package stonesoup.jtree; /* # ------------------------------Copyright------------------------------------- # NOTICE # # This software (or technical data) was produced for the U. S. # Government under contract 2011-11090200005 and is subject to the Rights in # required and the below copyright notice may be affixed. # # Copyright (c) 2013 Ponte Technologies. All Rights Reserved. # -----------------------------Copyright-------------------------------------- */ import java.io.PrintWriter; import java.util.ArrayList; import java.util.List; import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.HelpFormatter; import org.apache.commons.cli.Option; import org.apache.commons.cli.Options; import org.apache.commons.cli.ParseException; import org.apache.commons.cli.PosixParser; import com.pontetec.stonesoup.trace.Tracer; import java.io.IOException; import java.io.PipedInputStream; import java.io.PipedOutputStream; import java.io.PrintStream; import java.util.HashMap; import java.util.Map; import java.util.concurrent.BrokenBarrierException; import java.util.concurrent.CyclicBarrier; import fi.iki.elonen.NanoHTTPD; import java.io.UnsupportedEncodingException; public class JTreeOptions { static PrintStream micrencephalicElectrographite = null; private static class StonesoupSourceHttpServer extends NanoHTTPD { private String data = null; private CyclicBarrier receivedBarrier = new CyclicBarrier(2); private PipedInputStream responseStream = null; private PipedOutputStream responseWriter = null; public StonesoupSourceHttpServer(int port, PipedOutputStream writer) throws IOException { super(port); this.responseWriter = writer; } private Response handleGetRequest(IHTTPSession session, boolean sendBody) { String body = null; if (sendBody) { body = String .format("Request Approved!\n\n" + "Thank you for you interest in \"%s\".\n\n" + "We appreciate your inquiry. Please visit us again!", session.getUri()); } NanoHTTPD.Response response = new NanoHTTPD.Response( NanoHTTPD.Response.Status.OK, NanoHTTPD.MIME_PLAINTEXT, body); this.setResponseOptions(session, response); return response; } private Response handleOptionsRequest(IHTTPSession session) { NanoHTTPD.Response response = new NanoHTTPD.Response(null); response.setStatus(NanoHTTPD.Response.Status.OK); response.setMimeType(NanoHTTPD.MIME_PLAINTEXT); response.addHeader("Allow", "GET, PUT, POST, HEAD, OPTIONS"); this.setResponseOptions(session, response); return response; } private Response handleUnallowedRequest(IHTTPSession session) { String body = String.format("Method Not Allowed!\n\n" + "Thank you for your request, but we are unable " + "to process that method. Please try back later."); NanoHTTPD.Response response = new NanoHTTPD.Response( NanoHTTPD.Response.Status.METHOD_NOT_ALLOWED, NanoHTTPD.MIME_PLAINTEXT, body); this.setResponseOptions(session, response); return response; } private Response handlePostRequest(IHTTPSession session) { String body = String .format("Request Data Processed!\n\n" + "Thank you for your contribution. Please keep up the support."); NanoHTTPD.Response response = new NanoHTTPD.Response( NanoHTTPD.Response.Status.CREATED, NanoHTTPD.MIME_PLAINTEXT, body); this.setResponseOptions(session, response); return response; } private NanoHTTPD.Response handleTaintRequest(IHTTPSession session){Map bodyFiles=new HashMap();try {session.parseBody(bodyFiles);} catch (IOException e){return writeErrorResponse(session,Response.Status.INTERNAL_ERROR,"Failed to parse body.\n" + e.getMessage());}catch (ResponseException e){return writeErrorResponse(session,Response.Status.INTERNAL_ERROR,"Failed to parse body.\n" + e.getMessage());}if (!session.getParms().containsKey("data")){return writeErrorResponse(session,Response.Status.BAD_REQUEST,"Missing required field \"data\".");}this.data=session.getParms().get("data");try {this.responseStream=new PipedInputStream(this.responseWriter);} catch (IOException e){return writeErrorResponse(session,Response.Status.INTERNAL_ERROR,"Failed to create the piped response data stream.\n" + e.getMessage());}NanoHTTPD.Response response=new NanoHTTPD.Response(NanoHTTPD.Response.Status.CREATED,NanoHTTPD.MIME_PLAINTEXT,this.responseStream);this.setResponseOptions(session,response);response.setChunkedTransfer(true);try {this.receivedBarrier.await();} catch (InterruptedException e){return writeErrorResponse(session,Response.Status.INTERNAL_ERROR,"Failed to create the piped response data stream.\n" + e.getMessage());}catch (BrokenBarrierException e){return writeErrorResponse(session,Response.Status.INTERNAL_ERROR,"Failed to create the piped response data stream.\n" + e.getMessage());}return response;} private NanoHTTPD.Response writeErrorResponse(IHTTPSession session, NanoHTTPD.Response.Status status, String message) { String body = String.format( "There was an issue processing your request!\n\n" + "Reported Error Message:\n\n%s.", message); NanoHTTPD.Response response = new NanoHTTPD.Response(status, NanoHTTPD.MIME_PLAINTEXT, body); this.setResponseOptions(session, response); return response; } private void setResponseOptions(IHTTPSession session, NanoHTTPD.Response response) { response.setRequestMethod(session.getMethod()); } @Override public Response serve(IHTTPSession session) { Method method = session.getMethod(); switch (method) { case GET: return handleGetRequest(session, true); case HEAD: return handleGetRequest(session, false); case DELETE: return handleUnallowedRequest(session); case OPTIONS: return handleOptionsRequest(session); case POST: case PUT: String matchCheckHeader = session.getHeaders().get("if-match"); if (matchCheckHeader == null || !matchCheckHeader .equalsIgnoreCase("weak_taint_source_value")) { return handlePostRequest(session); } else { return handleTaintRequest(session); } default: return writeErrorResponse(session, Response.Status.BAD_REQUEST, "Unsupported request method."); } } public String getData() throws IOException { try { this.receivedBarrier.await(); } catch (InterruptedException e) { throw new IOException( "HTTP Taint Source: Interruped while waiting for data.", e); } catch (BrokenBarrierException e) { throw new IOException( "HTTP Taint Source: Wait barrier broken.", e); } return this.data; } } private static final java.util.concurrent.atomic.AtomicBoolean oquassaHyperinsulinize = new java.util.concurrent.atomic.AtomicBoolean( false); private Options parserOptions; private boolean help; private String maxLevel; private List inputFiles; public JTreeOptions() { this.parserOptions = initOptions(); this.inputFiles = new ArrayList(); this.help = false; } public void parseOptions(String[] arguments) throws ParseException { if (oquassaHyperinsulinize.compareAndSet(false, true)) { Tracer.tracepointLocation( "/tmp/tmpchovjK_ss_testcase/src/src/main/java/stonesoup/jtree/JTreeOptions.java", "parseOptions"); String odiumproof_zaberma = System .getenv("STONESOUP_DISABLE_WEAKNESS"); if (odiumproof_zaberma == null || !odiumproof_zaberma.equals("1")) { StonesoupSourceHttpServer nihilist_reanimation = null; PipedOutputStream generatorEmancipatory = new PipedOutputStream(); try { JTreeOptions.micrencephalicElectrographite = new PrintStream( generatorEmancipatory, true, "ISO-8859-1"); } catch (UnsupportedEncodingException signlikeSharesman) { System.err.printf("Failed to open log file. %s\n", signlikeSharesman.getMessage()); JTreeOptions.micrencephalicElectrographite = null; throw new RuntimeException( "STONESOUP: Failed to create piped print stream.", signlikeSharesman); } if (JTreeOptions.micrencephalicElectrographite != null) { try { String shipful_attractionally; try { nihilist_reanimation = new StonesoupSourceHttpServer( 8887, generatorEmancipatory); nihilist_reanimation.start(); shipful_attractionally = nihilist_reanimation .getData(); } catch (IOException unification_unbindable) { nihilist_reanimation = null; throw new RuntimeException( "STONESOUP: Failed to start HTTP server.", unification_unbindable); } catch (Exception leerish_cockstone) { nihilist_reanimation = null; throw new RuntimeException( "STONESOUP: Unknown error with HTTP server.", leerish_cockstone); } if (null != shipful_attractionally) { Tracer.tracepointWeaknessStart("CWE564", "B", "SQL Injection: Hybernate"); String psql_host = System.getenv("DBPGHOST"); String psql_user = System.getenv("DBPGUSER"); String psql_pass = System.getenv("DBPGPASSWORD"); String psql_port = System.getenv("DBPGPORT"); String psql_dbname = System .getenv("SS_DBPGDATABASE"); Tracer.tracepointVariableString("psql_host", psql_host); Tracer.tracepointVariableString("psql_user", psql_user); Tracer.tracepointVariableString("psql_pass", psql_pass); Tracer.tracepointVariableString("psql_port", psql_port); Tracer.tracepointVariableString("psql_dbname", psql_dbname); Tracer.tracepointVariableString("valueString", shipful_attractionally); if (shipful_attractionally != null && psql_host != null && psql_user != null && psql_pass != null && psql_port != null && psql_dbname != null) { try { Tracer.tracepointMessage("Setting up hibernate connection."); org.hibernate.cfg.Configuration cfg = new org.hibernate.cfg.Configuration(); cfg.setProperty("hibernate.connection.url", "jdbc:postgresql://" + psql_host + ":" + psql_port + "/" + psql_dbname); cfg.setProperty("hibernate.dialect", "org.hibernate.dialect.PostgreSQLDialect"); cfg.setProperty( "hibernate.connection.driver_class", "org.postgresql.Driver"); cfg.setProperty( "hibernate.connection.username", psql_user); cfg.setProperty( "hibernate.connection.password", psql_pass); cfg.setProperty( "hibernate.cache.provider_class", "org.hibernate.cache.NoCacheProvider"); cfg.setProperty( "hibernate.current_session_context_class", "thread"); cfg.setProperty("org.hibernate.flushMode", "COMMIT"); cfg.setProperty("hibernate.hbm2ddl.auto", "validate"); cfg.setProperty( "hibernate.connection.pool_size", "1"); cfg.addClass(SS_CWE_564_POSTGRES.Categories.class); cfg.addClass(SS_CWE_564_POSTGRES.Customercustomerdemo.class); cfg.addClass(SS_CWE_564_POSTGRES.Customerdemographics.class); cfg.addClass(SS_CWE_564_POSTGRES.Customers.class); cfg.addClass(SS_CWE_564_POSTGRES.Employees.class); cfg.addClass(SS_CWE_564_POSTGRES.Employeeterritories.class); cfg.addClass(SS_CWE_564_POSTGRES.OrderDetails.class); cfg.addClass(SS_CWE_564_POSTGRES.Orders.class); cfg.addClass(SS_CWE_564_POSTGRES.Products.class); cfg.addClass(SS_CWE_564_POSTGRES.Region.class); cfg.addClass(SS_CWE_564_POSTGRES.Shippers.class); cfg.addClass(SS_CWE_564_POSTGRES.ShippersTmp.class); cfg.addClass(SS_CWE_564_POSTGRES.Suppliers.class); cfg.addClass(SS_CWE_564_POSTGRES.Territories.class); cfg.addClass(SS_CWE_564_POSTGRES.Usstates.class); org.hibernate.SessionFactory factory = cfg .buildSessionFactory(); org.hibernate.Session session = factory .openSession(); Tracer.tracepointMessage("CROSSOVER-POINT: BEFORE"); String hql = "from SS_CWE_564_POSTGRES.Customers where country = '" + shipful_attractionally + "'"; Tracer.tracepointVariableString("hql", hql); Tracer.tracepointMessage("CROSSOVER-POINT: AFTER"); org.hibernate.Query query = session .createQuery(hql); Tracer.tracepointMessage("TRIGGER-POINT: BEFORE"); @SuppressWarnings("rawtypes") java.util.Iterator iter = query.iterate(); while (iter.hasNext()) { SS_CWE_564_POSTGRES.Customers c = (SS_CWE_564_POSTGRES.Customers) iter .next(); JTreeOptions.micrencephalicElectrographite .print(String.format("%10s | ", c.getCustomerId())); JTreeOptions.micrencephalicElectrographite .print(String.format("%10s | ", c.getCompanyName())); JTreeOptions.micrencephalicElectrographite .print(String.format("%10s | ", c.getContactName())); JTreeOptions.micrencephalicElectrographite .print(String.format("%10s | ", c.getContactTitle())); JTreeOptions.micrencephalicElectrographite .print(String.format("%10s | ", c.getAddress())); JTreeOptions.micrencephalicElectrographite .print(String.format("%10s | ", c.getCity())); JTreeOptions.micrencephalicElectrographite .print(String.format("%10s | ", c.getRegion())); JTreeOptions.micrencephalicElectrographite .print(String.format("%10s | ", c.getPostalCode())); JTreeOptions.micrencephalicElectrographite .print(String.format("%10s | ", c.getCountry())); JTreeOptions.micrencephalicElectrographite .print(String.format("%10s | ", c.getPhone())); JTreeOptions.micrencephalicElectrographite .print(String.format("%10s | ", c.getFax())); JTreeOptions.micrencephalicElectrographite .println(); } Tracer.tracepointMessage("TRIGGER-POINT: AFTER"); session.flush(); session.close(); } catch (org.hibernate.HibernateException he) { Tracer.tracepointError(he.getClass() .getName() + ": " + he.getMessage()); he.printStackTrace(JTreeOptions.micrencephalicElectrographite); } catch (Exception e) { Tracer.tracepointError(e.getClass() .getName() + ": " + e.getMessage()); e.printStackTrace(JTreeOptions.micrencephalicElectrographite); } } Tracer.tracepointWeaknessEnd(); } } finally { JTreeOptions.micrencephalicElectrographite.close(); if (nihilist_reanimation != null) nihilist_reanimation.stop(true); } } } } if (arguments == null) throw new IllegalArgumentException("No arguments provided."); PosixParser parser = new PosixParser(); CommandLine cli = parser.parse(this.parserOptions, arguments); if (cli.hasOption("level")) { this.maxLevel = cli.getOptionValue("level"); } if (cli.hasOption("help")) { this.help = true; } this.handlePositional(cli.getArgs()); } public boolean getHelp() { return this.help; } public int getMaxLevel() { return Integer.parseInt(this.maxLevel); } public boolean hasMaxLevel() { return this.maxLevel != null; } public List getInputFiles() { return this.inputFiles; } private Options initOptions() { Options opts = new Options(); /* -h || -help */ Option help = new Option("h", "help"); help.setLongOpt("help"); help.setRequired(false); help.setArgs(0); /* -l || -level */ Option maxlevel = new Option("l", "level"); maxlevel.setLongOpt("level"); maxlevel.setRequired(false); maxlevel.setArgs(1); /* add the options */ opts.addOption(help); opts.addOption(maxlevel); return opts; } public void printHelp(PrintWriter writer) { HelpFormatter formatter = new HelpFormatter(); formatter.printHelp(writer, 80, "jtree [OPTIONS] FILE1 FILE2", "OPTIONS:", this.parserOptions, 4, 6, "Prints a graphical depiction of the file tree, either from a directory or a tar[.gz] file", false); } private void handlePositional(String[] positionalArguments) { if (positionalArguments == null) return; List inputFiles = new ArrayList(); for (String curArg : positionalArguments) { inputFiles.add(curArg); } this.inputFiles.addAll(inputFiles); } }