wangwei
/
bugtest001
Not watched
1
0
Fork 0
Code
Releases 0 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
Tree: dc5ef56004
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'dc5ef56004'
${ noResults }
bugtest001/Trust_Boundary_Violation/Trust_Boundary_Violation.java

39 lines
1.1 kB
Raw Blame History 

  1. package Trust_Boundary_Violation;

  2. 

  3. import java.io.IOException;

  4. 

  5. import javax.servlet.ServletException;

  6. import javax.servlet.http.HttpServletRequest;

  7. import javax.servlet.http.HttpServletResponse;

  8. import javax.servlet.http.HttpSession;

  9. 

  10. public class Trust_Boundary_Violation {

  11. 

  12. 	 protected void bad(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {

  13. 	       String name = req.getParameter("userName");

  14. 	       HttpSession sess = req.getSession();

  15. 	       sess.setAttribute("user", name); // bad 数据跨越信任边界

  16. 	   }

  17. 	 

  18. 	 protected void good(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {

  19. 	       String name = req.getParameter("userName");

  20. 	       HttpSession sess = req.getSession();

  21. 	       name = SafeCheck(name);

  22. 	       if(name.equals("admin")){

  23. 	    	   sess.setAttribute("user", name); // good 数据跨越信任边界   

  24. 	       }else

  25. 	    	   return;

  26.    	       

  27. 	   }

  28. 	 

  29. 	 

  30. 	 public String SafeCheck(String input){

  31. 	    	if("admin".equals(input)){

  32. 	    		return "admin";

  33. 	    	}else{

  34. 	    		return "baduser";

  35. 	    	}

  36. 	    }

  37. 

  38. }