MCPcopy Index your code
hub / github.com/OWASP/SecurityShepherd / validateTokens

Method validateTokens

src/main/java/utils/Validate.java:478–515  ·  view source on GitHub ↗

This method compares the two submitted tokens after ensuring they are not null and not empty. @param cookieToken CSRF cookie Token @param requestToken CSRF request Token @return A boolean value stating weather or not the tokens are valid

(Cookie cookieToken, Object requestToken)

Source from the content-addressed store, hash-verified

476 * @return A boolean value stating weather or not the tokens are valid
477 */
478 public static boolean validateTokens (Cookie cookieToken, Object requestToken)
479 {
480 boolean result = false;
481 boolean cookieNull = (cookieToken == null);
482 boolean requestNull = (requestToken == null);
483 if(!cookieNull && !requestNull)
484 {
485 try
486 {
487 String theRequest = (String)requestToken;
488 String theCookie = cookieToken.getValue();
489 boolean cookieEmpty = theCookie.isEmpty();
490 boolean requestEmpty = theRequest.isEmpty();
491
492 if(!cookieEmpty && !requestEmpty)
493 result = theRequest.compareTo(theCookie) == 0;
494 else if (cookieEmpty)
495 log.error("Cookie Token Empty");
496 else if (requestEmpty)
497 log.error("Request Token Empty");
498
499 if(!result)
500 log.error("CSRF Tokens did not match");
501 }
502 catch(Exception e)
503 {
504 log.error("CSRF in Request Error: " + e.toString());
505 }
506 }
507 else
508 {
509 if(cookieNull)
510 log.error("Cookie Token was Null");
511 else if (requestNull)
512 log.error("Request Token was Null");
513 }
514 return result;
515 }
516
517 /**
518 * Validates file name attributes to defend against path traversal

Callers 15

validateAdminSessionMethod · 0.95
doGetMethod · 0.95
doPostMethod · 0.95
doPostMethod · 0.95
doPostMethod · 0.95
doPostMethod · 0.95
doPostMethod · 0.95
doPostMethod · 0.95
doPostMethod · 0.95
doPostMethod · 0.95
doPostMethod · 0.95
doPostMethod · 0.95

Calls

no outgoing calls

Tested by

no test coverage detected