package badCodeComplexity; /* This software was developed at the National Institute of Standards and * Technology by employees of the Federal Government in the course of their * official duties. Pursuant to title 17 Section 105 of the United States * Code this software is not subject to copyright protection and is in the * public domain. NIST assumes no responsibility whatsoever for its use by * other parties, and makes no guarantees, expressed or implied, about its * quality, reliability, or any other characteristic. * We would appreciate acknowledgement if the software is used. * The SAMATE project website is: http://samate.nist.gov */ /* * This servlet implements a Cross-Site Scripting vulnerability (XSS) * Parameters: * - data: source of the vulnerability * Example: * - url: http://server_address/path_to_servlet/CrossSiteScripting_080?data= */ import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class CrossSiteScripting_scope_080 extends HttpServlet { private static final long serialVersionUID = 1L; public CrossSiteScripting_scope_080() { super(); } public String function( HttpServletRequest req, String data ) { // BUG String s = req.getParameter( data ); // The string file is not validated before the execution return s; } // Method which will be called to handle HTTP GET requests protected void doGet( HttpServletRequest req, HttpServletResponse resp ) throws ServletException, IOException { // Prepare the output data that will be sent back to the client resp.setContentType( "text/html" ); ServletOutputStream out = resp.getOutputStream(); // Write the HTML document to the output stream. // Note that the data provided by the client in // the field "data" is written as is, without any // filtering, to the output document. Hence the // vulnerability. out.println( "
" ); } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { } }" ); // BUG // Cross Site Scripting out.println(function(req,"data")); out.println( "