Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package testcases.CWE36_Absolute_Path_Traversal;
- import testcasesupport.*;
- import java.io.*;
- import javax.servlet.http.*;
- import java.io.BufferedReader;
- import java.io.InputStreamReader;
- import java.io.IOException;
- import java.net.Socket;
- import java.util.logging.Level;
- public class CWE36_Absolute_Path_Traversal__connect_tcp_01 extends AbstractTestCase
- {
- public void bad() throws Throwable
- {
- String data;
- data = ""; /* Initialize data */
- /* Read data using an outbound tcp connection */
- {
- Socket socket = null;
- BufferedReader readerBuffered = null;
- InputStreamReader readerInputStream = null;
- try
- {
- /* Read data using an outbound tcp connection */
- socket = new Socket("host.example.org", 39544);
- /* read input from socket */
- readerInputStream = new InputStreamReader(socket.getInputStream(), "UTF-8");
- readerBuffered = new BufferedReader(readerInputStream);
- data = readerBuffered.readLine();
- }
- catch (IOException exceptIO)
- {
- IO.logger.log(Level.WARNING, "Error with stream reading", exceptIO);
- }
- finally
- {
- /* clean up stream reading objects */
- try
- {
- if (readerBuffered != null)
- {
- readerBuffered.close();
- }
- }
- catch (IOException exceptIO)
- {
- IO.logger.log(Level.WARNING, "Error closing BufferedReader", exceptIO);
- }
- try
- {
- if (readerInputStream != null)
- {
- readerInputStream.close();
- }
- }
- catch (IOException exceptIO)
- {
- IO.logger.log(Level.WARNING, "Error closing InputStreamReader", exceptIO);
- }
- /* clean up socket objects */
- try
- {
- if (socket != null)
- {
- socket.close();
- }
- }
- catch (IOException exceptIO)
- {
- IO.logger.log(Level.WARNING, "Error closing Socket", exceptIO);
- }
- }
- }
- if (data != null)
- {
- File file = new File(data);
- FileInputStream streamFileInputSink = null;
- InputStreamReader readerInputStreamSink = null;
- BufferedReader readerBufferdSink = null;
- if (file.exists() && file.isFile())
- {
- try
- {
- streamFileInputSink = new FileInputStream(file);
- readerInputStreamSink = new InputStreamReader(streamFileInputSink, "UTF-8");
- readerBufferdSink = new BufferedReader(readerInputStreamSink);
- IO.writeLine(readerBufferdSink.readLine());
- }
- catch (IOException exceptIO)
- {
- IO.logger.log(Level.WARNING, "Error with stream reading", exceptIO);
- }
- finally
- {
- /* Close stream reading objects */
- try
- {
- if (readerBufferdSink != null)
- {
- readerBufferdSink.close();
- }
- }
- catch (IOException exceptIO)
- {
- IO.logger.log(Level.WARNING, "Error closing BufferedReader", exceptIO);
- }
- try
- {
- if (readerInputStreamSink != null)
- {
- readerInputStreamSink.close();
- }
- }
- catch (IOException exceptIO)
- {
- IO.logger.log(Level.WARNING, "Error closing InputStreamReader", exceptIO);
- }
- try
- {
- if (streamFileInputSink != null)
- {
- streamFileInputSink.close();
- }
- }
- catch (IOException exceptIO)
- {
- IO.logger.log(Level.WARNING, "Error closing FileInputStream", exceptIO);
- }
- }
- }
- }
- }
- /* Below is the main(). It is only used when building this testcase on
- * its own for testing or for building a binary to use in testing binary
- * analysis tools. It is not used when compiling all the testcases as one
- * application, which is how source code analysis tools are tested.
- */
- public static void main(String[] args) throws ClassNotFoundException,
- InstantiationException, IllegalAccessException
- {
- mainFromParent(args);
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
