I'm new to using the Checkmarx tool and just checking for security flaws in code in general. I have a method which is supposed to read from an input stream. The method works, however I am getting XXE and SSRF errors.
public static String getStringFromInputStream(InputStream is) {
BufferedReader br = null;
StringBuilder sb = new StringBuilder();
String line;
try {
br = new BufferedReader(new InputStreamReader(is));
while ((line = br.readLine()) != null) {
sb.append(Normalizer.normalize(line, Normalizer.Form.NFD));
}
} catch (IOException e) {
LOG.error(
"********************",
e);
} finally {
if (br != null) {
try {
br.close();
} catch (IOException e) {
LOG.error(
******************,
e);
}
}
}
return sb.toString();
}
Related
In my app I am displaying the first portion of each line of the CSV in a JList, and when it is selected and a button is pressed (delete) I want it to remove that line from the file based on the first entry. I am trying the method where you have a temp file then write to it then rename it at the end but that isnt working out for some reason. Any ideas?
private void jButton4ActionPerformed(java.awt.event.ActionEvent evt) {
// TODO add your handling code here:
// Delete service
String selected = (String) jList1.getSelectedValue();
File passwords = new File("/users/aak7133/desktop/passwords.txt");
File temp = new File("/users/aak7133/desktop/temp.txt");
try {
BufferedReader reader = new BufferedReader(new FileReader(passwords));
BufferedWriter writer = new BufferedWriter(new FileWriter(temp));
String line;
System.out.println(selected);
while ((line = reader.readLine()) != null) {
// trim newline when comparing with lineToRemove
//String trimmedLine = line.trim();
if (line.contains(selected)) {
continue;
}
writer.write(line);
}
boolean successful = temp.renameTo(passwords);
} catch (Exception e) {
}
updateList();
clearFields();
}
The problem is actually caused by the open reader and writer. This should work:
private void jButton4ActionPerformed(java.awt.event.ActionEvent evt) {
String selected = (String) jList1.getSelectedValue();
BufferedReader reader = null;
BufferedWriter writer = null;
try {
File passwords = new File("/users/aak7133/desktop/passwords.txt");
File temp = File.createTempFile("temp", ".txt", new File("/users/aak7133/desktop/"));
reader = new BufferedReader(new FileReader(passwords));
writer = new BufferedWriter(new FileWriter(temp));
String line;
System.out.println(selected);
while ((line = reader.readLine()) != null) {
// trim newline when comparing with lineToRemove
// String trimmedLine = line.trim();
if (line.contains(selected)) {
continue;
}
writer.write(line + "\n");
}
if (passwords.canWrite()) {
try {
reader.close();
reader = null;
} catch (IOException ignore) {}
try {
writer.close();
writer = null;
} catch (IOException ignore) {}
String path = passwords.getAbsolutePath();
passwords.delete();
boolean successful = temp.renameTo(new File(path));
System.out.println(successful);
}
} catch (Exception e) {
} finally {
if (reader != null) {
try {
reader.close();
} catch (IOException ignore) {}
}
if (writer != null) {
try {
writer.close();
} catch (IOException ignore) {}
}
}
updateList();
clearFields();
}
I figured out I needed to put passwords.delete() before temp.renameTo(passwords). This fixed the issue right away.
At the moment i'm trying to save a response to the internal storage in the phone. Everything works fine up until i try and retrieve the data again. When i log out the retrieved data it only logs out one small section of the response and the rest isn't there. Ive tried deleting the file and calling it again just incase it was using an old one.
Saving Code
try {
String response = apiResponse.getRawResponse();
Log.e("Response", response);
FileOutputStream userInfo = openFileOutput("personal_profile", MODE_PRIVATE);
userInfo.write(response.getBytes());
userInfo.close();
} catch (Exception e) {
e.printStackTrace();
Retrieving Code
String response = "";
try {
FileInputStream fis = getActivity().openFileInput("personal_profile");
DataInputStream isr = new DataInputStream(fis);
BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(isr));
StringBuilder sb = new StringBuilder();
String line;
while ((line = bufferedReader.readLine()) != null) {
sb.append(line);
}
line = response;
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
Log.e("Saved File", response);
Any kind of suggestions would be great!
REASON
The problem was that the line variable is assigned again in every iteration
Try this:
String response = "";
try {
FileInputStream fis = getActivity().openFileInput("personal_profile");
DataInputStream isr = new DataInputStream(fis);
BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(isr));
StringBuilder sb = new StringBuilder();
String line;
while ((line = bufferedReader.readLine()) != null) {
sb.append(line);
}
line = response;
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
CHANGE LAST LINE
Log.e("Saved File", sb.toString());
Have you got this in your AndroidManifest.xml file?
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
Also, this link has everything you need to know about reading and writing files:
http://www.anddev.org/working_with_files-t115.html
Code::
String response = "";
try {
FileInputStream fis = getActivity().openFileInput("personal_profile");
DataInputStream isr = new DataInputStream(fis);
BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(isr));
StringBuilder sb = new StringBuilder();
String line;
while ((line = bufferedReader.readLine()) != null) {
sb.append(line);
}
line = response;
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
Log.e("Saved File", sb.toString());
is any way to change this java code (read from com port) to read lines ?
eg.
I'm using rxtx com
original method:
public void serialEvent(SerialPortEvent event) {
switch (event.getEventType()) {
case SerialPortEvent.DATA_AVAILABLE:
byte[] readBuffer = new byte[10];
int numBytes = 0;
try {
while (inputStream.available() > 0) {
numBytes = inputStream.read(readBuffer);
}
} catch (IOException e) {
System.out.println(e);
}
System.out.println(Arrays.toString(readBuffer));
}
}
Assuming inputStream is an InputStream, you could wrap it with an InputStreamReader and wrap that with a BufferedReader (that has a readLine()). Something like,
case SerialPortEvent.DATA_AVAILABLE:
String line;
BufferedReader br = null;
try {
br = new BufferedReader(new InputStreamReader(inputStream, "UTF-8"));
while ((line = br.readLine()) != null) {
System.out.println(line);
}
} catch (IOException e) {
e.printStackTrace();
} finally {
try {
br.close();
} catch (IOException e) {
e.printStackTrace();
}
}
or you could possible use with try-with-resouces,
case SerialPortEvent.DATA_AVAILABLE:
String line;
BufferedReader br = null;
try (br = new BufferedReader(new InputStreamReader(inputStream, "UTF-8"));) {
while ((line = br.readLine()) != null) {
System.out.println(line);
}
} catch (IOException e) {
e.printStackTrace();
}
I am finding some difficulties to do the following operation in Java:
I have to take the content of an xml file and print it
I do something like this:
System.out.println("settings.xml: " + ClassLoader.getSystemResourceAsStream("/home/andrea/Documenti/dir1/dir2/dir3/dir4/dir5/dir6/dir7/dir8/src/settings.xml"));
The problem is that the result of this statment is:
settings.xml: null
Why? What can I do to do it?
Tnx
Andrea
You can use this function:
private String getStringFromFile(File file)
{
BufferedReader br = null;
StringBuilder sb = new StringBuilder();
String line;
try
{
br = new BufferedReader(new InputStreamReader(new FileInputStream(file)));
while ((line = br.readLine()) != null)
{
sb.append(line);
}
} catch (IOException e)
{
e.printStackTrace();
}
finally
{
if (br != null)
{
try
{
br.close();
}
catch (IOException e)
{
e.printStackTrace();
}
}
}
return sb.toString();
}
For example:
System.out.println("settings.xml: " + ClassLoader.getSystemResourceAsStream("home/andrea/Documenti/dir1/dir2/dir3/dir4/dir5/dir6/dir7/dir8/src/settings.xml"));
I got Null pointer exception when reading data from file.if its returning a junk value how to handle that. if i didn't give trim giving some junk value.
My code is:
BufferedReader br = null;
try {
String sCurrentval = "";
br = new BufferedReader(new FileReader("filepath"));
while ((sCurrentval = br.readLine()) != null) {
System.out.println("Reading from File "+sCurrentval);
}
if(sCurrentval != null){
sCurrentval = sCurrentval.trim();
}
System.out.println("outside : Reading from File "+sCurrentval);
if(sCurrentval != null && !sCurrentval.equalsIgnorecase("")){
try{
val = Integer.parseInt(sCurrentval.trim());
}catch(Exception e){
e.printStackTrace();
}
}else{
System.out.println("Reading Value null ");
}
} catch (IOException e) {
e.printStackTrace();
} finally {
try {
if (br != null)br.close();
} catch (IOException ex) {
ex.printStackTrace();
}
}
Your BufferedReader br = null; with in the try. But your finally also using the same variable br.
try
{
//
BufferedReader br = null; // declared with in try
//
}
finally {
try {
if (br != null) // In this line the br is not identified
br.close();
} catch (IOException ex)
{
ex.printStackTrace();
}
Try to declare the BufferReader outside the try
BufferedReader br = null;
And then your while loop is only for the printing the value of the variable. Include the below if else condition within the while and then try the below code.
while ((sCurrentval = br.readLine()) != null)
{
System.out.println("Reading from File " + sCurrentval);
if (sCurrentval != null && !sCurrentval.trim().isEmpty())
{
try
{
val = Integer.parseInt(sCurrentval.trim());
}
catch (Exception e)
{
e.printStackTrace();
}
}
else
{
System.out.println("Reading Value null ");
}
}