From c7772d0a8677df5e4c54eeeaa1c35b3802c3edbc Mon Sep 17 00:00:00 2001 From: jose clavo tafur Date: Mon, 30 Sep 2024 21:09:46 -0300 Subject: [PATCH 1/7] remove --- .../java/securibench/micro/BasicTestCase.java | 52 -- .../java/securibench/micro/MicroTestCase.java | 28 -- .../securibench/micro/aliasing/Aliasing1.java | 39 -- .../securibench/micro/aliasing/Aliasing2.java | 40 -- .../securibench/micro/aliasing/Aliasing3.java | 42 -- .../securibench/micro/aliasing/Aliasing4.java | 43 -- .../securibench/micro/aliasing/Aliasing5.java | 45 -- .../securibench/micro/aliasing/Aliasing6.java | 50 -- .../securibench/micro/arrays/Arrays1.java | 36 -- .../securibench/micro/arrays/Arrays10.java | 37 -- .../securibench/micro/arrays/Arrays2.java | 38 -- .../securibench/micro/arrays/Arrays3.java | 40 -- .../securibench/micro/arrays/Arrays4.java | 38 -- .../securibench/micro/arrays/Arrays5.java | 38 -- .../securibench/micro/arrays/Arrays6.java | 38 -- .../securibench/micro/arrays/Arrays7.java | 35 -- .../securibench/micro/arrays/Arrays8.java | 36 -- .../securibench/micro/arrays/Arrays9.java | 36 -- .../java/securibench/micro/basic/Basic0.java | 34 -- .../java/securibench/micro/basic/Basic1.java | 34 -- .../java/securibench/micro/basic/Basic10.java | 42 -- .../java/securibench/micro/basic/Basic11.java | 39 -- .../java/securibench/micro/basic/Basic12.java | 42 -- .../java/securibench/micro/basic/Basic13.java | 33 -- .../java/securibench/micro/basic/Basic14.java | 36 -- .../java/securibench/micro/basic/Basic15.java | 41 -- .../java/securibench/micro/basic/Basic16.java | 50 -- .../java/securibench/micro/basic/Basic17.java | 54 --- .../java/securibench/micro/basic/Basic18.java | 40 -- .../java/securibench/micro/basic/Basic19.java | 49 -- .../java/securibench/micro/basic/Basic2.java | 39 -- .../java/securibench/micro/basic/Basic20.java | 52 -- .../java/securibench/micro/basic/Basic21.java | 57 --- .../java/securibench/micro/basic/Basic22.java | 42 -- .../java/securibench/micro/basic/Basic23.java | 44 -- .../java/securibench/micro/basic/Basic24.java | 36 -- .../java/securibench/micro/basic/Basic25.java | 38 -- .../java/securibench/micro/basic/Basic26.java | 43 -- .../java/securibench/micro/basic/Basic27.java | 42 -- .../java/securibench/micro/basic/Basic28.java | 141 ------ .../java/securibench/micro/basic/Basic29.java | 45 -- .../java/securibench/micro/basic/Basic3.java | 42 -- .../java/securibench/micro/basic/Basic30.java | 43 -- .../java/securibench/micro/basic/Basic31.java | 53 --- .../java/securibench/micro/basic/Basic32.java | 35 -- .../java/securibench/micro/basic/Basic33.java | 38 -- .../java/securibench/micro/basic/Basic34.java | 42 -- .../java/securibench/micro/basic/Basic35.java | 43 -- .../java/securibench/micro/basic/Basic36.java | 39 -- .../java/securibench/micro/basic/Basic37.java | 39 -- .../java/securibench/micro/basic/Basic38.java | 42 -- .../java/securibench/micro/basic/Basic39.java | 39 -- .../java/securibench/micro/basic/Basic4.java | 44 -- .../java/securibench/micro/basic/Basic40.java | 42 -- .../java/securibench/micro/basic/Basic41.java | 33 -- .../java/securibench/micro/basic/Basic42.java | 40 -- .../java/securibench/micro/basic/Basic5.java | 40 -- .../java/securibench/micro/basic/Basic6.java | 40 -- .../java/securibench/micro/basic/Basic7.java | 40 -- .../java/securibench/micro/basic/Basic8.java | 48 -- .../java/securibench/micro/basic/Basic9.java | 42 -- .../micro/collections/Collections1.java | 40 -- .../micro/collections/Collections10.java | 57 --- .../micro/collections/Collections11.java | 39 -- .../micro/collections/Collections11b.java | 25 - .../micro/collections/Collections12.java | 42 -- .../micro/collections/Collections13.java | 49 -- .../micro/collections/Collections14.java | 45 -- .../micro/collections/Collections2.java | 46 -- .../micro/collections/Collections3.java | 46 -- .../micro/collections/Collections4.java | 44 -- .../micro/collections/Collections5.java | 44 -- .../micro/collections/Collections6.java | 43 -- .../micro/collections/Collections7.java | 46 -- .../micro/collections/Collections8.java | 46 -- .../micro/collections/Collections9.java | 46 -- .../micro/datastructures/Datastructures1.java | 54 --- .../micro/datastructures/Datastructures2.java | 54 --- .../micro/datastructures/Datastructures3.java | 55 --- .../micro/datastructures/Datastructures4.java | 55 --- .../micro/datastructures/Datastructures5.java | 62 --- .../micro/datastructures/Datastructures6.java | 59 --- .../micro/factories/Factories1.java | 38 -- .../micro/factories/Factories2.java | 38 -- .../micro/factories/Factories3.java | 50 -- .../java/securibench/micro/inter/Inter1.java | 44 -- .../java/securibench/micro/inter/Inter10.java | 46 -- .../java/securibench/micro/inter/Inter11.java | 50 -- .../java/securibench/micro/inter/Inter12.java | 57 --- .../java/securibench/micro/inter/Inter13.java | 49 -- .../java/securibench/micro/inter/Inter14.java | 49 -- .../java/securibench/micro/inter/Inter2.java | 45 -- .../java/securibench/micro/inter/Inter3.java | 90 ---- .../java/securibench/micro/inter/Inter4.java | 42 -- .../java/securibench/micro/inter/Inter5.java | 44 -- .../java/securibench/micro/inter/Inter6.java | 44 -- .../java/securibench/micro/inter/Inter7.java | 59 --- .../java/securibench/micro/inter/Inter8.java | 56 --- .../java/securibench/micro/inter/Inter9.java | 56 --- .../java/securibench/micro/pred/Pred1.java | 37 -- .../java/securibench/micro/pred/Pred2.java | 44 -- .../java/securibench/micro/pred/Pred3.java | 44 -- .../java/securibench/micro/pred/Pred4.java | 40 -- .../java/securibench/micro/pred/Pred5.java | 40 -- .../java/securibench/micro/pred/Pred6.java | 41 -- .../java/securibench/micro/pred/Pred7.java | 43 -- .../java/securibench/micro/pred/Pred8.java | 39 -- .../java/securibench/micro/pred/Pred9.java | 39 -- .../securibench/micro/reflection/Refl1.java | 65 --- .../securibench/micro/reflection/Refl2.java | 50 -- .../securibench/micro/reflection/Refl3.java | 59 --- .../securibench/micro/reflection/Refl4.java | 52 -- .../micro/sanitizers/Sanitizers1.java | 71 --- .../micro/sanitizers/Sanitizers2.java | 68 --- .../micro/sanitizers/Sanitizers3.java | 37 -- .../micro/sanitizers/Sanitizers4.java | 59 --- .../micro/sanitizers/Sanitizers5.java | 41 -- .../micro/sanitizers/Sanitizers6.java | 66 --- .../securibench/micro/session/Session1.java | 40 -- .../securibench/micro/session/Session2.java | 42 -- .../securibench/micro/session/Session3.java | 45 -- .../micro/strong_updates/StrongUpdates1.java | 37 -- .../micro/strong_updates/StrongUpdates2.java | 37 -- .../micro/strong_updates/StrongUpdates3.java | 43 -- .../micro/strong_updates/StrongUpdates4.java | 44 -- .../micro/strong_updates/StrongUpdates5.java | 41 -- .../supportClasses/DummyHttpRequest.java | 449 ------------------ .../supportClasses/DummyHttpResponse.java | 245 ---------- .../supportClasses/DummyHttpSession.java | 131 ----- .../supportClasses/DummyServletConfig.java | 39 -- .../supportClasses/DummyServletContext.java | 280 ----------- .../DummyServletInputStream.java | 44 -- 132 files changed, 6914 deletions(-) delete mode 100644 src/test/java/securibench/micro/BasicTestCase.java delete mode 100644 src/test/java/securibench/micro/MicroTestCase.java delete mode 100644 src/test/java/securibench/micro/aliasing/Aliasing1.java delete mode 100644 src/test/java/securibench/micro/aliasing/Aliasing2.java delete mode 100644 src/test/java/securibench/micro/aliasing/Aliasing3.java delete mode 100644 src/test/java/securibench/micro/aliasing/Aliasing4.java delete mode 100644 src/test/java/securibench/micro/aliasing/Aliasing5.java delete mode 100644 src/test/java/securibench/micro/aliasing/Aliasing6.java delete mode 100644 src/test/java/securibench/micro/arrays/Arrays1.java delete mode 100644 src/test/java/securibench/micro/arrays/Arrays10.java delete mode 100644 src/test/java/securibench/micro/arrays/Arrays2.java delete mode 100644 src/test/java/securibench/micro/arrays/Arrays3.java delete mode 100644 src/test/java/securibench/micro/arrays/Arrays4.java delete mode 100644 src/test/java/securibench/micro/arrays/Arrays5.java delete mode 100644 src/test/java/securibench/micro/arrays/Arrays6.java delete mode 100644 src/test/java/securibench/micro/arrays/Arrays7.java delete mode 100644 src/test/java/securibench/micro/arrays/Arrays8.java delete mode 100644 src/test/java/securibench/micro/arrays/Arrays9.java delete mode 100644 src/test/java/securibench/micro/basic/Basic0.java delete mode 100644 src/test/java/securibench/micro/basic/Basic1.java delete mode 100644 src/test/java/securibench/micro/basic/Basic10.java delete mode 100644 src/test/java/securibench/micro/basic/Basic11.java delete mode 100644 src/test/java/securibench/micro/basic/Basic12.java delete mode 100644 src/test/java/securibench/micro/basic/Basic13.java delete mode 100644 src/test/java/securibench/micro/basic/Basic14.java delete mode 100644 src/test/java/securibench/micro/basic/Basic15.java delete mode 100644 src/test/java/securibench/micro/basic/Basic16.java delete mode 100644 src/test/java/securibench/micro/basic/Basic17.java delete mode 100644 src/test/java/securibench/micro/basic/Basic18.java delete mode 100644 src/test/java/securibench/micro/basic/Basic19.java delete mode 100644 src/test/java/securibench/micro/basic/Basic2.java delete mode 100644 src/test/java/securibench/micro/basic/Basic20.java delete mode 100644 src/test/java/securibench/micro/basic/Basic21.java delete mode 100644 src/test/java/securibench/micro/basic/Basic22.java delete mode 100644 src/test/java/securibench/micro/basic/Basic23.java delete mode 100644 src/test/java/securibench/micro/basic/Basic24.java delete mode 100644 src/test/java/securibench/micro/basic/Basic25.java delete mode 100644 src/test/java/securibench/micro/basic/Basic26.java delete mode 100644 src/test/java/securibench/micro/basic/Basic27.java delete mode 100644 src/test/java/securibench/micro/basic/Basic28.java delete mode 100644 src/test/java/securibench/micro/basic/Basic29.java delete mode 100644 src/test/java/securibench/micro/basic/Basic3.java delete mode 100644 src/test/java/securibench/micro/basic/Basic30.java delete mode 100644 src/test/java/securibench/micro/basic/Basic31.java delete mode 100644 src/test/java/securibench/micro/basic/Basic32.java delete mode 100644 src/test/java/securibench/micro/basic/Basic33.java delete mode 100644 src/test/java/securibench/micro/basic/Basic34.java delete mode 100644 src/test/java/securibench/micro/basic/Basic35.java delete mode 100644 src/test/java/securibench/micro/basic/Basic36.java delete mode 100644 src/test/java/securibench/micro/basic/Basic37.java delete mode 100644 src/test/java/securibench/micro/basic/Basic38.java delete mode 100644 src/test/java/securibench/micro/basic/Basic39.java delete mode 100644 src/test/java/securibench/micro/basic/Basic4.java delete mode 100644 src/test/java/securibench/micro/basic/Basic40.java delete mode 100644 src/test/java/securibench/micro/basic/Basic41.java delete mode 100644 src/test/java/securibench/micro/basic/Basic42.java delete mode 100644 src/test/java/securibench/micro/basic/Basic5.java delete mode 100644 src/test/java/securibench/micro/basic/Basic6.java delete mode 100644 src/test/java/securibench/micro/basic/Basic7.java delete mode 100644 src/test/java/securibench/micro/basic/Basic8.java delete mode 100644 src/test/java/securibench/micro/basic/Basic9.java delete mode 100644 src/test/java/securibench/micro/collections/Collections1.java delete mode 100644 src/test/java/securibench/micro/collections/Collections10.java delete mode 100644 src/test/java/securibench/micro/collections/Collections11.java delete mode 100644 src/test/java/securibench/micro/collections/Collections11b.java delete mode 100644 src/test/java/securibench/micro/collections/Collections12.java delete mode 100644 src/test/java/securibench/micro/collections/Collections13.java delete mode 100644 src/test/java/securibench/micro/collections/Collections14.java delete mode 100644 src/test/java/securibench/micro/collections/Collections2.java delete mode 100644 src/test/java/securibench/micro/collections/Collections3.java delete mode 100644 src/test/java/securibench/micro/collections/Collections4.java delete mode 100644 src/test/java/securibench/micro/collections/Collections5.java delete mode 100644 src/test/java/securibench/micro/collections/Collections6.java delete mode 100644 src/test/java/securibench/micro/collections/Collections7.java delete mode 100644 src/test/java/securibench/micro/collections/Collections8.java delete mode 100644 src/test/java/securibench/micro/collections/Collections9.java delete mode 100644 src/test/java/securibench/micro/datastructures/Datastructures1.java delete mode 100644 src/test/java/securibench/micro/datastructures/Datastructures2.java delete mode 100644 src/test/java/securibench/micro/datastructures/Datastructures3.java delete mode 100644 src/test/java/securibench/micro/datastructures/Datastructures4.java delete mode 100644 src/test/java/securibench/micro/datastructures/Datastructures5.java delete mode 100644 src/test/java/securibench/micro/datastructures/Datastructures6.java delete mode 100644 src/test/java/securibench/micro/factories/Factories1.java delete mode 100644 src/test/java/securibench/micro/factories/Factories2.java delete mode 100644 src/test/java/securibench/micro/factories/Factories3.java delete mode 100644 src/test/java/securibench/micro/inter/Inter1.java delete mode 100644 src/test/java/securibench/micro/inter/Inter10.java delete mode 100644 src/test/java/securibench/micro/inter/Inter11.java delete mode 100644 src/test/java/securibench/micro/inter/Inter12.java delete mode 100644 src/test/java/securibench/micro/inter/Inter13.java delete mode 100644 src/test/java/securibench/micro/inter/Inter14.java delete mode 100644 src/test/java/securibench/micro/inter/Inter2.java delete mode 100644 src/test/java/securibench/micro/inter/Inter3.java delete mode 100644 src/test/java/securibench/micro/inter/Inter4.java delete mode 100644 src/test/java/securibench/micro/inter/Inter5.java delete mode 100644 src/test/java/securibench/micro/inter/Inter6.java delete mode 100644 src/test/java/securibench/micro/inter/Inter7.java delete mode 100644 src/test/java/securibench/micro/inter/Inter8.java delete mode 100644 src/test/java/securibench/micro/inter/Inter9.java delete mode 100644 src/test/java/securibench/micro/pred/Pred1.java delete mode 100644 src/test/java/securibench/micro/pred/Pred2.java delete mode 100644 src/test/java/securibench/micro/pred/Pred3.java delete mode 100644 src/test/java/securibench/micro/pred/Pred4.java delete mode 100644 src/test/java/securibench/micro/pred/Pred5.java delete mode 100644 src/test/java/securibench/micro/pred/Pred6.java delete mode 100644 src/test/java/securibench/micro/pred/Pred7.java delete mode 100644 src/test/java/securibench/micro/pred/Pred8.java delete mode 100644 src/test/java/securibench/micro/pred/Pred9.java delete mode 100644 src/test/java/securibench/micro/reflection/Refl1.java delete mode 100644 src/test/java/securibench/micro/reflection/Refl2.java delete mode 100644 src/test/java/securibench/micro/reflection/Refl3.java delete mode 100644 src/test/java/securibench/micro/reflection/Refl4.java delete mode 100644 src/test/java/securibench/micro/sanitizers/Sanitizers1.java delete mode 100644 src/test/java/securibench/micro/sanitizers/Sanitizers2.java delete mode 100644 src/test/java/securibench/micro/sanitizers/Sanitizers3.java delete mode 100644 src/test/java/securibench/micro/sanitizers/Sanitizers4.java delete mode 100644 src/test/java/securibench/micro/sanitizers/Sanitizers5.java delete mode 100644 src/test/java/securibench/micro/sanitizers/Sanitizers6.java delete mode 100644 src/test/java/securibench/micro/session/Session1.java delete mode 100644 src/test/java/securibench/micro/session/Session2.java delete mode 100644 src/test/java/securibench/micro/session/Session3.java delete mode 100644 src/test/java/securibench/micro/strong_updates/StrongUpdates1.java delete mode 100644 src/test/java/securibench/micro/strong_updates/StrongUpdates2.java delete mode 100644 src/test/java/securibench/micro/strong_updates/StrongUpdates3.java delete mode 100644 src/test/java/securibench/micro/strong_updates/StrongUpdates4.java delete mode 100644 src/test/java/securibench/micro/strong_updates/StrongUpdates5.java delete mode 100644 src/test/java/securibench/supportClasses/DummyHttpRequest.java delete mode 100644 src/test/java/securibench/supportClasses/DummyHttpResponse.java delete mode 100644 src/test/java/securibench/supportClasses/DummyHttpSession.java delete mode 100644 src/test/java/securibench/supportClasses/DummyServletConfig.java delete mode 100644 src/test/java/securibench/supportClasses/DummyServletContext.java delete mode 100644 src/test/java/securibench/supportClasses/DummyServletInputStream.java diff --git a/src/test/java/securibench/micro/BasicTestCase.java b/src/test/java/securibench/micro/BasicTestCase.java deleted file mode 100644 index 63ac82b..0000000 --- a/src/test/java/securibench/micro/BasicTestCase.java +++ /dev/null @@ -1,52 +0,0 @@ -/** - $Id: BasicTestCase.java,v 1.5 2006/04/21 17:14:24 livshits Exp $ -*/ -package securibench.micro; - -import java.io.IOException; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import securibench.supportClasses.DummyServletConfig; - -public abstract class BasicTestCase extends HttpServlet { - @Override - - protected void doTrace(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException - { - // do nothing - } - - protected void doHead(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException - { - // do nothing - } - - protected void doPost(HttpServletRequest arg0, HttpServletResponse arg1) throws ServletException, IOException { - // do nothing - } - - protected void doDelete(HttpServletRequest arg0, HttpServletResponse arg1) throws ServletException, IOException { - // do nothing - } - - protected void doPut(HttpServletRequest arg0, HttpServletResponse arg1) throws ServletException, IOException { - // do nothing - } - - //added method for testing: - - @Override - public ServletConfig getServletConfig(){ - return new DummyServletConfig(); - - } - - -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/MicroTestCase.java b/src/test/java/securibench/micro/MicroTestCase.java deleted file mode 100644 index 1b31dd6..0000000 --- a/src/test/java/securibench/micro/MicroTestCase.java +++ /dev/null @@ -1,28 +0,0 @@ -/* - $Id: MicroTestCase.java,v 1.4 2005/11/26 22:18:19 livshits Exp $ - */ -package securibench.micro; - -/** - * An interface all test cases are supposed to implement this interface. - * - * At the top of you case, place the following two keywords: - * - * \@servlet description="..." - * \@servlet vuln_count = "1" - * - * These values will be used by the test harness. - * */ -public interface MicroTestCase { - public String CONNECTION_STRING = "jdbc:dtF:E. coli;USR=dtfadm;PWD=dtfadm;Create=always;APPL=GIVE;DType=FILE"; - - /** - * A brief textual description of the test case. - * */ - public String getDescription(); - - /** - * Expected number of vulnerabilities in the test case. - * */ - public int getVulnerabilityCount(); -} diff --git a/src/test/java/securibench/micro/aliasing/Aliasing1.java b/src/test/java/securibench/micro/aliasing/Aliasing1.java deleted file mode 100644 index c676b45..0000000 --- a/src/test/java/securibench/micro/aliasing/Aliasing1.java +++ /dev/null @@ -1,39 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Aliasing1.java,v 1.1 2006/04/21 17:14:27 livshits Exp $ - */ -package securibench.micro.aliasing; - -import java.io.IOException; -import java.io.PrintWriter; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="simple aliasing because of assignment" - * @servlet vuln_count = "1" - * */ -public class Aliasing1 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - String str = name; - - PrintWriter writer = resp.getWriter(); - writer.println(str); /* BAD */ - } - - public String getDescription() { - return "simple test of field assignment"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/aliasing/Aliasing2.java b/src/test/java/securibench/micro/aliasing/Aliasing2.java deleted file mode 100644 index 81fa317..0000000 --- a/src/test/java/securibench/micro/aliasing/Aliasing2.java +++ /dev/null @@ -1,40 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Aliasing2.java,v 1.1 2006/04/21 17:14:27 livshits Exp $ - */ -package securibench.micro.aliasing; - -import java.io.IOException; -import java.io.PrintWriter; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="simple aliasing false positive" - * @servlet vuln_count = "1" - * */ -public class Aliasing2 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - String str = "abc"; - name = str; - - PrintWriter writer = resp.getWriter(); - writer.println(str); /* OK */ - } - - public String getDescription() { - return "simple aliasing false positive"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/aliasing/Aliasing3.java b/src/test/java/securibench/micro/aliasing/Aliasing3.java deleted file mode 100644 index 9769000..0000000 --- a/src/test/java/securibench/micro/aliasing/Aliasing3.java +++ /dev/null @@ -1,42 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Aliasing3.java,v 1.1 2006/04/21 17:14:27 livshits Exp $ - */ -package securibench.micro.aliasing; - -import java.io.IOException; -import java.io.PrintWriter; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="simple aliasing of an array element" - * @servlet vuln_count = "1" - * */ -public class Aliasing3 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - String[] a = new String[10]; - String str = a[5]; - a[5] = name; - name = str; - - PrintWriter writer = resp.getWriter(); - writer.println(str); /* BAD */ - } - - public String getDescription() { - return "simple aliasing of an array element"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/aliasing/Aliasing4.java b/src/test/java/securibench/micro/aliasing/Aliasing4.java deleted file mode 100644 index 83ab328..0000000 --- a/src/test/java/securibench/micro/aliasing/Aliasing4.java +++ /dev/null @@ -1,43 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Aliasing4.java,v 1.1 2006/04/21 17:14:27 livshits Exp $ - */ -package securibench.micro.aliasing; - -import java.io.IOException; -import java.io.PrintWriter; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="simple aliasing with casts" - * @servlet vuln_count = "2" - * */ -public class Aliasing4 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - Object o1 = name; - Object o2 = name.concat("abc"); - Object o3 = "anc"; - - PrintWriter writer = resp.getWriter(); - writer.println(o1); /* BAD */ - writer.println(o2); /* BAD */ - writer.println(o3); /* OK */ - } - - public String getDescription() { - return "simple aliasing with casts"; - } - - public int getVulnerabilityCount() { - return 2; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/aliasing/Aliasing5.java b/src/test/java/securibench/micro/aliasing/Aliasing5.java deleted file mode 100644 index 2033c9b..0000000 --- a/src/test/java/securibench/micro/aliasing/Aliasing5.java +++ /dev/null @@ -1,45 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Aliasing5.java,v 1.1 2006/04/21 17:14:27 livshits Exp $ - */ -package securibench.micro.aliasing; - -import java.io.IOException; -import java.io.PrintWriter; - -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="interprocedural argument aliasing" - * @servlet vuln_count = "1" - * */ -public class Aliasing5 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - StringBuffer buf = new StringBuffer("abc"); - foo(buf, buf, resp, req); - } - - void foo(StringBuffer buf, StringBuffer buf2, ServletResponse resp, ServletRequest req) throws IOException { - String name = req.getParameter(FIELD_NAME); - buf.append(name); - PrintWriter writer = resp.getWriter(); - writer.println(buf2.toString()); /* BAD */ - } - - public String getDescription() { - return "interprocedural argument aliasing"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/aliasing/Aliasing6.java b/src/test/java/securibench/micro/aliasing/Aliasing6.java deleted file mode 100644 index 3e8ffe8..0000000 --- a/src/test/java/securibench/micro/aliasing/Aliasing6.java +++ /dev/null @@ -1,50 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Aliasing6.java,v 1.1 2006/04/21 17:14:27 livshits Exp $ - */ -package securibench.micro.aliasing; - -import java.io.IOException; -import java.io.PrintWriter; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="aliasing with copy propagation" - * @servlet vuln_count = "7" - * */ -public class Aliasing6 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String[] names = req.getParameterValues(FIELD_NAME); - Object - o1, o2, o3, o4, o5, o6, o7, o8, o9, o10, o11, o12, o13, o14, o15, o16, o17, o18, o19, o20, - o21, o22, o23, o24, o25, o26, o27, o28, o29, o30, o31, o32, o33, o34, o35, o36, o37, o38, o39, o40; - o1 = o2 = o3 = o4 = o5 = o6 = o7 = o8 = o9 = o10 = o11 = o12 = o13 = o14 = o15 = o16 = o17 = o18 = o19 = o20 = - o21 = o22 = o23 = o24 = o25 = o26 = o27 = o28 = o29 = o30 = o31 = o32 = o33 = o34 = o35 = o36 = o37 = o38 = o39 = o40 = - names[0]; - - PrintWriter writer = resp.getWriter(); - writer.println(o1); /* BAD */ - writer.println(o2); /* BAD */ - writer.println(o3); /* BAD */ - writer.println(o4); /* BAD */ - writer.println(o32); /* BAD */ - writer.println(o37); /* BAD */ - writer.println(o40); /* BAD */ - } - - public String getDescription() { - return "aliasing with copy propagation"; - } - - public int getVulnerabilityCount() { - return 7; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/arrays/Arrays1.java b/src/test/java/securibench/micro/arrays/Arrays1.java deleted file mode 100644 index 93d009f..0000000 --- a/src/test/java/securibench/micro/arrays/Arrays1.java +++ /dev/null @@ -1,36 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Arrays1.java,v 1.3 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.arrays; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="a simple array test" - * @servlet vuln_count = "1" - * */ -public class Arrays1 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter("name"); - String[] array = new String[10]; - array[0] = s1; - - PrintWriter writer = resp.getWriter(); - writer.println(array[0]); /* BAD */ - } - - public String getDescription() { - return "a simple array test"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/arrays/Arrays10.java b/src/test/java/securibench/micro/arrays/Arrays10.java deleted file mode 100644 index ba4dd2f..0000000 --- a/src/test/java/securibench/micro/arrays/Arrays10.java +++ /dev/null @@ -1,37 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Arrays10.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.arrays; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "comple multidimentional array test" - * @servlet vuln_count = "1" - * */ -public class Arrays10 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter("name"); - String[][] array = new String[3][5]; - array[0] = new String[] {name, "abc"}; - - PrintWriter writer = resp.getWriter(); - writer.println(array[0][0]); /* BAD */ - writer.println(array[0][2]); /* OK */ - } - - public String getDescription() { - return "comple multidimentional array test"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/arrays/Arrays2.java b/src/test/java/securibench/micro/arrays/Arrays2.java deleted file mode 100644 index 1ffff82..0000000 --- a/src/test/java/securibench/micro/arrays/Arrays2.java +++ /dev/null @@ -1,38 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Arrays2.java,v 1.3 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.arrays; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "a more complex array test" - * @servlet vuln_count = "1" - * */ -public class Arrays2 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter("name"); - String[] array = new String[10]; - array[0] = s1; - - PrintWriter writer = resp.getWriter(); - writer.println(array[0]); /* BAD */ - writer.println(array[1]); /* OK */ - writer.println(array[2]); /* OK */ - } - - public String getDescription() { - return "a more complex array test"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/arrays/Arrays3.java b/src/test/java/securibench/micro/arrays/Arrays3.java deleted file mode 100644 index 613afc7..0000000 --- a/src/test/java/securibench/micro/arrays/Arrays3.java +++ /dev/null @@ -1,40 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Arrays3.java,v 1.3 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.arrays; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "a more complex array test" - * @servlet vuln_count = "1" - * */ -public class Arrays3 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter("name"); - String[] array1 = new String[10]; - String[] array2 = new String[10]; - - array1[0] = s1; - array2[0] = "abc"; - - PrintWriter writer = resp.getWriter(); - writer.println(array1[0]); /* BAD */ - writer.println(array2[0]); /* OK */ - } - - public String getDescription() { - return "a more complex array test"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/arrays/Arrays4.java b/src/test/java/securibench/micro/arrays/Arrays4.java deleted file mode 100644 index 97a9d9d..0000000 --- a/src/test/java/securibench/micro/arrays/Arrays4.java +++ /dev/null @@ -1,38 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Arrays4.java,v 1.3 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.arrays; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "a test of array indeces" - * @servlet vuln_count = "1" - * */ -public class Arrays4 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter("name"); - int n = 15432532; - - String[] array = new String[10]; - array[0] = name; - - PrintWriter writer = resp.getWriter(); - writer.println(array[n-n]); /* BAD */ - } - - public String getDescription() { - return "a test of array indeces"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/arrays/Arrays5.java b/src/test/java/securibench/micro/arrays/Arrays5.java deleted file mode 100644 index ee6d69b..0000000 --- a/src/test/java/securibench/micro/arrays/Arrays5.java +++ /dev/null @@ -1,38 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Arrays5.java,v 1.3 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.arrays; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "strong updates to array elements" - * @servlet vuln_count = "0" - * */ -public class Arrays5 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter("name"); - String[] array = new String[10]; - - array[0] = name; - array[0] = "abc"; - - PrintWriter writer = resp.getWriter(); - writer.println(array[0]); /* OK */ - } - - public String getDescription() { - return "strong updates to array elements"; - } - - public int getVulnerabilityCount() { - return 0; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/arrays/Arrays6.java b/src/test/java/securibench/micro/arrays/Arrays6.java deleted file mode 100644 index 99e0be1..0000000 --- a/src/test/java/securibench/micro/arrays/Arrays6.java +++ /dev/null @@ -1,38 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Arrays6.java,v 1.3 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.arrays; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "strong updates to array elements" - * @servlet vuln_count = "1" - * */ -public class Arrays6 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter("name"); - String[] array = new String[10]; - - array[0] = "abc"; - array[0] = name; - - PrintWriter writer = resp.getWriter(); - writer.println(array[0]); /* BAD */ - } - - public String getDescription() { - return "strong updates to array elements"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/arrays/Arrays7.java b/src/test/java/securibench/micro/arrays/Arrays7.java deleted file mode 100644 index d32fd40..0000000 --- a/src/test/java/securibench/micro/arrays/Arrays7.java +++ /dev/null @@ -1,35 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Arrays7.java,v 1.3 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.arrays; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "test of array initializers" - * @servlet vuln_count = "1" - * */ -public class Arrays7 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter("name"); - String[] array = new String[] {name, "abc"}; - - PrintWriter writer = resp.getWriter(); - writer.println(array[0]); /* BAD */ - } - - public String getDescription() { - return "test of array initializers"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/arrays/Arrays8.java b/src/test/java/securibench/micro/arrays/Arrays8.java deleted file mode 100644 index 4c095fe..0000000 --- a/src/test/java/securibench/micro/arrays/Arrays8.java +++ /dev/null @@ -1,36 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Arrays8.java,v 1.3 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.arrays; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "test of array initializers" - * @servlet vuln_count = "1" - * */ -public class Arrays8 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter("name"); - String[] array = new String[] {name, "abc"}; - - PrintWriter writer = resp.getWriter(); - writer.println(array[0]); /* BAD */ - writer.println(array[1]); /* OK */ - } - - public String getDescription() { - return "test of array initializers"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/arrays/Arrays9.java b/src/test/java/securibench/micro/arrays/Arrays9.java deleted file mode 100644 index 2d38f5a..0000000 --- a/src/test/java/securibench/micro/arrays/Arrays9.java +++ /dev/null @@ -1,36 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Arrays9.java,v 1.3 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.arrays; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "multidimentional arrays" - * @servlet vuln_count = "1" - * */ -public class Arrays9 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter("name"); - String[][] array = new String[3][5]; - array[0][0] = name; - - PrintWriter writer = resp.getWriter(); - writer.println(array[0][0]); /* BAD */ - } - - public String getDescription() { - return "multidimentional arrays"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic0.java b/src/test/java/securibench/micro/basic/Basic0.java deleted file mode 100644 index 787614c..0000000 --- a/src/test/java/securibench/micro/basic/Basic0.java +++ /dev/null @@ -1,34 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic1.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="very simple XSS" - * @servlet vuln_count = "1" - * */ -public class Basic0 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String str = req.getParameter("name"); - PrintWriter writer = resp.getWriter(); - String str2 = str.toString(); - writer.println(str2); /* BAD */ - } - - public String getDescription() { - return "very simple XSS"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic1.java b/src/test/java/securibench/micro/basic/Basic1.java deleted file mode 100644 index d1c18f8..0000000 --- a/src/test/java/securibench/micro/basic/Basic1.java +++ /dev/null @@ -1,34 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic1.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="very simple XSS" - * @servlet vuln_count = "1" - * */ -public class Basic1 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String str = req.getParameter("name"); - PrintWriter writer = resp.getWriter(); - - writer.println(str); /* BAD */ - } - - public String getDescription() { - return "very simple XSS"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic10.java b/src/test/java/securibench/micro/basic/Basic10.java deleted file mode 100644 index ea13dac..0000000 --- a/src/test/java/securibench/micro/basic/Basic10.java +++ /dev/null @@ -1,42 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic10.java,v 1.5 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="chains of value assignments" - * @servlet vuln_count = "1" - * */ -public class Basic10 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter("name"); - String s2 = s1; - String s3 = s2; - String s4 = s3; - StringBuffer b1 = new StringBuffer(s4); - //StringBuffer b2 = b1; - StringBuffer b3 = b1; - String s5 = b3.toString(); - String s6 = s5; - - PrintWriter writer = resp.getWriter(); - writer.println(s6); /* BAD */ - } - - public String getDescription() { - return "chains of value assignments"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic11.java b/src/test/java/securibench/micro/basic/Basic11.java deleted file mode 100644 index 678bf61..0000000 --- a/src/test/java/securibench/micro/basic/Basic11.java +++ /dev/null @@ -1,39 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic11.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="a simple false positive because of two calls to String.toLowerCase" - * @servlet vuln_count = "2" - * */ -public class Basic11 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter("name"); - String s2 = "abc"; - String s3 = s1.toUpperCase(); - String s4 = s2.toUpperCase(); - - PrintWriter writer = resp.getWriter(); - writer.println(s3); /* BAD */ - writer.println(s1 + ";"); /* BAD */ - writer.println(s4); /* OK */ - } - - public String getDescription() { - return "a simple false positive because of two calls to String.toLowerCase"; - } - - public int getVulnerabilityCount() { - return 2; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic12.java b/src/test/java/securibench/micro/basic/Basic12.java deleted file mode 100644 index 93b0edb..0000000 --- a/src/test/java/securibench/micro/basic/Basic12.java +++ /dev/null @@ -1,42 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic12.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.Random; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="a simple conditional; both branches should be taken" - * @servlet vuln_count = "2" - * */ -public class Basic12 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter("name"); - PrintWriter writer = resp.getWriter(); - boolean choice = new Random().nextBoolean(); - - if(choice) { - writer.println(s1 + ":"); /* BAD */ - } else{ - writer.println(s1 + ";"); /* BAD */ - } - - writer.println("\n"); /* OK */ - } - - public String getDescription() { - return "a simple conditional; both branches should be taken"; - } - - public int getVulnerabilityCount() { - return 2; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic13.java b/src/test/java/securibench/micro/basic/Basic13.java deleted file mode 100644 index f137c0f..0000000 --- a/src/test/java/securibench/micro/basic/Basic13.java +++ /dev/null @@ -1,33 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic13.java,v 1.5 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="use getInitParameter instead" - * @servlet vuln_count = "1" - * */ -public class Basic13 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s = getServletConfig().getInitParameter("name"); - PrintWriter writer = resp.getWriter(); - writer.println(s); /* BAD */ - } - - public String getDescription() { - return "use getInitParameterInstead"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic14.java b/src/test/java/securibench/micro/basic/Basic14.java deleted file mode 100644 index 28d5b65..0000000 --- a/src/test/java/securibench/micro/basic/Basic14.java +++ /dev/null @@ -1,36 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic14.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.Enumeration; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="use the servlet context and casts" - * @servlet vuln_count = "1" - * */ -public class Basic14 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - for(Enumeration e = getServletConfig().getInitParameterNames(); e.hasMoreElements(); ) { - String s = (String) e.nextElement(); - PrintWriter writer = resp.getWriter(); - writer.println(s); /* BAD */ - } - } - - public String getDescription() { - return "use the servlet context and casts"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic15.java b/src/test/java/securibench/micro/basic/Basic15.java deleted file mode 100644 index a526f1b..0000000 --- a/src/test/java/securibench/micro/basic/Basic15.java +++ /dev/null @@ -1,41 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic15.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - - -/** - * @servlet description="test casts more exhaustively" - * @servlet vuln_count = "1" - * */ -public class Basic15 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter(FIELD_NAME); - Object o = s1 + ";"; - String s2 = (String) o; - StringBuffer buf = new StringBuffer(s2); - Object o2 = buf; - String s3 = ((StringBuffer) o2).toString(); - PrintWriter writer = resp.getWriter(); - writer.println(s3); /* BAD */ - } - - public String getDescription() { - return "test casts more exhaustively"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic16.java b/src/test/java/securibench/micro/basic/Basic16.java deleted file mode 100644 index 21e253f..0000000 --- a/src/test/java/securibench/micro/basic/Basic16.java +++ /dev/null @@ -1,50 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic16.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.mock.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="simple heap-allocated data strucure" - * @servlet vuln_count = "1" - * */ -public class Basic16 extends BasicTestCase implements MicroTestCase { - public class Widget { - String contents; - - public String getContents() { - return contents; - } - - public void setContents(String contents) { - this.contents = contents; - } - } - - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s = req.getParameter(FIELD_NAME); - Widget w = new Widget(); - w.setContents(s); - - PrintWriter writer = resp.getWriter(); - writer.println(w.getContents()); /* BAD */ - } - - public String getDescription() { - return "simple heap-allocated data structure"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic17.java b/src/test/java/securibench/micro/basic/Basic17.java deleted file mode 100644 index da48d9a..0000000 --- a/src/test/java/securibench/micro/basic/Basic17.java +++ /dev/null @@ -1,54 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic17.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="simple heap-allocated data strucure" - * @servlet vuln_count = "1" - * */ -public class Basic17 extends BasicTestCase implements MicroTestCase { - public class Widget { - String contents; - - public String getContents() { - return contents; - } - - public void setContents(String contents) { - this.contents = contents; - } - } - - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s = req.getParameter(FIELD_NAME); - Widget w1 = new Widget(); - w1.setContents(s); - - Widget w2 = new Widget(); - w2.setContents("abc"); - - PrintWriter writer = resp.getWriter(); - writer.println(w1.getContents()); /* BAD */ - writer.println(w2.getContents()); /* OK */ - } - - public String getDescription() { - return "simple heap-allocated data structure"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic18.java b/src/test/java/securibench/micro/basic/Basic18.java deleted file mode 100644 index d138689..0000000 --- a/src/test/java/securibench/micro/basic/Basic18.java +++ /dev/null @@ -1,40 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic18.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="protect agains simple loop unrolling" - * @servlet vuln_count = "1" - * */ -public class Basic18 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s = req.getParameter(FIELD_NAME); - - for(int i = 0; i < 100; i++) { - PrintWriter writer = resp.getWriter(); - if(i > 5 && (i % 17 == 0)) { - writer.println(s); /* BAD */ - } - } - } - - public String getDescription() { - return "protect against simple loop unrolling"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic19.java b/src/test/java/securibench/micro/basic/Basic19.java deleted file mode 100644 index 1c4b13e..0000000 --- a/src/test/java/securibench/micro/basic/Basic19.java +++ /dev/null @@ -1,49 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic19.java,v 1.7 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.SQLException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="simple SQL injection with prepared statements" - * @servlet vuln_count = "1" - * */ -public class Basic19 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - - Connection con = null; - try { - con = DriverManager.getConnection(MicroTestCase.CONNECTION_STRING); - con.prepareStatement("select * from Users where name=" + name); /* BAD */ - } catch (SQLException e) { - System.err.println("An error occurred"); - } finally { - try { - if(con != null) con.close(); - } catch (SQLException e) { - e.printStackTrace(); - } - } - } - - public String getDescription() { - return "simple SQL injection with prepared statements"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic2.java b/src/test/java/securibench/micro/basic/Basic2.java deleted file mode 100644 index 9cb1186..0000000 --- a/src/test/java/securibench/micro/basic/Basic2.java +++ /dev/null @@ -1,39 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic2.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.Random; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="XSS combined with a simple conditional" - * @servlet vuln_count = "1" - * */ -public class Basic2 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String str = req.getParameter("name"); - Random r = new Random(); - boolean choice = r.nextBoolean(); - PrintWriter writer = resp.getWriter(); - - if(choice) { - writer.println(str); /* BAD */ - } - } - - public String getDescription() { - return "XSS combined with a simple conditional"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic20.java b/src/test/java/securibench/micro/basic/Basic20.java deleted file mode 100644 index dc190ad..0000000 --- a/src/test/java/securibench/micro/basic/Basic20.java +++ /dev/null @@ -1,52 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic20.java,v 1.7 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.SQLException; -import java.sql.Statement; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="simple SQL injection" - * @servlet vuln_count = "1" - * */ -public class Basic20 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - - Connection con = null; - try { - con = DriverManager.getConnection(MicroTestCase.CONNECTION_STRING); - Statement stmt = con.createStatement(); - stmt.execute("select * from Users where name=" + name); /* BAD */ - } catch (SQLException e) { - System.err.println("An error occurred"); - } finally { - try { - if(con != null) con.close(); - } catch (SQLException e) { - e.printStackTrace(); - } - } - - } - - public String getDescription() { - return "simple SQL injection"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic21.java b/src/test/java/securibench/micro/basic/Basic21.java deleted file mode 100644 index 0950fd9..0000000 --- a/src/test/java/securibench/micro/basic/Basic21.java +++ /dev/null @@ -1,57 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic21.java,v 1.7 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.SQLException; -import java.sql.Statement; -import java.util.Locale; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="SQL injection with less commonly used methods" - * @servlet vuln_count = "4" - * */ -public class Basic21 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s = req.getParameter(FIELD_NAME); - String name = s.toLowerCase(Locale.UK); - - Connection con = null; - try { - con = DriverManager.getConnection(MicroTestCase.CONNECTION_STRING); - Statement stmt = con.createStatement(); - stmt.executeUpdate("select * from Users where name=" + name); /* BAD */ - stmt.executeUpdate("select * from Users where name=" + name, 0); /* BAD */ - stmt.executeUpdate("select * from Users where name=" + name, /* BAD */ - new String[] {}); - stmt.executeQuery("select * from Users where name=" + name); /* BAD */ - } catch (SQLException e) { - System.err.println("An error occurred"); - } finally { - try { - if(con != null) con.close(); - } catch (SQLException e) { - e.printStackTrace(); - } - } - } - - public String getDescription() { - return "SQL injection with less commonly used methods"; - } - - public int getVulnerabilityCount() { - return 4; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic22.java b/src/test/java/securibench/micro/basic/Basic22.java deleted file mode 100644 index 359e5e4..0000000 --- a/src/test/java/securibench/micro/basic/Basic22.java +++ /dev/null @@ -1,42 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic22.java,v 1.5 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.File; -import java.io.IOException; -import java.util.Locale; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="basic path traversal" - * @servlet vuln_count = "1" - * */ -public class Basic22 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s = req.getParameter(FIELD_NAME); - String name = s.toLowerCase(Locale.UK); - - // this is not a problem just yet: it's perhaps okay to create a file file - // a tained filename, but not use it in any way - File f = new File(name); - // this is definitely bad; an error should be flagged either on this or the - // previous line - f.createNewFile(); /* BAD */ - } - - public String getDescription() { - return "basic path traversal"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic23.java b/src/test/java/securibench/micro/basic/Basic23.java deleted file mode 100644 index 261ee75..0000000 --- a/src/test/java/securibench/micro/basic/Basic23.java +++ /dev/null @@ -1,44 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic23.java,v 1.6 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.FileInputStream; -import java.io.FileWriter; -import java.io.IOException; -import java.util.Locale; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="path traversal" - * @servlet vuln_count = "3" - * */ -public class Basic23 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s = req.getParameter(FIELD_NAME); - String name = s.toLowerCase(Locale.UK); - - try { - /* FileWriter fw = */ new FileWriter(name); /* BAD */ - /* FileWriter fr = */ new FileWriter(name); /* BAD */ - /* FileInputStream fis = */ new FileInputStream(name); /* BAD */ - } catch(Throwable e) { - System.err.println("An error occurred"); - } - } - - public String getDescription() { - return "path traversal"; - } - - public int getVulnerabilityCount() { - return 3; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic24.java b/src/test/java/securibench/micro/basic/Basic24.java deleted file mode 100644 index 530f91e..0000000 --- a/src/test/java/securibench/micro/basic/Basic24.java +++ /dev/null @@ -1,36 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic24.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.util.Locale; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="unsafe redirect" - * @servlet vuln_count = "1" - * */ -public class Basic24 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s = req.getParameter(FIELD_NAME); - String name = s.toLowerCase(Locale.UK); - - resp.sendRedirect("/user/" + name); /* BAD */ - } - - public String getDescription() { - return "unsafe redirect"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic25.java b/src/test/java/securibench/micro/basic/Basic25.java deleted file mode 100644 index d7ded0a..0000000 --- a/src/test/java/securibench/micro/basic/Basic25.java +++ /dev/null @@ -1,38 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic25.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.Locale; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="test getParameterValues" - * @servlet vuln_count = "1" - * */ -public class Basic25 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String[] s = req.getParameterValues(FIELD_NAME); - String name = s[0].toLowerCase(Locale.UK); - - PrintWriter writer = resp.getWriter(); - writer.println(name); /* BAD */ - } - - public String getDescription() { - return "test getParameterValues"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic26.java b/src/test/java/securibench/micro/basic/Basic26.java deleted file mode 100644 index 67ce312..0000000 --- a/src/test/java/securibench/micro/basic/Basic26.java +++ /dev/null @@ -1,43 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic26.java,v 1.3 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.Iterator; -import java.util.Map; -import java.util.Map.Entry; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="test getParameterMap" - * @servlet vuln_count = "1" - * */ -public class Basic26 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - Map m = req.getParameterMap(); - for(Iterator iter = m.entrySet().iterator(); iter.hasNext();) { - Map.Entry e = (Entry) iter.next(); - if(e.getKey().equals(FIELD_NAME)) { - PrintWriter writer = resp.getWriter(); - writer.println(e.getValue()); /* BAD */ - } - } - } - - public String getDescription() { - return "test getParameterMap"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic27.java b/src/test/java/securibench/micro/basic/Basic27.java deleted file mode 100644 index ba09185..0000000 --- a/src/test/java/securibench/micro/basic/Basic27.java +++ /dev/null @@ -1,42 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic27.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.Enumeration; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="test getParameterMap" - * @servlet vuln_count = "1" - * */ -public class Basic27 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - Enumeration e = req.getParameterNames(); - while(e.hasMoreElements()) { - String name = (String) e.nextElement(); - if(name.equals(FIELD_NAME)) { - PrintWriter writer = resp.getWriter(); - String value = req.getParameter(name); - writer.println("value: " + value); /* BAD */ - } - } - } - - public String getDescription() { - return "test getParameterMap"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic28.java b/src/test/java/securibench/micro/basic/Basic28.java deleted file mode 100644 index 058289f..0000000 --- a/src/test/java/securibench/micro/basic/Basic28.java +++ /dev/null @@ -1,141 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic28.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="complicated control flow" - * @servlet vuln_count = "2" - */ -public class Basic28 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter("name"); - boolean b[] = new boolean[3]; - PrintWriter writer = resp.getWriter(); - if (b[0]) { - if (b[0]) { - if (b[0]) { - if (b[0]) { - if (b[0]) { - if (b[0]) { - if (b[0]) { - if (b[0]) { - if (b[0]) { - } - } else { - } - } else { - } - if (b[0]) { - } - } else { - } - } else { - if (b[0]) { - if (b[0]) { - if (b[0]) { - } - } else { - } - } else { - } - } - } else { - if (b[0]) { - if (b[0]) { - if (b[0]) { - } - writer.println(name); /* BAD */ - } else { - } - } else { - } - } - } else { - if (b[0]) { - if (b[0]) { - if (b[0]) { - } - } else { - } - } else { - } - } - } else { - if (b[0]) { - if (b[0]) { - if (b[0]) { - if (b[0]) { - if (b[0]) { - } - } else { - } - } else { - if (b[0]) { - if (b[0]) { - if (b[0]) { - } - } else { - } - } else { - } - } - } else { - if (b[0]) { - if (b[0]) { - if (b[0]) { - } - } else { - } - } else { - } - } - } else { - if (b[0]) { - if (b[0]) { - if (b[0]) { - } - } else { - } - } else { - if (b[0]) { - if (b[0]) { - if (b[0]) { - } - } else { - } - } else { - } - } - } - } - } else { - if (b[0]) { - if (b[0]) { - if (b[0]) { - writer.println(name); /* BAD */ - } - } else { - } - } else { - } - } - } - - public String getDescription() { - return "complicated control flow"; - } - - public int getVulnerabilityCount() { - return 2; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic29.java b/src/test/java/securibench/micro/basic/Basic29.java deleted file mode 100644 index 5e90e60..0000000 --- a/src/test/java/securibench/micro/basic/Basic29.java +++ /dev/null @@ -1,45 +0,0 @@ -/** - * @author Benjamin Livshits - * - * $Id: Basic29.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="recursive data structures" - * @servlet vuln_count = "2" - */ -public class Basic29 extends BasicTestCase implements MicroTestCase { - class Node { - String value; - Node next = null; - } - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter("name"); - Node head = new Node(); - Node next = new Node(); - head.next = next; - next.value = name; - - PrintWriter writer = resp.getWriter(); - writer.println(next.value); /* BAD */ - writer.println(head.next.value); /* BAD */ - writer.println(head.value); /* OK */ - } - - public String getDescription() { - return "recursive data structures"; - } - - public int getVulnerabilityCount() { - return 2; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic3.java b/src/test/java/securibench/micro/basic/Basic3.java deleted file mode 100644 index 484bec5..0000000 --- a/src/test/java/securibench/micro/basic/Basic3.java +++ /dev/null @@ -1,42 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic3.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.HashMap; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="simple derived string test" - * @servlet vuln_count = "1" - * */ -public class Basic3 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String str = req.getParameter("name"); - PrintWriter writer = resp.getWriter(); - String s2 = str.toLowerCase(); - -// Map map = new HashMap(); -// String s2 = map.get(str); - - writer.println(s2); /* BAD */ - } - - public String getDescription() { - return "simple derived string test"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic30.java b/src/test/java/securibench/micro/basic/Basic30.java deleted file mode 100644 index 8da5b4c..0000000 --- a/src/test/java/securibench/micro/basic/Basic30.java +++ /dev/null @@ -1,43 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic30.java,v 1.3 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="field sensitivity" - * @servlet vuln_count = "1" - */ -public class Basic30 extends BasicTestCase implements MicroTestCase { - class Data { - String value1; - String value2; - } - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter("name"); - Data d = new Data(); - d.value2 = name; - d.value1 = "abc"; - - PrintWriter writer = resp.getWriter(); - writer.println(d.value1); /* OK */ - writer.println(d.value2); /* BAD */ - } - - public String getDescription() { - return "field sensitivity"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic31.java b/src/test/java/securibench/micro/basic/Basic31.java deleted file mode 100644 index 0b164bf..0000000 --- a/src/test/java/securibench/micro/basic/Basic31.java +++ /dev/null @@ -1,53 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic31.java,v 1.2 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="values obtained from cookies" - * @servlet vuln_count = "3" - */ -public class Basic31 extends BasicTestCase implements MicroTestCase { - class Data { - String value1; - String value2; - } - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - Cookie[] cookies = req.getCookies(); - - String name = cookies[0].getName(); - String value = cookies[0].getValue(); - String comment = cookies[0].getComment(); - - PrintWriter writer = resp.getWriter(); - - if(name != null) { - writer.println(name); /* BAD */ - } - if(value != null) { - writer.println(value); /* BAD */ - } - if(comment != null) { - writer.println(comment); /* BAD */ - } - } - - public String getDescription() { - return "values obtained from cookies"; - } - - public int getVulnerabilityCount() { - return 3; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic32.java b/src/test/java/securibench/micro/basic/Basic32.java deleted file mode 100644 index 45533fc..0000000 --- a/src/test/java/securibench/micro/basic/Basic32.java +++ /dev/null @@ -1,35 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic32.java,v 1.2 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="values obtained from headers" - * @servlet vuln_count = "1" - */ -public class Basic32 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String header = req.getHeader("Accept-Language"); - - PrintWriter writer = resp.getWriter(); - - writer.println(header); /* BAD */ - } - - public String getDescription() { - return "values obtained from headers"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic33.java b/src/test/java/securibench/micro/basic/Basic33.java deleted file mode 100644 index fc226dc..0000000 --- a/src/test/java/securibench/micro/basic/Basic33.java +++ /dev/null @@ -1,38 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic33.java,v 1.2 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.Enumeration; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="values obtained from headers" - * @servlet vuln_count = "1" - */ -public class Basic33 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - Enumeration e = req.getHeaders("Accept-Language"); - while(e.hasMoreElements()) { - String header = (String) e.nextElement(); - - PrintWriter writer = resp.getWriter(); - writer.println(header); /* BAD */ - } - } - - public String getDescription() { - return "values obtained from headers"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic34.java b/src/test/java/securibench/micro/basic/Basic34.java deleted file mode 100644 index 439a6dd..0000000 --- a/src/test/java/securibench/micro/basic/Basic34.java +++ /dev/null @@ -1,42 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic34.java,v 1.2 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.Enumeration; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="values obtained from headers" - * @servlet vuln_count = "2" - */ -public class Basic34 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - Enumeration e = req.getHeaderNames(); - while(e.hasMoreElements()) { - String headerName = (String) e.nextElement(); - String headerValue = (String) req.getHeader(headerName); - - PrintWriter writer = resp.getWriter(); - // I believe arbitrary header names can be forged - // TODO: double-check this - writer.println(headerName); /* BAD */ - writer.println(headerValue); /* BAD */ - } - } - - public String getDescription() { - return "values obtained from headers"; - } - - public int getVulnerabilityCount() { - return 2; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic35.java b/src/test/java/securibench/micro/basic/Basic35.java deleted file mode 100644 index 7fb3d00..0000000 --- a/src/test/java/securibench/micro/basic/Basic35.java +++ /dev/null @@ -1,43 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic35.java,v 1.2 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.Enumeration; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="values obtained from HttpServletRequest" - * @servlet vuln_count = "6" - */ -public class Basic35 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - Enumeration e = req.getHeaderNames(); - while(e.hasMoreElements()) { - PrintWriter writer = resp.getWriter(); - // I believe these can be forged also - // TODO: double-check this - writer.println(req.getProtocol()); /* BAD */ - writer.println(req.getScheme()); /* BAD */ - writer.println(req.getAuthType()); /* BAD */ - writer.println(req.getQueryString()); /* BAD */ - writer.println(req.getRemoteUser()); /* BAD */ - writer.println(req.getRequestURL()); /* BAD */ - } - } - - public String getDescription() { - return "values obtained from headers"; - } - - public int getVulnerabilityCount() { - return 6; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic36.java b/src/test/java/securibench/micro/basic/Basic36.java deleted file mode 100644 index 370800e..0000000 --- a/src/test/java/securibench/micro/basic/Basic36.java +++ /dev/null @@ -1,39 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic36.java,v 1.2 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.BufferedReader; -import java.io.IOException; -import java.io.InputStreamReader; -import java.io.PrintWriter; -import javax.servlet.ServletInputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="values obtained from HttpServletRequest input stream" - * @servlet vuln_count = "1" - */ -public class Basic36 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - ServletInputStream in = req.getInputStream(); - BufferedReader r = new BufferedReader(new InputStreamReader(in)); - String line = r.readLine(); - - PrintWriter writer = resp.getWriter(); - writer.println(line); /* BAD */ - } - - public String getDescription() { - return "values obtained from HttpServletRequest input stream"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic37.java b/src/test/java/securibench/micro/basic/Basic37.java deleted file mode 100644 index 9d69369..0000000 --- a/src/test/java/securibench/micro/basic/Basic37.java +++ /dev/null @@ -1,39 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic37.java,v 1.2 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.StringTokenizer; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="StringTokenizer test" - * @servlet vuln_count = "1" - */ -public class Basic37 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - StringTokenizer tok = new StringTokenizer(name, "\t"); - while(tok.hasMoreTokens()) { - PrintWriter writer = resp.getWriter(); - writer.println(tok.nextToken()); /* BAD */ - } - } - - public String getDescription() { - return "StringTokenizer test"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic38.java b/src/test/java/securibench/micro/basic/Basic38.java deleted file mode 100644 index 6e4a045..0000000 --- a/src/test/java/securibench/micro/basic/Basic38.java +++ /dev/null @@ -1,42 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic38.java,v 1.2 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.StringTokenizer; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="StringTokenizer test with a false positive" - * @servlet vuln_count = "1" - */ -public class Basic38 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - StringTokenizer tok1 = new StringTokenizer(name, "\t"); - StringTokenizer tok2 = new StringTokenizer("abc\tdef", "\t"); - - while(tok1.hasMoreTokens() && tok2.hasMoreElements()) { - PrintWriter writer = resp.getWriter(); - writer.println(tok1.nextToken()); /* BAD */ - writer.println(tok2.nextToken()); /* OK */ - } - } - - public String getDescription() { - return "StringTokenizer test with a false positive"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic39.java b/src/test/java/securibench/micro/basic/Basic39.java deleted file mode 100644 index 4651596..0000000 --- a/src/test/java/securibench/micro/basic/Basic39.java +++ /dev/null @@ -1,39 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic39.java,v 1.2 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.StringTokenizer; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="StringTokenizer test" - * @servlet vuln_count = "1" - */ -public class Basic39 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - StringTokenizer tok = new StringTokenizer(name, "\t"); - while(tok.hasMoreElements()) { - PrintWriter writer = resp.getWriter(); - writer.println(tok.nextElement()); /* BAD */ - } - } - - public String getDescription() { - return "StringTokenizer test"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic4.java b/src/test/java/securibench/micro/basic/Basic4.java deleted file mode 100644 index 6e2da2a..0000000 --- a/src/test/java/securibench/micro/basic/Basic4.java +++ /dev/null @@ -1,44 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic4.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.Random; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="test path sensitivity just a bit" - * @servlet vuln_count = "1" - * */ -public class Basic4 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String str = req.getParameter("name"); - Random r = new Random(); - int choice = r.nextInt(); - PrintWriter writer = resp.getWriter(); - - switch (choice) { - case 1: break; - case 2: break; - case 3: - writer.println(str); /* BAD */ - break; - default: - } - } - - public String getDescription() { - return "test path sensitivity just a bit"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic40.java b/src/test/java/securibench/micro/basic/Basic40.java deleted file mode 100644 index ef87c26..0000000 --- a/src/test/java/securibench/micro/basic/Basic40.java +++ /dev/null @@ -1,42 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic40.java,v 1.3 2006/04/21 17:14:26 livshits Exp $ -*/ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import com.oreilly.servlet.MultipartRequest; - -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** -* @servlet description="MultipartRequest test" -* @servlet vuln_count = "1" -*/ -public class Basic40 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - MultipartRequest mreq = new MultipartRequest(req, System.getenv("HOME")); - String name = mreq.getParameter(FIELD_NAME); - - PrintWriter writer = resp.getWriter(); - writer.println(name); /* BAD */ - } - - - public String getDescription() { - return "MultipartRequest test"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic41.java b/src/test/java/securibench/micro/basic/Basic41.java deleted file mode 100644 index 8feab27..0000000 --- a/src/test/java/securibench/micro/basic/Basic41.java +++ /dev/null @@ -1,33 +0,0 @@ -/** - @author Benjamin Livshits - - $Id$ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="use getInitParameter instead" - * @servlet vuln_count = "1" - * */ -public class Basic41 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s = getServletConfig().getServletContext().getInitParameter("name"); - PrintWriter writer = resp.getWriter(); - writer.println(s); /* BAD */ - } - - public String getDescription() { - return "use getInitParameter instead"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic42.java b/src/test/java/securibench/micro/basic/Basic42.java deleted file mode 100644 index b34663d..0000000 --- a/src/test/java/securibench/micro/basic/Basic42.java +++ /dev/null @@ -1,40 +0,0 @@ -/** - @author Benjamin Livshits - - $Id$ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.Enumeration; -import javax.servlet.ServletContext; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="use getInitParameterNames" - * @servlet vuln_count = "1" - * */ -public class Basic42 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - ServletContext context = getServletConfig().getServletContext(); - Enumeration e = context.getInitParameterNames(); - while(e.hasMoreElements()) { - String name = (String) e.nextElement(); - Object value = context.getInitParameter(name); - PrintWriter writer = resp.getWriter(); - writer.println(value.toString()); /* BAD */ - } - } - - public String getDescription() { - return "use getInitParameterNames"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic5.java b/src/test/java/securibench/micro/basic/Basic5.java deleted file mode 100644 index 748dbbc..0000000 --- a/src/test/java/securibench/micro/basic/Basic5.java +++ /dev/null @@ -1,40 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic5.java,v 1.5 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="moderately complex test of derived strings" - * @servlet vuln_count = "3" - * */ -public class Basic5 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter("name"); - String s2 = s1.toUpperCase(); - String s3 = s2.concat(";"); - String s4 = s3.replace(';', '.'); - String s5 = s4.trim(); - PrintWriter writer = resp.getWriter(); - - writer.println(s3); /* BAD */ - writer.println(s4); /* BAD */ - writer.println(s5); /* BAD */ - } - - public String getDescription() { - return "moderately complex test of derived strings"; - } - - public int getVulnerabilityCount() { - return 3; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic6.java b/src/test/java/securibench/micro/basic/Basic6.java deleted file mode 100644 index 595bf3c..0000000 --- a/src/test/java/securibench/micro/basic/Basic6.java +++ /dev/null @@ -1,40 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic6.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="complex test of derived strings" - * @servlet vuln_count = "1" - * */ -public class Basic6 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter("name"); - String s2 = s1.toUpperCase(); - String s3 = s2.concat(";"); - String s4 = s3.replace(';', '.'); - String s5 = ":" + s4 + ":"; - String s6 = s5.substring(s5.length() - 1); - - PrintWriter writer = resp.getWriter(); - - writer.println(s6); /* BAD */ - } - - public String getDescription() { - return "complex test of derived strings"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic7.java b/src/test/java/securibench/micro/basic/Basic7.java deleted file mode 100644 index c57d570..0000000 --- a/src/test/java/securibench/micro/basic/Basic7.java +++ /dev/null @@ -1,40 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic7.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="complex test of derived strings involving a string buffer" - * @servlet vuln_count = "1" - * */ -public class Basic7 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter("name"); - String s2 = s1.toUpperCase(); - StringBuffer buf = new StringBuffer(s2); - buf.append("abcdefgh"); - buf.insert(3, 's'); - String s3 = buf.toString(); - - PrintWriter writer = resp.getWriter(); - - writer.println(s3); /* BAD */ - } - - public String getDescription() { - return "complex test of derived strings involving a string buffer"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic8.java b/src/test/java/securibench/micro/basic/Basic8.java deleted file mode 100644 index 26db347..0000000 --- a/src/test/java/securibench/micro/basic/Basic8.java +++ /dev/null @@ -1,48 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic8.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.BitSet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="test of complex conditionals" - * @servlet vuln_count = "1" - * */ -public class Basic8 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String str = req.getParameter("name"); - BitSet bs = new BitSet(10); - - if(bs.get(0)) { - if(bs.get(1)) { - if(bs.get(2)) { - if(bs.get(3)) { - if(bs.get(4)) { - - } - } else { - PrintWriter writer = resp.getWriter(); - writer.println(str); /* BAD */ - } - } - } - } - } - - public String getDescription() { - return "test of complex conditionals"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/basic/Basic9.java b/src/test/java/securibench/micro/basic/Basic9.java deleted file mode 100644 index 39df4f5..0000000 --- a/src/test/java/securibench/micro/basic/Basic9.java +++ /dev/null @@ -1,42 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Basic9.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.basic; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.Random; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="chains of value assignments" - * @servlet vuln_count = "1" - * */ -public class Basic9 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter("name"); - Random r = new Random(); - boolean choice = r.nextBoolean(); - String s2 = s1; - String s3 = s2; - //String s4 = s1; - String s5 = choice ? s3 : s2; - String s6 = s5; - - PrintWriter writer = resp.getWriter(); - writer.println(s6); /* BAD */ - } - - public String getDescription() { - return "chains of value assignments"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/collections/Collections1.java b/src/test/java/securibench/micro/collections/Collections1.java deleted file mode 100644 index f9b06bd..0000000 --- a/src/test/java/securibench/micro/collections/Collections1.java +++ /dev/null @@ -1,40 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Collections1.java,v 1.5 2006/04/04 20:00:41 livshits Exp $ - */ -package securibench.micro.collections; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.LinkedList; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "simple collection deposit/retrieve" - * @servlet vuln_count = "1" - * */ -public class Collections1 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter(FIELD_NAME); - LinkedList ll = new LinkedList(); - ll.addLast(s1); - String s2 = (String) ll.getLast(); - - PrintWriter writer = resp.getWriter(); - writer.println(s2); /* BAD */ - } - - public String getDescription() { - return "simple collection deposit/retrieve"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/collections/Collections10.java b/src/test/java/securibench/micro/collections/Collections10.java deleted file mode 100644 index 800f714..0000000 --- a/src/test/java/securibench/micro/collections/Collections10.java +++ /dev/null @@ -1,57 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Collections10.java,v 1.1 2006/04/21 17:14:26 livshits Exp $ - */ -package securibench.micro.collections; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.ArrayList; -import java.util.Iterator; -import java.util.LinkedList; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "more complex collection copying" - * @servlet vuln_count = "0" - * */ -public class Collections10 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter(FIELD_NAME); - LinkedList c1 = new LinkedList(); - c1.addLast(s1); - ArrayList c2 = new ArrayList(); - c2.add("abc"); - - Iterator iter = c1.iterator(); - PrintWriter writer = resp.getWriter(); - while(iter.hasNext()){ - String str = (String) iter.next(); - - writer.println(str); /* BAD */ - } - - iter = c2.iterator(); - while(iter.hasNext()){ - String str = (String) iter.next(); - - writer.println(str); /* OK */ - } - } - - public String getDescription() { - return "more complex collection copying"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/collections/Collections11.java b/src/test/java/securibench/micro/collections/Collections11.java deleted file mode 100644 index 2e3541f..0000000 --- a/src/test/java/securibench/micro/collections/Collections11.java +++ /dev/null @@ -1,39 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Collections11.java,v 1.1 2006/04/21 17:14:26 livshits Exp $ - */ -package securibench.micro.collections; - -import java.io.IOException; -import java.util.LinkedList; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "interprocedural collection passing" - * @servlet vuln_count = "1" - * */ -public class Collections11 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter(FIELD_NAME); - LinkedList c1 = new LinkedList(); - c1.addLast(s1); - Collections11b c11b = new Collections11b(); - c11b.foo(c1, resp); - } - - public String getDescription() { - return "interprocedural collection passing"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/collections/Collections11b.java b/src/test/java/securibench/micro/collections/Collections11b.java deleted file mode 100644 index 0ace766..0000000 --- a/src/test/java/securibench/micro/collections/Collections11b.java +++ /dev/null @@ -1,25 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Collections11b.java,v 1.1 2006/04/21 17:14:26 livshits Exp $ - */ -package securibench.micro.collections; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.Collection; - -import javax.servlet.ServletResponse; - -/** - * @servlet description = "simple collection deposit/retrieve" - * @servlet vuln_count = "1" - * */ -class Collections11b { - protected void foo(Object o, ServletResponse resp) throws IOException { - Collection c = (Collection) o; - String str = c.toString(); - PrintWriter writer = resp.getWriter(); - writer.println(str); /* BAD */ - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/collections/Collections12.java b/src/test/java/securibench/micro/collections/Collections12.java deleted file mode 100644 index 100bc15..0000000 --- a/src/test/java/securibench/micro/collections/Collections12.java +++ /dev/null @@ -1,42 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Collections12.java,v 1.1 2006/04/21 17:14:26 livshits Exp $ - */ -package securibench.micro.collections; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.LinkedList; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "collection copying through an array" - * @servlet vuln_count = "1" - * */ -public class Collections12 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter(FIELD_NAME); - LinkedList c1 = new LinkedList(); - c1.addLast(s1); - Object[] array = c1.toArray(); - - PrintWriter writer = resp.getWriter(); - writer.println(array[0]); /* BAD */ - } - - public String getDescription() { - return "collection copying through an array"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/collections/Collections13.java b/src/test/java/securibench/micro/collections/Collections13.java deleted file mode 100644 index e0b7fdd..0000000 --- a/src/test/java/securibench/micro/collections/Collections13.java +++ /dev/null @@ -1,49 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Collections13.java,v 1.1 2006/04/21 17:14:26 livshits Exp $ - */ -package securibench.micro.collections; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.LinkedList; -import java.util.List; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "more complex collection copying through an array" - * @servlet vuln_count = "1" - * */ -public class Collections13 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter(FIELD_NAME); - LinkedList c1 = new LinkedList(); - c1.addLast(s1); - c1.addFirst("x"); - Object[] array = c1.toArray(); - List c2 = java.util.Arrays.asList(array); - List c3 = java.util.Arrays.asList(new String[]{new String("xyz")}); - List c4 = java.util.Arrays.asList(new String[]{new String(s1)}); - - PrintWriter writer = resp.getWriter(); - writer.println(c2.get(0)); /* BAD */ - writer.println(c3.get(0)); /* OK */ - writer.println(c4.get(0)); /* OK */ - } - - public String getDescription() { - return "more complex collection copying through an array"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/collections/Collections14.java b/src/test/java/securibench/micro/collections/Collections14.java deleted file mode 100644 index 3c677c0..0000000 --- a/src/test/java/securibench/micro/collections/Collections14.java +++ /dev/null @@ -1,45 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Collections14.java,v 1.1 2006/04/21 17:14:26 livshits Exp $ - */ -package securibench.micro.collections; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.LinkedList; -import java.util.List; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "more complex collection copying through an array" - * @servlet vuln_count = "1" - * */ -public class Collections14 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter(FIELD_NAME); - LinkedList c = new LinkedList(); - for(int i = 0; i < 3000; i++){ - c.addFirst("i: " + i); - } - c.addLast(s1); - - PrintWriter writer = resp.getWriter(); - writer.println(c.getLast()); /* BAD */ - } - - public String getDescription() { - return "more complex collection copying through an array"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/collections/Collections2.java b/src/test/java/securibench/micro/collections/Collections2.java deleted file mode 100644 index 53497d6..0000000 --- a/src/test/java/securibench/micro/collections/Collections2.java +++ /dev/null @@ -1,46 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Collections2.java,v 1.5 2006/04/04 20:00:41 livshits Exp $ - */ -package securibench.micro.collections; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.LinkedList; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "collection deposit/retrieve, check for false positives" - * @servlet vuln_count = "1" - * */ -public class Collections2 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter(FIELD_NAME); - LinkedList ll1 = new LinkedList(); - ll1.addLast(s1); - - LinkedList ll2 = new LinkedList(); - ll1.addLast("abc"); - - String s2 = (String) ll1.getLast(); - String s3 = (String) ll2.getLast(); - - PrintWriter writer = resp.getWriter(); - writer.println(s2); /* BAD */ - writer.println(s3); /* OK */ - } - - public String getDescription() { - return "simple collection deposit/retrieve"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/collections/Collections3.java b/src/test/java/securibench/micro/collections/Collections3.java deleted file mode 100644 index f3a8ce7..0000000 --- a/src/test/java/securibench/micro/collections/Collections3.java +++ /dev/null @@ -1,46 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Collections3.java,v 1.5 2006/04/04 20:00:41 livshits Exp $ - */ -package securibench.micro.collections; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.LinkedList; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "collection of collections" - * @servlet vuln_count = "2" - * */ -public class Collections3 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter(FIELD_NAME); - LinkedList ll1 = new LinkedList(); - LinkedList ll2 = new LinkedList(); - ll2.addLast(s1); - ll2.addLast(ll1); - - LinkedList c = (LinkedList) ll2.getLast(); - String s2 = (String) c.getLast(); - - PrintWriter writer = resp.getWriter(); - writer.println(s2); /* BAD */ - // this is because the print out of c includes the test of s1 - writer.println(c); /* BAD */ - } - - public String getDescription() { - return "collection of collections"; - } - - public int getVulnerabilityCount() { - return 2; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/collections/Collections4.java b/src/test/java/securibench/micro/collections/Collections4.java deleted file mode 100644 index 76a757b..0000000 --- a/src/test/java/securibench/micro/collections/Collections4.java +++ /dev/null @@ -1,44 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Collections4.java,v 1.5 2006/04/04 20:00:41 livshits Exp $ - */ -package securibench.micro.collections; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.Iterator; -import java.util.LinkedList; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "test of iterators" - * @servlet vuln_count = "1" - * */ -public class Collections4 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - LinkedList ll = new LinkedList(); - ll.addLast(name); - - for(Iterator iter = ll.iterator(); iter.hasNext();) { - PrintWriter writer = resp.getWriter(); - Object o = iter.next(); - - writer.println(o); /* BAD */ - } - } - - public String getDescription() { - return "test of iterators"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/collections/Collections5.java b/src/test/java/securibench/micro/collections/Collections5.java deleted file mode 100644 index a61f0f1..0000000 --- a/src/test/java/securibench/micro/collections/Collections5.java +++ /dev/null @@ -1,44 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Collections5.java,v 1.3 2006/04/04 20:00:41 livshits Exp $ - */ -package securibench.micro.collections; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.ArrayList; -import java.util.Iterator; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "test of iterators" - * @servlet vuln_count = "1" - * */ -public class Collections5 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - ArrayList ll = new ArrayList(); - ll.add(name); - - for(Iterator iter = ll.iterator(); iter.hasNext();) { - PrintWriter writer = resp.getWriter(); - Object o = iter.next(); - - writer.println(o); /* BAD */ - } - } - - public String getDescription() { - return "test of iterators"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/collections/Collections6.java b/src/test/java/securibench/micro/collections/Collections6.java deleted file mode 100644 index ea779d2..0000000 --- a/src/test/java/securibench/micro/collections/Collections6.java +++ /dev/null @@ -1,43 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Collections6.java,v 1.4 2006/04/04 20:00:41 livshits Exp $ - */ -package securibench.micro.collections; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.HashMap; -import java.util.Map; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "test of maps" - * @servlet vuln_count = "1" - * */ -public class Collections6 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - Map m = new HashMap(); - m.put("a", name); - String s1 = (String) m.get("b"); - String s2 = (String) m.get("a"); - - PrintWriter writer = resp.getWriter(); - writer.println(s1); /* OK */ - writer.println(s2); /* BAD */ - } - - public String getDescription() { - return "test of maps"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/collections/Collections7.java b/src/test/java/securibench/micro/collections/Collections7.java deleted file mode 100644 index e243139..0000000 --- a/src/test/java/securibench/micro/collections/Collections7.java +++ /dev/null @@ -1,46 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Collections7.java,v 1.3 2006/04/04 20:00:41 livshits Exp $ - */ -package securibench.micro.collections; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.HashMap; -import java.util.Iterator; -import java.util.Map; -import java.util.Map.Entry; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "test of map iterators" - * @servlet vuln_count = "1" - * */ -public class Collections7 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - Map m = new HashMap(); - m.put("a", name); - for(Iterator iter = m.entrySet().iterator(); iter.hasNext();) { - Map.Entry e = (Entry) iter.next(); - - PrintWriter writer = resp.getWriter(); - writer.println(e.getKey()); /* OK */ - writer.println(e.getValue()); /* BAD */ - } - } - - public String getDescription() { - return "test of map iterators"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/collections/Collections8.java b/src/test/java/securibench/micro/collections/Collections8.java deleted file mode 100644 index b42e963..0000000 --- a/src/test/java/securibench/micro/collections/Collections8.java +++ /dev/null @@ -1,46 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Collections8.java,v 1.1 2006/04/21 17:14:26 livshits Exp $ - */ -package securibench.micro.collections; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.ArrayList; -import java.util.LinkedList; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "collection copying" - * @servlet vuln_count = "1" - * */ -public class Collections8 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter(FIELD_NAME); - LinkedList c1 = new LinkedList(); - c1.addLast(s1); - ArrayList c2 = new ArrayList(); - c2.add("abc"); - c2.addAll(c1); - String s2 = (String) c2.get(0); - - PrintWriter writer = resp.getWriter(); - writer.println(s2); /* BAD */ - } - - public String getDescription() { - return "collection copying"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/collections/Collections9.java b/src/test/java/securibench/micro/collections/Collections9.java deleted file mode 100644 index 689d84a..0000000 --- a/src/test/java/securibench/micro/collections/Collections9.java +++ /dev/null @@ -1,46 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Collections9.java,v 1.1 2006/04/21 17:14:26 livshits Exp $ - */ -package securibench.micro.collections; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.ArrayList; -import java.util.LinkedList; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "more complex collection copying" - * @servlet vuln_count = "0" - * */ -public class Collections9 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter(FIELD_NAME); - LinkedList c1 = new LinkedList(); - c1.addLast(s1); - ArrayList c2 = new ArrayList(); - c2.add("abc"); - c2.retainAll(c1); - String s2 = (String) c2.get(0); - - PrintWriter writer = resp.getWriter(); - writer.println(s2); /* BAD */ - } - - public String getDescription() { - return "more complex collection copying"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/datastructures/Datastructures1.java b/src/test/java/securibench/micro/datastructures/Datastructures1.java deleted file mode 100644 index a5c92a6..0000000 --- a/src/test/java/securibench/micro/datastructures/Datastructures1.java +++ /dev/null @@ -1,54 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Datastructures1.java,v 1.1 2006/04/21 17:14:24 livshits Exp $ - */ -package securibench.micro.datastructures; - -import java.io.IOException; -import java.io.PrintWriter; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="simple test of field assignment" - * @servlet vuln_count = "1" - * */ -public class Datastructures1 extends BasicTestCase implements MicroTestCase { - public class C { - private String str; - private String tag = "abc"; - - public String getData(){return this.str;} - //we manually fixed this, was originally: - //public String getTag(){return this.str;} - public String getTag(){return this.tag;} - public void setData(String str){this.str = str;} - } - - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - C c = new C(); - c.setData(name); - String str = c.getData(); - String tag = c.getTag(); - - PrintWriter writer = resp.getWriter(); - writer.println(str); /* BAD */ - writer.println(tag); /* OK */ - } - - public String getDescription() { - return "simple test of field assignment"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/datastructures/Datastructures2.java b/src/test/java/securibench/micro/datastructures/Datastructures2.java deleted file mode 100644 index 2df2a86..0000000 --- a/src/test/java/securibench/micro/datastructures/Datastructures2.java +++ /dev/null @@ -1,54 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Datastructures2.java,v 1.1 2006/04/21 17:14:24 livshits Exp $ - */ -package securibench.micro.datastructures; - -import java.io.IOException; -import java.io.PrintWriter; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="multiple objects of the same type" - * @servlet vuln_count = "1" - * */ -public class Datastructures2 extends BasicTestCase implements MicroTestCase { - public class C { - private String str; - public String getData(){return this.str;} - public String getTag(){return this.str;} - public void setData(String str){this.str = str;} - } - - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - C c1 = new C(); - c1.setData("def"); - - C c2 = new C(); - c2.setData(name); - - String str1 = c1.getData(); - String str2 = c2.getData(); - - PrintWriter writer = resp.getWriter(); - writer.println(str1); /* OK */ - writer.println(str2); /* BAD */ - } - - public String getDescription() { - return "simple test of field assignment"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/datastructures/Datastructures3.java b/src/test/java/securibench/micro/datastructures/Datastructures3.java deleted file mode 100644 index e8f8b1d..0000000 --- a/src/test/java/securibench/micro/datastructures/Datastructures3.java +++ /dev/null @@ -1,55 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Datastructures3.java,v 1.1 2006/04/21 17:14:24 livshits Exp $ - */ -package securibench.micro.datastructures; - -import java.io.IOException; -import java.io.PrintWriter; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="simple nexted data" - * @servlet vuln_count = "1" - * */ -public class Datastructures3 extends BasicTestCase implements MicroTestCase { - public class C { - private String str; - private C next; - - public String getData(){return this.str;} - public void setData(String str){this.str = str;} - public void setNext(C next){this.next = next;} - } - - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - C c1 = new C(); - c1.setData("anbc"); - - C c2 = new C(); - c2.setData(name); - c1.setNext(c2); - - String str = c1.next.str; - - PrintWriter writer = resp.getWriter(); - writer.println(str); /* BAD */ - } - - public String getDescription() { - return "simple nexted data"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/datastructures/Datastructures4.java b/src/test/java/securibench/micro/datastructures/Datastructures4.java deleted file mode 100644 index 0e45acd..0000000 --- a/src/test/java/securibench/micro/datastructures/Datastructures4.java +++ /dev/null @@ -1,55 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Datastructures4.java,v 1.1 2006/04/21 17:14:24 livshits Exp $ - */ -package securibench.micro.datastructures; - -import java.io.IOException; -import java.io.PrintWriter; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="simple nexted data (false positive)" - * @servlet vuln_count = "1" - * */ -public class Datastructures4 extends BasicTestCase implements MicroTestCase { - public class C { - private String str; - private C next; - - public String getData(){return this.str;} - public void setData(String str){this.str = str;} - public void setNext(C next){this.next = next;} - } - - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - C c1 = new C(); - c1.setData(name); - - C c2 = new C(); - c2.setData("abc"); - c1.setNext(c2); - - String str = c1.next.str; - - PrintWriter writer = resp.getWriter(); - writer.println(str); /* BAD */ - } - - public String getDescription() { - return "simple nexted data"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/datastructures/Datastructures5.java b/src/test/java/securibench/micro/datastructures/Datastructures5.java deleted file mode 100644 index d68f110..0000000 --- a/src/test/java/securibench/micro/datastructures/Datastructures5.java +++ /dev/null @@ -1,62 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Datastructures5.java,v 1.1 2006/04/21 17:14:24 livshits Exp $ - */ -package securibench.micro.datastructures; - -import java.io.IOException; -import java.io.PrintWriter; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="nested data in a loop" - * @servlet vuln_count = "1" - * */ -public class Datastructures5 extends BasicTestCase implements MicroTestCase { - public class C { - private String str; - private C next; - - public String getData(){return this.str;} - public void setData(String str){this.str = str;} - public void setNext(C next){this.next = next;} - } - - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - C c1 = new C(); - c1.setData("abc"); - - C c2 = new C(); - c2.setData("def"); - c1.setNext(c2); - - C c3 = new C(); - c3.setData(name.toUpperCase()); - c2.setNext(c3); - - C c = c1; - while (c != null) { - String str = c.getData(); - PrintWriter writer = resp.getWriter(); - writer.println(str); /* BAD */ - c = c.next; - } - } - - public String getDescription() { - return "nested data in a loop"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/datastructures/Datastructures6.java b/src/test/java/securibench/micro/datastructures/Datastructures6.java deleted file mode 100644 index 2a163f9..0000000 --- a/src/test/java/securibench/micro/datastructures/Datastructures6.java +++ /dev/null @@ -1,59 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Datastructures6.java,v 1.1 2006/04/21 17:14:24 livshits Exp $ - */ -package securibench.micro.datastructures; - -import java.io.IOException; -import java.io.PrintWriter; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="nested data in a loop" - * @servlet vuln_count = "1" - * */ -public class Datastructures6 extends BasicTestCase implements MicroTestCase { - public class C { - private String str; - private C next; - - public String getData(){return this.str;} - public void setData(String str){this.str = str;} - public void setNext(C next){this.next = next;} - } - - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - C c = new C(); - C head = c; - for(int i = 0; i < 1600; i++){ - C next = new C(); - c.setNext(next); - c = next; - } - c.setData(name); - c = head; - while(c != null) { - PrintWriter writer = resp.getWriter(); - writer.println(c.getData()); /* BAD */ - - c = c.next; - } - } - - public String getDescription() { - return "nested data in a loop"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/factories/Factories1.java b/src/test/java/securibench/micro/factories/Factories1.java deleted file mode 100644 index 3cb0f64..0000000 --- a/src/test/java/securibench/micro/factories/Factories1.java +++ /dev/null @@ -1,38 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Factories1.java,v 1.3 2006/04/04 20:00:41 livshits Exp $ - */ -package securibench.micro.factories; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="simple factory problem with toLowerCase" - * @servlet vuln_count = "1" - * */ -public class Factories1 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter("name"); - String s2 = s1.toLowerCase(); - String s3 = "abc".toLowerCase(); - - PrintWriter writer = resp.getWriter(); - - writer.println(s2); /* BAD */ - writer.println(s3); /* OK */ - } - - public String getDescription() { - return "simple factory problem with toLowerCase"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/factories/Factories2.java b/src/test/java/securibench/micro/factories/Factories2.java deleted file mode 100644 index 671a0be..0000000 --- a/src/test/java/securibench/micro/factories/Factories2.java +++ /dev/null @@ -1,38 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Factories2.java,v 1.3 2006/04/04 20:00:41 livshits Exp $ - */ -package securibench.micro.factories; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="simple factory problem with String.toString" - * @servlet vuln_count = "1" - * */ -public class Factories2 extends BasicTestCase implements MicroTestCase { - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter("name"); - String s2 = s1.toString(); - String s3 = "abc".toString(); - - PrintWriter writer = resp.getWriter(); - - writer.println(s2); /* BAD */ - writer.println(s3); /* OK */ - } - - public String getDescription() { - return "simple factory problem with String.toString"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/factories/Factories3.java b/src/test/java/securibench/micro/factories/Factories3.java deleted file mode 100644 index 5b485e8..0000000 --- a/src/test/java/securibench/micro/factories/Factories3.java +++ /dev/null @@ -1,50 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Factories3.java,v 1.3 2006/04/04 20:00:41 livshits Exp $ - */ -package securibench.micro.factories; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "factory problem with a string wrapper" - * @servlet vuln_count = "1" - * */ -public class Factories3 extends BasicTestCase implements MicroTestCase { - class StringWrapper { - StringWrapper(String value){ - this.value = value; - } - public String toString() { - return value; - } - - protected String value; - } - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter("name"); - - StringWrapper w1 = new StringWrapper(s1); - StringWrapper w2 = new StringWrapper("abc"); - - PrintWriter writer = resp.getWriter(); - - writer.println(w1.toString()); /* BAD */ - writer.println(w2.toString()); /* OK */ - } - - public String getDescription() { - return "factory problem with a string wrapper"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/inter/Inter1.java b/src/test/java/securibench/micro/inter/Inter1.java deleted file mode 100644 index c2dc0bc..0000000 --- a/src/test/java/securibench/micro/inter/Inter1.java +++ /dev/null @@ -1,44 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Inter1.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.inter; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="simple id method call" - * @servlet vuln_count = "1" - * */ -public class Inter1 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter(FIELD_NAME); - - String s2 = id(s1); - String s3 = id("abc"); - - PrintWriter writer = resp.getWriter(); - writer.println(s2); /* BAD */ - writer.println(s3); /* OK */ - } - - private String id(String string) { - return string; - } - - public String getDescription() { - return "simple id method call"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/inter/Inter10.java b/src/test/java/securibench/micro/inter/Inter10.java deleted file mode 100644 index f7f5d54..0000000 --- a/src/test/java/securibench/micro/inter/Inter10.java +++ /dev/null @@ -1,46 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Inter10.java,v 1.1 2006/04/21 17:14:26 livshits Exp $ - */ -package securibench.micro.inter; - -import java.io.IOException; -import java.io.PrintWriter; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="more complex object sensitivity" - * @servlet vuln_count = "2" - * */ -public class Inter10 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter(FIELD_NAME); - - String s2 = foo(s1); - String s3 = foo("abc"); - - PrintWriter writer = resp.getWriter(); - writer.println(s2); /* BAD */ - writer.println(s3); /* OK */ - } - - private String foo(String s1) { - return s1.toLowerCase().substring(0, s1.length()-1); - } - - public String getDescription() { - return "more complex object sensitivity"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/inter/Inter11.java b/src/test/java/securibench/micro/inter/Inter11.java deleted file mode 100644 index c24775f..0000000 --- a/src/test/java/securibench/micro/inter/Inter11.java +++ /dev/null @@ -1,50 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Inter11.java,v 1.1 2006/04/21 17:14:26 livshits Exp $ - */ -package securibench.micro.inter; - -import java.io.IOException; -import java.io.PrintWriter; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="object sensitivity and context sensitivity combined" - * @servlet vuln_count = "1" - * */ -public class Inter11 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter(FIELD_NAME); - - String s2 = id(foo(s1)); - String s3 = id(foo("abc")); - - PrintWriter writer = resp.getWriter(); - writer.println(s2); /* BAD */ - writer.println(s3); /* OK */ - } - - private String id(String string) { - return string; - } - - private String foo(String s1) { - return s1.toUpperCase(); - } - - public String getDescription() { - return "object sensitivity and context sensitivity combined"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/inter/Inter12.java b/src/test/java/securibench/micro/inter/Inter12.java deleted file mode 100644 index 57329c4..0000000 --- a/src/test/java/securibench/micro/inter/Inter12.java +++ /dev/null @@ -1,57 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Inter12.java,v 1.1 2006/04/21 17:14:26 livshits Exp $ - */ -package securibench.micro.inter; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.Collection; -import java.util.LinkedList; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="collection as a static field" - * @servlet vuln_count = "1" - * */ -public class Inter12 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - static final Collection COLLECTION1 = new LinkedList(); - static final Collection COLLECTION2 = new LinkedList(); - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter(FIELD_NAME); - - foo("abc"); - bar(s1); - - PrintWriter writer = resp.getWriter(); - String s2 = (String) COLLECTION1.iterator().next(); - String s3 = (String) COLLECTION2.iterator().next(); - - writer.println(s2); /* BAD */ - writer.println(s3); /* OK */ - } - - private void foo(Object s) { - COLLECTION2.add(s); - } - - private void bar(Object s) { - COLLECTION1.add(s); - } - - public String getDescription() { - return "collection as a static field"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/inter/Inter13.java b/src/test/java/securibench/micro/inter/Inter13.java deleted file mode 100644 index d2b7474..0000000 --- a/src/test/java/securibench/micro/inter/Inter13.java +++ /dev/null @@ -1,49 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Inter13.java,v 1.1 2006/04/21 17:14:26 livshits Exp $ - */ -package securibench.micro.inter; - -import java.io.IOException; -import java.io.PrintWriter; - -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="recursive case" - * @servlet vuln_count = "1" - * */ -public class Inter13 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter(FIELD_NAME); - - f(s1, 1000, resp); - } - - private void f(String s1, int i, ServletResponse resp) throws IOException { - if(i != 0) { - f(s1, i-1, resp); - } else { - PrintWriter writer = resp.getWriter(); - writer.println(s1); /* BAD */ - } - - - } - - public String getDescription() { - return "recursive case"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/inter/Inter14.java b/src/test/java/securibench/micro/inter/Inter14.java deleted file mode 100644 index 7821b92..0000000 --- a/src/test/java/securibench/micro/inter/Inter14.java +++ /dev/null @@ -1,49 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Inter14.java,v 1.1 2006/04/21 17:14:26 livshits Exp $ - */ -package securibench.micro.inter; - -import java.io.IOException; -import java.io.PrintWriter; - -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="interprocedural loop" - * @servlet vuln_count = "1" - * */ -public class Inter14 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter(FIELD_NAME); - - for(int i = 0; i < 1500; i++){ - if(i > 1000 && i < 1200 && (i % 7 == 3)){ - f(s1, 1000, resp); - } - } - } - - private void f(String s1, int i, ServletResponse resp) throws IOException { - if(i != 0) { - PrintWriter writer = resp.getWriter(); - writer.println(s1); /* BAD */ - } - } - - public String getDescription() { - return "interprocedural loop"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/inter/Inter2.java b/src/test/java/securibench/micro/inter/Inter2.java deleted file mode 100644 index c4e5cd8..0000000 --- a/src/test/java/securibench/micro/inter/Inter2.java +++ /dev/null @@ -1,45 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Inter2.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.inter; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="simple id method call" - * @servlet vuln_count = "2" - * */ -public class Inter2 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter(FIELD_NAME); - - PrintWriter writer = resp.getWriter(); - String s2 = id(s1, writer); - String s3 = id("abc", writer); - writer.println(s2); /* BAD */ // Is this double-reporting?.. - writer.println(s3); /* OK */ - } - - private String id(String string, PrintWriter writer) { - writer.println(string); /* BAD */ - - return string; - } - - public String getDescription() { - return "simple id method call"; - } - - public int getVulnerabilityCount() { - return 2; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/inter/Inter3.java b/src/test/java/securibench/micro/inter/Inter3.java deleted file mode 100644 index 4ebf7d4..0000000 --- a/src/test/java/securibench/micro/inter/Inter3.java +++ /dev/null @@ -1,90 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Inter3.java,v 1.6 2006/04/21 17:14:26 livshits Exp $ - */ -package securibench.micro.inter; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="chains of method calls" - * @servlet vuln_count = "1" - * */ -public class Inter3 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - private PrintWriter writer; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - - writer = resp.getWriter(); - f1(name); - } - - private void f1(String name) { - f2(name); - } - - private void f2(String name) { - f3(name); - f3("ade".concat(name)); - } - - private void f3(String name) { - f4(name); - } - - private void f4(String name) { - f5(name); - } - - private void f5(String name) { - f6(name); - } - - private void f6(String name) { - f7(name); - f7(name + "abc"); - f8("adsf "+ name + "abc"); - f8("adsf "+ name + "abc"); - - } - - private void f7(String name) { - f8(name); - } - - private void f8(String name) { - f9(name); - } - - // reachable code - private void f9(String name) { - writer.println(name); /* BAD */ - } - - // dead code - public void f0(String name) { - writer.println(name); /* OK */ - } - - public String id(String string, PrintWriter writer) { - writer.println(string); /* OK */ - - return string; - } - - public String getDescription() { - return "chains of method calls"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/inter/Inter4.java b/src/test/java/securibench/micro/inter/Inter4.java deleted file mode 100644 index 9b62ac3..0000000 --- a/src/test/java/securibench/micro/inter/Inter4.java +++ /dev/null @@ -1,42 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Inter4.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.inter; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="store stuff in a field" - * @servlet vuln_count = "1" - * */ -public class Inter4 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - private String name; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - name = req.getParameter(FIELD_NAME); - - f(resp); - } - - private void f(ServletResponse resp) throws IOException { - PrintWriter writer = resp.getWriter(); - writer.println(this.name); /* BAD */ - } - - public String getDescription() { - return "store stuff in a field"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/inter/Inter5.java b/src/test/java/securibench/micro/inter/Inter5.java deleted file mode 100644 index 173ff8b..0000000 --- a/src/test/java/securibench/micro/inter/Inter5.java +++ /dev/null @@ -1,44 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Inter5.java,v 1.3 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.inter; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="store stuff in a field" - * @servlet vuln_count = "1" - * */ -public class Inter5 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - - String s1 = id(name); - String s2 = id("abc"); - - PrintWriter writer = resp.getWriter(); - writer.println(s1); /* BAD */ - writer.println(s2); /* OK */ - } - - private String id(String in) throws IOException { - return in.toLowerCase(); - } - - public String getDescription() { - return "store stuff in a field"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/inter/Inter6.java b/src/test/java/securibench/micro/inter/Inter6.java deleted file mode 100644 index fd00007..0000000 --- a/src/test/java/securibench/micro/inter/Inter6.java +++ /dev/null @@ -1,44 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Inter6.java,v 1.3 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.inter; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "bug in class initializer" - * @servlet vuln_count = "1" - * */ -public class Inter6 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - private static String name; - private static PrintWriter writer; - - static class ReflectivelyCreated { - static { - writer.println(name); /* BAD */ - } - } - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - name = req.getParameter(FIELD_NAME); - writer = resp.getWriter(); - - new ReflectivelyCreated(); - } - - public String getDescription() { - return "bug in class initializer"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/inter/Inter7.java b/src/test/java/securibench/micro/inter/Inter7.java deleted file mode 100644 index 0789f39..0000000 --- a/src/test/java/securibench/micro/inter/Inter7.java +++ /dev/null @@ -1,59 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Inter7.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.inter; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "bug in class initializer" - * @servlet vuln_count = "1" - * */ -public class Inter7 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - private static String name; - private static PrintWriter writer; - - static class Base { - public Base(String value) { - this.value = value; - foo(); - } - private void foo() { - writer.println(this.value); /* BAD */ - } - public String toString() { - return value; - } - - String value; - } - - static class ReflectivelyCreated extends Base { - ReflectivelyCreated(String value){ - super(value); - } - } - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - name = req.getParameter(FIELD_NAME); - writer = resp.getWriter(); - - new ReflectivelyCreated(name); - } - - public String getDescription() { - return "bug in class initializer"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/inter/Inter8.java b/src/test/java/securibench/micro/inter/Inter8.java deleted file mode 100644 index 6008772..0000000 --- a/src/test/java/securibench/micro/inter/Inter8.java +++ /dev/null @@ -1,56 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Inter8.java,v 1.1 2006/04/21 17:14:26 livshits Exp $ - */ -package securibench.micro.inter; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="multi-level context sensitivity test" - * @servlet vuln_count = "1" - * */ -public class Inter8 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter(FIELD_NAME); - - String s2 = foo(s1); - String s3 = bar("abc"); - - PrintWriter writer = resp.getWriter(); - writer.println(s2); /* BAD */ - writer.println(s3); /* OK */ - } - - private String foo(String s1) { - return id(s1); - } - - private String bar(String string) { - return id(string); - } - - private String id(String string) { - return id2(string); - } - - private String id2(String string) { - return string; - } - - public String getDescription() { - return "multi-level context sensitivity test"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/inter/Inter9.java b/src/test/java/securibench/micro/inter/Inter9.java deleted file mode 100644 index 6dee00b..0000000 --- a/src/test/java/securibench/micro/inter/Inter9.java +++ /dev/null @@ -1,56 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Inter9.java,v 1.1 2006/04/21 17:14:26 livshits Exp $ - */ -package securibench.micro.inter; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.Locale; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="simple object sensitivity" - * @servlet vuln_count = "2" - * */ -public class Inter9 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter(FIELD_NAME); - - String s2 = foo(s1); - String s3 = foo("abc"); - - PrintWriter writer = resp.getWriter(); - writer.println(s2); /* BAD */ - writer.println(s3); /* OK */ - - String s4 = bar(s1); - String s5 = bar("abc"); - - writer.println(s4); /* BAD */ - writer.println(s5); /* OK */ - } - - private String foo(String s1) { - return s1.toLowerCase(); - } - - private String bar(String s1) { - return s1.toLowerCase(Locale.ENGLISH); - } - - public String getDescription() { - return "simple object sensitivity"; - } - - public int getVulnerabilityCount() { - return 2; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/pred/Pred1.java b/src/test/java/securibench/micro/pred/Pred1.java deleted file mode 100644 index 0d872d3..0000000 --- a/src/test/java/securibench/micro/pred/Pred1.java +++ /dev/null @@ -1,37 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Pred1.java,v 1.5 2006/04/21 17:14:26 livshits Exp $ -*/ -package securibench.micro.pred; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="simple if(false) test" - * @servlet vuln_count = "0" - * */ -public class Pred1 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - if(false) { - PrintWriter writer = resp.getWriter(); - writer.println(name); /* OK */ - } - } - - public String getDescription() { - return "simple if(false) test"; - } - - public int getVulnerabilityCount() { - return 0; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/pred/Pred2.java b/src/test/java/securibench/micro/pred/Pred2.java deleted file mode 100644 index cfe51a2..0000000 --- a/src/test/java/securibench/micro/pred/Pred2.java +++ /dev/null @@ -1,44 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Pred2.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.pred; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.Random; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="simple correlated tests" - * @servlet vuln_count = "0" - * */ -public class Pred2 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - boolean choice = new Random().nextBoolean(); - String name = "abc"; - - if(choice) { - name = req.getParameter(FIELD_NAME); - } - - if(choice) { - PrintWriter writer = resp.getWriter(); - writer.println(name); /* BAD */ - } - } - - public String getDescription() { - return "simple correlated tests"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/pred/Pred3.java b/src/test/java/securibench/micro/pred/Pred3.java deleted file mode 100644 index 5cc5fe7..0000000 --- a/src/test/java/securibench/micro/pred/Pred3.java +++ /dev/null @@ -1,44 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Pred3.java,v 1.5 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.pred; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.Random; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="simple correlated tests" - * @servlet vuln_count = "0" - * */ -public class Pred3 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - boolean choice = new Random().nextBoolean(); - String name = "abc"; - - if(choice) { - name = req.getParameter(FIELD_NAME); - } - - if(!choice) { - PrintWriter writer = resp.getWriter(); - writer.println(name); /* OK */ // nothing bad gets here - } - } - - public String getDescription() { - return "simple correlated tests"; - } - - public int getVulnerabilityCount() { - return 0; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/pred/Pred4.java b/src/test/java/securibench/micro/pred/Pred4.java deleted file mode 100644 index 2e067b8..0000000 --- a/src/test/java/securibench/micro/pred/Pred4.java +++ /dev/null @@ -1,40 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Pred4.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.pred; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="correlated test with an int variable" - * @servlet vuln_count = "1" - * */ -public class Pred4 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - int x = 3; - - String name = req.getParameter(FIELD_NAME); - - if(x == 3) { // should always be taken - PrintWriter writer = resp.getWriter(); - writer.println(name); /* BAD */ // nothing bad gets here - } - } - - public String getDescription() { - return "correlated test with an int variable"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/pred/Pred5.java b/src/test/java/securibench/micro/pred/Pred5.java deleted file mode 100644 index 974492c..0000000 --- a/src/test/java/securibench/micro/pred/Pred5.java +++ /dev/null @@ -1,40 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Pred5.java,v 1.4 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.pred; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="correlated test with a complex conditional" - * @servlet vuln_count = "1" - * */ -public class Pred5 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - int x = 3; - - String name = req.getParameter(FIELD_NAME); - - if ( ((x > 5) && (x % 7 == 29) ) || (x == 3) ) { // should always be taken - PrintWriter writer = resp.getWriter(); - writer.println(name); /* BAD */ - } - } - - public String getDescription() { - return "correlated test with a complex conditional"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/pred/Pred6.java b/src/test/java/securibench/micro/pred/Pred6.java deleted file mode 100644 index 8a30099..0000000 --- a/src/test/java/securibench/micro/pred/Pred6.java +++ /dev/null @@ -1,41 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Pred6.java,v 1.3 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.pred; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="correlated test with addition" - * @servlet vuln_count = "0" - * */ -public class Pred6 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - int x = 2; - x++; - - String name = req.getParameter(FIELD_NAME); - - if(x == 2) { - PrintWriter writer = resp.getWriter(); - writer.println(name); /* OK */ // nothing bad gets here - } - } - - public String getDescription() { - return "correlated test with addition"; - } - - public int getVulnerabilityCount() { - return 0; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/pred/Pred7.java b/src/test/java/securibench/micro/pred/Pred7.java deleted file mode 100644 index f8c550a..0000000 --- a/src/test/java/securibench/micro/pred/Pred7.java +++ /dev/null @@ -1,43 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Pred7.java,v 1.3 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.pred; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="correlated test with multiple variables" - * @servlet vuln_count = "0" - * */ -public class Pred7 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - int x = 2; - int y = 9; - x++; - y-= 2; - - String name = req.getParameter(FIELD_NAME); - - if(x + y == 11) { - PrintWriter writer = resp.getWriter(); - writer.println(name); /* OK */ // nothing bad gets here - } - } - - public String getDescription() { - return "correlated test with multiple variables"; - } - - public int getVulnerabilityCount() { - return 0; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/pred/Pred8.java b/src/test/java/securibench/micro/pred/Pred8.java deleted file mode 100644 index 55c3992..0000000 --- a/src/test/java/securibench/micro/pred/Pred8.java +++ /dev/null @@ -1,39 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Pred8.java,v 1.3 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.pred; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="using an array element as in a predicate" - * @servlet vuln_count = "1" - * */ -public class Pred8 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - String array[] = new String[] {"abc", name}; - - if(array[1].equals(name)) { - PrintWriter writer = resp.getWriter(); - writer.println(name); /* BAD */ - } - } - - public String getDescription() { - return "using an array element as in a predicate"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/pred/Pred9.java b/src/test/java/securibench/micro/pred/Pred9.java deleted file mode 100644 index 1ef4638..0000000 --- a/src/test/java/securibench/micro/pred/Pred9.java +++ /dev/null @@ -1,39 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Pred9.java,v 1.3 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.pred; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="using an array element as in a predicate" - * @servlet vuln_count = "1" - * */ -public class Pred9 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - String array[] = new String[] {name, "abc"}; - - if(array[1].equals(name)) { - PrintWriter writer = resp.getWriter(); - writer.println(name); /* BAD */ // could be equal - } - } - - public String getDescription() { - return "using an array element as in a predicate"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/reflection/Refl1.java b/src/test/java/securibench/micro/reflection/Refl1.java deleted file mode 100644 index 877a425..0000000 --- a/src/test/java/securibench/micro/reflection/Refl1.java +++ /dev/null @@ -1,65 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Refl1.java,v 1.4 2006/04/04 20:00:41 livshits Exp $ - */ -package securibench.micro.reflection; - -import java.io.IOException; -import java.io.PrintWriter; -import java.lang.reflect.InvocationTargetException; -import java.lang.reflect.Method; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="reflective call of a method" - * @servlet vuln_count = "1" - * */ -public class Refl1 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s1 = req.getParameter(FIELD_NAME); - PrintWriter writer = resp.getWriter(); - - Method idMethod = null; - try { - Class clazz = Class.forName("securibench.micro.reflection.Refl1"); - Method methods[] = clazz.getMethods(); - for(int i = 0; i < methods.length; i++) { - Method method = methods[i]; - if(method.getName().equals("id")) { - idMethod = method; - break; - } - } - // a fancy way to call id(s1, writer) - Object o = idMethod.invoke(this, new Object[] {s1, writer}); - String s2 = (String) o; - writer.println(s2); /* BAD */ - } catch( ClassNotFoundException e ) { - e.printStackTrace(); - } catch (IllegalArgumentException e) { - e.printStackTrace(); - } catch (IllegalAccessException e) { - e.printStackTrace(); - } catch (InvocationTargetException e) { - e.printStackTrace(); - } - } - - public String id(String string, PrintWriter writer) { - return string; - } - - public String getDescription() { - return "reflective call of a method"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/reflection/Refl2.java b/src/test/java/securibench/micro/reflection/Refl2.java deleted file mode 100644 index c870213..0000000 --- a/src/test/java/securibench/micro/reflection/Refl2.java +++ /dev/null @@ -1,50 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Refl2.java,v 1.6 2006/04/04 20:00:41 livshits Exp $ - */ -package securibench.micro.reflection; - -import java.io.IOException; -import java.io.PrintWriter; -import java.lang.reflect.Field; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="reflectively access a field" - * @servlet vuln_count = "1" - * */ -public class Refl2 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - public String name; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - name = req.getParameter(FIELD_NAME); - - try { - f(resp); - } catch(Exception e) { - System.err.println("An error occurred"); - } - } - - private void f(ServletResponse resp) throws IOException, SecurityException, NoSuchFieldException, ClassNotFoundException, IllegalArgumentException, IllegalAccessException { - PrintWriter writer = resp.getWriter(); - Field field = Class.forName("securibench.micro.reflection.Refl2").getField("name"); - String myName = (String) field.get(this); - - writer.println(myName); /* BAD */ - } - - public String getDescription() { - return "reflectively access a field"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/reflection/Refl3.java b/src/test/java/securibench/micro/reflection/Refl3.java deleted file mode 100644 index 0700843..0000000 --- a/src/test/java/securibench/micro/reflection/Refl3.java +++ /dev/null @@ -1,59 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Refl3.java,v 1.6 2006/04/04 20:00:40 livshits Exp $ - */ -package securibench.micro.reflection; - -import java.io.IOException; -import java.io.PrintWriter; -import java.lang.reflect.Field; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "reflectively create a class and access its field" - * @servlet vuln_count = "1" - * */ -public class Refl3 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - private String name; - - public static class ReflectivelyCreated { - public String value; - } - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - name = req.getParameter(FIELD_NAME); - PrintWriter writer = resp.getWriter(); - - try { - Class clazz = Class.forName("securibench.micro.reflection.Refl3$ReflectivelyCreated"); - ReflectivelyCreated rc = (ReflectivelyCreated) clazz.newInstance(); - Field field = clazz.getField("value"); - field.set(rc, name); - - writer.println(rc.value); /* BAD */ - } catch (ClassNotFoundException e) { - System.err.println("An error occurred (1)"); - } catch (InstantiationException e) { - System.err.println("An error occurred (2)"); - } catch (IllegalAccessException e) { - System.err.println("An error occurred (3)"); - } catch (SecurityException e) { - System.err.println("An error occurred (4)"); - } catch (NoSuchFieldException e) { - System.err.println("An error occurred (5)"); - } - } - - public String getDescription() { - return "reflectively create a class and access its field"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/reflection/Refl4.java b/src/test/java/securibench/micro/reflection/Refl4.java deleted file mode 100644 index 9a70e11..0000000 --- a/src/test/java/securibench/micro/reflection/Refl4.java +++ /dev/null @@ -1,52 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Refl4.java,v 1.5 2006/04/04 20:00:41 livshits Exp $ - */ -package securibench.micro.reflection; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description = "bug in class initializer" - * @servlet vuln_count = "1" - * */ -public class Refl4 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - private static String name; - private static PrintWriter writer; - - static class ReflectivelyCreated { - static { - writer.println(name); /* BAD */ - - } - } - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - name = req.getParameter(FIELD_NAME); - writer = resp.getWriter(); - - try { - // this invokes the class initializer - Class.forName("securibench.micro.reflection.Refl4$ReflectivelyCreated"); - } catch (ClassNotFoundException e) { - System.err.println("An error occurred (1)"); - } catch (SecurityException e) { - System.err.println("An error occurred (2)"); - } - } - - public String getDescription() { - return "bug in class initializer"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/sanitizers/Sanitizers1.java b/src/test/java/securibench/micro/sanitizers/Sanitizers1.java deleted file mode 100644 index 14aea24..0000000 --- a/src/test/java/securibench/micro/sanitizers/Sanitizers1.java +++ /dev/null @@ -1,71 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Sanitizers1.java,v 1.9 2006/04/21 17:14:27 livshits Exp $ - */ -package securibench.micro.sanitizers; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="simple sanitization check" - * @servlet vuln_count = "1" - * */ -public class Sanitizers1 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - private PrintWriter writer; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - String clean = clean(name); - - writer = resp.getWriter(); - resp.setContentType("text/html"); - - writer.println(""); - writer.println("" + name + ""); /* BAD */ - writer.println("" + clean + ""); /* OK */ - writer.println(""); - - } - - /** - * @sanitizer - * javascript sanitization routine - * */ - private String clean(String name) { - StringBuffer buf = new StringBuffer(); - for(int i = 0; i < name.length(); i++) { - char ch = name.charAt(i); - switch (ch) { - case '<': - buf.append("<"); break; - case '>': - buf.append(">"); break; - case '&': - buf.append("&"); break; - default: - if(Character.isLetter(ch) || Character.isDigit(ch) || ch == '_') { - buf.append(ch); - } else { - buf.append('?'); - } - } - } - - return buf.toString(); - } - - public String getDescription() { - return "simple sanitization check"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/sanitizers/Sanitizers2.java b/src/test/java/securibench/micro/sanitizers/Sanitizers2.java deleted file mode 100644 index 733113f..0000000 --- a/src/test/java/securibench/micro/sanitizers/Sanitizers2.java +++ /dev/null @@ -1,68 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Sanitizers2.java,v 1.7 2006/04/04 20:00:41 livshits Exp $ - */ -package securibench.micro.sanitizers; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="simple sanitization check" - * @servlet vuln_count = "0" - * */ -public class Sanitizers2 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - private PrintWriter writer; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - String clean = clean(name); - - writer = resp.getWriter(); - resp.setContentType("text/html"); - - writer.println("" + clean + ""); /* OK */ - - } - - /** - * @sanitizer - * javascript sanitization routine - * */ - private String clean(String name) { - StringBuffer buf = new StringBuffer(); - for(int i = 0; i < name.length(); i++) { - char ch = name.charAt(i); - switch (ch) { - case '<': - buf.append("<"); break; - case '>': - buf.append(">"); break; - case '&': - buf.append("&"); break; - default: - if(Character.isLetter(ch) || Character.isDigit(ch) || ch == '_') { - buf.append(ch); - } else { - buf.append('?'); - } - } - } - - return buf.toString(); - } - - public String getDescription() { - return "simple sanitization check"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/sanitizers/Sanitizers3.java b/src/test/java/securibench/micro/sanitizers/Sanitizers3.java deleted file mode 100644 index d45b66a..0000000 --- a/src/test/java/securibench/micro/sanitizers/Sanitizers3.java +++ /dev/null @@ -1,37 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Sanitizers3.java,v 1.4 2006/04/21 17:14:27 livshits Exp $ - */ -package securibench.micro.sanitizers; - -import java.io.IOException; -import java.net.URLEncoder; -import java.util.Locale; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="safe redirect" - * @servlet vuln_count = "0" - * */ -public class Sanitizers3 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s = req.getParameter(FIELD_NAME); - String name = s.toLowerCase(Locale.UK); - - resp.sendRedirect(URLEncoder.encode("/user/" + name, "UTF-8")); /* OK */ - } - - public String getDescription() { - return "safe redirect"; - } - - public int getVulnerabilityCount() { - return 0; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/sanitizers/Sanitizers4.java b/src/test/java/securibench/micro/sanitizers/Sanitizers4.java deleted file mode 100644 index 14cb2c1..0000000 --- a/src/test/java/securibench/micro/sanitizers/Sanitizers4.java +++ /dev/null @@ -1,59 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Sanitizers4.java,v 1.6 2006/04/04 20:00:41 livshits Exp $ - */ -package securibench.micro.sanitizers; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="buggy sanitizer" - * @servlet vuln_count = "2" - * */ -public class Sanitizers4 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - private PrintWriter writer; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - String clean = clean(name); - - writer = resp.getWriter(); - resp.setContentType("text/html"); - - writer.println("" + name + ""); /* BAD */ - writer.println("" + clean + ""); /* BAD */ - } - - /** - * buggy javascript sanitization routine - * */ - private String clean(String name) { - StringBuffer buf = new StringBuffer(); - for(int i = 0; i < name.length(); i++) { - char ch = name.charAt(i); - switch (ch) { - case '&': - buf.append("&"); break; - default: - buf.append(ch); break; - } - } - - return buf.toString(); - } - - public String getDescription() { - return "buggy sanitizer"; - } - - public int getVulnerabilityCount() { - return 2; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/sanitizers/Sanitizers5.java b/src/test/java/securibench/micro/sanitizers/Sanitizers5.java deleted file mode 100644 index 94b0d51..0000000 --- a/src/test/java/securibench/micro/sanitizers/Sanitizers5.java +++ /dev/null @@ -1,41 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Sanitizers5.java,v 1.5 2006/04/21 17:14:27 livshits Exp $ - */ -package securibench.micro.sanitizers; - -import java.io.IOException; -import java.net.URLDecoder; -import java.net.URLEncoder; -import java.util.Locale; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="encode and then decode" - * @servlet vuln_count = "1" - * */ -public class Sanitizers5 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String s = req.getParameter(FIELD_NAME); - String name = s.toLowerCase(Locale.UK); - String enc = URLEncoder.encode("/user/" + name, "UTF-8"); - String dec = URLDecoder.decode(enc, "UTF-8"); - - resp.sendRedirect(dec); /* BAD */ - resp.sendRedirect(enc); /* OK */ - } - - public String getDescription() { - return "encode and then decode"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/sanitizers/Sanitizers6.java b/src/test/java/securibench/micro/sanitizers/Sanitizers6.java deleted file mode 100644 index 2da8f13..0000000 --- a/src/test/java/securibench/micro/sanitizers/Sanitizers6.java +++ /dev/null @@ -1,66 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Sanitizers6.java,v 1.4 2006/04/04 20:00:41 livshits Exp $ - */ -package securibench.micro.sanitizers; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="sanitizers for directory traversal" - * @servlet vuln_count = "0" - * */ -public class Sanitizers6 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - private PrintWriter writer; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - String clean = clean(name); - - writer = resp.getWriter(); - resp.setContentType("text/html"); - - writer.println("" + clean + ""); /* OK */ - } - - /** - * @sanitizer - * sanitization routine for removing . and /\ characters from strings. - * This routine performs white-listing by only allowing letters and digits through. - * */ - private static String clean(String name) { - StringBuffer buf = new StringBuffer(); - for(int i = 0; i < name.length(); i++) { - char ch = name.charAt(i); - - if(Character.isLetter(ch) || Character.isDigit(ch) || ch == '_') { - buf.append(ch); - } else { - buf.append('?'); - } - } - - return buf.toString(); - } - - public String getDescription() { - return "simple sanitization check"; - } - - public int getVulnerabilityCount() { - return 1; - } - - public static void main(String[] args) { - System.out.println(clean("xx/../yy")); // xx????yy - System.out.println(clean("~xx")); // ?xx - System.out.println(clean("xx_yy")); // xx_yy - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/session/Session1.java b/src/test/java/securibench/micro/session/Session1.java deleted file mode 100644 index 891b351..0000000 --- a/src/test/java/securibench/micro/session/Session1.java +++ /dev/null @@ -1,40 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Session1.java,v 1.3 2006/04/04 20:00:41 livshits Exp $ - */ -package securibench.micro.session; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="simple session test" - * @servlet vuln_count = "1" - * */ -public class Session1 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - HttpSession session = req.getSession(); - session.setAttribute("name", name); - String s2 = (String) session.getAttribute("name"); - - PrintWriter writer = resp.getWriter(); - writer.println(s2); /* BAD */ - } - - public String getDescription() { - return "simple session test"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/session/Session2.java b/src/test/java/securibench/micro/session/Session2.java deleted file mode 100644 index 268c1de..0000000 --- a/src/test/java/securibench/micro/session/Session2.java +++ /dev/null @@ -1,42 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Session2.java,v 1.3 2006/04/04 20:00:41 livshits Exp $ - */ -package securibench.micro.session; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="test of session false positives" - * @servlet vuln_count = "1" - * */ -public class Session2 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - HttpSession session = req.getSession(); - session.setAttribute("name", name); - String s2 = (String) session.getAttribute("name"); - String s3 = (String) session.getAttribute("nonsense"); - PrintWriter writer = resp.getWriter(); - - writer.println(s2); /* BAD */ - writer.println(s3); /* OK */ - } - - public String getDescription() { - return "test of session false positives"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/session/Session3.java b/src/test/java/securibench/micro/session/Session3.java deleted file mode 100644 index b07bbd9..0000000 --- a/src/test/java/securibench/micro/session/Session3.java +++ /dev/null @@ -1,45 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: Session3.java,v 1.3 2006/04/04 20:00:41 livshits Exp $ - */ -package securibench.micro.session; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.Enumeration; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="test of session enumeration" - * @servlet vuln_count = "1" - * */ -public class Session3 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - HttpSession session = req.getSession(); - session.setAttribute("name", name); - Enumeration e = session.getAttributeNames(); - while(e.hasMoreElements()) { - String attrName = (String) e.nextElement(); - String attrValue = (String) session.getAttribute(attrName); - - PrintWriter writer = resp.getWriter(); - writer.println(attrValue); /* BAD */ - } - } - - public String getDescription() { - return "test of session enumeration"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/strong_updates/StrongUpdates1.java b/src/test/java/securibench/micro/strong_updates/StrongUpdates1.java deleted file mode 100644 index 9f8422c..0000000 --- a/src/test/java/securibench/micro/strong_updates/StrongUpdates1.java +++ /dev/null @@ -1,37 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: StrongUpdates1.java,v 1.5 2006/04/04 20:00:41 livshits Exp $ - */ -package securibench.micro.strong_updates; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="simple test of strong updates" - * @servlet vuln_count = "0" - * */ -public class StrongUpdates1 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - name = "abc"; - - PrintWriter writer = resp.getWriter(); - writer.println(name); /* OK */ - } - - public String getDescription() { - return "simple test of strong updates"; - } - - public int getVulnerabilityCount() { - return 0; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/strong_updates/StrongUpdates2.java b/src/test/java/securibench/micro/strong_updates/StrongUpdates2.java deleted file mode 100644 index ae87593..0000000 --- a/src/test/java/securibench/micro/strong_updates/StrongUpdates2.java +++ /dev/null @@ -1,37 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: StrongUpdates2.java,v 1.4 2006/04/04 20:00:41 livshits Exp $ - */ -package securibench.micro.strong_updates; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="simple test of strong updates" - * @servlet vuln_count = "0" - * */ -public class StrongUpdates2 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - name = "abc"; - - PrintWriter writer = resp.getWriter(); - writer.println(name); /* OK */ - } - - public String getDescription() { - return "simple test of strong updates"; - } - - public int getVulnerabilityCount() { - return 0; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/strong_updates/StrongUpdates3.java b/src/test/java/securibench/micro/strong_updates/StrongUpdates3.java deleted file mode 100644 index 4697916..0000000 --- a/src/test/java/securibench/micro/strong_updates/StrongUpdates3.java +++ /dev/null @@ -1,43 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: StrongUpdates3.java,v 1.4 2006/04/04 20:00:41 livshits Exp $ - */ -package securibench.micro.strong_updates; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="strong updates in data structures" - * @servlet vuln_count = "0" - * */ -public class StrongUpdates3 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - - class Widget { - String value = null; - } - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String name = req.getParameter(FIELD_NAME); - Widget w = new Widget(); - w.value = name; - w.value = "abc"; - - PrintWriter writer = resp.getWriter(); - writer.println(w.value); /* OK */ - } - - public String getDescription() { - return "strong updates in data structures"; - } - - public int getVulnerabilityCount() { - return 0; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/strong_updates/StrongUpdates4.java b/src/test/java/securibench/micro/strong_updates/StrongUpdates4.java deleted file mode 100644 index ee9768e..0000000 --- a/src/test/java/securibench/micro/strong_updates/StrongUpdates4.java +++ /dev/null @@ -1,44 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: StrongUpdates4.java,v 1.2 2006/04/04 20:00:41 livshits Exp $ - */ -package securibench.micro.strong_updates; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="a more tricky test of when we can't assume a strong update with multiple variables that are not thread-local" - * @servlet vuln_count = "1" - * */ -public class StrongUpdates4 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - /* This is really tricky because the field is shared across multiple users of the same servlet. - * So, depending on the user interaction, we can have a data race with two users accessing field - * "name". Therefore, when u1 sets it, u1 resets it, u2 sets it, u1 reads it, we can still have a problem. - * */ - private String name; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - name = req.getParameter(FIELD_NAME); - name = "abc"; - - PrintWriter writer = resp.getWriter(); - writer.println(name); /* BAD */ - } - - public String getDescription() { - return - "a more tricky test of when we can't assume a strong " + - "update with multiple variables that are not thread-local"; - } - - public int getVulnerabilityCount() { - return 1; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/micro/strong_updates/StrongUpdates5.java b/src/test/java/securibench/micro/strong_updates/StrongUpdates5.java deleted file mode 100644 index f0d46ec..0000000 --- a/src/test/java/securibench/micro/strong_updates/StrongUpdates5.java +++ /dev/null @@ -1,41 +0,0 @@ -/** - @author Benjamin Livshits - - $Id: StrongUpdates5.java,v 1.3 2006/04/21 17:14:27 livshits Exp $ - */ -package securibench.micro.strong_updates; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import securibench.micro.BasicTestCase; -import securibench.micro.MicroTestCase; - -/** - * @servlet description="making a shared servlet field thread-local" - * @servlet vuln_count = "0" - * */ -public class StrongUpdates5 extends BasicTestCase implements MicroTestCase { - private static final String FIELD_NAME = "name"; - private String name; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - // access to this.name is protected within the block, so we are safe - synchronized (this.name) { - name = req.getParameter(FIELD_NAME); - name = "abc"; - - PrintWriter writer = resp.getWriter(); - writer.println(name); /* OK */ - } - } - - public String getDescription() { - return "making a shared servlet field thread-local"; - } - - public int getVulnerabilityCount() { - return 0; - } -} \ No newline at end of file diff --git a/src/test/java/securibench/supportClasses/DummyHttpRequest.java b/src/test/java/securibench/supportClasses/DummyHttpRequest.java deleted file mode 100644 index 2efcd48..0000000 --- a/src/test/java/securibench/supportClasses/DummyHttpRequest.java +++ /dev/null @@ -1,449 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2012 Secure Software Engineering Group at EC SPRIDE. - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the GNU Lesser Public License v2.1 - * which accompanies this distribution, and is available at - * http://www.gnu.org/licenses/old-licenses/gpl-2.0.html - * - * Contributors: Christian Fritz, Steven Arzt, Siegfried Rasthofer, Eric - * Bodden, and others. - ******************************************************************************/ -package securibench.supportClasses; - -import java.io.BufferedReader; -import java.io.IOException; -import java.io.UnsupportedEncodingException; -import java.security.Principal; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.Locale; -import java.util.Map; -import java.util.StringTokenizer; - -import javax.servlet.AsyncContext; -import javax.servlet.DispatcherType; -import javax.servlet.RequestDispatcher; -import javax.servlet.ServletContext; -import javax.servlet.ServletException; -import javax.servlet.ServletInputStream; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import javax.servlet.http.HttpUpgradeHandler; -import javax.servlet.http.Part; - -public class DummyHttpRequest implements HttpServletRequest { - enum count { - ONE, TWO - } - - ; - - - public Object getAttribute(String arg0) { - return ""; - } - - - public AsyncContext getAsyncContext() { - return null; - } - - - public ServletContext getServletContext() { - return null; - } - - - public AsyncContext startAsync() { - return null; - } - - - public AsyncContext startAsync(ServletRequest servletRequest, ServletResponse servletResponse) { - return null; - } - - - public boolean isAsyncSupported() { - return true; - } - - - public boolean isAsyncStarted() { - return true; - } - - - public boolean authenticate(HttpServletResponse response) { - return true; - } - - - @SuppressWarnings("rawtypes") - public Enumeration getAttributeNames() { - - return new StringTokenizer("one two"); - } - - - public String getCharacterEncoding() { - return "UTF-8"; - } - - - public int getContentLength() { - // TODO Auto-generated method stub - return 0; - } - - - public String getContentType() { - // TODO Auto-generated method stub - return "contenttype"; - } - - - public ServletInputStream getInputStream() throws IOException { - // TODO Auto-generated method stub - return new DummyServletInputStream(); - } - - - public Locale getLocale() { - // TODO Auto-generated method stub - return Locale.ENGLISH; - } - - - @SuppressWarnings("rawtypes") - public Enumeration getLocales() { - // TODO Auto-generated method stub - return null; - } - - - public String getParameter(String arg0) { - // TODO Auto-generated method stub - return arg0; - } - - - @SuppressWarnings("rawtypes") - public Map getParameterMap() { - HashMap map = new HashMap(); - map.put("dummy", "dummy"); - return map; - } - - - public Part getPart(String name) { - return null; - } - - - public java.util.Collection getParts() { - return null; - } - - - public void logout() { - - } - - - public void login(String user, String pwd) { - - } - - - @SuppressWarnings("rawtypes") - public Enumeration getParameterNames() { - // TODO Auto-generated method stub - return new StringTokenizer("parameter names"); - } - - - public String[] getParameterValues(String arg0) { - // TODO Auto-generated method stub - return new String[] { arg0 }; - } - - - public String getProtocol() { - // TODO Auto-generated method stub - return ""; - } - - - public DispatcherType getDispatcherType() { - return null; - } - - - public BufferedReader getReader() throws IOException { - // TODO Auto-generated method stub - return null; - } - - - public String getRealPath(String arg0) { - // TODO Auto-generated method stub - return null; - } - - - public String getRemoteAddr() { - // TODO Auto-generated method stub - return null; - } - - - public String getRemoteHost() { - // TODO Auto-generated method stub - return null; - } - - - public RequestDispatcher getRequestDispatcher(String arg0) { - // TODO Auto-generated method stub - return null; - } - - - public String getScheme() { - // TODO Auto-generated method stub - return ""; - } - - - public String getServerName() { - // TODO Auto-generated method stub - return null; - } - - - public int getServerPort() { - // TODO Auto-generated method stub - return 0; - } - - - public boolean isSecure() { - // TODO Auto-generated method stub - return false; - } - - - public void removeAttribute(String arg0) { - // TODO Auto-generated method stub - - } - - - public void setAttribute(String arg0, Object arg1) { - // TODO Auto-generated method stub - - } - - - public void setCharacterEncoding(String arg0) throws UnsupportedEncodingException { - // TODO Auto-generated method stub - - } - - - public String getAuthType() { - // TODO Auto-generated method stub - return ""; - } - - - public String getContextPath() { - // TODO Auto-generated method stub - return ""; - } - - - public Cookie[] getCookies() { - Cookie c = new Cookie("", ""); - return new Cookie[] { c }; - } - - - public long getDateHeader(String arg0) { - // TODO Auto-generated method stub - return 0; - } - - - public String getHeader(String arg0) { - // TODO Auto-generated method stub - return null; - } - - - @SuppressWarnings("rawtypes") - public Enumeration getHeaderNames() { - return new StringTokenizer("secret1 secret2 secret3"); - } - - - @SuppressWarnings("rawtypes") - public Enumeration getHeaders(String arg0) { - return new StringTokenizer("secret1 secret2 secret3"); - } - - - public int getIntHeader(String arg0) { - // TODO Auto-generated method stub - return 0; - } - - - public String getMethod() { - // TODO Auto-generated method stub - return null; - } - - - public String getPathInfo() { - // TODO Auto-generated method stub - return null; - } - - - public String getPathTranslated() { - // TODO Auto-generated method stub - return null; - } - - - public String getQueryString() { - // TODO Auto-generated method stub - return ""; - } - - - public String getRemoteUser() { - // TODO Auto-generated method stub - return ""; - } - - - public String getRequestURI() { - // TODO Auto-generated method stub - return ""; - } - - - public StringBuffer getRequestURL() { - // TODO Auto-generated method stub - return new StringBuffer("http://"); - } - - - public String getRequestedSessionId() { - // TODO Auto-generated method stub - return null; - } - - - public String getServletPath() { - // TODO Auto-generated method stub - return null; - } - - - public HttpSession getSession() { - return new DummyHttpSession(); - } - - - public HttpSession getSession(boolean arg0) { - // TODO Auto-generated method stub - return new DummyHttpSession(); - } - - - public Principal getUserPrincipal() { - // TODO Auto-generated method stub - return null; - } - - - public boolean isRequestedSessionIdFromCookie() { - // TODO Auto-generated method stub - return false; - } - - - public boolean isRequestedSessionIdFromURL() { - // TODO Auto-generated method stub - return false; - } - - - public boolean isRequestedSessionIdFromUrl() { - // TODO Auto-generated method stub - return false; - } - - - public boolean isRequestedSessionIdValid() { - // TODO Auto-generated method stub - return false; - } - - - public boolean isUserInRole(String arg0) { - // TODO Auto-generated method stub - return false; - } - - - public String getLocalAddr() { - // TODO Auto-generated method stub - return null; - } - - - public String getLocalName() { - // TODO Auto-generated method stub - return null; - } - - - public int getLocalPort() { - // TODO Auto-generated method stub - return 0; - } - - - public int getRemotePort() { - // TODO Auto-generated method stub - return 0; - } - - - public long getContentLengthLong() { - // TODO Auto-generated method stub - return 0; - } - - - public String changeSessionId() { - // TODO Auto-generated method stub - return null; - } - - - public T upgrade(Class handlerClass) throws IOException, ServletException { - // TODO Auto-generated method stub - return null; - } - -} diff --git a/src/test/java/securibench/supportClasses/DummyHttpResponse.java b/src/test/java/securibench/supportClasses/DummyHttpResponse.java deleted file mode 100644 index 2024c2c..0000000 --- a/src/test/java/securibench/supportClasses/DummyHttpResponse.java +++ /dev/null @@ -1,245 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2012 Secure Software Engineering Group at EC SPRIDE. - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the GNU Lesser Public License v2.1 - * which accompanies this distribution, and is available at - * http://www.gnu.org/licenses/old-licenses/gpl-2.0.html - * - * Contributors: Christian Fritz, Steven Arzt, Siegfried Rasthofer, Eric - * Bodden, and others. - ******************************************************************************/ -package securibench.supportClasses; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.Arrays; -import java.util.Locale; - -import javax.servlet.ServletOutputStream; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletResponse; - -public class DummyHttpResponse implements HttpServletResponse { - - - public void flushBuffer() throws IOException { - // TODO Auto-generated method stub - - } - - - @SuppressWarnings("rawtypes") - public java.util.Collection getHeaders(String arg0) { - return Arrays.asList("secret1", "secret2", "secret3"); - } - - - public String getHeader(String arg0) { - // TODO Auto-generated method stub - return null; - } - - - public int getStatus() { - return 0; - } - - - public int getBufferSize() { - // TODO Auto-generated method stub - return 0; - } - - - @SuppressWarnings("rawtypes") - public java.util.Collection getHeaderNames() { - return Arrays.asList("secret1", "secret2", "secret3"); - } - - - public String getCharacterEncoding() { - // TODO Auto-generated method stub - return null; - } - - - public Locale getLocale() { - // TODO Auto-generated method stub - return null; - } - - - public ServletOutputStream getOutputStream() throws IOException { - // TODO Auto-generated method stub - return null; - } - - - public PrintWriter getWriter() throws IOException { - // TODO Auto-generated method stub - return new PrintWriter("123"); - } - - - public boolean isCommitted() { - // TODO Auto-generated method stub - return false; - } - - - public void reset() { - // TODO Auto-generated method stub - - } - - - public void resetBuffer() { - // TODO Auto-generated method stub - - } - - - public void setBufferSize(int arg0) { - // TODO Auto-generated method stub - - } - - - public void setContentLength(int arg0) { - // TODO Auto-generated method stub - - } - - - public void setContentType(String arg0) { - // TODO Auto-generated method stub - - } - - - public void setLocale(Locale arg0) { - // TODO Auto-generated method stub - - } - - - public void addCookie(Cookie arg0) { - // TODO Auto-generated method stub - - } - - - public void addDateHeader(String arg0, long arg1) { - // TODO Auto-generated method stub - - } - - - public void addHeader(String arg0, String arg1) { - // TODO Auto-generated method stub - - } - - - public void addIntHeader(String arg0, int arg1) { - // TODO Auto-generated method stub - - } - - - public boolean containsHeader(String arg0) { - // TODO Auto-generated method stub - return false; - } - - - public String encodeRedirectURL(String arg0) { - // TODO Auto-generated method stub - return null; - } - - - public String encodeRedirectUrl(String arg0) { - // TODO Auto-generated method stub - return null; - } - - - public String encodeURL(String arg0) { - // TODO Auto-generated method stub - return null; - } - - - public String encodeUrl(String arg0) { - // TODO Auto-generated method stub - return null; - } - - - public void sendError(int arg0) throws IOException { - // TODO Auto-generated method stub - - } - - - public void sendError(int arg0, String arg1) throws IOException { - // TODO Auto-generated method stub - - } - - - public void sendRedirect(String arg0) throws IOException { - // TODO Auto-generated method stub - - } - - - public void setDateHeader(String arg0, long arg1) { - // TODO Auto-generated method stub - - } - - - public void setHeader(String arg0, String arg1) { - // TODO Auto-generated method stub - - } - - - public void setIntHeader(String arg0, int arg1) { - // TODO Auto-generated method stub - - } - - - public void setStatus(int arg0) { - // TODO Auto-generated method stub - - } - - - public void setStatus(int arg0, String arg1) { - // TODO Auto-generated method stub - - } - - - public String getContentType() { - // TODO Auto-generated method stub - return null; - } - - - public void setCharacterEncoding(String arg0) { - // TODO Auto-generated method stub - - } - - - public void setContentLengthLong(long len) { - // TODO Auto-generated method stub - - } - -} diff --git a/src/test/java/securibench/supportClasses/DummyHttpSession.java b/src/test/java/securibench/supportClasses/DummyHttpSession.java deleted file mode 100644 index 957de34..0000000 --- a/src/test/java/securibench/supportClasses/DummyHttpSession.java +++ /dev/null @@ -1,131 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2012 Secure Software Engineering Group at EC SPRIDE. - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the GNU Lesser Public License v2.1 - * which accompanies this distribution, and is available at - * http://www.gnu.org/licenses/old-licenses/gpl-2.0.html - * - * Contributors: Christian Fritz, Steven Arzt, Siegfried Rasthofer, Eric - * Bodden, and others. - ******************************************************************************/ -package securibench.supportClasses; - -import java.util.Enumeration; -import java.util.HashMap; -import java.util.StringTokenizer; - -import javax.servlet.ServletContext; -import javax.servlet.http.HttpSession; -import javax.servlet.http.HttpSessionContext; - -@SuppressWarnings("deprecation") -public class DummyHttpSession implements HttpSession { - HashMap attributes = new HashMap(); - HashMap values = new HashMap(); - - public Object getAttribute(String arg0) { - if(attributes.containsKey(arg0)){ - return attributes.get(arg0); - } - return null; - } - - @SuppressWarnings("rawtypes") - - public Enumeration getAttributeNames() { - return new StringTokenizer(""); - } - - - public long getCreationTime() { - // TODO Auto-generated method stub - return 0; - } - - - public String getId() { - // TODO Auto-generated method stub - return null; - } - - - public long getLastAccessedTime() { - // TODO Auto-generated method stub - return 0; - } - - - public int getMaxInactiveInterval() { - // TODO Auto-generated method stub - return 0; - } - - - public ServletContext getServletContext() { - // TODO Auto-generated method stub - return null; - } - - - public HttpSessionContext getSessionContext() { - // TODO Auto-generated method stub - return null; - } - - - public Object getValue(String arg0) { - if(values.containsKey(arg0)){ - return values.get(arg0); - } - return null; - } - - - public String[] getValueNames() { - // TODO Auto-generated method stub - return null; - } - - - public void invalidate() { - // TODO Auto-generated method stub - - } - - - public boolean isNew() { - // TODO Auto-generated method stub - return false; - } - - - public void putValue(String arg0, Object arg1) { - values.put(arg0, arg1); - - } - - - public void removeAttribute(String arg0) { - // TODO Auto-generated method stub - - } - - - public void removeValue(String arg0) { - // TODO Auto-generated method stub - - } - - - public void setAttribute(String arg0, Object arg1) { - attributes.put(arg0, arg1); - - } - - - public void setMaxInactiveInterval(int arg0) { - // TODO Auto-generated method stub - - } - -} diff --git a/src/test/java/securibench/supportClasses/DummyServletConfig.java b/src/test/java/securibench/supportClasses/DummyServletConfig.java deleted file mode 100644 index 96b4663..0000000 --- a/src/test/java/securibench/supportClasses/DummyServletConfig.java +++ /dev/null @@ -1,39 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2012 Secure Software Engineering Group at EC SPRIDE. - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the GNU Lesser Public License v2.1 - * which accompanies this distribution, and is available at - * http://www.gnu.org/licenses/old-licenses/gpl-2.0.html - * - * Contributors: Christian Fritz, Steven Arzt, Siegfried Rasthofer, Eric - * Bodden, and others. - ******************************************************************************/ -package securibench.supportClasses; - -import java.util.Enumeration; -import java.util.StringTokenizer; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletContext; - -public class DummyServletConfig implements ServletConfig{ - - - public String getInitParameter(String arg0) { - return arg0; - } - - @SuppressWarnings("rawtypes") - public Enumeration getInitParameterNames() { - return new StringTokenizer("one two three"); - } - - public ServletContext getServletContext() { - return new DummyServletContext(); - } - - public String getServletName() { - return "dummyServlet"; - } - -} diff --git a/src/test/java/securibench/supportClasses/DummyServletContext.java b/src/test/java/securibench/supportClasses/DummyServletContext.java deleted file mode 100644 index f64dcb0..0000000 --- a/src/test/java/securibench/supportClasses/DummyServletContext.java +++ /dev/null @@ -1,280 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2012 Secure Software Engineering Group at EC SPRIDE. - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the GNU Lesser Public License v2.1 - * which accompanies this distribution, and is available at - * http://www.gnu.org/licenses/old-licenses/gpl-2.0.html - * - * Contributors: Christian Fritz, Steven Arzt, Siegfried Rasthofer, Eric - * Bodden, and others. - ******************************************************************************/ -package securibench.supportClasses; - -import java.io.InputStream; -import java.net.MalformedURLException; -import java.net.URL; -import java.util.*; - -import javax.servlet.*; -import javax.servlet.descriptor.JspConfigDescriptor; - -public class DummyServletContext implements ServletContext { - - public Object getAttribute(String arg0) { - // TODO Auto-generated method stub - return null; - } - - @SuppressWarnings("rawtypes") - public Enumeration getAttributeNames() { - // TODO Auto-generated method stub - return null; - } - - public ServletContext getContext(String arg0) { - // TODO Auto-generated method stub - return null; - } - - public String getInitParameter(String arg0) { - return arg0; - } - - public String getContextPath() { - return null; - } - - public int getEffectiveMajorVersion() { - return 0; - } - - public int getEffectiveMinorVersion() { - return 0; - } - - public boolean setInitParameter(String s, String s1) { - return false; - } - - public ServletRegistration.Dynamic addServlet(String s, String s1) { - return null; - } - - public ServletRegistration.Dynamic addServlet(String s, Servlet servlet) { - return null; - } - - public ServletRegistration.Dynamic addServlet(String s, Class aClass) { - return null; - } - - public T createServlet(Class aClass) throws ServletException { - return null; - } - - public ServletRegistration getServletRegistration(String s) { - return null; - } - - public Map getServletRegistrations() { - return null; - } - - public FilterRegistration.Dynamic addFilter(String s, String s1) { - return null; - } - - public FilterRegistration.Dynamic addFilter(String s, Filter filter) { - return null; - } - - public FilterRegistration.Dynamic addFilter(String s, Class aClass) { - return null; - } - - public T createFilter(Class aClass) throws ServletException { - return null; - } - - public FilterRegistration getFilterRegistration(String s) { - return null; - } - - public Map getFilterRegistrations() { - return null; - } - - public SessionCookieConfig getSessionCookieConfig() { - return null; - } - - public void setSessionTrackingModes(Set set) { - - } - - public Set getDefaultSessionTrackingModes() { - return null; - } - - public Set getEffectiveSessionTrackingModes() { - return null; - } - - public void addListener(String s) { - - } - - - public void addListener(T t) { - - } - - - public void addListener(Class aClass) { - - } - - - public T createListener(Class aClass) throws ServletException { - return null; - } - - - public JspConfigDescriptor getJspConfigDescriptor() { - return null; - } - - - public ClassLoader getClassLoader() { - return null; - } - - - public void declareRoles(String... strings) { - - } - - @SuppressWarnings("rawtypes") - - public Enumeration getInitParameterNames() { - return new StringTokenizer("one two three"); - } - - - public int getMajorVersion() { - // TODO Auto-generated method stub - return 0; - } - - - public String getMimeType(String arg0) { - // TODO Auto-generated method stub - return null; - } - - - public int getMinorVersion() { - // TODO Auto-generated method stub - return 0; - } - - - public RequestDispatcher getNamedDispatcher(String arg0) { - // TODO Auto-generated method stub - return null; - } - - - public String getRealPath(String arg0) { - // TODO Auto-generated method stub - return null; - } - - - public RequestDispatcher getRequestDispatcher(String arg0) { - // TODO Auto-generated method stub - return null; - } - - - public URL getResource(String arg0) throws MalformedURLException { - // TODO Auto-generated method stub - return null; - } - - - public InputStream getResourceAsStream(String arg0) { - // TODO Auto-generated method stub - return null; - } - - @SuppressWarnings("rawtypes") - - public Set getResourcePaths(String arg0) { - // TODO Auto-generated method stub - return null; - } - - - public String getServerInfo() { - // TODO Auto-generated method stub - return null; - } - - - public Servlet getServlet(String arg0) throws ServletException { - // TODO Auto-generated method stub - return null; - } - - - public String getServletContextName() { - // TODO Auto-generated method stub - return null; - } - - @SuppressWarnings("rawtypes") - - public Enumeration getServletNames() { - // TODO Auto-generated method stub - return null; - } - - @SuppressWarnings("rawtypes") - - public Enumeration getServlets() { - // TODO Auto-generated method stub - return null; - } - - - public void log(String arg0) { - // TODO Auto-generated method stub - - } - - - public void log(Exception arg0, String arg1) { - // TODO Auto-generated method stub - - } - - - public void log(String arg0, Throwable arg1) { - // TODO Auto-generated method stub - - } - - - public void removeAttribute(String arg0) { - // TODO Auto-generated method stub - - } - - - public void setAttribute(String arg0, Object arg1) { - // TODO Auto-generated method stub - - } - -} diff --git a/src/test/java/securibench/supportClasses/DummyServletInputStream.java b/src/test/java/securibench/supportClasses/DummyServletInputStream.java deleted file mode 100644 index e3c9e30..0000000 --- a/src/test/java/securibench/supportClasses/DummyServletInputStream.java +++ /dev/null @@ -1,44 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2012 Secure Software Engineering Group at EC SPRIDE. - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the GNU Lesser Public License v2.1 - * which accompanies this distribution, and is available at - * http://www.gnu.org/licenses/old-licenses/gpl-2.0.html - * - * Contributors: Christian Fritz, Steven Arzt, Siegfried Rasthofer, Eric - * Bodden, and others. - ******************************************************************************/ -package securibench.supportClasses; - -import java.io.IOException; - -import javax.servlet.ReadListener; -import javax.servlet.ServletInputStream; - -public class DummyServletInputStream extends ServletInputStream { - - - public int read() throws IOException { - // TODO Auto-generated method stub - return 0; - } - - - public boolean isFinished() { - // TODO Auto-generated method stub - return false; - } - - - public boolean isReady() { - // TODO Auto-generated method stub - return false; - } - - - public void setReadListener(ReadListener readListener) { - // TODO Auto-generated method stub - - } - -} From 62a9196c6cc5c1df97e3b3d5b9ec727db72e4d29 Mon Sep 17 00:00:00 2001 From: jose clavo tafur Date: Mon, 30 Sep 2024 21:32:44 -0300 Subject: [PATCH 2/7] add submodule of securibench --- .gitmodules | 3 +++ src/test/java/securibench | 1 + 2 files changed, 4 insertions(+) create mode 100644 .gitmodules create mode 160000 src/test/java/securibench diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..c2ed1b2 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "src/test/java/securibench"] + path = src/test/java/securibench + url = https://github.com/PAMunb/securibench-micro.git diff --git a/src/test/java/securibench b/src/test/java/securibench new file mode 160000 index 0000000..6a5a724 --- /dev/null +++ b/src/test/java/securibench @@ -0,0 +1 @@ +Subproject commit 6a5a72488ea830d99f9464fc1f0562c4f864214b From f2823ee0be539803a6a5ecebfd02abbf917394a9 Mon Sep 17 00:00:00 2001 From: jose clavo tafur Date: Mon, 30 Sep 2024 21:48:05 -0300 Subject: [PATCH 3/7] update submodule --- src/test/java/securibench | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/java/securibench b/src/test/java/securibench index 6a5a724..c52a132 160000 --- a/src/test/java/securibench +++ b/src/test/java/securibench @@ -1 +1 @@ -Subproject commit 6a5a72488ea830d99f9464fc1f0562c4f864214b +Subproject commit c52a132d391971e760276abc82b725ac2c53bbb4 From 3e0224cf8626d72970186d907c22d97ed5cf4887 Mon Sep 17 00:00:00 2001 From: jose clavo tafur Date: Mon, 30 Sep 2024 21:48:36 -0300 Subject: [PATCH 4/7] setup steps --- README.md | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index bf39036..a4252d9 100644 --- a/README.md +++ b/README.md @@ -4,8 +4,19 @@ A small benchmark for testin the Joana capabilities for taint analysis. ### Setup -In the very first moment, execute the `setup.sh` script to download the Joana -library and configure it as a local maven dependency. +- In the project's root folder, execute the script to download the Joana library and configure it as a local maven dependency. + +``` +./setup.sh +``` + +- Clone submodule that contents the test suite for `securibench`. + +``` +git submodule add https://github.com/PAMunb/securibench-micro.git src/test/java/securibench +``` + + ## TEST From eeb63f26ba8e2bcc43dc48995e8d90b5ce3f792d Mon Sep 17 00:00:00 2001 From: jose clavo tafur Date: Sun, 13 Oct 2024 15:44:05 -0300 Subject: [PATCH 5/7] update module --- src/test/java/securibench | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/java/securibench b/src/test/java/securibench index c52a132..422ea1c 160000 --- a/src/test/java/securibench +++ b/src/test/java/securibench @@ -1 +1 @@ -Subproject commit c52a132d391971e760276abc82b725ac2c53bbb4 +Subproject commit 422ea1ce644ac15e44aa418505fdfe935bb2252e From 721f9a92b0f31036453b34a6c51563038b76e8a3 Mon Sep 17 00:00:00 2001 From: jose clavo tafur Date: Sun, 13 Oct 2024 15:44:17 -0300 Subject: [PATCH 6/7] update test info --- README.md | 49 ++++++++++++++++++++++++------------------------- 1 file changed, 24 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index a4252d9..74bcaaa 100644 --- a/README.md +++ b/README.md @@ -37,13 +37,12 @@ Currently, you might run the 'securibench' benchmark using JUnit test cases. Suc * StrongUpdate test suite: `mvn test -Dtest="br.unb.cic.joana.securibench.micro.suite.StrongUpdateTestSuite"` - ###### failed: 24, passed: 80, ignored: 0 of 104 test (76.92%) - **AliasingTest** - failed: 2, passed: 4, ignored: 0 of 6 test `(66.67%)` - *Fails :* - - [4] *related to issue(i)* - - [6] *related to issue(i)* + - [4] *related to issue(i)* + - [6] *related to issue(i)* - *Violations :* `6/12` - *Precision :* `100%` - *Recall :* `36%` @@ -51,7 +50,7 @@ Currently, you might run the 'securibench' benchmark using JUnit test cases. Suc - **ArraysTest** - failed: 1, passed: 9, ignored: 0 of 10 test `(90%)` - *Fails :* - - [5] *related to issue(ii)* + - [5] *related to issue(ii)* - *Violations :* `10/9` - *Precision :* `90%` - *Recall :* `100%` @@ -59,20 +58,20 @@ Currently, you might run the 'securibench' benchmark using JUnit test cases. Suc - **BasicTest** - failed: 14, passed: 29, ignored: 0 of 43 test `(67.44%)` - *Fails :* - - [5] *related to issue(i)* - - [11] *related to issue(i)* - - [12] *related to issue(i)* - - [16] --it is throwing an error while is analyzed - - [19] --method java.sql.Connection.prepareStatement is not recognized as a sink - - [20] --method java.sql.Statement.execute is not recognized as a sink - - [21] --method java.sql.Statement.executeUpdate is not recognized as a sink - - [23] *related to issue(i)* - - [28] *related to issue(i)* - - [29] *related to issue(i)* - - [31] *related to issue(i)* - - [35] *related to issue(iii)* - - [40] *flaky* - - [42] *related to issue(iii)* + - [5] *related to issue(i)* + - [11] *related to issue(i)* + - [12] *related to issue(i)* + - [16] --it is throwing an error while is analyzed + - [19] --method java.sql.Connection.prepareStatement is not recognized as a sink + - [20] --method java.sql.Statement.execute is not recognized as a sink + - [21] --method java.sql.Statement.executeUpdate is not recognized as a sink + - [23] *related to issue(i)* + - [28] *related to issue(i)* + - [29] *related to issue(i)* + - [31] *related to issue(i)* + - [35] *related to issue(iii)* + - [40] *flaky* + - [42] *related to issue(iii)* - *Violations :* `50/61` - *Precision :* `81%` - *Recall :* `65.5%` @@ -89,9 +88,9 @@ Currently, you might run the 'securibench' benchmark using JUnit test cases. Suc - **InterTest** - failed: 3, passed: 11, ignored: 0 of 14 test `(85.71%)` - *Fails :* - - [2] *related to issue(i)* - - [6] - - [9] *related to issue(i)* + - [2] *related to issue(i)* + - [6] + - [9] *related to issue(i)* - *Violations :* `13/15` - *Precision :* `100%` - *Recall :* `79%` @@ -102,10 +101,10 @@ Currently, you might run the 'securibench' benchmark using JUnit test cases. Suc - **StrongUpdateTest** - failed: 4, passed: 1, ignored: 0 of 5 test `(20%)` - *Fails :* - - [1] *related to issue(ii)* - - [2] *related to issue(ii)* - - [3] *related to issue(ii)* - - [5] *related to issue(ii)* + - [1] *related to issue(ii)* + - [2] *related to issue(ii)* + - [3] *related to issue(ii)* + - [5] *related to issue(ii)* - *Violations :* `5/1` - *Precision :* `20%` - *Recall :* `100%` From 66d7a023ffeb3db5eadd1de7ece3ec3a0c1bf3b5 Mon Sep 17 00:00:00 2001 From: jose clavo tafur Date: Sun, 13 Oct 2024 15:52:34 -0300 Subject: [PATCH 7/7] update number of tests --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 74bcaaa..0e4230f 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ Currently, you might run the 'securibench' benchmark using JUnit test cases. Suc * StrongUpdate test suite: `mvn test -Dtest="br.unb.cic.joana.securibench.micro.suite.StrongUpdateTestSuite"` -###### failed: 24, passed: 80, ignored: 0 of 104 test (76.92%) +###### failed: 24, passed: 79, ignored: 0 of 103 test (76.70%) - **AliasingTest** - failed: 2, passed: 4, ignored: 0 of 6 test `(66.67%)` - *Fails :* @@ -56,7 +56,7 @@ Currently, you might run the 'securibench' benchmark using JUnit test cases. Suc - *Recall :* `100%` - *fScore :* `95%` -- **BasicTest** - failed: 14, passed: 29, ignored: 0 of 43 test `(67.44%)` +- **BasicTest** - failed: 14, passed: 28, ignored: 0 of 42 test `(66.67%)` - *Fails :* - [5] *related to issue(i)* - [11] *related to issue(i)* @@ -72,10 +72,10 @@ Currently, you might run the 'securibench' benchmark using JUnit test cases. Suc - [35] *related to issue(iii)* - [40] *flaky* - [42] *related to issue(iii)* - - *Violations :* `50/61` + - *Violations :* `52/61` - *Precision :* `81%` - - *Recall :* `65.5%` - - *fScore :* `71.5%` + - *Recall :* `65%` + - *fScore :* `72%` - **CollectionTest** - failed: 0, passed: 14, ignored: 0 of 14 test `(100%)` - *Violations :* `15/15`