dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make mySession a method scoped variable, not an instance var

Browse Source 
This should fix a concurrency bug, although it is unlikely to
be exploitable/exploited


git-svn-id: http://webgoat.googlecode.com/svn/trunk@132 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
rogan.dawes 2007-07-10 11:48:53 +00:00
parent 294580983d
commit 2748e80d0d
1 changed files with 7 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
webgoat/main/project/JavaSource/org/owasp/webgoat/HammerHead.java
View File

@ -6,7 +6,6 @@ import java.sql.SQLException;
import java.text.SimpleDateFormat; import java.text.SimpleDateFormat;
import java.util.Date; import java.util.Date;
import java.util.Enumeration; import java.util.Enumeration;
import java.util.List;
import java.util.Locale; import java.util.Locale;
import java.util.TimeZone; import java.util.TimeZone;
@ -68,11 +67,6 @@ public class HammerHead extends HttpServlet
*/ */
protected static SimpleDateFormat httpDateFormat; protected static SimpleDateFormat httpDateFormat;
/**
* Description of the Field
*/
protected WebSession mySession;
/** /**
* Set the session timeout to be 2 days * Set the session timeout to be 2 days
*/ */
@ -122,6 +116,7 @@ public class HammerHead extends HttpServlet
{ {
Screen screen = null; Screen screen = null;
WebSession mySession = null;
try try
{ {
// System.out.println( "HH Entering doPost: " ); // System.out.println( "HH Entering doPost: " );
@ -198,7 +193,7 @@ public class HammerHead extends HttpServlet
{ {
try try
{ {
this.writeScreen(screen, response); this.writeScreen(mySession, screen, response);
} }
catch (Throwable thr) catch (Throwable thr)
{ {
@ -314,17 +309,6 @@ public class HammerHead extends HttpServlet
System.out.println(output); System.out.println(output);
} }
public List getCategories()
{
Course course = mySession.getCourse();
// May need to clone the List before returning it.
// return new ArrayList(course.getCategories());
return course.getCategories();
}
/* /*
* public List getLessons(Category category, String role) { Course * public List getLessons(Category category, String role) { Course
* course = mySession.getCourse(); // May need to clone the List before * course = mySession.getCourse(); // May need to clone the List before
@ -524,7 +508,7 @@ public class HammerHead extends HttpServlet
* @exception IOException * @exception IOException
* Description of the Exception * Description of the Exception
*/ */
protected void writeScreen(Screen s, HttpServletResponse response) protected void writeScreen(WebSession s, Screen screen, HttpServletResponse response)
throws IOException throws IOException
{ {
response.setContentType("text/html"); response.setContentType("text/html");
@ -533,15 +517,15 @@ public class HammerHead extends HttpServlet
if (s == null) if (s == null)
{ {
s = new ErrorScreen(mySession, "Page to display was null"); screen = new ErrorScreen(s, "Page to display was null");
} }
// set the content-length of the response. // set the content-length of the response.
// Trying to avoid chunked-encoding. (Aspect required) // Trying to avoid chunked-encoding. (Aspect required)
response.setContentLength(s.getContentLength()); response.setContentLength(screen.getContentLength());
response.setHeader("Content-Length", s.getContentLength() + ""); response.setHeader("Content-Length", screen.getContentLength() + "");
s.output(out); screen.output(out);
out.close(); out.close();
} }
} }