...
| Code Block | ||||
|---|---|---|---|---|
| ||||
public class SampleServlet extends HttpServlet {
private String last = "last";
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println("<html>");
String current = request.getParameter("current");
if (current != null) {
out.println("Current Parameter:");
out.println(sanitize(current));
out.println("<br>Last Parameter:");
out.println(sanitize(last));
};
out.println("<p>");
out.print("<form action=\"");
out.print("SampleServlet\" ");
out.println("method=POST>");
out.println("Parameter:");
out.println("<input type=text size=20 name=current>");
out.println("<br>");
out.println("<input type=submit>");
out.println("</form>");
last = current;
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
doGet(request, response);
}
// Filter the specified message string for characters
// that are sensitive in HTML.
public static String sanitize(String message) {
// ...
}
}
|
Because the HttpServlet class is a singleton, there is only one last field that is shared by every client who accesses the servlet. Therefore the contents of the last field can be the previous setting of the field by a different client. (Because there is no thread-safety, it is possible for the last field to take on a stale value should two clients request the parameter simultaneously.)
...
Use of non-static member fields in a servlet will cause unexpected data losscan result in information leakage.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC11-J | Medium | Likely | High | P6 | L2 |
...