This page is not yet available in Spanish. We are working on its translation. If you have any questions or feedback about our current translation project, feel free to reach out to us!
Do not use NullCipher as it does not transform the plaintext and the cipher text is identical to the text. Use real security measures for your application.
publicclassMain{publicstaticmain(String[]args){CipherdoNothingCihper=newNullCipher();CipherdoNothingCihper2=newjavax.crypto.NullCipher();}@OverridepublicvoiddoPost(HttpServletRequestrequest,HttpServletResponseresponse)throwsServletException,IOException{response.setContentType("text/html;charset=UTF-8");javax.servlet.http.Cookie[]theCookies=request.getCookies();Stringparam="noCookieValueSupplied";if(theCookies!=null){for(javax.servlet.http.CookietheCookie:theCookies){if(theCookie.getName().equals("BenchmarkTest00073")){param=java.net.URLDecoder.decode(theCookie.getValue(),"UTF-8");break;}}}Stringbar;Stringguess="ABC";charswitchTarget=guess.charAt(1);// condition 'B', which is safe// Simple case statement that assigns param to bar on conditions 'A', 'C', or 'D'switch(switchTarget){case'A':bar=param;break;case'B':bar="bob";break;case'C':case'D':bar=param;break;default:bar="bob's your uncle";break;}try{java.security.MessageDigestmd=java.security.MessageDigest.getInstance("MD5");byte[]input={(byte)'?'};ObjectinputParam=bar;if(inputParaminstanceofString)input=((String)inputParam).getBytes();if(inputParaminstanceofjava.io.InputStream){byte[]strInput=newbyte[1000];inti=((java.io.InputStream)inputParam).read(strInput);if(i==-1){response.getWriter().println("This input source requires a POST, not a GET. Incompatible UI for the InputStream source.");return;}input=java.util.Arrays.copyOf(strInput,i);}md.update(input);byte[]result=md.digest();java.io.FilefileTarget=newjava.io.File(newjava.io.File(org.owasp.benchmark.helpers.Utils.TESTFILES_DIR),"passwordFile.txt");java.io.FileWriterfw=newjava.io.FileWriter(fileTarget,true);// the true will append the new datafw.write("hash_value="+org.owasp.esapi.ESAPI.encoder().encodeForBase64(result,true)+"\n");fw.close();response.getWriter().println("Sensitive value '"+org.owasp.esapi.ESAPI.encoder().encodeForHTML(newString(input))+"' hashed and stored<br/>");}catch(java.security.NoSuchAlgorithmExceptione){System.out.println("Problem executing hash - TestCase");thrownewServletException(e);}response.getWriter().println("Hash Test java.security.MessageDigest.getInstance(java.lang.String) executed");}}
Seamless integrations. Try Datadog Code Analysis
Datadog Code Analysis
Try this rule and analyze your code with Datadog Code Analysis
How to use this rule
1
2
rulesets:- java-security # Rules to enforce Java security.
Create a static-analysis.datadog.yml with the content above at the root of your repository
Use our free IDE Plugins or add Code Analysis scans to your CI pipelines
