MCPcopy Index your code
hub / github.com/OWASP/SecurityShepherd / doPost

Method doPost

src/main/java/servlets/module/GetCheat.java:53–107  ·  view source on GitHub ↗

This method will reject requests if cheat sheet availability is marked as unavailable by administration. @param moduleId @param csrfToken

(HttpServletRequest request, HttpServletResponse response)

Source from the content-addressed store, hash-verified

51 * @param csrfToken
52 */
53 public void doPost (HttpServletRequest request, HttpServletResponse response)
54 throws ServletException, IOException
55 {
56 //Setting IpAddress To Log and taking header for original IP if forwarded from proxy
57 ShepherdLogManager.setRequestIp(request.getRemoteAddr(), request.getHeader("X-Forwarded-For"));
58 log.debug("*** servlets.Admin.GetCheat ***");
59 String[] result = null;
60 PrintWriter out = response.getWriter();
61 out.print(getServletInfo());
62
63 HttpSession ses = request.getSession(true);
64 if(Validate.validateSession(ses))
65 {
66 ShepherdLogManager.setRequestIp(request.getRemoteAddr(), request.getHeader("X-Forwarded-For"), ses.getAttribute("userName").toString());
67 log.debug("Current User: " + ses.getAttribute("userName").toString());
68 Cookie tokenCookie = Validate.getToken(request.getCookies());
69 Object tokenParmeter = request.getParameter("csrfToken");
70 if(Validate.validateTokens(tokenCookie, tokenParmeter))
71 {
72 if(CheatSheetStatus.showCheat(ses.getAttribute("userRole").toString()))
73 {
74 String ApplicationRoot = getServletContext().getRealPath("");
75 String moduleId = request.getParameter("moduleId");
76 Locale locale = new Locale(Validate.validateLanguage(request.getSession()));
77 log.debug(ses.getAttribute("userName") + " submitted the following moduleId: " + moduleId);
78 if(moduleId != null)
79 {
80 result = Getter.getModuleSolution(ApplicationRoot, moduleId, locale);
81 if(result != null)
82 {
83 out.write(
84 "<div id='theActualCheat' class='cheatBox'>" +
85 "<big style='color:#A878EF;'>" + Encode.forHtml(result[0]) + " Cheat</big>" +
86 "<p>" +
87 result[1] +
88 "</div></p><br>");
89 }
90 }
91 }
92 }
93 else
94 {
95 log.error("CSRF Attack Detected: Made Against" + ses.getAttribute("userName"));
96 }
97 }
98 else
99 {
100 out.write("<img src='css/images/loggedOutSheep.jpg'/>");
101 }
102 if(result == null)
103 {
104 out.write("An error Occurred...");
105 }
106 log.debug("*** END servlets.Admin.GetCheat ***");
107 }
108}

Callers

nothing calls this directly

Calls 8

setRequestIpMethod · 0.95
validateSessionMethod · 0.95
getTokenMethod · 0.95
validateTokensMethod · 0.95
showCheatMethod · 0.95
validateLanguageMethod · 0.95
getModuleSolutionMethod · 0.95
getSessionMethod · 0.80

Tested by

no test coverage detected