-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathFileCredentialTest.java
More file actions
39 lines (32 loc) · 1.08 KB
/
FileCredentialTest.java
File metadata and controls
39 lines (32 loc) · 1.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
package test.cwe798.cwe.examples;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.sql.DriverManager;
import java.sql.SQLException;
public class FileCredentialTest {
public static void main(String[] args) throws SQLException, IOException {
String url = "jdbc:mysql://localhost/test";
String u = "admin";
String file = "/test/p.config";
String p = readText(new File(file));
DriverManager.getConnection("", "admin", p); // sensitive call (flow target)
test(url, u, p);
}
public static void test(String url, String v, String q) throws SQLException {
DriverManager.getConnection(url, v, q); // sensitive call (flow target)
}
public static String readText(File f) throws IOException
{
StringBuilder buf = new StringBuilder();
try (FileInputStream fis = new FileInputStream(f); // opening file input stream (flow source)
InputStreamReader reader = new InputStreamReader(fis, "UTF8");) {
int n;
while ((n = reader.read()) != -1) {
buf.append((char)n);
}
}
return buf.toString();
}
}