MCPcopy Index your code
hub / github.com/OWASP/SecurityShepherd / doPost

Method doPost

src/main/java/servlets/module/GetModule.java:49–140  ·  view source on GitHub ↗

Initiated by an Ajax call defined in index.jsp, this method takes a module identifier and returns the valid directory of where the module's View structure is stored. @param moduleId The identifier of the module to be returned

(HttpServletRequest request, HttpServletResponse response)

Source from the content-addressed store, hash-verified

47 * @param moduleId The identifier of the module to be returned
48 */
49 public void doPost (HttpServletRequest request, HttpServletResponse response)
50 throws ServletException, IOException
51 {
52 //Setting IpAddress To Log and taking header for original IP if forwarded from proxy
53 ShepherdLogManager.setRequestIp(request.getRemoteAddr(), request.getHeader("X-Forwarded-For"));
54 log.debug("&&& servlets.module.GetModule &&&");
55
56 PrintWriter out = response.getWriter();
57 out.print(getServletInfo());
58 HttpSession ses = request.getSession(true);
59 if(Validate.validateSession(ses))
60 {
61 ShepherdLogManager.setRequestIp(request.getRemoteAddr(), request.getHeader("X-Forwarded-For"), ses.getAttribute("userName").toString());
62 log.debug("Current User: " + ses.getAttribute("userName").toString());
63 Cookie tokenCookie = Validate.getToken(request.getCookies());
64 Object tokenParmeter = request.getParameter("csrfToken");
65 if(Validate.validateTokens(tokenCookie, tokenParmeter))
66 {
67 boolean notNull = false;
68 String storedResult = null;
69 try
70 {
71 String ApplicationRoot = getServletContext().getRealPath("");
72
73 log.debug("Getting Parameters");
74 String moduleId = (String)request.getParameter("moduleId");;
75 log.debug("moduleId = " + moduleId.toString());
76
77 log.debug("Getting session parameters");
78 String userId = (String)ses.getAttribute("userStamp");
79 log.debug("userId = " + userId);
80
81 //Validation
82 notNull = (moduleId != null);
83 if(notNull)
84 {
85 storedResult = Getter.getModuleResult(ApplicationRoot, moduleId);
86 }
87 boolean moduleOpen = false;
88 if(notNull && storedResult != null)
89 {
90 moduleOpen = Getter.isModuleOpen(ApplicationRoot, moduleId);
91 }
92 if(notNull && storedResult != null && moduleOpen)
93 {
94 //Data is good, Add result: Now to check if there is a block in place
95 if(ModuleBlock.blockerEnabled && ModuleBlock.blockerId.compareTo(moduleId) == 0)
96 {
97 log.debug("Blocker Detected; Returning Message");
98 out.write("../blockedMessage.jsp");
99 }
100 else
101 {
102 String theHash = Encode.forHtmlAttribute(Getter.getModuleAddress(ApplicationRoot, moduleId, userId));
103 out.write(theHash);
104 log.debug("Returning: " + theHash);
105 }
106 }

Callers 1

getModuleDoPostMethod · 0.95

Calls 8

setRequestIpMethod · 0.95
validateSessionMethod · 0.95
getTokenMethod · 0.95
validateTokensMethod · 0.95
getModuleResultMethod · 0.95
isModuleOpenMethod · 0.95
getModuleAddressMethod · 0.95
getSessionMethod · 0.80

Tested by 1

getModuleDoPostMethod · 0.76