This method compares the two submitted tokens after ensuring they are not null and not empty. @param cookieToken CSRF cookie Token @param requestToken CSRF request Token @return A boolean value stating weather or not the tokens are valid
(Cookie cookieToken, Object requestToken)
| 476 | * @return A boolean value stating weather or not the tokens are valid |
| 477 | */ |
| 478 | public static boolean validateTokens (Cookie cookieToken, Object requestToken) |
| 479 | { |
| 480 | boolean result = false; |
| 481 | boolean cookieNull = (cookieToken == null); |
| 482 | boolean requestNull = (requestToken == null); |
| 483 | if(!cookieNull && !requestNull) |
| 484 | { |
| 485 | try |
| 486 | { |
| 487 | String theRequest = (String)requestToken; |
| 488 | String theCookie = cookieToken.getValue(); |
| 489 | boolean cookieEmpty = theCookie.isEmpty(); |
| 490 | boolean requestEmpty = theRequest.isEmpty(); |
| 491 | |
| 492 | if(!cookieEmpty && !requestEmpty) |
| 493 | result = theRequest.compareTo(theCookie) == 0; |
| 494 | else if (cookieEmpty) |
| 495 | log.error("Cookie Token Empty"); |
| 496 | else if (requestEmpty) |
| 497 | log.error("Request Token Empty"); |
| 498 | |
| 499 | if(!result) |
| 500 | log.error("CSRF Tokens did not match"); |
| 501 | } |
| 502 | catch(Exception e) |
| 503 | { |
| 504 | log.error("CSRF in Request Error: " + e.toString()); |
| 505 | } |
| 506 | } |
| 507 | else |
| 508 | { |
| 509 | if(cookieNull) |
| 510 | log.error("Cookie Token was Null"); |
| 511 | else if (requestNull) |
| 512 | log.error("Request Token was Null"); |
| 513 | } |
| 514 | return result; |
| 515 | } |
| 516 | |
| 517 | /** |
| 518 | * Validates file name attributes to defend against path traversal |
no outgoing calls
no test coverage detected