreElements()){
                        String key=paramNames.nextElement();
                        String[] values=req.getParameterValues(key);
                        for(String value : values){
                            value=value.trim();
                            if(key.equals("setoption")){
                                int ind=value.indexOf("=");
                                if(ind<0) userObject.setOption(value, "");
                                else {
                                    String k=value.substring(0,ind);
                                    String v=value.substring(ind+1);
                                    userObject.setOption(k,v);
                                }
                            }
                            else if(key.equals("removeoption")){
                                userObject.removeOption(value);
                            }
                            else if(key.equals("addrole")){
                                userObject.addRole(value);
                            }
                            else if(key.equals("removerole")){
                                userObject.removeRole(value);
                            }
                        }
                    }
                    if(!userObject.saveUser()) error="NOEDIT";
                }
            }
        }
        else if(editAction.equals("deleteuser")){
            if(userName!=null) {
                if(!userStore.deleteUser(userName)) error="NODELETE";
            }
        }
        else if(editAction.equals("newuser")){
            view="user";
            if(userName!=null) {
                userObject=userStore.newUser(userName);
                if(userObject==null) error="NONEW";
            }
        }
        else return null;
        
        if(view.equals("user") && userObject==null) {
            if(error==null) error="INVALIDUSER";
            view="userlist";
        }

        if(view.equals("userlist")){
            params.put("allUsers",userStore.getAllUsers());
        }
        else {
            params.put("user",userObject);
        }
        
    }catch(UserStoreException use){
        if(error==null) error="USERSTORE";
    }
            
    params.put("editView",view);
    params.put("error",error);
    
    return params;
}
 
Example 18
@Override
	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		response.setContentType("text/html;charset=UTF-8");
	
		String param = "";
		boolean flag = true;
		java.util.Enumeration<String> names = request.getParameterNames();
		while (names.hasMoreElements() && flag) {
			String name = (String) names.nextElement();		    	
			String[] values = request.getParameterValues(name);
			if (values != null) {
				for(int i=0;i<values.length && flag; i++){
					String value = values[i];
					if (value.equals("BenchmarkTest00580")) {
						param = name;
					    flag = false;
					}
				}
			}
		}
		
		
		String bar = "";
		if (param != null) {
			bar = new String( org.apache.commons.codec.binary.Base64.decodeBase64(
			org.apache.commons.codec.binary.Base64.encodeBase64( param.getBytes() ) ));
		}
		
		
		try {
			double rand = java.security.SecureRandom.getInstance("SHA1PRNG").nextDouble();
			
			String rememberMeKey = Double.toString(rand).substring(2); // Trim off the 0. at the front.
			
			String user = "SafeDonna";
			String fullClassName = this.getClass().getName();
			String testCaseNumber = fullClassName.substring(fullClassName.lastIndexOf('.')+1+"BenchmarkTest".length());
			user+= testCaseNumber;
			
			String cookieName = "rememberMe" + testCaseNumber;
			
			boolean foundUser = false;
			javax.servlet.http.Cookie[] cookies = request.getCookies();
			if (cookies != null) {
				for (int i = 0; !foundUser && i < cookies.length; i++) {
					javax.servlet.http.Cookie cookie = cookies[i];
					if (cookieName.equals(cookie.getName())) {
						if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
							foundUser = true;
						}
					}
				}
			}

			
			if (foundUser) {
				response.getWriter().println(
"Welcome back: " + user + "<br/>"
);
			
			} else {			
				javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey);
				rememberMe.setSecure(true);
	//			rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
				rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet 
															 // e.g., /benchmark/sql-01/BenchmarkTest01001
				request.getSession().setAttribute(cookieName, rememberMeKey);
response.addCookie(rememberMe);
response.getWriter().println(
user + " has been remembered with cookie: " + rememberMe.getName() 
						+ " whose value is: " + rememberMe.getValue() + "<br/>"
);
			}
	    } catch (java.security.NoSuchAlgorithmException e) {
			System.out.println("Problem executing SecureRandom.nextDouble() - TestCase");
			throw new ServletException(e);
	    }
		response.getWriter().println(
"Weak Randomness Test java.security.SecureRandom.nextDouble() executed"
);
	}
 
Example 19
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
	response.setContentType("text/html;charset=UTF-8");

	String param = "";
	boolean flag = true;
	java.util.Enumeration<String> names = request.getParameterNames();
	while (names.hasMoreElements() && flag) {
		String name = (String) names.nextElement();		    	
		String[] values = request.getParameterValues(name);
		if (values != null) {
			for(int i=0;i<values.length && flag; i++){
				String value = values[i];
				if (value.equals("BenchmarkTest00574")) {
					param = name;
				    flag = false;
				}
			}
		}
	}
	
	
	String bar;
	
	// Simple ? condition that assigns param to bar on false condition
	int num = 106;
	
	bar = (7*42) - num > 200 ? "This should never happen" : param;
	
	
	
	String cmd = org.owasp.benchmark.helpers.Utils.getInsecureOSCommandString(this.getClass().getClassLoader());
       
	String[] argsEnv = { bar };
	Runtime r = Runtime.getRuntime();

	try {
		Process p = r.exec(cmd, argsEnv);
		org.owasp.benchmark.helpers.Utils.printOSCommandResults(p, response);
	} catch (IOException e) {
		System.out.println("Problem executing cmdi - TestCase");
		response.getWriter().println(
		  org.owasp.esapi.ESAPI.encoder().encodeForHTML(e.getMessage())
		);
		return;
	}
}
 
Example 20
@Override
	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		response.setContentType("text/html;charset=UTF-8");
	
		String param = "";
		boolean flag = true;
		java.util.Enumeration<String> names = request.getParameterNames();
		while (names.hasMoreElements() && flag) {
			String name = (String) names.nextElement();		    	
			String[] values = request.getParameterValues(name);
			if (values != null) {
				for(int i=0;i<values.length && flag; i++){
					String value = values[i];
					if (value.equals("BenchmarkTest00595")) {
						param = name;
					    flag = false;
					}
				}
			}
		}
		
		
		String bar;
		
		// Simple ? condition that assigns param to bar on false condition
		int num = 106;
		
		bar = (7*42) - num > 200 ? "This should never happen" : param;
		
		
		
		String sql = "SELECT * from USERS where USERNAME=? and PASSWORD='"+ bar +"'";
				
		try {
			java.sql.Connection connection = org.owasp.benchmark.helpers.DatabaseHelper.getSqlConnection();
			java.sql.PreparedStatement statement = connection.prepareStatement( sql, new String[] {"Column1","Column2"} );
			statement.setString(1, "foo");
			statement.execute();
            org.owasp.benchmark.helpers.DatabaseHelper.printResults(statement, sql, response);
		} catch (java.sql.SQLException e) {
			if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
        		response.getWriter().println(
"Error processing request."
);
        		return;
        	}
			else throw new ServletException(e);
		}
	}