This page is not yet available in Spanish. We are working on its translation. If you have any questions or feedback about our current translation project, feel free to reach out to us!
Do not use NullCipher as it does not transform the plaintext and the cipher text is identical to the text. Use real security measures for your application.
publicclassMain{publicstaticmain(String[]args){CipherdoNothingCihper=newNullCipher();CipherdoNothingCihper2=newjavax.crypto.NullCipher();}@OverridepublicvoiddoPost(HttpServletRequestrequest,HttpServletResponseresponse)throwsServletException,IOException{response.setContentType("text/html;charset=UTF-8");javax.servlet.http.Cookie[]theCookies=request.getCookies();Stringparam="noCookieValueSupplied";if(theCookies!=null){for(javax.servlet.http.CookietheCookie:theCookies){if(theCookie.getName().equals("BenchmarkTest00073")){param=java.net.URLDecoder.decode(theCookie.getValue(),"UTF-8");break;}}}Stringbar;Stringguess="ABC";charswitchTarget=guess.charAt(1);// condition 'B', which is safe// Simple case statement that assigns param to bar on conditions 'A', 'C', or 'D'switch(switchTarget){case'A':bar=param;break;case'B':bar="bob";break;case'C':case'D':bar=param;break;default:bar="bob's your uncle";break;}try{java.security.MessageDigestmd=java.security.MessageDigest.getInstance("MD5");byte[]input={(byte)'?'};ObjectinputParam=bar;if(inputParaminstanceofString)input=((String)inputParam).getBytes();if(inputParaminstanceofjava.io.InputStream){byte[]strInput=newbyte[1000];inti=((java.io.InputStream)inputParam).read(strInput);if(i==-1){response.getWriter().println("This input source requires a POST, not a GET. Incompatible UI for the InputStream source.");return;}input=java.util.Arrays.copyOf(strInput,i);}md.update(input);byte[]result=md.digest();java.io.FilefileTarget=newjava.io.File(newjava.io.File(org.owasp.benchmark.helpers.Utils.TESTFILES_DIR),"passwordFile.txt");java.io.FileWriterfw=newjava.io.FileWriter(fileTarget,true);// the true will append the new datafw.write("hash_value="+org.owasp.esapi.ESAPI.encoder().encodeForBase64(result,true)+"\n");fw.close();response.getWriter().println("Sensitive value '"+org.owasp.esapi.ESAPI.encoder().encodeForHTML(newString(input))+"' hashed and stored<br/>");}catch(java.security.NoSuchAlgorithmExceptione){System.out.println("Problem executing hash - TestCase");thrownewServletException(e);}response.getWriter().println("Hash Test java.security.MessageDigest.getInstance(java.lang.String) executed");}}
Integraciones sin problemas. Prueba Datadog Code Security
Datadog Code Security
Prueba esta regla y analiza tu código con Datadog Code Security
Cómo usar esta regla
1
2
rulesets:- java-security # Rules to enforce Java security.
Crea un static-analysis.datadog.yml con el contenido anterior en la raíz de tu repositorio
Utiliza nuestros complementos del IDE gratuitos o añade análisis de Code Security a tus pipelines de CI.
