-
Notifications
You must be signed in to change notification settings - Fork 300
/
Factories2.java
39 lines (31 loc) · 1.02 KB
/
Factories2.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
/**
@author Benjamin Livshits <livshits@cs.stanford.edu>
$Id: Factories2.java,v 1.3 2006/04/04 20:00:41 livshits Exp $
*/
package securibench.micro.factories;
import java.io.IOException;
import java.io.PrintWriter;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import securibench.micro.BasicTestCase;
import securibench.micro.MicroTestCase;
/**
* @servlet description="simple factory problem with String.toString"
* @servlet vuln_count = "1"
*/
public class Factories2 extends BasicTestCase implements MicroTestCase {
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
String s1 = req.getParameter("name");
String s2 = s1.toString();
String s3 = "abc".toString();
PrintWriter writer = resp.getWriter();
writer.println(s2); /* BAD */
writer.println(s3); /* OK */
}
public String getDescription() {
return "simple factory problem with String.toString";
}
public int getVulnerabilityCount() {
return 1;
}
}