/* TEMPLATE GENERATED TESTCASE FILE Filename: CWE90_LDAP_Injection__Servlet_listen_tcp_51a.java Label Definition File: CWE90_LDAP_Injection__Servlet.label.xml Template File: sources-sink-51a.tmpl.java */ /* * @description * CWE: 90 LDAP Injection * BadSource: listen_tcp Read data using a listening tcp connection * GoodSource: A hardcoded string * BadSink: unchecked data leads to LDAP injection * Flow Variant: 51 Data flow: data passed as an argument from one function to another in different classes in the same package * * */ package testcases.CWE90_LDAP_Injection; import testcasesupport.*; import javax.naming.*; import javax.naming.directory.*; import javax.servlet.http.*; import java.util.Hashtable; import java.io.IOException; import org.apache.commons.lang.StringEscapeUtils; import java.io.BufferedReader; import java.io.InputStreamReader; import java.io.IOException; import java.net.Socket; import java.net.ServerSocket; import java.util.logging.Logger; public class CWE90_LDAP_Injection__Servlet_listen_tcp_51a extends AbstractTestCaseServlet { public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable { String data; Logger log_bad = Logger.getLogger("local-logger"); data = ""; /* init data */ /* Read data using a listening tcp connection */ ServerSocket listener = null; Socket sock = null; BufferedReader buffread = null; InputStreamReader instrread = null; try { /* read input from socket */ listener = new ServerSocket(39543); sock = listener.accept(); instrread = new InputStreamReader(sock.getInputStream()); buffread = new BufferedReader(instrread); data = buffread.readLine(); } catch( IOException ioe ) { log_bad.warning("Error with stream reading"); } finally { /* clean up stream reading objects */ try { if( buffread != null ) { buffread.close(); } } catch( IOException ioe ) { log_bad.warning("Error closing buffread"); } finally { try { if( instrread != null ) { instrread.close(); } } catch( IOException ioe ) { log_bad.warning("Error closing instrread"); } } /* clean up socket objects */ try { if( sock != null ) { sock.close(); } } catch( IOException e ) { log_bad.warning("Error closing sock"); } finally { try { if( listener != null ) { listener.close(); } } catch( IOException e ) { log_bad.warning("Error closing listener"); } } } (new CWE90_LDAP_Injection__Servlet_listen_tcp_51b()).bad_sink(data , request, response ); } public void good(HttpServletRequest request, HttpServletResponse response) throws Throwable { goodG2B(request, response); } /* goodG2B() - use goodsource and badsink */ private void goodG2B(HttpServletRequest request, HttpServletResponse response) throws Throwable { String data; java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger"); /* FIX: Use a hardcoded string */ data = "foo"; (new CWE90_LDAP_Injection__Servlet_listen_tcp_51b()).goodG2B_sink(data , request, response ); } /* Below is the main(). It is only used when building this testcase on its own for testing or for building a binary to use in testing binary analysis tools. It is not used when compiling all the testcases as one application, which is how source code analysis tools are tested. */ public static void main(String[] args) throws ClassNotFoundException, InstantiationException, IllegalAccessException { mainFromParent(args); } }