package testcode;
import java.io.IOException;
import org.apache.struts.action.ActionForward;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.HashMap;
public class FileDisclosure extends HttpServlet{
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException{
try{
String returnURL = request.getParameter("returnURL");
/******Struts ActionForward vulnerable code tests******/
ActionForward forward = new ActionForward(returnURL); //BAD
ActionForward forward2 = new ActionForward(returnURL, true); //BAD
ActionForward forward3 = new ActionForward("name", returnURL, true); //BAD
ActionForward forward4 = new ActionForward("name", returnURL, true, true); //BAD
ActionForward forward5 = new ActionForward();
forward5.setPath(returnURL); //BAD
//false positive test - returnURL moved from path to name (safe argument)
ActionForward forward6 = new ActionForward(returnURL, "path", true); //OK
/******Spring ModelAndView vulnerable code tests******/
ModelAndView mv = new ModelAndView(returnURL); //BAD
ModelAndView mv2 = new ModelAndView(returnURL, new HashMap()); //BAD
ModelAndView mv3 = new ModelAndView(returnURL, "modelName", new Object()); //BAD
ModelAndView mv4 = new ModelAndView();
mv4.setViewName(returnURL); //BAD
//false positive test - returnURL moved from viewName to modelName (safe argument)
ModelAndView mv5 = new ModelAndView("viewName", returnURL, new Object()); //OK
}catch(Exception e){
System.out.println(e);
}
}
}