dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make mySession a method scoped variable, not an instance var

Browse Source 
This should fix a concurrency bug, although it is unlikely to
be exploitable/exploited


git-svn-id: http://webgoat.googlecode.com/svn/trunk@132 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
rogan.dawes 2007-07-10 11:48:53 +00:00
parent 294580983d
commit 2748e80d0d
1 changed files with 7 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
webgoat/main/project/JavaSource/org/owasp/webgoat/HammerHead.java
View File

@ -6,7 +6,6 @@ import java.sql.SQLException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Enumeration;
import java.util.List;
import java.util.Locale;
import java.util.TimeZone;
@ -68,11 +67,6 @@ public class HammerHead extends HttpServlet
*/
protected static SimpleDateFormat httpDateFormat;
/**
* Description of the Field
*/
protected WebSession mySession;
/**
* Set the session timeout to be 2 days
*/
@ -122,6 +116,7 @@ public class HammerHead extends HttpServlet
{
Screen screen = null;
WebSession mySession = null;
try
{
// System.out.println( "HH Entering doPost: " );
@ -198,7 +193,7 @@ public class HammerHead extends HttpServlet
{
try
{
this.writeScreen(screen, response);
this.writeScreen(mySession, screen, response);
}
catch (Throwable thr)
{
@ -314,17 +309,6 @@ public class HammerHead extends HttpServlet
System.out.println(output);
}
public List getCategories()
{
Course course = mySession.getCourse();
// May need to clone the List before returning it.
// return new ArrayList(course.getCategories());
return course.getCategories();
}
/*
* public List getLessons(Category category, String role) { Course
* course = mySession.getCourse(); // May need to clone the List before
@ -524,7 +508,7 @@ public class HammerHead extends HttpServlet
* @exception IOException
* Description of the Exception
*/
protected void writeScreen(Screen s, HttpServletResponse response)
protected void writeScreen(WebSession s, Screen screen, HttpServletResponse response)
throws IOException
{
response.setContentType("text/html");
@ -533,15 +517,15 @@ public class HammerHead extends HttpServlet
if (s == null)
{
s = new ErrorScreen(mySession, "Page to display was null");
screen = new ErrorScreen(s, "Page to display was null");
}
// set the content-length of the response.
// Trying to avoid chunked-encoding. (Aspect required)
response.setContentLength(s.getContentLength());
response.setHeader("Content-Length", s.getContentLength() + "");
response.setContentLength(screen.getContentLength());
response.setHeader("Content-Length", screen.getContentLength() + "");
s.output(out);
screen.output(out);
out.close();
}
}