SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 22

changes.mady.by.user Joman Chu

Saved on

compared with

New Version 23

changes.mady.by.user Dhruv Mohindra

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: the page was not displaying properly, avoid long lines/comments...

...

No Format
 A non-malicious use would be to enter "C" to match Charles and Cecilia. 
 A malicious use would be to enter "?:)(^C,[0-9]+?,[0-9]+?$)|(?:" which
 grabs the IPs that made the search.

...

Code Block
bgColor#FFCCCC
/* Say this logfile contains:
 * CSV style: search string, time (unix), ip (integer)
 *
 * Alice,1267773881,2147651708
 * Bono,1267774881,2147651708
 * Charles,1267775881,1175563058
 * Cecilia,1267773222,291232332
 *
 * and the CSVLog class has a readLine() method which retrieves a single line from the CSVLog and returns null when at EOF
 */
private CSVLog logfile;
 
// an application repeatedly calls this function that searches through
// the search log for search suggestions for autocompletion
public Set<String> suggestSearches(String search)
{
   Set<String> searches = new HashSet<String>();
    
   // construct regex from user's string   
   // the regex matches valid lines and the grouping characters will limit the 
   // returned regex to the search string
   String regex = "^(" + search + ".*),[0-9]+?,[0-9]+?$";
   Pattern p = Pattern.compile(regex);
   String s;
   while ((s = logfile.readLine()) != null) { //gets a single line from the logfile
       Matcher m = p.matcher(s);
       if (m.find()) {
           String found = m.group(1);
           searches.add(found);
       }
   }
        
   return searches;
}

...

Code Block
bgColor#ccccff
/* Say this logfile contains:
 * CSV style: search string, time (unix), ip (integer)
 *
 * Alice,1267773881,2147651708
 * Bono,1267774881,2147651708
 * Charles,1267775881,1175563058
 * Cecilia,1267773222,291232332
 *
 * and the CSVLog class has a readLine() method which retrieves a single line from the CSVLog and returns null when at EOF
 */
private CSVLog logfile;
 
// an application repeatedly calls this function that searches through the search log 
// for search suggestions for autocompletion
public Set<String> suggestSearches(String search)
{
   Set<String> searches = new HashSet<String>();

   //filter search
   StringBuilder sb = new StringBuilder(search.length());
   for (int i = 0; i < search.length(); ++i) {
       char ch = search.charAt(i);
       if (Character.isLetterOrDigit(ch))
           sb.append(ch);
   }
   search = sb.toString();
    
   //construct regex from user's string   
   //the regex matches valid lines and the grouping characters will limit the 
   // returned regex to the search string
   String regex = "^(" + search + ".*),[0-9]+?,[0-9]+?$";
   Pattern p = Pattern.compile(regex);
   String s;
   while ((s = logfile.readLine()) != null) { //gets a single line from the logfile
       Matcher m = p.matcher(s);
       if (m.find()) {
           String found = m.group(1);
           searches.add(found);
       }
   }
        
   return searches;
}

...