diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 5f97798420..e235340075 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -27,14 +27,14 @@ jobs:
steps:
- name: Checkout repository
- uses: actions/checkout@v4
+ uses: actions/checkout@v6
# Get full history for spotless ratchetFrom
with:
fetch-depth: 0
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
- uses: github/codeql-action/init@v3
+ uses: github/codeql-action/init@v4
with:
languages: ${{ matrix.language }}
queries: security-extended, security-experimental, security-and-quality
@@ -43,10 +43,10 @@ jobs:
run: mvn -DskipTests=true install
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v3
+ uses: github/codeql-action/analyze@v4
- name: Upload Output
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@v6
with:
name: ${{ matrix.language }} SARIF
path: ${{ runner.workspace }}/results/*.sarif
diff --git a/.github/workflows/maven.yaml b/.github/workflows/maven.yaml
index 2997beeb28..29e50a43e2 100644
--- a/.github/workflows/maven.yaml
+++ b/.github/workflows/maven.yaml
@@ -8,14 +8,14 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v4
+ - uses: actions/checkout@v6
with:
fetch-depth: 0
- - name: Set up JDK 11
- uses: actions/setup-java@v4
+ - name: Set up JDK 17
+ uses: actions/setup-java@v5
with:
- java-version: '11'
- distribution: 'zulu'
+ java-version: 17
+ distribution: zulu
- name: Run Spotless check
run: mvn spotless:check
- name: Create WAR
diff --git a/README.md b/README.md
index 8df3d4ffa1..fd9787cd08 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,12 @@
-# OWASP Benchmark
-The OWASP Benchmark Project is a Java test suite designed to verify the speed and accuracy of vulnerability detection tools. It is a fully runnable open source web application that can be analyzed by any type of Application Security Testing (AST) tool, including SAST, DAST (like ZAP), and IAST tools. The intent is that all the vulnerabilities deliberately included in and scored by the Benchmark are actually exploitable so its a fair test for any kind of application vulnerability detection tool. The Benchmark also includes scorecard generators for numerous open source and commercial AST tools, and the set of supported tools is growing all the time.
+# OWASP Benchmark for Java
+The OWASP Benchmark Project is a Java test suite designed to verify the speed and accuracy of vulnerability detection tools. It is a fully runnable open source web application that can be analyzed by any type of Application Security Testing (AST) tool, including SAST, DAST (like ZAP), and IAST tools. The intent is that all the vulnerabilities deliberately included in and scored by the Benchmark are actually exploitable so it's a fair test for any kind of application vulnerability detection tool.
+
+The Benchmark project also includes scorecard generators for numerous open source and commercial AST tools, and the set of supported tools is growing all the time. This scoring capability is implemented in the BenchmarkUtils project, which is at: https://github.com/OWASP-Benchmark/BenchmarkUtils.
The project documentation is all on the OWASP site at the OWASP Benchmark project pages. Please refer to that site for all the project details.
-The current latest release is v1.2. Note that all the releases that are available here: https://github.com/OWASP/Benchmark/releases are historical. The latest release is always available live by simply cloning or pulling the head of this repository (i.e., git pull).
+The current latest release is v1.2. Note that all the releases that are available here: https://github.com/OWASP-Benchmark/BenchmarkJava/releases, are historical. The latest release is always available live by simply cloning or pulling the head of this repository (i.e., git pull).
+
+Running Benchmark Itself:
+* runBenchmark.sh - run the Benchmark Web Application (accessible via local machine only)
+* runRemoteAccessibleBenchmark.sh - like the above but allows port 8443 to be accessible outside the machine Benchmark is running on.
diff --git a/VMs/Dockerfile b/VMs/Dockerfile
index a2faa9a6cd..aaa8d235a4 100644
--- a/VMs/Dockerfile
+++ b/VMs/Dockerfile
@@ -1,12 +1,12 @@
# This dockerfile builds a container that pulls down and runs the latest version of BenchmarkJava
FROM ubuntu:latest
-MAINTAINER "Dave Wichers dave.wichers@owasp.org"
+LABEL org.opencontainers.image.authors="Dave Wichers dave.wichers@owasp.org"
RUN apt-get update
RUN DEBIAN_FRONTEND="noninteractive" apt-get -y install tzdata
RUN apt-get install -q -y \
- openjdk-11-jre-headless \
- openjdk-11-jdk \
+ openjdk-17-jre-headless \
+ openjdk-17-jdk \
git \
maven \
wget \
@@ -35,7 +35,7 @@ RUN useradd -d /home/bench -m -s /bin/bash bench
RUN echo bench:bench | chpasswd
RUN chown -R bench /owasp/
-ENV PATH /owasp/BenchmarkJava:$PATH
+ENV PATH=/owasp/BenchmarkJava:$PATH
# start up Benchmark once, for 60 seconds, then kill it, so the additional dependencies required to run it are downloaded/cached in the image as well.
# exit 0 is required to return a 'success' code, otherwise the timeout returns a failure code, causing the Docker build to fail.
diff --git a/VMs/buildDockerImage.sh b/VMs/buildDockerImage.sh
index 6c96f0a8c1..b0dd310374 100755
--- a/VMs/buildDockerImage.sh
+++ b/VMs/buildDockerImage.sh
@@ -11,3 +11,6 @@ fi
docker image rm benchmark:latest
docker build -t benchmark .
+# Once verified/tested, to publish an update to the OWASP Benchmark Docker image, run the following:
+# docker push owasp/benchmark:latest
+
diff --git a/pom.xml b/pom.xml
index 7488b62744..6da31bbd18 100644
--- a/pom.xml
+++ b/pom.xml
@@ -56,7 +56,7 @@
com.h3xstream.findsecbugs
findsecbugs-plugin
- 1.13.0
+ 1.14.0
@@ -624,7 +624,7 @@
commons-codec
commons-codec
- 1.18.0
+ 1.21.0
@@ -637,7 +637,7 @@
commons-io
commons-io
- 2.19.0
+ 2.21.0
@@ -765,13 +765,13 @@
org.apache.httpcomponents.client5
httpclient5
- 5.4.3
+ 5.6
org.apache.httpcomponents.core5
httpcore5
- 5.3.4
+ 5.4
@@ -810,7 +810,7 @@
org.owasp.esapi
esapi
- 2.6.0.0
+ 2.7.0.0
@@ -854,7 +854,7 @@
com.fasterxml.jackson.core
jackson-databind
- 2.18.3
+ 2.21.0
@@ -880,17 +880,17 @@
org.apache.maven.plugins
maven-antrun-plugin
- 3.1.0
+ 3.2.0
org.apache.maven.plugins
maven-assembly-plugin
- 3.7.1
+ 3.8.0
org.apache.maven.plugins
maven-dependency-plugin
- 3.8.1
+ 3.9.0
com.sun.jersey:jersey-servlet
@@ -904,7 +904,7 @@
org.apache.maven.plugins
maven-release-plugin
- 3.1.1
+ 3.3.1
@@ -918,13 +918,13 @@
org.apache.maven.plugins
maven-clean-plugin
- 3.4.1
+ 3.5.0
org.apache.maven.plugins
maven-compiler-plugin
- 3.14.0
+ 3.15.0
true
1000m
@@ -942,12 +942,12 @@
org.apache.maven.plugins
maven-enforcer-plugin
- 3.5.0
+ 3.6.2
org.codehaus.mojo
extra-enforcer-rules
- 1.10.0
+ 1.11.0
@@ -1005,7 +1005,7 @@
org.apache.maven.plugins
maven-pmd-plugin
- 3.26.0
+ 3.28.0
@@ -1017,7 +1017,7 @@
org.apache.maven.plugins
maven-resources-plugin
- 3.3.1
+ 3.4.0
@@ -1038,13 +1038,13 @@
org.apache.maven.plugins
maven-surefire-plugin
- 3.5.3
+ 3.5.4
org.apache.maven.plugins
maven-war-plugin
- 3.4.0
+ 3.5.1
${maven.war.webxml}
@@ -1053,13 +1053,13 @@
org.codehaus.cargo
cargo-maven3-plugin
- 1.10.19
+ 1.10.26
org.codehaus.mojo
versions-maven-plugin
- 2.18.0
+ 2.21.0
@@ -1086,7 +1086,7 @@
com.h3xstream.findsecbugs
findsecbugs-plugin
- 1.13.0
+ 1.14.0
@@ -1104,7 +1104,7 @@
com.diffplug.spotless
spotless-maven-plugin
- 2.44.4
+ 3.2.1
origin/master
@@ -1249,13 +1249,13 @@
2.1.0
3.6.10.Final
- 4.9.3.0
- 4.9.3
+ 4.9.8.2
+ 4.9.8
5.3.39
9
- 9.0.97
+ 9.0.113
https://archive.apache.org/dist/tomcat/tomcat-${tomcat.major.version}/v${version.tomcat}/bin/apache-tomcat-${version.tomcat}.zip
diff --git a/results/old/Benchmark_1.2-ZAPweekly-20150824-18000.xml b/results/Benchmark_1.2-ZAPweekly-20150824-18000.xml
similarity index 100%
rename from results/old/Benchmark_1.2-ZAPweekly-20150824-18000.xml
rename to results/Benchmark_1.2-ZAPweekly-20150824-18000.xml
diff --git a/results/old/Benchmark_1.2-ZAPweekly-20160905.xml b/results/Benchmark_1.2-ZAPweekly-20160905.xml
similarity index 100%
rename from results/old/Benchmark_1.2-ZAPweekly-20160905.xml
rename to results/Benchmark_1.2-ZAPweekly-20160905.xml
diff --git a/results/old/Benchmark_1.2-findbugs-v3.0.1-92.xml b/results/Benchmark_1.2-findbugs-v3.0.1-92.xml
similarity index 100%
rename from results/old/Benchmark_1.2-findbugs-v3.0.1-92.xml
rename to results/Benchmark_1.2-findbugs-v3.0.1-92.xml
diff --git a/results/old/Benchmark_1.2-findsecbugs-v1.4.0-110.xml b/results/Benchmark_1.2-findsecbugs-v1.4.0-110.xml
similarity index 100%
rename from results/old/Benchmark_1.2-findsecbugs-v1.4.0-110.xml
rename to results/Benchmark_1.2-findsecbugs-v1.4.0-110.xml
diff --git a/results/old/Benchmark_1.2-findsecbugs-v1.4.3-118.xml b/results/Benchmark_1.2-findsecbugs-v1.4.3-118.xml
similarity index 100%
rename from results/old/Benchmark_1.2-findsecbugs-v1.4.3-118.xml
rename to results/Benchmark_1.2-findsecbugs-v1.4.3-118.xml
diff --git a/results/old/Benchmark_1.2-findsecbugs-v1.4.4-253.xml b/results/Benchmark_1.2-findsecbugs-v1.4.4-253.xml
similarity index 100%
rename from results/old/Benchmark_1.2-findsecbugs-v1.4.4-253.xml
rename to results/Benchmark_1.2-findsecbugs-v1.4.4-253.xml
diff --git a/results/old/Benchmark_1.2-findsecbugs-v1.4.5-129.xml b/results/Benchmark_1.2-findsecbugs-v1.4.5-129.xml
similarity index 100%
rename from results/old/Benchmark_1.2-findsecbugs-v1.4.5-129.xml
rename to results/Benchmark_1.2-findsecbugs-v1.4.5-129.xml
diff --git a/results/old/Benchmark_1.2-findsecbugs-v1.4.6-122.xml b/results/Benchmark_1.2-findsecbugs-v1.4.6-122.xml
similarity index 100%
rename from results/old/Benchmark_1.2-findsecbugs-v1.4.6-122.xml
rename to results/Benchmark_1.2-findsecbugs-v1.4.6-122.xml
diff --git a/results/old/Benchmark_1.2-pmd-v5.2.3-11.xml b/results/Benchmark_1.2-pmd-v5.2.3-11.xml
similarity index 100%
rename from results/old/Benchmark_1.2-pmd-v5.2.3-11.xml
rename to results/Benchmark_1.2-pmd-v5.2.3-11.xml
diff --git a/results/old/Benchmark_1.2-sonar-Java-Plugin-v3.14-330.xml b/results/Benchmark_1.2-sonar-Java-Plugin-v3.14-330.xml
similarity index 100%
rename from results/old/Benchmark_1.2-sonar-Java-Plugin-v3.14-330.xml
rename to results/Benchmark_1.2-sonar-Java-Plugin-v3.14-330.xml
diff --git a/results/old/Benchmark_1.2-visualcodegrepper-v2.2.0.xml b/results/Benchmark_1.2-visualcodegrepper-v2.2.0.xml
similarity index 100%
rename from results/old/Benchmark_1.2-visualcodegrepper-v2.2.0.xml
rename to results/Benchmark_1.2-visualcodegrepper-v2.2.0.xml
diff --git a/scripts/runBearer.sh b/scripts/runBearer.sh
index 950b1a192a..3a9ccd560f 100755
--- a/scripts/runBearer.sh
+++ b/scripts/runBearer.sh
@@ -2,6 +2,9 @@
# Check for install/updates at https://github.com/bearer/bearer
+# For this script to work, you need to change the permissions on the results/ directory to 777
+# so docker can write the results file into the results/ folder
+
source scripts/requireCommand.sh
requireCommand docker
@@ -10,6 +13,17 @@ docker pull bearer/bearer --platform linux/amd64
benchmark_version=$(scripts/getBenchmarkVersion.sh)
bearer_version=$(docker run --platform linux/amd64 bearer/bearer bearer --version | grep -o '[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+')
-result_file="/src/results/Benchmark_$benchmark_version-Bearer-v$bearer_version.json"
+result_file="results/Benchmark_$benchmark_version-Bearer-v$bearer_version.json"
+temp_result_file="$result_file.tmp"
+docker_result_file="/benchmark/$temp_result_file"
+
+# if you set the Docker userid to match the current user id with: --user $(id -u):$(id -g) you get a suspicious git repository error
+docker run --platform linux/amd64 --rm -v "${PWD}:/benchmark" bearer/bearer scan /benchmark/src/main/ --format jsonv2 --output "$docker_result_file" > /dev/null
+
+# Because the docker userid and current user ID might be different, we write the Bearer result to a temp file.
+# Then copy it to the desired file name, and then delete the temp file.
+#
+# We can't just chown the file to the right user ID as Unix won't allow that.
+cp $temp_result_file $result_file
+rm -f $temp_result_file
-docker run --platform linux/amd64 --rm -v "${PWD}:/src" bearer/bearer scan /src/src/main/ --format jsonv2 --output "$result_file" > /dev/null
diff --git a/scripts/runCodeQL.sh b/scripts/runCodeQL.sh
index d99dff7803..925040919f 100755
--- a/scripts/runCodeQL.sh
+++ b/scripts/runCodeQL.sh
@@ -2,14 +2,15 @@
# Prerequisites:
# 1) Install codeql in a tools/ directory that is a peer to the folder containing BenchmarkJava. For example, if you have a git/ folder, which contains BenchmarkJava, BenchmarkUtils, etc., then the tools/ folder would be at the same level as the git/ folder. i.e., relative to BenchmarkJava, it is at ../../tools/code-ql-home.
-# 2) Then the owasp-benchmark database has to be initialized by running this:
-# ../tools/codeql-home/codeql/codeql database create owasp-benchmark --language=java
+# 2) Then the owasp-benchmark database has to be initialized by first running the translateCodeQL.sh script.
# Mac Users: "If you are using macOS on Apple Silicon (for example, Apple M1), ensure that the Xcode command-line developer tools and Rosetta 2 are installed."
## For Xcode command line, run: xcode-select -p 1>/dev/null;echo $? - If this returns 0, its installed, if 2, its not installed.
## For Rosetta 2, run: lsbom -f /Library/Apple/System/Library/Receipts/com.apple.pkg.RosettaUpdateAuto.bom - And if it returns a list of files, it's installed.
-# This then runs the codeql scan:
+# This then runs the CodeQL scan:
+## The following CodeQL query is a bit complex. I had to raise an issue with the CodeQL team to figure out how to do this.
+## The issue raised and the answer that documents this query is here: https://github.com/github/codeql/issues/18518#issuecomment-2730684184
benchmark_version=$(scripts/getBenchmarkVersion.sh)
-../tools/codeql-home/codeql/codeql database analyze owasp-benchmark codeql/java-queries --format=sarifv2.1.0 --output=results/Benchmark_$benchmark_version-codeql_java-queries.sarif
+../../tools/codeql-home/codeql/codeql database analyze owasp-benchmark codeql/java-queries:codeql-suites/java-security-extended.qls --format=sarifv2.1.0 --output=results/Benchmark_1.2-codeql_java-security-extended.sarif -j0 --download
diff --git a/scripts/runFindBugs.bat b/scripts/runFindBugs.bat
index 52dfa7961f..d3c68beb65 100644
--- a/scripts/runFindBugs.bat
+++ b/scripts/runFindBugs.bat
@@ -1,6 +1,7 @@
# source "scripts/verifyBenchmarkPluginAvailable.sh" - Don't have .bat version of this (yet)
+
# FindBugs is dead, so this specifies the specific (last) version of findbugs. Its version is not defined in the pom.xml file.
# The buildtime elements when invoking the findbugs-maven-plugin leverage the buildtime extension specified in: .mvn/extensions.xml
-CALL mvn compile org.codehaus.mojo:findbugs-maven-plugin:3.0.5:findbugs -Dbuildtime.output.csv=true -Dbuildtime.output.csv.file=../data/out.csv
-CALL mvn org.owasp:benchmarkutils-maven-plugin:append-time -DtoolName=findbugs
+call mvn compile org.codehaus.mojo:findbugs-maven-plugin:3.0.5:findbugs -Dbuildtime.output.csv=true -Dbuildtime.output.csv.file=../data/out.csv
+call mvn org.owasp:benchmarkutils-maven-plugin:append-time -DtoolName=findbugs
diff --git a/scripts/runFindSecBugs.bat b/scripts/runFindSecBugs.bat
index 2033a71843..5e5d660ec8 100644
--- a/scripts/runFindSecBugs.bat
+++ b/scripts/runFindSecBugs.bat
@@ -1,5 +1,7 @@
# source "scripts/verifyBenchmarkPluginAvailable.sh" - Don't have .bat version of this (yet)
-# The buildtime elements when invoking the findbugs-maven-plugin leverage the buildtime extension specified in: .mvn/extensions.xml
-CALL mvn compile -Pfindsecbugs -Dbuildtime.output.csv=true -Dbuildtime.output.csv.file=../data/out.csv
-CALL mvn org.owasp:benchmarkutils-maven-plugin:append-time -DtoolName=findsecbugs
+
+# The buildtime elements when invoking the findbugs-maven-plugin thru the findsecbugs profile leverage the
+# buildtime extension specified in: .mvn/extensions.xml
+call mvn compile -Pfindsecbugs -Dbuildtime.output.csv=true -Dbuildtime.output.csv.file=../data/out.csv
+call mvn org.owasp:benchmarkutils-maven-plugin:append-time -DtoolName=findsecbugs
diff --git a/scripts/runFindSecBugs.sh b/scripts/runFindSecBugs.sh
index 2ad9731138..dcf442a37c 100755
--- a/scripts/runFindSecBugs.sh
+++ b/scripts/runFindSecBugs.sh
@@ -1,5 +1,6 @@
source "scripts/verifyBenchmarkPluginAvailable.sh"
-# The buildtime elements when invoking the findbugs-maven-plugin leverage the buildtime extension specified in: .mvn/extensions.xml
+# The buildtime elements when invoking the findbugs-maven-plugin thru the findsecbugs profile leverage the
+# buildtime extension specified in: .mvn/extensions.xml
mvn compile -Pfindsecbugs -Dbuildtime.output.csv=true -Dbuildtime.output.csv.file=../data/out.csv
mvn org.owasp:benchmarkutils-maven-plugin:append-time -DtoolName=findsecbugs
diff --git a/scripts/runPMD.bat b/scripts/runPMD.bat
index c40598c7f5..378d26381a 100644
--- a/scripts/runPMD.bat
+++ b/scripts/runPMD.bat
@@ -1,5 +1,5 @@
# source "scripts/verifyBenchmarkPluginAvailable.sh" - Don't have .bat version of this (yet)
-# The buildtime elements when invoking the findbugs-maven-plugin leverage the buildtime extension specified in: .mvn/extensions.xml
-CALL mvn compile pmd:pmd -Dbuildtime.output.csv=true -Dbuildtime.output.csv.file=../data/out.csv
-CALL mvn org.owasp:benchmarkutils-maven-plugin:append-time -DtoolName=pmd
+# The buildtime elements when invoking the PMD plugin leverage the buildtime extension specified in: .mvn/extensions.xml
+call mvn compile pmd:pmd -Dbuildtime.output.csv=true -Dbuildtime.output.csv.file=../data/out.csv
+call mvn org.owasp:benchmarkutils-maven-plugin:append-time -DtoolName=pmd
diff --git a/scripts/runPMD.sh b/scripts/runPMD.sh
index 202e2744fd..1d3538771c 100755
--- a/scripts/runPMD.sh
+++ b/scripts/runPMD.sh
@@ -1,5 +1,5 @@
source "scripts/verifyBenchmarkPluginAvailable.sh"
-# The buildtime elements when invoking the findbugs-maven-plugin leverage the buildtime extension specified in: .mvn/extensions.xml
+# The buildtime elements when invoking the PMD plugin leverage the buildtime extension specified in: .mvn/extensions.xml
mvn compile pmd:pmd -Dbuildtime.output.csv=true -Dbuildtime.output.csv.file=../data/out.csv
mvn org.owasp:benchmarkutils-maven-plugin:append-time -DtoolName=pmd
diff --git a/scripts/runSnykSAST.sh b/scripts/runSnykSAST.sh
index af618f59c1..09904bb508 100755
--- a/scripts/runSnykSAST.sh
+++ b/scripts/runSnykSAST.sh
@@ -1,6 +1,8 @@
# Install Snyk per: https://docs.snyk.io/snyk-cli/install-or-update-the-snyk-cli
+# Before running this, you must first run: snyk auth (and then authenticate) so snyk code is authorized to run.
+
benchmark_version=$(scripts/getBenchmarkVersion.sh)
Snyk_version=$(snyk -v)
-snyk code --sarif-file-output=results/Benchmark_$benchmark_version-snykCodeCli-v$Snyk_version.sarif
+snyk code test --sarif-file-output=results/Benchmark_$benchmark_version-snykCodeCli-v$Snyk_version-$SECONDS.sarif
diff --git a/scripts/runSnykSAST_OnWindows.sh b/scripts/runSnykSAST_OnWindows.sh
index bdc0498436..97e7f0f96d 100644
--- a/scripts/runSnykSAST_OnWindows.sh
+++ b/scripts/runSnykSAST_OnWindows.sh
@@ -1,6 +1,8 @@
# Install Snyk per: https://docs.snyk.io/snyk-cli/install-or-update-the-snyk-cli
+# Before running this, you must first run: snyk auth (and then authenticate) so snyk code is authorized to run.
+
benchmark_version=$(scripts/getBenchmarkVersion.sh)
Snyk_version=$(snyk-win -v)
-snyk-win code test --sarif-file-output=results/Benchmark_$benchmark_version-snykCodeCli-v$Snyk_version.sarif
+snyk-win code test --sarif-file-output=results/Benchmark_$benchmark_version-snykCodeCli-v$Snyk_version-$SECONDS.sarif
diff --git a/scripts/runSpotBugs.bat b/scripts/runSpotBugs.bat
index 428125a6ad..68fefaed0c 100755
--- a/scripts/runSpotBugs.bat
+++ b/scripts/runSpotBugs.bat
@@ -1,5 +1,5 @@
# source "scripts/verifyBenchmarkPluginAvailable.sh" - Don't have .bat version of this (yet)
-# The buildtime elements when invoking the findbugs-maven-plugin leverage the buildtime extension specified in: .mvn/extensions.xml
-CALL mvn compile spotbugs:spotbugs -Dbuildtime.output.csv=true -Dbuildtime.output.csv.file=../data/out.csv
-CALL mvn org.owasp:benchmarkutils-maven-plugin:append-time -DtoolName=spotbugs
+# The buildtime elements when invoking the Spotbugs plugin leverage the buildtime extension specified in: .mvn/extensions.xml
+call mvn compile spotbugs:spotbugs -Dbuildtime.output.csv=true -Dbuildtime.output.csv.file=../data/out.csv
+call mvn org.owasp:benchmarkutils-maven-plugin:append-time -DtoolName=spotbugs
diff --git a/scripts/runSpotBugs.sh b/scripts/runSpotBugs.sh
index b3c37eca9d..54719e2880 100755
--- a/scripts/runSpotBugs.sh
+++ b/scripts/runSpotBugs.sh
@@ -1,5 +1,5 @@
source "scripts/verifyBenchmarkPluginAvailable.sh"
-# The buildtime elements when invoking the findbugs-maven-plugin leverage the buildtime extension specified in: .mvn/extensions.xml
+# The buildtime elements when invoking the Spotbugs plugin leverage the buildtime extension specified in: .mvn/extensions.xml
mvn compile spotbugs:spotbugs -Dbuildtime.output.csv=true -Dbuildtime.output.csv.file=../data/out.csv
mvn org.owasp:benchmarkutils-maven-plugin:append-time -DtoolName=spotbugs
diff --git a/scripts/translateCodeQL.sh b/scripts/translateCodeQL.sh
index 1cf783961e..c10b389f43 100755
--- a/scripts/translateCodeQL.sh
+++ b/scripts/translateCodeQL.sh
@@ -4,8 +4,8 @@
# NOTE: This tool requires Java 11+
# You have to download the rulepacks now. This does this.
-../tools/codeql-home/codeql/codeql pack download codeql/java-queries
+../../tools/codeql-home/codeql/codeql pack download codeql/java-queries
# This translates the current app, and builds up the rules databases. This only has to be run once after each code change.
-../tools/codeql-home/codeql/codeql database create owasp-benchmark --language=java --overwrite --command="mvn clean package"
+../../tools/codeql-home/codeql/codeql database create owasp-benchmark --language=java --overwrite --command="mvn clean package"
diff --git a/src/main/java/org/owasp/benchmark/helpers/DatabaseHelper.java b/src/main/java/org/owasp/benchmark/helpers/DatabaseHelper.java
index 15f206770d..3d271a3f47 100644
--- a/src/main/java/org/owasp/benchmark/helpers/DatabaseHelper.java
+++ b/src/main/java/org/owasp/benchmark/helpers/DatabaseHelper.java
@@ -41,6 +41,7 @@ public class DatabaseHelper {
new org.owasp.benchmark.helpers.HibernateUtil(true);
public static final boolean hideSQLErrors =
false; // If we want SQL Exceptions to be suppressed from being displayed to the user of
+
// the web app.
static {
@@ -168,7 +169,7 @@ public static java.sql.Connection getSqlConnection() {
return conn;
}
- public static void executeSQLCommand(String sql) throws Exception {
+ private static void executeSQLCommand(String sql) throws Exception {
Statement stmt = getSqlStatement();
stmt.executeUpdate(sql);
}
diff --git a/src/main/java/org/owasp/benchmark/helpers/LDAPManager.java b/src/main/java/org/owasp/benchmark/helpers/LDAPManager.java
index 66ac4b711c..a07b00c24d 100644
--- a/src/main/java/org/owasp/benchmark/helpers/LDAPManager.java
+++ b/src/main/java/org/owasp/benchmark/helpers/LDAPManager.java
@@ -112,19 +112,20 @@ private boolean search(LDAPPerson person) {
NamingEnumeration results = ctx.search(base, filter, sc);
+ boolean foundUser = results.hasMore();
+
while (results.hasMore()) {
SearchResult sr = (SearchResult) results.next();
Attributes attrs = sr.getAttributes();
Attribute attr = attrs.get("uid");
if (attr != null) {
- // logger.debug("record found " + attr.get());
// System.out.println("record found " + attr.get());
}
}
ctx.close();
- return true;
+ return foundUser;
} catch (Exception e) {
System.out.println("LDAP error search: ");
e.printStackTrace();
diff --git a/src/main/java/org/owasp/benchmark/helpers/Utils.java b/src/main/java/org/owasp/benchmark/helpers/Utils.java
index b1a260811c..b815cad859 100644
--- a/src/main/java/org/owasp/benchmark/helpers/Utils.java
+++ b/src/main/java/org/owasp/benchmark/helpers/Utils.java
@@ -236,8 +236,6 @@ public static void printOSCommandResults(java.lang.Process proc, HttpServletResp
try {
// read the output from the command
- // System.out.println("Here is the standard output of the
- // command:\n");
out.write("Here is the standard output of the command:
");
String s = null;
while ((s = stdInput.readLine()) != null) {
@@ -246,8 +244,6 @@ public static void printOSCommandResults(java.lang.Process proc, HttpServletResp
}
// read any errors from the attempted command
- // System.out.println("Here is the standard error of the command (if
- // any):\n");
out.write("
Here is the std err of the command (if any):
");
while ((s = stdError.readLine()) != null) {
out.write(ESAPI.encoder().encodeForHTML(s));
diff --git a/src/main/java/org/owasp/benchmark/report/sonarqube/SonarReport.java b/src/main/java/org/owasp/benchmark/report/sonarqube/SonarReport.java
index 5498447d0f..c9fb1459f9 100644
--- a/src/main/java/org/owasp/benchmark/report/sonarqube/SonarReport.java
+++ b/src/main/java/org/owasp/benchmark/report/sonarqube/SonarReport.java
@@ -24,7 +24,7 @@ public class SonarReport {
private static final String SONAR_USER = "admin";
private static final String SONAR_PASSWORD = "P4ssword!!!!";
private static final String SONAR_PROJECT = "benchmark";
- public static final String SONAR_HOST = "ubuntu-server";
+ public static final String SONAR_HOST = "localhost";
public static final String SONAR_PORT = "9876";
private static final int PAGE_SIZE = 500;
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00001.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00001.java
index 34c82096ba..e73f446962 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00001.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00001.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00001", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00002.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00002.java
index b31b6a3343..dc77999076 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00002.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00002.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00002", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00003.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00003.java
index 501535c874..d03cdc0c7a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00003.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00003.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00003", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00004.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00004.java
index beaa3b25c7..5362abd6af 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00004.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00004.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00004", "color");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008.java
index 3d2710eec4..ec11e1db1d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00012.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00012.java
index 5be39e80f9..a2c8ea62d9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00012.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00012.java
@@ -78,12 +78,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00018.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00018.java
index df9dae2ab5..570da1f4b2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00018.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00018.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00021.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00021.java
index 0b469a363f..d8446f7a5b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00021.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00021.java
@@ -53,7 +53,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person))(|(uid=" + param + ")(street={0}))";
Object[] filters = new Object[] {"The streetz 4 Ms bar"};
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, filters, sc);
@@ -69,12 +68,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00024.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00024.java
index a43678bea5..69dd949556 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00024.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00024.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00026.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00026.java
index dcdda02691..f21b0f7e51 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00026.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00026.java
@@ -50,7 +50,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
while (results.next()) {
response.getWriter()
.println(
@@ -60,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.encoder()
.encodeForHTML(results.getString("USERNAME"))
+ " ");
- // System.out.println(results.getString("USERNAME"));
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00027.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00027.java
index 27344a048a..96584b94ac 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00027.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00027.java
@@ -54,7 +54,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00033.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00033.java
index bcfa5d1d4f..9f0e81b955 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00033.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00033.java
@@ -54,7 +54,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
while (results.next()) {
response.getWriter()
.println(
@@ -64,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.encoder()
.encodeForHTML(results.getString("USERNAME"))
+ " ");
- // System.out.println(results.getString("USERNAME"));
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00034.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00034.java
index a4967179a2..2b2bf49380 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00034.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00034.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00037.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00037.java
index e3babd8a10..fa0c496939 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00037.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00037.java
@@ -75,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00039.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00039.java
index d4fce4685b..bf84118b9b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00039.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00039.java
@@ -65,10 +65,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00043.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00043.java
index e20d25a567..104933d89f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00043.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00043.java
@@ -56,7 +56,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00044.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00044.java
index 58d299d619..2ec3f16ba0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00044.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00044.java
@@ -54,7 +54,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person)(uid=" + param + "))";
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, sc);
@@ -70,12 +69,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00052.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00052.java
index caa0f14615..59b2dadcfa 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00052.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00052.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00053.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00053.java
index d2b0b30ed1..d81814939e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00053.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00053.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00053", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00054.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00054.java
index f768641462..863669de67 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00054.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00054.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00054", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00055.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00055.java
index 23bd9f8d49..a6a592295e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00055.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00055.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00055", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00056.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00056.java
index 29390d6190..54a9fd69c3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00056.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00056.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00056", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00057.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00057.java
index 4ef862d5ae..658e3f4ada 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00057.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00057.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00057", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00058.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00058.java
index 7d03df2baf..ae85e972df 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00058.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00058.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00058", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00059.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00059.java
index 2a138ea63b..1cb4de6512 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00059.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00059.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00059", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00060.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00060.java
index a64f933d3e..b820ede91e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00060.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00060.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00060", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00061.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00061.java
index e0d2e00369..593e2844c7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00061.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00061.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00061", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00062.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00062.java
index 44f0ea70b7..5b5635ef84 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00062.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00062.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00062", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00063.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00063.java
index 3e9550a7ea..101c2ec7b1 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00063.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00063.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00063", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00064.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00064.java
index 79a829e3b4..e410c7dcc8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00064.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00064.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00064", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00065.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00065.java
index 483faac90e..39332e749e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00065.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00065.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00065", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00066.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00066.java
index 81f632e646..acc55ddbc8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00066.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00066.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00066", "anything");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00067.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00067.java
index 625cb93271..d88b5cef0b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00067.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00067.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00067", "anything");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00068.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00068.java
index a767d4fed3..67f221bf7a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00068.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00068.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00068", "anything");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00069.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00069.java
index 508d372969..1ab7819ded 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00069.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00069.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00069", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00070.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00070.java
index 594071e2b8..de85692a69 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00070.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00070.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00070", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00071.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00071.java
index a2400b31c9..ed35f855d5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00071.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00071.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00071", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00072.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00072.java
index afa3284c57..3e7494cac0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00072.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00072.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00072", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00073.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00073.java
index 6aa740440a..3649bc54f7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00073.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00073.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00073", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00074.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00074.java
index b1cc4ddfc2..8bd31f4615 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00074.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00074.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00074", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00075.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00075.java
index 5722b0bc4c..933dcd41df 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00075.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00075.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00075", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00076.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00076.java
index 3b38ebb83c..63d04920bf 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00076.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00076.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00076", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00077.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00077.java
index d929ba6934..4207a3a51b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00077.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00077.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00077", "ECHOOO");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00078.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00078.java
index 5773c9d2a4..d06382a80b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00078.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00078.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00078", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00079.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00079.java
index 0cc7c196d8..2e59caf4c0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00079.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00079.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00079", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00080.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00080.java
index b39fc2434f..8ae7030d82 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00080.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00080.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00080", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00081.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00081.java
index a0b486ee75..6c1dfadc82 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00081.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00081.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00081", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00082.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00082.java
index c0de01c39c..df3b3fe6d7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00082.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00082.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00082", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00083.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00083.java
index 6f509bf5de..f39a343b82 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00083.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00083.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00083", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00084.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00084.java
index 03c3eb0cb3..960571150e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00084.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00084.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00084", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00085.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00085.java
index 3cd977db9e..91087125dc 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00085.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00085.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00085", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00086.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00086.java
index cd31ec9742..9c4560b01d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00086.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00086.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00086", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00087.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00087.java
index 460086f96c..ac652c09a9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00087.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00087.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00087", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00088.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00088.java
index 4da3391033..70b9ee5894 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00088.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00088.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00088", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00089.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00089.java
index ff09d01f11..0516ed95eb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00089.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00089.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00089", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00090.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00090.java
index 6f045cb9f0..a75acdf76c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00090.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00090.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00090", "ls");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00091.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00091.java
index 4a983d3ca6..4bda8e8318 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00091.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00091.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00091", "FOO%3Decho+Injection");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00092.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00092.java
index 9421950e43..17c051e6ff 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00092.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00092.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00092", "FOO%3Decho+Injection");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00093.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00093.java
index 56372b8c82..92a1d76790 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00093.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00093.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00093", "ls");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00094.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00094.java
index f6e2b83b29..5def6e3b17 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00094.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00094.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00094", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00095.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00095.java
index d817be4a47..2ed886d0eb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00095.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00095.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00095", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00096.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00096.java
index 53537aea13..cae48fe1b9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00096.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00096.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00096", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00097.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00097.java
index 10fe45f85c..71dbfb01f7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00097.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00097.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00097", "color");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098.java
index daeadc40ef..3ebab68e6a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00098", "my_user_id");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00099.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00099.java
index bc8c41f140..dd7ff9c11b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00099.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00099.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00099", "my_userid");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00100.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00100.java
index 9e8349062c..053f64f9d2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00100.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00100.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00100", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -86,7 +87,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00101.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00101.java
index 3ed4c9a6a4..b68525bb83 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00101.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00101.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00101", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -87,7 +88,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00102.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00102.java
index f1b552dd7f..1f8c43448b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00102.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00102.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00102", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -73,10 +74,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00103.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00103.java
index d3845ed61d..475722d2d0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00103.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00103.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00103", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -77,10 +78,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sql, new Object[] {}, String.class);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00104.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00104.java
index 2794ec8e11..90121f9dc6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00104.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00104.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00104", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00105.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00105.java
index 6d5d0f5b5f..36d79d7f59 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00105.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00105.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00105", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -80,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00106.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00106.java
index e844eb8d45..4efb36d365 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00106.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00106.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00106", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -84,7 +85,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00107.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00107.java
index 37994ba345..c2264363b2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00107.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00107.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00107", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -95,7 +96,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00108.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00108.java
index 936abe8572..dae1e43878 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00108.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00108.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00108", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -93,7 +94,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00109.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00109.java
index 2816bc4edc..75a07e02f1 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00109.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00109.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00109", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -81,7 +82,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00110.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00110.java
index 3bb8262098..830d54cd06 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00110.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00110.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00110", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -95,7 +96,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00111.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00111.java
index 70ff23ca68..b92ec2b24f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00111.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00111.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00111", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -84,7 +85,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00112.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00112.java
index fdef001896..9c5e5cea8f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00112.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00112.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00112", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -76,7 +77,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00113.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00113.java
index fb9bc79c7c..6cd16cd6e0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00113.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00113.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00113", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -80,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00114.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00114.java
index 996189bce3..50ba62e19b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00114.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00114.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00114", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -79,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00115.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00115.java
index 677548bb40..d1e117c2cc 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00115.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00115.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00115", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -79,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00116.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00116.java
index 6ffcc0b757..52780ea198 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00116.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00116.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00116", "2222");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00117.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00117.java
index 9829ccc8a1..306bed91e5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00117.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00117.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00117", "2222");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00118.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00118.java
index c768c2a1c8..0620c992a8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00118.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00118.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00118", "2222");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00138.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00138.java
index 04d28e6ef7..1f37a44ee3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00138.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00138.java
@@ -82,12 +82,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00139.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00139.java
index 06f78927f9..bd479db1b3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00139.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00139.java
@@ -98,12 +98,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00190.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00190.java
index a30e0c9b4a..30e5bb6445 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00190.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00190.java
@@ -75,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00191.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00191.java
index 9be0c09e50..ab07adda29 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00191.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00191.java
@@ -84,7 +84,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00192.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00192.java
index 605094f65b..a3ae33a0e3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00192.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00192.java
@@ -81,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00193.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00193.java
index f8930ef516..4e78da6a4c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00193.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00193.java
@@ -68,7 +68,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00198.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00198.java
index 52d3c7cd36..dfaec5529c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00198.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00198.java
@@ -53,6 +53,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String bar = thing.doSomething(param);
String sql = "SELECT userid from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
// int results =
// org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForInt(sql);
@@ -60,7 +61,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForObject(
sql, Integer.class);
response.getWriter().println("Your results are: " + results);
- // System.out.println("Your results are: " + results);
+
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00199.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00199.java
index b0239488b1..6415a33187 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00199.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00199.java
@@ -56,6 +56,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
else bar = "This should never happen";
String sql = "SELECT userid from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
// int results =
// org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForInt(sql);
@@ -63,7 +64,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForObject(
sql, Integer.class);
response.getWriter().println("Your results are: " + results);
- // System.out.println("Your results are: " + results);
+
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00202.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00202.java
index c0f68de0fe..ea4a46c8e8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00202.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00202.java
@@ -81,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00203.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00203.java
index 2af476ffab..f2873cc0a5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00203.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00203.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00204.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00204.java
index 0c57cef4ad..8a3fffd4b6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00204.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00204.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00205.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00205.java
index 354f00c304..49f62bf973 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00205.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00205.java
@@ -70,7 +70,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00206.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00206.java
index 95014bc39f..921125b708 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00206.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00206.java
@@ -81,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00328.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00328.java
index 0e8575bac4..3f56613e8b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00328.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00328.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00329.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00329.java
index f4eeac6869..1e14a770df 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00329.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00329.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00330.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00330.java
index 6f2ead7d31..6949444e45 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00330.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00330.java
@@ -85,7 +85,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00331.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00331.java
index d52c5e8d0a..8d6bce2455 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00331.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00331.java
@@ -70,7 +70,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00332.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00332.java
index 4fd8885bbc..7914380525 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00332.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00332.java
@@ -85,7 +85,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00333.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00333.java
index 824bb8821f..ceea99496e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00333.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00333.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00334.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00334.java
index f4719854a4..9b1ebea1a2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00334.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00334.java
@@ -89,7 +89,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00335.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00335.java
index 20cbf10540..8446dcb9b5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00335.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00335.java
@@ -70,7 +70,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00337.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00337.java
index dc77a80c7d..055e61e8de 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00337.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00337.java
@@ -70,10 +70,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sql, new Object[] {}, String.class);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00338.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00338.java
index 8c8d683c2e..43a5214d5e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00338.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00338.java
@@ -65,10 +65,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sql, new Object[] {}, String.class);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00339.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00339.java
index b68d701771..e0854a9e47 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00339.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00339.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
while (results.next()) {
response.getWriter()
.println(
@@ -73,7 +72,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.encoder()
.encodeForHTML(results.getString("USERNAME"))
+ " ");
- // System.out.println(results.getString("USERNAME"));
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00342.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00342.java
index 172e6cf835..48c0275c02 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00342.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00342.java
@@ -72,7 +72,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00343.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00343.java
index d472983b4b..e6cb3d4ac9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00343.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00343.java
@@ -67,7 +67,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00344.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00344.java
index 1054524937..42a9bb6e45 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00344.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00344.java
@@ -67,7 +67,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00367.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00367.java
index 5e765997fc..3229e5ab0e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00367.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00367.java
@@ -93,12 +93,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00428.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00428.java
index ee8e851de3..15dee91bd3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00428.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00428.java
@@ -67,7 +67,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00429.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00429.java
index c502ca7fc8..d0e4c03018 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00429.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00429.java
@@ -67,7 +67,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00430.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00430.java
index 76a7ed5a7f..29a7872b79 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00430.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00430.java
@@ -67,7 +67,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00432.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00432.java
index 10616e4729..dcd77e95a6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00432.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00432.java
@@ -56,19 +56,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
}
String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
java.util.List> list =
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
response.getWriter().println("Your results are:
");
- // System.out.println("Your results are");
-
for (Object o : list) {
response.getWriter()
.println(
org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
+ "
");
- // System.out.println(o.toString());
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
@@ -78,7 +76,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (org.springframework.dao.DataAccessException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00433.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00433.java
index d9f3d917ac..96d38ee6bd 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00433.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00433.java
@@ -51,19 +51,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
else bar = "This should never happen";
String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
java.util.List> list =
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
response.getWriter().println("Your results are:
");
- // System.out.println("Your results are");
-
for (Object o : list) {
response.getWriter()
.println(
org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
+ "
");
- // System.out.println(o.toString());
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
@@ -73,7 +71,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (org.springframework.dao.DataAccessException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00435.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00435.java
index 8426d4b26f..b45bf24139 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00435.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00435.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00436.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00436.java
index 96437dcf62..436f1bdfba 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00436.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00436.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00437.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00437.java
index f162be3075..200e197dd5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00437.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00437.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00438.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00438.java
index e50b930ea8..f8f5a54dd6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00438.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00438.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00439.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00439.java
index 2cd2a49663..d4e9b0319d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00439.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00439.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00440.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00440.java
index cc06f332ec..468f783ea8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00440.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00440.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00441.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00441.java
index 630664e61e..694a3cb3b9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00441.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00441.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00509.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00509.java
index 4e452ae0f7..9b536ee6a0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00509.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00509.java
@@ -70,7 +70,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00510.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00510.java
index 7267eabd86..556d054291 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00510.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00510.java
@@ -84,7 +84,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00512.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00512.java
index 60b0cb34dd..8d2037f613 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00512.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00512.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00513.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00513.java
index 75bcc00159..b0b0b901c2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00513.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00513.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00514.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00514.java
index 773c7280d5..5d20a87141 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00514.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00514.java
@@ -64,7 +64,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00515.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00515.java
index 72806247f3..54e5a142bb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00515.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00515.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00516.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00516.java
index f9091b05ac..006e227aec 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00516.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00516.java
@@ -78,7 +78,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00517.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00517.java
index 192af9e3a3..c54f64070f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00517.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00517.java
@@ -64,7 +64,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00518.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00518.java
index da6da56bd6..d3b690a3c0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00518.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00518.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00519.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00519.java
index 1f3cd3dd59..6ca23df21f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00519.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00519.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00530.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00530.java
index 88b7a2f88b..f8dfebafa7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00530.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00530.java
@@ -105,12 +105,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00589.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00589.java
index 9952780baa..153841e15e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00589.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00589.java
@@ -85,7 +85,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00590.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00590.java
index cba00d5b4d..e03d7d0fa4 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00590.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00590.java
@@ -80,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00591.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00591.java
index b9e3d544a6..474697882c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00591.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00591.java
@@ -74,7 +74,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00592.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00592.java
index 15b267edc6..1b97a30552 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00592.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00592.java
@@ -97,7 +97,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00593.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00593.java
index d0b3de8ed2..b24aeb3ac5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00593.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00593.java
@@ -95,7 +95,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00594.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00594.java
index a6f8dda124..7385de0a6e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00594.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00594.java
@@ -77,7 +77,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00595.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00595.java
index b21eaad7e2..c51c29e2e1 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00595.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00595.java
@@ -77,7 +77,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00596.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00596.java
index 510dd017d8..1f1a66fd27 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00596.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00596.java
@@ -70,19 +70,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
}
String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
java.util.List> list =
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
response.getWriter().println("Your results are:
");
- // System.out.println("Your results are");
-
for (Object o : list) {
response.getWriter()
.println(
org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
+ "
");
- // System.out.println(o.toString());
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
@@ -92,7 +90,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (org.springframework.dao.DataAccessException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00597.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00597.java
index aa5589e0c3..f3828f86ab 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00597.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00597.java
@@ -62,19 +62,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String bar = thing.doSomething(param);
String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
java.util.List> list =
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
response.getWriter().println("Your results are:
");
- // System.out.println("Your results are");
-
for (Object o : list) {
response.getWriter()
.println(
org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
+ "
");
- // System.out.println(o.toString());
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
@@ -84,7 +82,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (org.springframework.dao.DataAccessException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00598.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00598.java
index 0141f393fd..890bdd2c8c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00598.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00598.java
@@ -73,10 +73,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00601.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00601.java
index 63b72dc4b5..2e28994a37 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00601.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00601.java
@@ -75,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00602.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00602.java
index 1442ed6d36..00174efe89 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00602.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00602.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00603.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00603.java
index ab62901520..d13d03cf3e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00603.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00603.java
@@ -71,7 +71,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00604.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00604.java
index 362b07436c..ed75dc6065 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00604.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00604.java
@@ -76,7 +76,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00605.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00605.java
index 8cedb8b166..7c83ef19b8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00605.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00605.java
@@ -74,7 +74,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00606.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00606.java
index 0a8aba5f62..660dd6f9bf 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00606.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00606.java
@@ -74,7 +74,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00630.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00630.java
index 8ab20cfcad..6992294b25 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00630.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00630.java
@@ -93,12 +93,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00672.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00672.java
index efb70eb5e0..54317ac09b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00672.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00672.java
@@ -64,7 +64,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00673.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00673.java
index 2e79baf50e..0dc425a95c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00673.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00673.java
@@ -64,7 +64,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00674.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00674.java
index 3bcbdac135..099405a49f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00674.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00674.java
@@ -84,7 +84,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00675.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00675.java
index 54d39e3b38..99ec115f85 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00675.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00675.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00676.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00676.java
index 251f9353b1..1c4e62fe3f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00676.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00676.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00679.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00679.java
index 017e8358f5..6b5bceb51d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00679.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00679.java
@@ -56,10 +56,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00680.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00680.java
index 3d6c32aab5..8f83eb6e8d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00680.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00680.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00681.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00681.java
index 49e5fa693e..319c980688 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00681.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00681.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00682.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00682.java
index a67b602fb5..c44945425c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00682.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00682.java
@@ -76,7 +76,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00694.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00694.java
index 92eeeb0cf2..7f834dc8c9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00694.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00694.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person)(uid=" + bar + "))";
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, sc);
@@ -71,12 +70,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00695.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00695.java
index 02b814e3d5..6acfed0393 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00695.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00695.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person)(uid=" + bar + "))";
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, sc);
@@ -76,12 +75,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00701.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00701.java
index 872835ece4..602714e608 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00701.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00701.java
@@ -95,12 +95,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00760.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00760.java
index bd35513af1..577024f844 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00760.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00760.java
@@ -64,7 +64,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00761.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00761.java
index c9be8a0291..5721fabf0d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00761.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00761.java
@@ -78,7 +78,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00762.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00762.java
index 74259017a8..9cea0ea1b3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00762.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00762.java
@@ -68,7 +68,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00763.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00763.java
index c415740406..25df60cb44 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00763.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00763.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00768.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00768.java
index b0acb740be..8fd2e73f13 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00768.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00768.java
@@ -56,10 +56,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00770.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00770.java
index 8a01f04368..61856844dc 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00770.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00770.java
@@ -68,7 +68,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00771.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00771.java
index fd8d7c3f42..6379479e3c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00771.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00771.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00772.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00772.java
index e119ad0711..e0a56267b0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00772.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00772.java
@@ -76,7 +76,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00773.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00773.java
index 0968a1c073..bf0f04cae4 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00773.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00773.java
@@ -67,7 +67,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00774.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00774.java
index 6b9f44e6b9..e33efc1b17 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00774.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00774.java
@@ -76,7 +76,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00837.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00837.java
index bebe5de008..5ef381482f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00837.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00837.java
@@ -91,7 +91,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00838.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00838.java
index fdb384be59..c00ae7e734 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00838.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00838.java
@@ -105,7 +105,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00839.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00839.java
index 513c5cc655..edeb349417 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00839.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00839.java
@@ -87,7 +87,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00842.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00842.java
index cc11768ee6..93cf792940 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00842.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00842.java
@@ -80,6 +80,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
}
String sql = "SELECT userid from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
// int results =
// org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForInt(sql);
@@ -87,7 +88,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForObject(
sql, Integer.class);
response.getWriter().println("Your results are: " + results);
- // System.out.println("Your results are: " + results);
+
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00844.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00844.java
index ea003ae318..fe6274bb23 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00844.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00844.java
@@ -87,10 +87,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sql, new Object[] {}, String.class);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00845.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00845.java
index 69a8ea505f..8618e97693 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00845.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00845.java
@@ -80,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
while (results.next()) {
response.getWriter()
.println(
@@ -90,7 +89,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.encoder()
.encodeForHTML(results.getString("USERNAME"))
+ " ");
- // System.out.println(results.getString("USERNAME"));
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00847.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00847.java
index cbbcd334f9..2c0b141377 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00847.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00847.java
@@ -90,7 +90,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00848.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00848.java
index 2f7827d649..fffc4a9912 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00848.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00848.java
@@ -80,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00849.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00849.java
index f30a871195..e13afbd590 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00849.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00849.java
@@ -89,7 +89,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00850.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00850.java
index 2620b83b73..1812add89e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00850.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00850.java
@@ -89,7 +89,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00851.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00851.java
index ba5bfe682c..e7bd30756c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00851.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00851.java
@@ -84,7 +84,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00860.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00860.java
index 626151d82f..0532d16779 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00860.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00860.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
Object[] filters = new Object[] {"The streetz 4 Ms bar"};
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, filters, sc);
@@ -81,12 +80,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00861.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00861.java
index 880591d514..3ad390a16c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00861.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00861.java
@@ -73,7 +73,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person)(uid=" + bar + "))";
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, sc);
@@ -89,12 +88,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00924.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00924.java
index d0664cb51e..6ce3fe6850 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00924.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00924.java
@@ -71,7 +71,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00925.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00925.java
index 988638bb98..cf69de7834 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00925.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00925.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00926.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00926.java
index 30e8fd41cb..3c6f5521fc 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00926.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00926.java
@@ -68,7 +68,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00927.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00927.java
index 27b2f2c443..e1fc774dbc 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00927.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00927.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00928.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00928.java
index 248fc78c23..5cd232408c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00928.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00928.java
@@ -64,7 +64,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00929.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00929.java
index 5781c5c28f..ea0a08f435 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00929.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00929.java
@@ -81,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00933.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00933.java
index 40757c3adf..2e939815ca 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00933.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00933.java
@@ -49,19 +49,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String bar = thing.doSomething(param);
String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
java.util.List> list =
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
response.getWriter().println("Your results are:
");
- // System.out.println("Your results are");
-
for (Object o : list) {
response.getWriter()
.println(
org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
+ "
");
- // System.out.println(o.toString());
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
@@ -71,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (org.springframework.dao.DataAccessException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00935.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00935.java
index 9b877a80f7..2820d57c44 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00935.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00935.java
@@ -72,10 +72,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00937.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00937.java
index 0c42e52899..51d04b5acb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00937.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00937.java
@@ -75,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00938.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00938.java
index eb94dd760f..3e920d1bba 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00938.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00938.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00939.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00939.java
index 5e50ed325a..b4a59c6f9b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00939.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00939.java
@@ -75,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00940.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00940.java
index 8c6ee2a8ab..5ec756c3e5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00940.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00940.java
@@ -66,7 +66,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00942.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00942.java
index edabdd9766..4b87f37fa0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00942.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00942.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00942", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00943.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00943.java
index 7ea33e0c3f..dd52ce869d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00943.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00943.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00943", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00944.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00944.java
index a96c19cb02..3293ee524d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00944.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00944.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00944", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00945.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00945.java
index 69b502d954..7dad5a5c94 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00945.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00945.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00945", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00946.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00946.java
index 8a48761126..900df70176 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00946.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00946.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00946", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00947.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00947.java
index abe6252c57..102e26d991 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00947.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00947.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00947", "Ms+Bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -73,7 +74,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
Object[] filters = new Object[] {"The streetz 4 Ms bar"};
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, filters, sc);
@@ -89,12 +89,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00948.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00948.java
index be08aa50e1..356249c699 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00948.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00948.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00948", "Ms+Bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -72,7 +73,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person)(uid=" + bar + "))";
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, sc);
@@ -88,12 +88,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00949.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00949.java
index 0e393f0819..401699151f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00949.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00949.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00949", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00950.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00950.java
index 21b522e836..fd50b82f43 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00950.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00950.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00950", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00951.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00951.java
index 07bb305764..d89cc55769 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00951.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00951.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00951", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00952.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00952.java
index 194f107ef2..694a1f67c0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00952.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00952.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00952", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00953.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00953.java
index 24f827ae47..4c11f04537 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00953.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00953.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00953", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00954.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00954.java
index 68d7409940..eb3b36d2d9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00954.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00954.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00954", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00955.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00955.java
index c84ef7cb2a..3633298bc2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00955.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00955.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00955", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00956.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00956.java
index 875d0ccbb3..f4e788b397 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00956.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00956.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00956", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00957.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00957.java
index 55f1406de6..1f1c4f72cb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00957.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00957.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00957", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00958.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00958.java
index d520eaa57c..74f0c0849d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00958.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00958.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00958", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00959.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00959.java
index e2fe46e453..149cabe35a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00959.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00959.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00959", "Ms+Bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -91,12 +92,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00960.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00960.java
index cf958884b5..d47c6c9a2f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00960.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00960.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00960", "anything");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00961.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00961.java
index 29ba414037..ecc6d76aa8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00961.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00961.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00961", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00962.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00962.java
index ca328b4764..c188e5056c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00962.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00962.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00962", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00963.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00963.java
index 92d5597e26..b27fad7b06 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00963.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00963.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00963", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00964.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00964.java
index 921bceab52..db66eca7c9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00964.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00964.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00964", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00965.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00965.java
index cb36981d2f..d266791a08 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00965.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00965.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00965", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00966.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00966.java
index f384468ec0..a1eb5b2e4c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00966.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00966.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00966", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00967.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00967.java
index 7293356639..31babc6519 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00967.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00967.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00967", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00968.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00968.java
index 8f08cb3fcd..a62c969f02 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00968.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00968.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00968", "ECHOOO");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00969.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00969.java
index 7f22d1c2d3..0a62b0f3c4 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00969.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00969.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00969", "ECHOOO");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00970.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00970.java
index 85aa5e1837..c9594801d3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00970.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00970.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00970", "ECHOOO");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00971.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00971.java
index e150eb0ab2..c516fa23d6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00971.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00971.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00971", "does_not_matter");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00972.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00972.java
index cd955a1bee..841e66e3ed 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00972.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00972.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00972", "does_not_matter");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00973.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00973.java
index 792c74c173..6c78b04b86 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00973.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00973.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00973", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00974.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00974.java
index 6ae56d14bb..7c231a9d66 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00974.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00974.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00974", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00975.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00975.java
index 25275cf1ba..98ad757df6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00975.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00975.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00975", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00976.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00976.java
index e71cdac3e6..53738b2c7c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00976.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00976.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00976", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00977.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00977.java
index 6cfc9bd8cd..615e2c1528 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00977.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00977.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00977", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00978.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00978.java
index e0c51eb64c..facab6dffc 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00978.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00978.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00978", "localhost");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00979.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00979.java
index ebf6fdd539..8cd4c23bbf 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00979.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00979.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00979", ".");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00980.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00980.java
index 89212fae69..85e920e512 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00980.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00980.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00980", "FOO%3Decho+Injection");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00981.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00981.java
index c5d2ae0c16..da1d5b0414 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00981.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00981.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00981", ".");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00982.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00982.java
index a7fdbec671..76ed3f4e51 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00982.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00982.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00982", "FOO%3Decho+Injection");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00983.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00983.java
index 039fd35eab..5261de7114 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00983.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00983.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00983", "FOO%3Decho+Injection");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00984.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00984.java
index 80770adc19..65dc6b2be7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00984.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00984.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00984", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00985.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00985.java
index f1afe3457a..20669d47a6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00985.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00985.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00985", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00986.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00986.java
index 35e7aec7ef..e1d412e539 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00986.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00986.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00986", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00987.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00987.java
index 5a112527cd..a5e4d96fff 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00987.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00987.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00987", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00988.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00988.java
index a1af647dd0..42796d82b8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00988.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00988.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00988", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00989.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00989.java
index a1f592860e..efdd1b6fbb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00989.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00989.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00989", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00990.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00990.java
index ada688ffb3..07b22f614c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00990.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00990.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00990", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00991.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00991.java
index 1594460d8e..b45f31f759 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00991.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00991.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00991", "color");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00992.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00992.java
index 15fa167ba5..67081747fe 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00992.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00992.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00992", "color");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00993.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00993.java
index b4fd61317b..3639a04f3f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00993.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00993.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00993", "my_user_id");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00994.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00994.java
index 59ae632276..31938e4a00 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00994.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00994.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00994", "my_user_id");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00995.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00995.java
index c25441aff9..e36686f391 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00995.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00995.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest00995", "color");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00996.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00996.java
index 2b9e41e14e..4f5f2a5e13 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00996.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00996.java
@@ -38,6 +38,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
"BenchmarkTest00996", "verifyUserPassword%28%27foo%27%2C%27bar%27%29");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -77,7 +78,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00997.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00997.java
index 6c7b31f6e1..b6fd32cc53 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00997.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00997.java
@@ -38,6 +38,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
"BenchmarkTest00997", "verifyUserPassword%28%27foo%27%2C%27bar%27%29");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -80,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00998.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00998.java
index 73c26ad083..f218e47e14 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00998.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00998.java
@@ -38,6 +38,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
"BenchmarkTest00998", "verifyUserPassword%28%27foo%27%2C%27bar%27%29");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -80,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00999.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00999.java
index 94a7b8b61e..c69c13a553 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00999.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00999.java
@@ -38,6 +38,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
"BenchmarkTest00999", "verifyUserPassword%28%27foo%27%2C%27bar%27%29");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -80,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01000.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01000.java
index d964166002..f75c026c2d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01000.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01000.java
@@ -38,6 +38,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
"BenchmarkTest01000", "verifyUserPassword%28%27foo%27%2C%27bar%27%29");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -81,7 +82,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01001.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01001.java
index b3024e606a..6848523539 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01001.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01001.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01001", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -76,7 +77,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01002.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01002.java
index eee25d4fec..9ece781e61 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01002.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01002.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01002", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -77,7 +78,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01003.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01003.java
index 79e20c2eb5..ef9efd2a35 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01003.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01003.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01003", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -77,7 +78,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01004.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01004.java
index 771de318a9..3ce2110c12 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01004.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01004.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01004", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -77,7 +78,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01005.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01005.java
index 0889432362..3094c7e92f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01005.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01005.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01005", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01006.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01006.java
index cd63247e71..f67b16c8b7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01006.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01006.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01006", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01007.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01007.java
index 7174b1aa41..7016af7056 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01007.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01007.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01007", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -71,10 +72,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01008.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01008.java
index c5ab84f61e..f3cd36e7e3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01008.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01008.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01008", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -70,7 +71,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
while (results.next()) {
response.getWriter()
.println(
@@ -80,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.encoder()
.encodeForHTML(results.getString("USERNAME"))
+ " ");
- // System.out.println(results.getString("USERNAME"));
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01009.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01009.java
index c70a6b7bfc..e34fd6dd48 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01009.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01009.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01009", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -70,7 +71,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
while (results.next()) {
response.getWriter()
.println(
@@ -80,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.encoder()
.encodeForHTML(results.getString("USERNAME"))
+ " ");
- // System.out.println(results.getString("USERNAME"));
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01010.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01010.java
index 9e29c5f81e..4147e74f5d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01010.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01010.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01010", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01011.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01011.java
index 9d4e34dab2..336e3f8b46 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01011.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01011.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01011", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -75,7 +76,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01012.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01012.java
index cf46c411d8..33295bc646 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01012.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01012.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01012", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -74,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01013.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01013.java
index d768a1066a..e6302607a2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01013.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01013.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01013", "2222");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01014.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01014.java
index 1ea8bdfd14..f629d16da2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01014.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01014.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01014", "2222");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01023.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01023.java
index 3947635705..0e705a24db 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01023.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01023.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
Object[] filters = new Object[] {"The streetz 4 Ms bar"};
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, filters, sc);
@@ -75,12 +74,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01024.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01024.java
index 1847b41a26..cb021559e1 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01024.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01024.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
Object[] filters = new Object[] {"The streetz 4 Ms bar"};
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, filters, sc);
@@ -75,12 +74,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01083.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01083.java
index 8c35a3c0f4..ade27aa607 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01083.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01083.java
@@ -66,7 +66,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01084.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01084.java
index 39bc262d46..3f0cfc00d4 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01084.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01084.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01087.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01087.java
index 2dd40979a6..d373df9f3d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01087.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01087.java
@@ -51,6 +51,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String bar = new Test().doSomething(request, param);
String sql = "SELECT userid from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
// int results =
// org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForInt(sql);
@@ -58,7 +59,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForObject(
sql, Integer.class);
response.getWriter().println("Your results are: " + results);
- // System.out.println("Your results are: " + results);
+
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01089.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01089.java
index e9a7614edd..80b86ba50c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01089.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01089.java
@@ -58,10 +58,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sql, new Object[] {}, String.class);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01090.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01090.java
index d32c576efb..884395d987 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01090.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01090.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01091.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01091.java
index 742b793533..5b4425c587 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01091.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01091.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01092.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01092.java
index ed043e74d7..abc9f5ef22 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01092.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01092.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01093.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01093.java
index f73991dd7b..a2d3947486 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01093.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01093.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01094.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01094.java
index dd9b0be9f2..d7c68e192a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01094.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01094.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01095.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01095.java
index 82b0497b36..fc7c0f5035 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01095.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01095.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01096.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01096.java
index 04df2c0a13..8d608f8e7e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01096.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01096.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01097.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01097.java
index a7b174be36..dcde862442 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01097.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01097.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01098.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01098.java
index 7a6c3c44c7..bd29526a66 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01098.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01098.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01154.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01154.java
index 1ef4bfffe7..27542130bd 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01154.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01154.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
Object[] filters = new Object[] {"The streetz 4 Ms bar"};
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, filters, sc);
@@ -77,12 +76,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01208.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01208.java
index ec6c59f264..eaa4d14dd1 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01208.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01208.java
@@ -68,7 +68,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01209.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01209.java
index ec84cdcafe..363944fec2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01209.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01209.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01210.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01210.java
index 37470a27d4..b82cf65e8b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01210.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01210.java
@@ -68,7 +68,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01211.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01211.java
index a20772cf94..83b173687a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01211.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01211.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01212.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01212.java
index 00f97fa3b0..d408ea2879 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01212.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01212.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01213.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01213.java
index 408861e5e6..f155afd095 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01213.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01213.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01216.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01216.java
index f9bbfe9d9d..f22b290351 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01216.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01216.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01217.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01217.java
index 0e73e684f8..1ecee50ffc 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01217.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01217.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01218.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01218.java
index 81c5ad2ba3..e2f499fb01 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01218.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01218.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01219.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01219.java
index 18ba13eb33..ad790c701c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01219.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01219.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01220.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01220.java
index adad23ef0c..b0bb059fc6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01220.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01220.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01221.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01221.java
index ab465982f4..1cc944e5bb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01221.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01221.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01222.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01222.java
index 6455a87a00..efa22040c5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01222.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01222.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01241.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01241.java
index 2ff939b334..c0b4c4fa5e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01241.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01241.java
@@ -72,12 +72,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01242.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01242.java
index 9ff6d4ec9e..20fd643f79 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01242.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01242.java
@@ -72,12 +72,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01243.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01243.java
index 0ba48af860..03c4eeeaf9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01243.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01243.java
@@ -72,12 +72,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01301.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01301.java
index 42743c2a2d..ddc859ce62 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01301.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01301.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01302.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01302.java
index abeba745c0..d91b9e762f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01302.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01302.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01303.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01303.java
index a9097e0ce1..e3d9c2f624 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01303.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01303.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01304.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01304.java
index 81df696a91..c25e7067ed 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01304.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01304.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01305.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01305.java
index 1033c2afa2..f467e2893e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01305.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01305.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01306.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01306.java
index 5ccf127dea..961fa572bd 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01306.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01306.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01307.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01307.java
index 9c6785d3ba..2c1f9c18ee 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01307.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01307.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01309.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01309.java
index 95128e162b..668d72fa31 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01309.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01309.java
@@ -53,10 +53,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sql, new Object[] {}, String.class);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01310.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01310.java
index c7ea9ab13c..0d2bcdb827 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01310.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01310.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01311.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01311.java
index c0a9091848..7dcb9b0333 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01311.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01311.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01312.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01312.java
index b073504092..75e68fd8c3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01312.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01312.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01313.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01313.java
index a7960f6ce4..952fab1535 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01313.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01313.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01314.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01314.java
index e3643925d0..9dfbd2c10d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01314.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01314.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01315.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01315.java
index 9aa8acbc72..79752892de 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01315.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01315.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01326.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01326.java
index 5190bcb65c..17b6a1d1fc 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01326.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01326.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
Object[] filters = new Object[] {"The streetz 4 Ms bar"};
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, filters, sc);
@@ -74,12 +73,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01327.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01327.java
index 8190031458..e22de227d2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01327.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01327.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
Object[] filters = new Object[] {"The streetz 4 Ms bar"};
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, filters, sc);
@@ -74,12 +73,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01378.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01378.java
index b79665d84d..b74b0f506b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01378.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01378.java
@@ -64,7 +64,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01379.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01379.java
index 9917c0bfa6..3fa7d1e555 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01379.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01379.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01380.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01380.java
index 718b461575..1fff55a7e1 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01380.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01380.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01381.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01381.java
index 0bc4c1c2c6..a5dda6bba0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01381.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01381.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01382.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01382.java
index b4b3bd2f51..1a1ec10b7e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01382.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01382.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01383.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01383.java
index 64990008b9..19648d1e39 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01383.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01383.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01384.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01384.java
index 996230e2ef..5ba14aa458 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01384.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01384.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01385.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01385.java
index 10abda1e7c..7f84e32b72 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01385.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01385.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01386.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01386.java
index 8cb2c9e018..1836e8fac6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01386.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01386.java
@@ -50,6 +50,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String bar = new Test().doSomething(request, param);
String sql = "SELECT userid from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
// int results =
// org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForInt(sql);
@@ -57,7 +58,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForObject(
sql, Integer.class);
response.getWriter().println("Your results are: " + results);
- // System.out.println("Your results are: " + results);
+
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01387.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01387.java
index 0628886c10..beca6a3b31 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01387.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01387.java
@@ -50,6 +50,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String bar = new Test().doSomething(request, param);
String sql = "SELECT userid from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
// int results =
// org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForInt(sql);
@@ -57,7 +58,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForObject(
sql, Integer.class);
response.getWriter().println("Your results are: " + results);
- // System.out.println("Your results are: " + results);
+
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01388.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01388.java
index eb5a84876a..5c60b8d526 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01388.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01388.java
@@ -50,6 +50,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String bar = new Test().doSomething(request, param);
String sql = "SELECT userid from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
// int results =
// org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForInt(sql);
@@ -57,7 +58,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForObject(
sql, Integer.class);
response.getWriter().println("Your results are: " + results);
- // System.out.println("Your results are: " + results);
+
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01389.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01389.java
index e26f60f017..e47aa1e448 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01389.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01389.java
@@ -50,19 +50,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String bar = new Test().doSomething(request, param);
String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
java.util.List> list =
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
response.getWriter().println("Your results are:
");
- // System.out.println("Your results are");
-
for (Object o : list) {
response.getWriter()
.println(
org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
+ "
");
- // System.out.println(o.toString());
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
@@ -72,7 +70,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (org.springframework.dao.DataAccessException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01391.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01391.java
index 27ce119633..687663ce43 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01391.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01391.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01392.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01392.java
index 3e0e7bb8a1..ece5531b60 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01392.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01392.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01393.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01393.java
index 7d5f21622a..2e05391685 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01393.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01393.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01394.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01394.java
index 8eccd086d3..80d7d6c08e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01394.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01394.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01395.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01395.java
index 427dc1fe11..67764b25c7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01395.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01395.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01396.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01396.java
index 3bc03b236a..127e9f9a22 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01396.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01396.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01402.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01402.java
index df7a933270..1db7c8765c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01402.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01402.java
@@ -68,7 +68,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
Object[] filters = new Object[] {"The streetz 4 Ms bar"};
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, filters, sc);
@@ -84,12 +83,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01459.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01459.java
index c18df74854..bf444f4331 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01459.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01459.java
@@ -71,7 +71,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01460.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01460.java
index 9bff7da762..eb0935cd0e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01460.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01460.java
@@ -74,7 +74,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01461.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01461.java
index 98472724a1..f9d0bdd3b4 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01461.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01461.java
@@ -74,7 +74,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01462.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01462.java
index ba8981e817..066c1db453 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01462.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01462.java
@@ -75,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01463.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01463.java
index 43c8d6aafa..df96b5b48e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01463.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01463.java
@@ -75,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01464.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01464.java
index 44db231f40..211a1db751 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01464.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01464.java
@@ -76,7 +76,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01467.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01467.java
index d1c7dfa97b..2ba4001eb6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01467.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01467.java
@@ -60,19 +60,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String bar = new Test().doSomething(request, param);
String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
java.util.List> list =
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
response.getWriter().println("Your results are:
");
- // System.out.println("Your results are");
-
for (Object o : list) {
response.getWriter()
.println(
org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
+ "
");
- // System.out.println(o.toString());
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
@@ -82,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (org.springframework.dao.DataAccessException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01468.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01468.java
index 6dbb3e4359..b383d0be4f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01468.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01468.java
@@ -60,19 +60,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String bar = new Test().doSomething(request, param);
String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
java.util.List> list =
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
response.getWriter().println("Your results are:
");
- // System.out.println("Your results are");
-
for (Object o : list) {
response.getWriter()
.println(
org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
+ "
");
- // System.out.println(o.toString());
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
@@ -82,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (org.springframework.dao.DataAccessException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01469.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01469.java
index d81ecd1707..13d3df83eb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01469.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01469.java
@@ -60,19 +60,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String bar = new Test().doSomething(request, param);
String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
java.util.List> list =
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
response.getWriter().println("Your results are:
");
- // System.out.println("Your results are");
-
for (Object o : list) {
response.getWriter()
.println(
org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
+ "
");
- // System.out.println(o.toString());
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
@@ -82,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (org.springframework.dao.DataAccessException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01470.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01470.java
index cbd399a964..d14a17dc01 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01470.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01470.java
@@ -66,10 +66,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01472.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01472.java
index b5c87b7b3d..e552a6fb6b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01472.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01472.java
@@ -70,7 +70,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01473.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01473.java
index c780754908..0806191ce8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01473.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01473.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01474.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01474.java
index 6a991c82bd..8bd3f6402b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01474.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01474.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01475.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01475.java
index a6544d1b0d..6c633daafa 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01475.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01475.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01476.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01476.java
index 6bb213696e..6fcab8199b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01476.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01476.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01477.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01477.java
index cde5f9c9df..ca247d6dcf 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01477.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01477.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01490.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01490.java
index c29131fe73..828dbdae3d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01490.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01490.java
@@ -56,7 +56,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
Object[] filters = new Object[] {"The streetz 4 Ms bar"};
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, filters, sc);
@@ -72,12 +71,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01491.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01491.java
index e1ec9a6a33..0a82c6b15f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01491.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01491.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person)(uid=" + bar + "))";
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, sc);
@@ -71,12 +70,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01492.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01492.java
index 1b92dadc98..debee7212a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01492.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01492.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person)(uid=" + bar + "))";
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, sc);
@@ -71,12 +70,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01501.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01501.java
index 9a894e761b..5e4b4aa61c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01501.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01501.java
@@ -74,12 +74,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01552.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01552.java
index 30ccfb20b5..c426daefd3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01552.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01552.java
@@ -64,7 +64,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01554.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01554.java
index 98f41ac9b1..29f0e46d67 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01554.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01554.java
@@ -48,19 +48,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String bar = new Test().doSomething(request, param);
String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
java.util.List> list =
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
response.getWriter().println("Your results are:
");
- // System.out.println("Your results are");
-
for (Object o : list) {
response.getWriter()
.println(
org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
+ "
");
- // System.out.println(o.toString());
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
@@ -70,7 +68,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (org.springframework.dao.DataAccessException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01557.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01557.java
index 3143d858e0..8d3e1e9b0f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01557.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01557.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01558.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01558.java
index eb4cf5867d..4b09d7e9d7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01558.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01558.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01559.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01559.java
index d0ca545532..16295a7012 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01559.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01559.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01560.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01560.java
index 48217e41fd..c92707a8ea 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01560.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01560.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01568.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01568.java
index c9d7b9b9a0..c0b49697be 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01568.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01568.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person)(uid=" + bar + "))";
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, sc);
@@ -71,12 +70,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01569.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01569.java
index 40c20e8ad2..b3fac335bb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01569.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01569.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person)(uid=" + bar + "))";
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, sc);
@@ -71,12 +70,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01620.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01620.java
index 3c8f3ffba3..37cf16cd4e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01620.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01620.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01621.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01621.java
index e157229422..d66f29c180 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01621.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01621.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01622.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01622.java
index 14f6c6b338..faddf2bd18 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01622.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01622.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01623.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01623.java
index 9a8cc61f26..7e36ab8939 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01623.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01623.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01626.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01626.java
index 1b9f0c3271..632da21b54 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01626.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01626.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01627.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01627.java
index e94f0fe638..b0826718a4 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01627.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01627.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01628.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01628.java
index 3cc4796614..7aa7b80bcd 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01628.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01628.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01629.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01629.java
index 960f342be6..aaca905293 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01629.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01629.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01630.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01630.java
index 25735ca49f..b7e75e0c98 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01630.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01630.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01631.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01631.java
index 523623de6f..e9d0f60477 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01631.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01631.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01712.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01712.java
index 07b5a4ed5e..1181e75a3b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01712.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01712.java
@@ -81,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01713.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01713.java
index d0929cc2a8..9459b517be 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01713.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01713.java
@@ -81,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01714.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01714.java
index 916429eabf..29d3ca4e20 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01714.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01714.java
@@ -84,7 +84,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01715.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01715.java
index 853147f3a6..243c045da9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01715.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01715.java
@@ -85,7 +85,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01716.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01716.java
index 41666d1b28..2c76eaaf7b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01716.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01716.java
@@ -85,7 +85,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01717.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01717.java
index 434aadd347..2eef460863 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01717.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01717.java
@@ -86,7 +86,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01718.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01718.java
index d3e9e5ee3f..5a0740745e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01718.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01718.java
@@ -86,7 +86,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01719.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01719.java
index 50596e9f63..752f16631b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01719.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01719.java
@@ -82,7 +82,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01723.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01723.java
index 0de6e9b5ba..d3c0155452 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01723.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01723.java
@@ -70,6 +70,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String bar = new Test().doSomething(request, param);
String sql = "SELECT userid from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
// int results =
// org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForInt(sql);
@@ -77,7 +78,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForObject(
sql, Integer.class);
response.getWriter().println("Your results are: " + results);
- // System.out.println("Your results are: " + results);
+
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01724.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01724.java
index 15c8468436..0faf9535b2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01724.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01724.java
@@ -70,19 +70,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String bar = new Test().doSomething(request, param);
String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
java.util.List> list =
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
response.getWriter().println("Your results are:
");
- // System.out.println("Your results are");
-
for (Object o : list) {
response.getWriter()
.println(
org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
+ "
");
- // System.out.println(o.toString());
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
@@ -92,7 +90,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (org.springframework.dao.DataAccessException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01725.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01725.java
index 1d1cac9ccb..0cfeaad3a7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01725.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01725.java
@@ -77,10 +77,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sql, new Object[] {}, String.class);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01726.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01726.java
index e73791235c..69f1528c94 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01726.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01726.java
@@ -75,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
while (results.next()) {
response.getWriter()
.println(
@@ -85,7 +84,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.encoder()
.encodeForHTML(results.getString("USERNAME"))
+ " ");
- // System.out.println(results.getString("USERNAME"));
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01728.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01728.java
index f22735fa66..f492c701bf 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01728.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01728.java
@@ -80,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01729.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01729.java
index d7828b29e6..db6bacbcbb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01729.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01729.java
@@ -80,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01730.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01730.java
index f2b8d06757..414b0d45e3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01730.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01730.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01731.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01731.java
index dd30be2aeb..65064326ce 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01731.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01731.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01732.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01732.java
index 8681e815ad..bf21f6669b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01732.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01732.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01733.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01733.java
index 4f5644ab3c..47344b9632 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01733.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01733.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01743.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01743.java
index 908ecc844a..80b59d1178 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01743.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01743.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
Object[] filters = new Object[] {"The streetz 4 Ms bar"};
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, filters, sc);
@@ -71,12 +70,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01753.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01753.java
index 0cc45bff7f..4392d491af 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01753.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01753.java
@@ -73,12 +73,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01754.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01754.java
index a9b0946255..c8b9af0f20 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01754.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01754.java
@@ -73,12 +73,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01755.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01755.java
index 7dbbae0442..40cf5eab7c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01755.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01755.java
@@ -73,12 +73,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01756.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01756.java
index f8ea325697..6f57abdd04 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01756.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01756.java
@@ -73,12 +73,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01803.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01803.java
index b610d3dcf0..ec237b53c6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01803.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01803.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01804.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01804.java
index fb6da6d9c5..94b7ec8235 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01804.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01804.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01805.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01805.java
index bb7d83eae7..3105d77352 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01805.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01805.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01808.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01808.java
index 278e6b2679..7ec636a4fd 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01808.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01808.java
@@ -47,6 +47,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String bar = new Test().doSomething(request, param);
String sql = "SELECT userid from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
// int results =
// org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForInt(sql);
@@ -54,7 +55,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForObject(
sql, Integer.class);
response.getWriter().println("Your results are: " + results);
- // System.out.println("Your results are: " + results);
+
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01809.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01809.java
index 0d21da2b1d..991b656a0d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01809.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01809.java
@@ -47,19 +47,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String bar = new Test().doSomething(request, param);
String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
java.util.List> list =
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
response.getWriter().println("Your results are:
");
- // System.out.println("Your results are");
-
for (Object o : list) {
response.getWriter()
.println(
org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
+ "
");
- // System.out.println(o.toString());
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
@@ -69,7 +67,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (org.springframework.dao.DataAccessException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01810.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01810.java
index 1a083344fc..679efae8a1 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01810.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01810.java
@@ -53,10 +53,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01811.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01811.java
index 6a01a19c06..49b6e2de95 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01811.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01811.java
@@ -53,10 +53,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01812.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01812.java
index 2e880806d0..f13b6e50bc 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01812.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01812.java
@@ -54,10 +54,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sql, new Object[] {}, String.class);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01813.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01813.java
index aed1088376..66df6ed07d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01813.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01813.java
@@ -54,10 +54,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sql, new Object[] {}, String.class);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01814.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01814.java
index 1908204d72..5937f43769 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01814.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01814.java
@@ -52,7 +52,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
while (results.next()) {
response.getWriter()
.println(
@@ -62,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.encoder()
.encodeForHTML(results.getString("USERNAME"))
+ " ");
- // System.out.println(results.getString("USERNAME"));
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01815.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01815.java
index 527192ca85..4c42e29737 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01815.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01815.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01816.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01816.java
index 37f6cd4c41..10e30f2ffa 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01816.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01816.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01817.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01817.java
index 54e1bb776a..bb3d929e64 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01817.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01817.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01818.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01818.java
index b3ef628ad6..4ade959702 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01818.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01818.java
@@ -56,7 +56,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01819.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01819.java
index 4b9ee78d8f..b87ebf2fca 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01819.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01819.java
@@ -56,7 +56,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01820.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01820.java
index 905b70a0ca..ad41f74373 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01820.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01820.java
@@ -56,7 +56,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01822.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01822.java
index 652063479f..d76fdf33e6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01822.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01822.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01822", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01823.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01823.java
index 14b2731965..5e14cb2627 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01823.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01823.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01823", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01824.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01824.java
index faa6c3b76b..7f8ce5a2e2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01824.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01824.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01824", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01825.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01825.java
index 3c9e344478..a36bace17c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01825.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01825.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01825", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01826.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01826.java
index ed98148017..984ae4aed0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01826.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01826.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01826", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01827.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01827.java
index 1a0206901d..194889b730 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01827.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01827.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01827", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01828.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01828.java
index c3f800b1ff..2eaee677a8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01828.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01828.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01828", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01829.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01829.java
index dc5d3143b1..b558db1f52 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01829.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01829.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01829", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01830.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01830.java
index a1f3a82f10..519ae9a400 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01830.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01830.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01830", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01831.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01831.java
index e1522266d3..ea9a712bc6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01831.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01831.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01831", "Ms+Bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -73,7 +74,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
Object[] filters = new Object[] {"The streetz 4 Ms bar"};
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, filters, sc);
@@ -89,12 +89,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01832.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01832.java
index 9fc57602d0..24ab816dec 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01832.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01832.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01832", "Ms+Bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -73,7 +74,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
Object[] filters = new Object[] {"The streetz 4 Ms bar"};
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, filters, sc);
@@ -89,12 +89,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01833.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01833.java
index 5c586b78c6..6610758aec 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01833.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01833.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01833", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01834.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01834.java
index 8a6f1e4ef9..599cf9931b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01834.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01834.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01834", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01835.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01835.java
index ee2b8a4c46..b822f3e96c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01835.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01835.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01835", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01836.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01836.java
index 6bd242fef4..50a5ae2189 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01836.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01836.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01836", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01837.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01837.java
index f9f77e51e9..9cb43ac58a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01837.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01837.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01837", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01838.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01838.java
index 02f4cb14c9..e8a0968c35 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01838.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01838.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01838", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01839.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01839.java
index 5cd170d670..eb23408903 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01839.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01839.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01839", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01840.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01840.java
index 04533a0c2b..9b7d7b2df2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01840.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01840.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01840", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01841.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01841.java
index a7f71ab136..f07e441692 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01841.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01841.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01841", "FileName");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01842.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01842.java
index d1502aaa41..05297ba42b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01842.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01842.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01842", "anything");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01843.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01843.java
index 63f28da386..4dc4ce6983 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01843.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01843.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01843", "anything");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01844.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01844.java
index 8b819ee867..4d5aff7872 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01844.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01844.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01844", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01845.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01845.java
index 2578510a3c..f6f49e22b8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01845.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01845.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01845", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01846.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01846.java
index eca48bdbb9..83d7494c35 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01846.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01846.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01846", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01847.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01847.java
index 37d64465a2..79ad51979c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01847.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01847.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01847", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01848.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01848.java
index ad777035c9..758ca6684f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01848.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01848.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01848", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01849.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01849.java
index 0eb8373036..41e30d1969 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01849.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01849.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01849", "someSecret");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01850.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01850.java
index b38e94d618..917d067ad1 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01850.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01850.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01850", "ECHOOO");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01851.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01851.java
index 85be124f98..d8d0e6e205 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01851.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01851.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01851", "ECHOOO");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01852.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01852.java
index 6cc163c503..78872a8b39 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01852.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01852.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01852", "ECHOOO");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01853.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01853.java
index 643a9aeddf..f668077468 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01853.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01853.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01853", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01854.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01854.java
index a1d7a89fe8..c913decfd6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01854.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01854.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01854", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01855.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01855.java
index d49fd5d4a1..6084050ea8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01855.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01855.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01855", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01856.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01856.java
index aaf7bbac2a..f5fa9ccdd3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01856.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01856.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01856", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01857.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01857.java
index 8598803d2b..c1ac6f1d00 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01857.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01857.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01857", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01858.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01858.java
index 607a500c9e..9965f2f471 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01858.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01858.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01858", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01859.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01859.java
index 8567931dd0..0a770ae181 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01859.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01859.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01859", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01860.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01860.java
index 85f530e06f..bd5978e6c2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01860.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01860.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01860", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01861.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01861.java
index eed2e87d02..7fc5697982 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01861.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01861.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01861", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01862.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01862.java
index acfe2945bf..d11e15bccd 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01862.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01862.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01862", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01863.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01863.java
index 2378cbabea..050954f40b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01863.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01863.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01863", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01864.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01864.java
index 28a4a7b34c..2e2048ea36 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01864.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01864.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01864", "ls");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01865.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01865.java
index 0da0955c2a..104dfbc674 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01865.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01865.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01865", "ls");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01866.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01866.java
index ee1eb6e0b1..e85db4c343 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01866.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01866.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01866", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01867.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01867.java
index e678175587..94402a4e85 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01867.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01867.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01867", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01868.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01868.java
index 8535147c86..258fb9f477 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01868.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01868.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01868", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01869.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01869.java
index a0b75ba575..2155e13a03 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01869.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01869.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01869", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01870.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01870.java
index 323eab5734..7ae7a68767 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01870.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01870.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01870", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01871.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01871.java
index acb918ff01..544d2e1d69 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01871.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01871.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01871", "whatever");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01872.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01872.java
index de4d068f4f..9379c3942f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01872.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01872.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01872", "color");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01873.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01873.java
index d1fe1addca..afde89887c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01873.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01873.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01873", "my_user_id");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01874.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01874.java
index 1a0f62d428..6d10d208a3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01874.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01874.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01874", "color");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01875.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01875.java
index 20914fbee1..f990d7f2bd 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01875.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01875.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01875", "color");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01876.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01876.java
index a210e4b623..ca18cacdd3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01876.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01876.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01876", "my_userid");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01877.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01877.java
index 8d95fb5adc..5550985680 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01877.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01877.java
@@ -38,6 +38,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
"BenchmarkTest01877", "verifyUserPassword%28%27foo%27%2C%27bar%27%29");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -80,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01878.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01878.java
index 7b63716dc1..3f3ab83934 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01878.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01878.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01878", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -77,7 +78,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01879.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01879.java
index c2d2741ef9..f391603fc1 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01879.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01879.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01879", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -80,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01880.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01880.java
index e646cf220a..66dd5e4497 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01880.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01880.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01880", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -81,7 +82,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01881.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01881.java
index 6f7c44a996..9823dd9648 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01881.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01881.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01881", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01882.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01882.java
index 2066b1af92..a81e9bd980 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01882.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01882.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01882", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01883.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01883.java
index 855c25e9d4..54971841a5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01883.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01883.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01883", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -70,7 +71,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
while (results.next()) {
response.getWriter()
.println(
@@ -80,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.encoder()
.encodeForHTML(results.getString("USERNAME"))
+ " ");
- // System.out.println(results.getString("USERNAME"));
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01884.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01884.java
index 70f8019f52..85b55563b7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01884.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01884.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01884", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01885.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01885.java
index b36571c9e4..dfea356d24 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01885.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01885.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01885", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -74,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01886.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01886.java
index e6b384a110..9f3d814aae 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01886.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01886.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01886", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -74,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01887.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01887.java
index 673748a680..8cbbfe2cdd 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01887.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01887.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01887", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -74,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01888.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01888.java
index e671b2c4d5..d3383b9fc9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01888.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01888.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01888", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -74,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01889.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01889.java
index cbea08b093..530250a18d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01889.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01889.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01889", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -74,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01890.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01890.java
index cf86030798..7cc57c7045 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01890.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01890.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01890", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -74,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01891.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01891.java
index c2f0c21228..b758b2516e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01891.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01891.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01891", "bar");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
@@ -74,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01892.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01892.java
index 63890fb1f2..e8d8450b9c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01892.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01892.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01892", "2222");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01893.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01893.java
index 096f5cf18d..664050f62c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01893.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01893.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01893", "2222");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01894.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01894.java
index 313a19b02e..8c072bf382 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01894.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01894.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
new javax.servlet.http.Cookie("BenchmarkTest01894", "2222");
userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
userCookie.setSecure(true);
+ userCookie.setHttpOnly(true);
userCookie.setPath(request.getRequestURI());
userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01902.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01902.java
index 3544dfadb6..2776f64e08 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01902.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01902.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person)(uid=" + bar + "))";
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, sc);
@@ -74,12 +73,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01903.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01903.java
index 6a66aa2cba..ad65c9a522 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01903.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01903.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person)(uid=" + bar + "))";
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, sc);
@@ -74,12 +73,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01909.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01909.java
index f1f0a22c78..e611b1b513 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01909.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01909.java
@@ -77,12 +77,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01961.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01961.java
index a2b2ca3ddc..e6e253c0a8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01961.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01961.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01962.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01962.java
index 51a0bbf7de..f1973d8750 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01962.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01962.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01966.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01966.java
index c1c66396b8..34f426847d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01966.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01966.java
@@ -58,10 +58,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sql, new Object[] {}, String.class);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01967.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01967.java
index 7b820cf2b1..183561ce92 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01967.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01967.java
@@ -58,10 +58,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sql, new Object[] {}, String.class);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01969.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01969.java
index b10477d345..dc8e1914f9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01969.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01969.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01970.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01970.java
index ab775cb532..c89cc64e7a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01970.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01970.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01971.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01971.java
index f964f0481b..de1ffea079 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01971.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01971.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01972.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01972.java
index e44fec95a1..7eb6c84d20 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01972.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01972.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01973.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01973.java
index 4f773d5724..e3fab19469 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01973.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01973.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02025.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02025.java
index 1110a48f83..d29229dfea 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02025.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02025.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person)(uid=" + bar + "))";
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, sc);
@@ -76,12 +75,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02036.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02036.java
index 5e33aaf502..138d5f3f3a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02036.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02036.java
@@ -79,12 +79,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02037.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02037.java
index 3c00fbeb7e..363f6fd0c2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02037.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02037.java
@@ -79,12 +79,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02087.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02087.java
index 41825b6aa8..12e605f6e3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02087.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02087.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02088.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02088.java
index d7221da5d4..54cdfcbdf7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02088.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02088.java
@@ -68,7 +68,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02089.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02089.java
index a5867c1b73..483b9cb8ba 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02089.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02089.java
@@ -68,7 +68,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02092.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02092.java
index 669ee4c7ee..787dcb95db 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02092.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02092.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02093.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02093.java
index 62bad61b55..64e82e0d9d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02093.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02093.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02094.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02094.java
index 1bd07a5103..0daa0e0868 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02094.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02094.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02095.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02095.java
index 9e58f57031..f2feb85159 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02095.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02095.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02096.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02096.java
index 0b69ffd348..c07c5600ee 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02096.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02096.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02097.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02097.java
index a34bc2846d..e94404d6e7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02097.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02097.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02098.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02098.java
index 3df3672ee3..a791bc2a9c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02098.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02098.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02099.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02099.java
index c68f1bc582..84af1bc9d0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02099.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02099.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02104.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02104.java
index 63ddf9e267..b09185de59 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02104.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02104.java
@@ -54,7 +54,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
Object[] filters = new Object[] {"The streetz 4 Ms bar"};
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, filters, sc);
@@ -70,12 +69,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02114.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02114.java
index 42e5b58397..70c15b4de9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02114.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02114.java
@@ -72,12 +72,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02115.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02115.java
index dbc0bc3d18..7dbbc14329 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02115.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02115.java
@@ -72,12 +72,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02116.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02116.java
index a1dc8d7ca1..de0470f123 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02116.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02116.java
@@ -72,12 +72,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02169.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02169.java
index 0e7ff768c7..e18177ba28 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02169.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02169.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02170.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02170.java
index 04587551cd..4452d42965 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02170.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02170.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02171.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02171.java
index 5456ea5f8d..096885dfd4 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02171.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02171.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02172.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02172.java
index aeeee038af..0dd376de20 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02172.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02172.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02173.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02173.java
index e26a2f320a..f1501635db 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02173.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02173.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02178.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02178.java
index 9fb366b9fb..7c6b42c11c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02178.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02178.java
@@ -46,19 +46,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String bar = doSomething(request, param);
String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
java.util.List> list =
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
response.getWriter().println("Your results are:
");
- // System.out.println("Your results are");
-
for (Object o : list) {
response.getWriter()
.println(
org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
+ "
");
- // System.out.println(o.toString());
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
@@ -68,7 +66,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (org.springframework.dao.DataAccessException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02181.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02181.java
index 15b365ce9e..44b38d4489 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02181.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02181.java
@@ -52,10 +52,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02182.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02182.java
index f2e08c96a0..63b7d64f79 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02182.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02182.java
@@ -52,10 +52,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02183.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02183.java
index 4d2a03d951..f7cfcf326e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02183.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02183.java
@@ -53,10 +53,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sql, new Object[] {}, String.class);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02184.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02184.java
index 440e540174..7fd177e23a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02184.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02184.java
@@ -51,7 +51,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
while (results.next()) {
response.getWriter()
.println(
@@ -61,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.encoder()
.encodeForHTML(results.getString("USERNAME"))
+ " ");
- // System.out.println(results.getString("USERNAME"));
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02185.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02185.java
index 4deedfcbeb..8e84bd8f3e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02185.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02185.java
@@ -56,7 +56,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02186.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02186.java
index 2585b309c0..df4713f108 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02186.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02186.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02187.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02187.java
index 6333aeed5f..020dca3bc5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02187.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02187.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02188.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02188.java
index ff72471884..1eba6b944d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02188.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02188.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02196.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02196.java
index de20630555..19cded3053 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02196.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02196.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person)(uid=" + bar + "))";
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, sc);
@@ -73,12 +72,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02208.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02208.java
index 525ff4177c..40a88d4e35 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02208.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02208.java
@@ -76,12 +76,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02264.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02264.java
index ae2d93b9a2..19bf7f9a62 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02264.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02264.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02265.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02265.java
index 01b61fe001..897ae7658a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02265.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02265.java
@@ -64,7 +64,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02266.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02266.java
index e43009b443..ecbd4a0505 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02266.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02266.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02267.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02267.java
index 5f87994cb9..e28db5b51e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02267.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02267.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02268.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02268.java
index 515184a326..999fd2a248 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02268.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02268.java
@@ -66,7 +66,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02269.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02269.java
index b90b184768..5e3d618e0b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02269.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02269.java
@@ -66,7 +66,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02270.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02270.java
index d11e5ede3e..74d5d4785f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02270.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02270.java
@@ -66,7 +66,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02271.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02271.java
index 1b90bd2cc9..e5fba316e8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02271.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02271.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02275.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02275.java
index d9c2334a7c..0fc0dbb5f1 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02275.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02275.java
@@ -50,6 +50,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String bar = doSomething(request, param);
String sql = "SELECT userid from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
// int results =
// org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForInt(sql);
@@ -57,7 +58,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForObject(
sql, Integer.class);
response.getWriter().println("Your results are: " + results);
- // System.out.println("Your results are: " + results);
+
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02276.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02276.java
index a36ec164fa..22f057916e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02276.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02276.java
@@ -50,6 +50,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String bar = doSomething(request, param);
String sql = "SELECT userid from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
// int results =
// org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForInt(sql);
@@ -57,7 +58,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForObject(
sql, Integer.class);
response.getWriter().println("Your results are: " + results);
- // System.out.println("Your results are: " + results);
+
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02277.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02277.java
index b67c129989..4cafaf52b5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02277.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02277.java
@@ -50,19 +50,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String bar = doSomething(request, param);
String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
java.util.List> list =
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
response.getWriter().println("Your results are:
");
- // System.out.println("Your results are");
-
for (Object o : list) {
response.getWriter()
.println(
org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
+ "
");
- // System.out.println(o.toString());
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
@@ -72,7 +70,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (org.springframework.dao.DataAccessException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02281.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02281.java
index 7c5807700b..39454692a2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02281.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02281.java
@@ -56,10 +56,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02283.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02283.java
index 706b073704..489bfed41e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02283.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02283.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02284.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02284.java
index 780d760191..f0e3156355 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02284.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02284.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02285.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02285.java
index 5526d425eb..97257ddf33 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02285.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02285.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02286.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02286.java
index beb83e124a..16e2bb77a0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02286.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02286.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02287.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02287.java
index a32f27fbae..88885f4139 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02287.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02287.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02288.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02288.java
index 2a71006a55..5a6e8022ad 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02288.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02288.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02299.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02299.java
index 2522d0ae52..bff7443c91 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02299.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02299.java
@@ -67,7 +67,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person)(uid=" + bar + "))";
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, sc);
@@ -83,12 +82,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02305.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02305.java
index 7601ee638c..85c1aa4a43 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02305.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02305.java
@@ -86,12 +86,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02306.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02306.java
index 1d825bed3d..93e649818a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02306.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02306.java
@@ -86,12 +86,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02353.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02353.java
index 2e8bb2bfd1..3014bff9ea 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02353.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02353.java
@@ -72,7 +72,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02354.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02354.java
index 37184ef31a..568c020f45 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02354.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02354.java
@@ -72,7 +72,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355.java
index 18b0317f61..6bd030631d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355.java
@@ -72,7 +72,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02358.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02358.java
index fbd6824e6a..dc0a691332 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02358.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02358.java
@@ -60,19 +60,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String bar = doSomething(request, param);
String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
java.util.List> list =
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
response.getWriter().println("Your results are:
");
- // System.out.println("Your results are");
-
for (Object o : list) {
response.getWriter()
.println(
org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
+ "
");
- // System.out.println(o.toString());
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
@@ -82,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (org.springframework.dao.DataAccessException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02361.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02361.java
index 9b859c7642..c540dddf96 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02361.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02361.java
@@ -67,10 +67,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sql, new Object[] {}, String.class);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02362.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02362.java
index e577df2c58..793778df04 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02362.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02362.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
while (results.next()) {
response.getWriter()
.println(
@@ -75,7 +74,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.encoder()
.encodeForHTML(results.getString("USERNAME"))
+ " ");
- // System.out.println(results.getString("USERNAME"));
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02364.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02364.java
index 7d20f7c835..e8b1a1efd8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02364.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02364.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02365.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02365.java
index 904701a2e6..6aeff40f01 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02365.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02365.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02366.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02366.java
index 5e1715ab4d..d395f54151 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02366.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02366.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02367.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02367.java
index 3cf526b435..e644e63f58 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02367.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02367.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02368.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02368.java
index 2a33327b13..83c0913242 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02368.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02368.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02369.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02369.java
index 982b944920..9a1379818a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02369.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02369.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02376.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02376.java
index c8ae44ef01..1605328aaa 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02376.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02376.java
@@ -56,7 +56,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
Object[] filters = new Object[] {"The streetz 4 Ms bar"};
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, filters, sc);
@@ -72,12 +71,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02384.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02384.java
index d6740554c5..38d5b15e8b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02384.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02384.java
@@ -74,12 +74,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02449.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02449.java
index c2e222c302..33aecfca88 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02449.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02449.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02450.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02450.java
index dfe1e414ba..cbd356eb62 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02450.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02450.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02452.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02452.java
index 5aab2d2441..31b7efa994 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02452.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02452.java
@@ -48,19 +48,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String bar = doSomething(request, param);
String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
java.util.List> list =
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
response.getWriter().println("Your results are:
");
- // System.out.println("Your results are");
-
for (Object o : list) {
response.getWriter()
.println(
org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
+ "
");
- // System.out.println(o.toString());
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
@@ -70,7 +68,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (org.springframework.dao.DataAccessException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02453.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02453.java
index cb34a8382e..e6af487f0d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02453.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02453.java
@@ -54,10 +54,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02454.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02454.java
index 69d1bbba6c..cb3a217c8a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02454.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02454.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02455.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02455.java
index bcdb016a48..c46071027b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02455.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02455.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02456.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02456.java
index bfdbb132da..a65d4fa63f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02456.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02456.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02472.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02472.java
index c36b457587..11d8f218ae 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02472.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02472.java
@@ -74,12 +74,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02528.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02528.java
index b9e228ab91..1c6675f861 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02528.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02528.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02529.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02529.java
index 1402bf95fb..19d5812581 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02529.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02529.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02530.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02530.java
index 4bce2e6cb7..c77520d91b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02530.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02530.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02531.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02531.java
index 4b46ee9f66..870a15e34a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02531.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02531.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02532.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02532.java
index 150e8585e3..7aefb3dd08 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02532.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02532.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02533.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02533.java
index cf898883c9..343fe8cbc8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02533.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02533.java
@@ -64,7 +64,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02534.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02534.java
index e2fceaffed..f6eb4bee3f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02534.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02534.java
@@ -64,7 +64,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02535.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02535.java
index f39245478b..35a34d9cd6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02535.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02535.java
@@ -64,7 +64,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02538.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02538.java
index b2cabaaf6c..506ea4c5dd 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02538.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02538.java
@@ -55,10 +55,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sql, new Object[] {}, String.class);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02539.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02539.java
index e482541d10..5e1d3bf602 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02539.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02539.java
@@ -53,7 +53,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
while (results.next()) {
response.getWriter()
.println(
@@ -63,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.encoder()
.encodeForHTML(results.getString("USERNAME"))
+ " ");
- // System.out.println(results.getString("USERNAME"));
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02541.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02541.java
index 03d91c93d1..07f7a0eaf5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02541.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02541.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02542.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02542.java
index 2302f093cc..1c2a43625d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02542.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02542.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02543.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02543.java
index 2adafc876e..3a68d0c555 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02543.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02543.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02544.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02544.java
index e4e89da079..f207ef1cfb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02544.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02544.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02545.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02545.java
index f471f880b1..68ae0a86fb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02545.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02545.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02546.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02546.java
index 3e398043ce..5025942a00 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02546.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02546.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02553.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02553.java
index b94b3ab19e..5c021400a9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02553.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02553.java
@@ -78,7 +78,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
Object[] filters = new Object[] {"The streetz 4 Ms bar"};
- // System.out.println("Filter " + filter);
boolean found = false;
javax.naming.NamingEnumeration results =
ctx.search(base, filter, filters, sc);
@@ -94,12 +93,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02571.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02571.java
index c8e58a1661..e1affb0d15 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02571.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02571.java
@@ -96,12 +96,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02572.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02572.java
index 5dd09df1ec..5bd83dc49b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02572.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02572.java
@@ -96,12 +96,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.println(
"LDAP query results:
"
+ "Record found with name "
- + attr.get()
- + "
"
- + "Address: "
- + attr2.get()
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr.get().toString())
+ + "
Address: "
+ + org.owasp
+ .esapi
+ .ESAPI
+ .encoder()
+ .encodeForHTML(attr2.get().toString())
+ "
");
- // System.out.println("record found " + attr.get());
found = true;
}
}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02625.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02625.java
index 6759a98c58..d7e823b468 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02625.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02625.java
@@ -81,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02626.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02626.java
index dd8ebc58a8..66c0fbd317 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02626.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02626.java
@@ -81,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02627.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02627.java
index d44339d98c..70db09e36d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02627.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02627.java
@@ -84,7 +84,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02628.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02628.java
index 9985904be4..dfbebf5792 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02628.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02628.java
@@ -84,7 +84,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02629.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02629.java
index 027f7d1b8b..fc65b016ea 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02629.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02629.java
@@ -84,7 +84,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02630.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02630.java
index 523f2e6754..fbdec978da 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02630.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02630.java
@@ -85,7 +85,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02631.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02631.java
index 722b51f0a1..28a2dcf758 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02631.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02631.java
@@ -81,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02632.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02632.java
index 2255aca5d6..03de2be408 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02632.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02632.java
@@ -81,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02633.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02633.java
index 35d6d6aaea..dfee23479d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02633.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02633.java
@@ -82,7 +82,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02634.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02634.java
index 9f0a60169d..7c7bbcbaa1 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02634.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02634.java
@@ -85,7 +85,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02635.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02635.java
index 4e40f0ede1..07c9d6d2f7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02635.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02635.java
@@ -86,7 +86,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02636.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02636.java
index c1e2b610a1..88f6b20d0a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02636.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02636.java
@@ -82,7 +82,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02637.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02637.java
index f830d309c1..5b9c98975c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02637.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02637.java
@@ -82,7 +82,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02642.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02642.java
index c83ea74914..3334830902 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02642.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02642.java
@@ -70,19 +70,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String bar = doSomething(request, param);
String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
java.util.List> list =
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
response.getWriter().println("Your results are:
");
- // System.out.println("Your results are");
-
for (Object o : list) {
response.getWriter()
.println(
org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
+ "
");
- // System.out.println(o.toString());
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
@@ -92,7 +90,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (org.springframework.dao.DataAccessException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02643.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02643.java
index 4fda89f13e..356fb32bb5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02643.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02643.java
@@ -70,19 +70,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String bar = doSomething(request, param);
String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
java.util.List> list =
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
response.getWriter().println("Your results are:
");
- // System.out.println("Your results are");
-
for (Object o : list) {
response.getWriter()
.println(
org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
+ "
");
- // System.out.println(o.toString());
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
@@ -92,7 +90,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (org.springframework.dao.DataAccessException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02644.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02644.java
index 75ae0a8bef..8c2ca03f64 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02644.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02644.java
@@ -75,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
while (results.next()) {
response.getWriter()
.println(
@@ -85,7 +84,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.encoder()
.encodeForHTML(results.getString("USERNAME"))
+ " ");
- // System.out.println(results.getString("USERNAME"));
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02645.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02645.java
index 7d540ce0df..cf2f281dd4 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02645.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02645.java
@@ -75,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
while (results.next()) {
response.getWriter()
.println(
@@ -85,7 +84,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.encoder()
.encodeForHTML(results.getString("USERNAME"))
+ " ");
- // System.out.println(results.getString("USERNAME"));
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02647.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02647.java
index 0b796cc62f..b00246503d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02647.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02647.java
@@ -80,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02648.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02648.java
index d272e74a96..3527750643 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02648.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02648.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02649.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02649.java
index 6cd490aacb..d61ba917ae 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02649.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02649.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02650.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02650.java
index fcea66e0df..a819849cb9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02650.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02650.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02651.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02651.java
index 27d089d187..dc63aaf0ff 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02651.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02651.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02652.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02652.java
index 0dd7312ffe..3bbd02c14d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02652.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02652.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02653.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02653.java
index 9f93aa1e9f..c064e70343 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02653.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02653.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02654.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02654.java
index d977ceedd3..38531164b0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02654.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02654.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02655.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02655.java
index 86c4987b7c..cd397a0e29 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02655.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02655.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02656.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02656.java
index 301a160e55..f1069a63dd 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02656.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02656.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02657.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02657.java
index 66dc8b2b98..a72260299c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02657.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02657.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02727.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02727.java
index aec1ee5ed6..d4fc7f6553 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02727.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02727.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02728.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02728.java
index c321da721e..960d37fc15 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02728.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02728.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02729.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02729.java
index 181c4a4a30..8d8616f625 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02729.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02729.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02730.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02730.java
index 612f69b00b..2a85b7782e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02730.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02730.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02733.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02733.java
index c46610b144..dab514fb92 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02733.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02733.java
@@ -47,19 +47,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
String bar = doSomething(request, param);
String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
try {
java.util.List> list =
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
response.getWriter().println("Your results are:
");
- // System.out.println("Your results are");
-
for (Object o : list) {
response.getWriter()
.println(
org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
+ "
");
- // System.out.println(o.toString());
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
@@ -69,7 +67,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (org.springframework.dao.DataAccessException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02736.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02736.java
index 88f3add43e..f9cb0d9076 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02736.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02736.java
@@ -53,10 +53,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
response.getWriter()
.println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
- // System.out.println(results.toString());
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
.println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02737.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02737.java
index 132861fb46..1c7d521758 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02737.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02737.java
@@ -52,7 +52,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
response.getWriter().println("Your results are: ");
- // System.out.println("Your results are");
while (results.next()) {
response.getWriter()
.println(
@@ -62,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
.encoder()
.encodeForHTML(results.getString("USERNAME"))
+ " ");
- // System.out.println(results.getString("USERNAME"));
}
} catch (org.springframework.dao.EmptyResultDataAccessException e) {
response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02738.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02738.java
index 7fb69c2e4b..8992454588 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02738.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02738.java
@@ -56,7 +56,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02739.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02739.java
index 3c57c2e534..782dffc30e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02739.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02739.java
@@ -56,7 +56,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02740.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02740.java
index b573cfc156..575f45cadf 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02740.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02740.java
@@ -56,7 +56,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
- return;
} else throw new ServletException(e);
}
} // end doPost