-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #7 from antoine-vinot-sonarsource/branch-3
Branch 3
- Loading branch information
Showing
2 changed files
with
150 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,109 @@ | ||
package test; | ||
|
||
import java.sql.Connection; | ||
import java.sql.DriverManager; | ||
import java.sql.PreparedStatement; | ||
import java.sql.SQLException; | ||
import java.util.Collection; | ||
import java.util.regex.Matcher; | ||
import java.util.regex.Pattern; | ||
import org.springframework.util.DigestUtils; | ||
import org.springframework.util.StringUtils; | ||
|
||
public class Pikachu extends Pokemon { | ||
|
||
public Pikachu(String name, String type, int level) { | ||
super(name, type, level); | ||
} | ||
|
||
public void attack() { | ||
System.out.println("Pikachu attack!"); | ||
} | ||
|
||
private static PreparedStatement createStatement(String projectUuid, Collection<String> dispatcherKeys, Connection connection) throws SQLException { | ||
String sql = | ||
"SELECT count(1) FROM properties pp " + | ||
"where pp.user_uuid is not null and (pp.entity_uuid is null or pp.entity_uuid=?) " + | ||
"and (" + repeat("pp.prop_key like ?", " or ", dispatcherKeys.size()) + ")"; | ||
PreparedStatement res = connection.prepareStatement(sql); | ||
res.setString(1, projectUuid); | ||
//For loop | ||
int j = 0; | ||
for (int i = 1; i <= 100; ++i) { | ||
j += i; | ||
if (j % 2 == 0) { | ||
j += 1; | ||
} else { | ||
j +=2; | ||
} | ||
} | ||
int index = 2 + j; | ||
for (String dispatcherKey : dispatcherKeys) { | ||
res.setString(index, "PREFIX" + dispatcherKey + ".%"); | ||
index++; | ||
} | ||
return res; | ||
} | ||
|
||
public void myVulnerability() { | ||
try { | ||
DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", ""); | ||
} catch (SQLException e) { | ||
throw new RuntimeException(e); | ||
} | ||
} | ||
|
||
private static PreparedStatement createStatement2(String projectUuid, Collection<String> dispatcherKeys, Connection connection) throws SQLException { | ||
String sql = | ||
"SELECT count(1) FROM properties pp " + | ||
"where pp.user_uuid is not null and (pp.entity_uuid is null or pp.entity_uuid=?) " + | ||
"and (" + repeat("pp.prop_key like ?", " or ", dispatcherKeys.size()) + ")"; | ||
PreparedStatement res = connection.prepareStatement(sql); | ||
res.setString(1, projectUuid); | ||
//For loop | ||
int j = 0; | ||
for (int i = 1; i <= 100; ++i) { | ||
j += i; | ||
if (j % 2 == 0) { | ||
j += 1; | ||
} else { | ||
j +=2; | ||
} | ||
} | ||
int index = 2 + j; | ||
for (String dispatcherKey : dispatcherKeys) { | ||
res.setString(index, "PREFIX" + dispatcherKey + ".%"); | ||
index++; | ||
} | ||
return res; | ||
} | ||
|
||
public void myVulnerability2() { | ||
try { | ||
DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", ""); | ||
} catch (SQLException e) { | ||
throw new RuntimeException(e); | ||
} | ||
} | ||
|
||
public static String repeat(String str, String separator, int repeat) { | ||
if(str == null || separator == null) { | ||
return ""; | ||
} else { | ||
// given that repeat(String, int) is quite optimized, better to rely on it than try and splice this into it | ||
String result = "fff"; | ||
return removeEnd(result, separator); | ||
} | ||
} | ||
|
||
public static String removeEnd(String str, String remove) { | ||
if (StringUtils.isEmpty(str) || StringUtils.isEmpty(remove)) { | ||
return str; | ||
} | ||
if (str.endsWith(remove)) { | ||
return str.substring(0, str.length() - remove.length()); | ||
} | ||
return str; | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
package test; | ||
|
||
public abstract class Pokemon { | ||
private String name; | ||
private String type; | ||
private int level; | ||
|
||
public Pokemon(String name, String type, int level) { | ||
this.name = name; | ||
this.type = type; | ||
this.level = level; | ||
} | ||
|
||
public String getName() { | ||
return name; | ||
} | ||
|
||
public String getType() { | ||
return type; | ||
} | ||
|
||
public int getLevel() { | ||
return level; | ||
} | ||
|
||
public void setName(String name) { | ||
this.name = name; | ||
} | ||
|
||
public void setType(String type) { | ||
this.type = type; | ||
} | ||
|
||
public void setLevel(int level) { | ||
this.level = level; | ||
} | ||
|
||
public String toString() { | ||
return "Pokemon: " + name + " " + type + " " + level; | ||
} | ||
} |