SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 34

changes.mady.by.user Joman Chu

Saved on

compared with

New Version 35

changes.mady.by.user Dhruv Mohindra

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: just moved the code a bit, please also fix the indent...2 spaces

...

Code Block
bgColor#FFCCCC
import java.util.HashSet;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

public final class ExploitableLog {
    private static final StringBuilder logBuffer = new StringBuilder();
    private static String log = logBuffer.toString();

    static {
        // this is supposed to come from a file, but its here as a string for
        // illustrative purposes
        append("Alice,1267773881,2147651408\n");
        append("Bono,1267774881,2147351708\n");
        append("Charles,1267775881,1175523058\n");
        append("Cecilia,1267773222,291232332\n");
    }
      
    public  private static void append(CharSequence str) {
        logBuffer.append(str);
        log = logBuffer.toString(); //update log string on append
    }

    public static Set<String> suggestSearches(String search) {
        Set<String>        Set<String> searches = new HashSet<String>();
        
                
        // Construct regex from user string
        String        String regex = "^(" + search + ".*),[0-9]+?,[0-9]+?$";
        int        int flags = Pattern.MULTILINE;
        Pattern        Pattern keywordPattern = Pattern.compile(regex, flags);
        
                
        // Match regex
        Matcher        Matcher logMatcher = keywordPattern.matcher(log);
        while (logMatcher.find()) {
            String foundwhile = (logMatcher.groupfind(1);
            searches.add(found);
        }
        
        return searches;
    }
    
    private static void append(CharSequence str) {
        logBuffer.append(str);
        log = logBuffer.toString(); //update log string on append
    }

    static {
        // this is supposed to come from a file, but its here as a string for
        // illustrative purposes
        append("Alice,1267773881,2147651408\n");
        append("Bono,1267774881,2147351708\n");
        append("Charles,1267775881,1175523058\n");
        append("Cecilia,1267773222,291232332\n");
     {
            String found = logMatcher.group(1);
            searches.add(found);
        }
        
        return searches;
    }
}

The regex used to search the log is:

...

Code Block
bgColor#ccccff
import java.util.HashSet;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

public final class FilteredLog {
    private static final StringBuilder logBuffer = new StringBuilder();
    private static String log = logBuffer.toString();
    
    static {
        // this is supposed to come from a file, but its here as a string for
        // illustrative purposes
        append("Alice,1267773881,2147651408\n");
        append("Bono,1267774881,2147351708\n");
        append("Charles,1267775881,1175523058\n");
        append("Cecilia,1267773222,291232332\n");
    }
    
    private static void append(CharSequence str) {
        logBuffer.append(str);
        log = logBuffer.toString(); //update log string on append
    }

    public static Set<String> suggestSearches(String search) {
        Set<String>        Set<String> searches = new HashSet<String>();
        
                
        // Filter user input
        StringBuilder        StringBuilder sb = new StringBuilder(search.length());
        for        for (int i = 0; i < search.length(); ++i) {
            char            char ch = search.charAt(i);
            if            if (Character.isLetterOrDigit(ch) ||
                    ch == ' ' ||
                    ch == '\'') {
                sb                sb.append(ch);
            }
        }
        search        }
        search = sb.toString();
        
                
        // Construct regex from user string
        String        String regex = "^(" + search + ".*),[0-9]+?,[0-9]+?$";
        int        int flags = Pattern.MULTILINE;
        Pattern        Pattern keywordPattern = Pattern.compile(regex, flags);
        
                
        // Match regex
        Matcher        Matcher logMatcher = keywordPattern.matcher(log);
        while (logMatcher.find()) {
            String foundwhile = (logMatcher.groupfind(1);
            searches.add(found);
        }
        
        return searches;
    }
    
    private static void append(CharSequence str) {
        logBuffer.append(str);
        log = logBuffer.toString(); //update log string on append
    }

    static {
        // this is supposed to come from a file, but its here as a string for
        // illustrative purposes
        append("Alice,1267773881,2147651408\n");
        append("Bono,1267774881,2147351708\n");
        append("Charles,1267775881,1175523058\n");
        append("Cecilia,1267773222,291232332\n");
     {
            String found = logMatcher.group(1);
            searches.add(found);
        }
        
        return searches;
    }
}

Risk Assessment

Rule

Severity

Liklihood

Remediation Cost

Priority

Level

IDS18-J

medium

probable

high

P8

L2

...