...
| Code Block | ||||
|---|---|---|---|---|
| ||||
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
PrintWriterServletOutputStream out = response.getWritergetOutputStream();
try {
out.println("<html>");
// ... Write some response text
out.flush(); // Commits the stream
// ... More work
} catch (IOException x) {
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
|
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
PrintWriterServletOutputStream out = response.getWritergetOutputStream();
try {
out.println("<html>");
// ... Write some response text
out.flush(); // Commits the stream
// ... More work
} catch (IOException x) {
out.println(x.getMessage());
out.flush();
}
}
|
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
try {
// Do work that doesn't require the output writerstream
} catch (IOException x) {
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
PrintWriterServletOutputStream out = response.getWritergetOutputStream();
try {
out.println("<html>");
// ... All work
} catch (IOException ex) {
out.println(ex.getMessage());
} finally {
out.flush();
}
}
|
...
If a servlet's output stream is reset after it has been committed, an IllegalStateException usually results, which can cause the servlet's response to be truncated.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO15-J | Low | Probable | Medium | P4 | L3 |
Automated Detection
| Fortify | 6.10.0120 | Multiple_Stream_Commits | Implemented |
Tool | Version | Checker | Description |
|---|
Bibliography
...
...