hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-24 11:52:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
b9d2a26e6e511c9f6b5cd2a0049edc9d40dcf44e
codeql/java/ql/test/query-tests/security/CWE-330/WeakRandomCookies.java
Ed Minnix b9d2a26e6e Move ESAPI models into the Weak Randomness query 
These models don't need to apply to all queries. So instead they are
better suited to be within the weak randomness query itself.
2023-12-11 11:18:39 -05:00

72 lines
2.6 KiB
Java
Raw Blame History

import java.io.IOException;
import java.util.Random;
import java.util.concurrent.ThreadLocalRandom;
import java.security.SecureRandom;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.Cookie;
import org.apache.commons.lang3.RandomStringUtils;
import org.owasp.esapi.Encoder;
public class WeakRandomCookies extends HttpServlet {
HttpServletResponse response;
public void doGet() {
Random r = new Random();
int c = r.nextInt();
// BAD: The cookie value may be predictable.
Cookie cookie = new Cookie("name", Integer.toString(c));
response.addCookie(cookie); // $hasWeakRandomFlow
Encoder enc = null;
int c2 = r.nextInt();
String value = enc.encodeForHTML(Integer.toString(c2));
// BAD: The cookie value may be predictable.
Cookie cookie2 = new Cookie("name", value);
response.addCookie(cookie2); // $hasWeakRandomFlow
byte[] bytes = new byte[16];
r.nextBytes(bytes);
// BAD: The cookie value may be predictable.
Cookie cookie3 = new Cookie("name", new String(bytes));
response.addCookie(cookie3); // $hasWeakRandomFlow
SecureRandom sr = new SecureRandom();
byte[] bytes2 = new byte[16];
sr.nextBytes(bytes2);
// GOOD: The cookie value is unpredictable.
Cookie cookie4 = new Cookie("name", new String(bytes2));
response.addCookie(cookie4);
ThreadLocalRandom tlr = ThreadLocalRandom.current();
Cookie cookie5 = new Cookie("name", Integer.toString(tlr.nextInt()));
response.addCookie(cookie5); // $hasWeakRandomFlow
Cookie cookie6 = new Cookie("name", RandomStringUtils.random(10));
response.addCookie(cookie6); // $hasWeakRandomFlow
Cookie cookie7 = new Cookie("name", RandomStringUtils.randomAscii(10));
response.addCookie(cookie7); // $hasWeakRandomFlow
long c3 = r.nextLong();
// BAD: The cookie value may be predictable.
Cookie cookie8 = new Cookie("name", Long.toString(c3 * 5));
response.addCookie(cookie8); // $hasWeakRandomFlow
double c4 = Math.random();
// BAD: The cookie value may be predictable.
Cookie cookie9 = new Cookie("name", Double.toString(c4));
response.addCookie(cookie9); // $hasWeakRandomFlow
double c5 = Math.random();
// BAD: The cookie value may be predictable.
Cookie cookie10 = new Cookie("name", Double.toString(++c5));
response.addCookie(cookie10); // $hasWeakRandomFlow
}
}
Reference in New Issue View Git Blame Copy Permalink