This file is part of the Open Web Application Security Project (OWASP) Benchmark Project. For + * details, please see https://owasp.org/www-project-benchmark/. + * + *
The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms + * of the GNU General Public License as published by the Free Software Foundation, version 2. + * + *
The OWASP Benchmark is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * @author Nick Sanidas
+ * @created 2015
+ */
+package org.owasp.benchmark.testcode;
+
+import java.io.IOException;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@WebServlet(value = "/weakrand-01/Benchmark00898")
+public class Benchmark00898 extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+ doPost(request, response);
+ }
+
+ @Override
+ public void doPost(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+ response.setContentType("text/html;charset=UTF-8");
+
+ org.owasp.benchmark.helpers.SeparateClassRequest scr =
+ new org.owasp.benchmark.helpers.SeparateClassRequest(request);
+ String param = scr.getTheValue("Benchmark00898");
+
+ String bar = "";
+ if (param != null) {
+ bar =
+ new String(
+ org.apache.commons.codec.binary.Base64.decodeBase64(
+ org.apache.commons.codec.binary.Base64.encodeBase64(
+ param.getBytes())));
+ }
+
+ byte[] bytes = new byte[10];
+ new java.util.Random().nextBytes(bytes);
+ String rememberMeKey = org.owasp.esapi.ESAPI.encoder().encodeForBase64(bytes, true);
+
+ String user = "Byron";
+ String fullClassName = this.getClass().getName();
+ String testCaseNumber =
+ fullClassName.substring(fullClassName.lastIndexOf('.') + 1 + "Benchmark".length());
+ user += testCaseNumber;
+
+ String cookieName = "rememberMe" + testCaseNumber;
+
+ boolean foundUser = false;
+ javax.servlet.http.Cookie[] cookies = request.getCookies();
+ if (cookies != null) {
+ for (int i = 0; !foundUser && i < cookies.length; i++) {
+ javax.servlet.http.Cookie cookie = cookies[i];
+ if (cookieName.equals(cookie.getName())) {
+ if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
+ foundUser = true;
+ }
+ }
+ }
+ }
+
+ if (foundUser) {
+ response.getWriter().println("Welcome back: " + user + "
");
+ } else {
+ javax.servlet.http.Cookie rememberMe =
+ new javax.servlet.http.Cookie(cookieName, rememberMeKey);
+ rememberMe.setSecure(true);
+ rememberMe.setHttpOnly(true);
+ rememberMe.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
+ rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet
+ // e.g., /benchmark/sql-01/Benchmark01001
+ request.getSession().setAttribute(cookieName, rememberMeKey);
+ response.addCookie(rememberMe);
+ response.getWriter()
+ .println(
+ user
+ + " has been remembered with cookie: "
+ + rememberMe.getName()
+ + " whose value is: "
+ + rememberMe.getValue()
+ + "
");
+ }
+
+ response.getWriter().println("Randomness java.util.Random.nextBytes() executed");
+ }
+}
diff --git a/src/main/java/org/owasp/benchmark/testcode/Benchmark00899.java b/src/main/java/org/owasp/benchmark/testcode/Benchmark00899.java
new file mode 100644
index 0000000..ace25ae
--- /dev/null
+++ b/src/main/java/org/owasp/benchmark/testcode/Benchmark00899.java
@@ -0,0 +1,116 @@
+/**
+ * OWASP Benchmark Project v1.2
+ *
+ *
This file is part of the Open Web Application Security Project (OWASP) Benchmark Project. For + * details, please see https://owasp.org/www-project-benchmark/. + * + *
The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms + * of the GNU General Public License as published by the Free Software Foundation, version 2. + * + *
The OWASP Benchmark is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * @author Nick Sanidas
+ * @created 2015
+ */
+package org.owasp.benchmark.testcode;
+
+import java.io.IOException;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@WebServlet(value = "/weakrand-01/Benchmark00899")
+public class Benchmark00899 extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+ doPost(request, response);
+ }
+
+ @Override
+ public void doPost(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+ response.setContentType("text/html;charset=UTF-8");
+
+ org.owasp.benchmark.helpers.SeparateClassRequest scr =
+ new org.owasp.benchmark.helpers.SeparateClassRequest(request);
+ String param = scr.getTheValue("Benchmark00899");
+
+ String bar;
+ String guess = "ABC";
+ char switchTarget = guess.charAt(1); // condition 'B', which is safe
+
+ // Simple case statement that assigns param to bar on conditions 'A', 'C', or 'D'
+ switch (switchTarget) {
+ case 'A':
+ bar = param;
+ break;
+ case 'B':
+ bar = "bob";
+ break;
+ case 'C':
+ case 'D':
+ bar = param;
+ break;
+ default:
+ bar = "bob's your uncle";
+ break;
+ }
+
+ double value = new java.util.Random().nextDouble();
+ String rememberMeKey = Double.toString(value).substring(2); // Trim off the 0. at the front.
+
+ String user = "Donna";
+ String fullClassName = this.getClass().getName();
+ String testCaseNumber =
+ fullClassName.substring(fullClassName.lastIndexOf('.') + 1 + "Benchmark".length());
+ user += testCaseNumber;
+
+ String cookieName = "rememberMe" + testCaseNumber;
+
+ boolean foundUser = false;
+ javax.servlet.http.Cookie[] cookies = request.getCookies();
+ if (cookies != null) {
+ for (int i = 0; !foundUser && i < cookies.length; i++) {
+ javax.servlet.http.Cookie cookie = cookies[i];
+ if (cookieName.equals(cookie.getName())) {
+ if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
+ foundUser = true;
+ }
+ }
+ }
+ }
+
+ if (foundUser) {
+ response.getWriter().println("Welcome back: " + user + "
");
+ } else {
+ javax.servlet.http.Cookie rememberMe =
+ new javax.servlet.http.Cookie(cookieName, rememberMeKey);
+ rememberMe.setSecure(true);
+ rememberMe.setHttpOnly(true);
+ rememberMe.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
+ rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet
+ // e.g., /benchmark/sql-01/Benchmark01001
+ request.getSession().setAttribute(cookieName, rememberMeKey);
+ response.addCookie(rememberMe);
+ response.getWriter()
+ .println(
+ user
+ + " has been remembered with cookie: "
+ + rememberMe.getName()
+ + " whose value is: "
+ + rememberMe.getValue()
+ + "
");
+ }
+
+ response.getWriter().println("Randomness java.util.Random.nextDouble() executed");
+ }
+}