This page is not yet available in Spanish. We are working on its translation. If you have any questions or feedback about our current translation project, feel free to reach out to us!
Do not use NullCipher as it does not transform the plaintext and the cipher text is identical to the text. Use real security measures for your application.
publicclassMain{publicstaticmain(String[]args){CipherdoNothingCihper=newNullCipher();CipherdoNothingCihper2=newjavax.crypto.NullCipher();}@OverridepublicvoiddoPost(HttpServletRequestrequest,HttpServletResponseresponse)throwsServletException,IOException{response.setContentType("text/html;charset=UTF-8");javax.servlet.http.Cookie[]theCookies=request.getCookies();Stringparam="noCookieValueSupplied";if(theCookies!=null){for(javax.servlet.http.CookietheCookie:theCookies){if(theCookie.getName().equals("BenchmarkTest00073")){param=java.net.URLDecoder.decode(theCookie.getValue(),"UTF-8");break;}}}Stringbar;Stringguess="ABC";charswitchTarget=guess.charAt(1);// condition 'B', which is safe// Simple case statement that assigns param to bar on conditions 'A', 'C', or 'D'switch(switchTarget){case'A':bar=param;break;case'B':bar="bob";break;case'C':case'D':bar=param;break;default:bar="bob's your uncle";break;}try{java.security.MessageDigestmd=java.security.MessageDigest.getInstance("MD5");byte[]input={(byte)'?'};ObjectinputParam=bar;if(inputParaminstanceofString)input=((String)inputParam).getBytes();if(inputParaminstanceofjava.io.InputStream){byte[]strInput=newbyte[1000];inti=((java.io.InputStream)inputParam).read(strInput);if(i==-1){response.getWriter().println("This input source requires a POST, not a GET. Incompatible UI for the InputStream source.");return;}input=java.util.Arrays.copyOf(strInput,i);}md.update(input);byte[]result=md.digest();java.io.FilefileTarget=newjava.io.File(newjava.io.File(org.owasp.benchmark.helpers.Utils.TESTFILES_DIR),"passwordFile.txt");java.io.FileWriterfw=newjava.io.FileWriter(fileTarget,true);// the true will append the new datafw.write("hash_value="+org.owasp.esapi.ESAPI.encoder().encodeForBase64(result,true)+"\n");fw.close();response.getWriter().println("Sensitive value '"+org.owasp.esapi.ESAPI.encoder().encodeForHTML(newString(input))+"' hashed and stored<br/>");}catch(java.security.NoSuchAlgorithmExceptione){System.out.println("Problem executing hash - TestCase");thrownewServletException(e);}response.getWriter().println("Hash Test java.security.MessageDigest.getInstance(java.lang.String) executed");}}