This file is part of the Open Web Application Security Project (OWASP) Benchmark Project. For + * details, please see https://owasp.org/www-project-benchmark/. + * + *
The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms + * of the GNU General Public License as published by the Free Software Foundation, version 2. + * + *
The OWASP Benchmark is distributed in the hope that it will be useful, but WITHOUT ANY + * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR + * PURPOSE. See the GNU General Public License for more details. + * + * @author Dave Wichers + * @created 2015 + */ +package org.owasp.benchmark.testcode; + +import java.io.IOException; +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +@WebServlet(value = "/trustbound-00/Benchmark00991") +public class Benchmark00991 extends HttpServlet { + + private static final long serialVersionUID = 1L; + + @Override + public void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + response.setContentType("text/html;charset=UTF-8"); + javax.servlet.http.Cookie userCookie = + new javax.servlet.http.Cookie("Benchmark00991", "color"); + userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes + userCookie.setSecure(true); + userCookie.setPath(request.getRequestURI()); + userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost()); + response.addCookie(userCookie); + javax.servlet.RequestDispatcher rd = + request.getRequestDispatcher("/trustbound-00/Benchmark00991.html"); + rd.include(request, response); + } + + @Override + public void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + response.setContentType("text/html;charset=UTF-8"); + + javax.servlet.http.Cookie[] theCookies = request.getCookies(); + + String param = "noCookieValueSupplied"; + if (theCookies != null) { + for (javax.servlet.http.Cookie theCookie : theCookies) { + if (theCookie.getName().equals("Benchmark00991")) { + param = java.net.URLDecoder.decode(theCookie.getValue(), "UTF-8"); + break; + } + } + } + + String bar = new Test().doSomething(request, param); + + // javax.servlet.http.HttpSession.putValue(java.lang.String^,java.lang.Object) + request.getSession().putValue(bar, "10340"); + + response.getWriter() + .println( + "Item: '" + + org.owasp.benchmark.helpers.Utils.encodeForHTML(bar) + + "' with value: 10340 saved in session."); + } // end doPost + + private class Test { + + public String doSomething(HttpServletRequest request, String param) + throws ServletException, IOException { + + String bar = org.springframework.web.util.HtmlUtils.htmlEscape(param); + + return bar; + } + } // end innerclass Test +} // end DataflowThruInnerClass