Review

Detector:

MuDetectXP

Target:

project '

chensun

' version

cf23b99

Tags:

Potential Misuse

Anomaly identified by the detector. Please review whether this anomaly corresponds to a misuse.

Finding:	finding-12
In File:	/mubench/checkouts/chensun/cf23b99/build/CS5430/src/database/SocialNetworkDatabaseBoards.java
In Method:	authorizedGoToBoard(Connection, String, String)
Code with Finding:	`class SocialNetworkDatabaseBoards {` `/** Returns whether the user is authorized to go to this board.` `* Equivalent checking as in GetBoardList:` `* For Admins: Must be within the "admin" list of the board` `* For Users: Must be within the "RegionPrivileges" list of the board for some region` `* Assumes the board already exists and is not 'freeforall' board` `/` `public static Boolean authorizedGoToBoard(Connection conn, String username, String boardname) {` `Statement stmt = null;` `PreparedStatement pstmt = null;` `ResultSet boards = null;` `ResultSet privResult = null;` `Boolean authorized = null;` `try {` `String getRegionPrivs, getRegionAdmins;` `String role = DatabaseAdmin.getUserRole(conn, username);` `if (role.equals("admin") \|\| role.equals("sa")) { // an admin` `getRegionAdmins = "SELECT FROM main.boardadmins WHERE bname = ? AND username = ?";` `pstmt = conn.prepareStatement(getRegionAdmins);` `pstmt.setString(1, boardname);` `pstmt.setString(2, username);` `privResult = pstmt.executeQuery();` `authorized = new Boolean(privResult.next());` `privResult.close();` `pstmt.close();` `privResult = null;` `pstmt = null;` `}` `else if (!role.equals("")) {` `stmt = conn.createStatement();` `getRegionPrivs = "SELECT privilege FROM "` `+ boardname + ".regionprivileges WHERE username = ?";` `pstmt = conn.prepareStatement(getRegionPrivs);` `pstmt.setString(1, username);` `privResult = pstmt.executeQuery();` `authorized = new Boolean(privResult.next());` `privResult.close();` `pstmt.close();` `privResult = null;` `pstmt = null;` `}` `else { //there was an sql exception when getting the role.` `}` `}` `catch (SQLException e) {` `e.printStackTrace();` `}` `finally {` `DBManager.closeStatement(stmt);` `DBManager.closePreparedStatement(pstmt);` `DBManager.closeResultSet(boards);` `}` `return authorized;` `}` `}`

Metadata

Hit	Rank	Confidence	Confidence String	Pattern Examples	Pattern Support	Pattern Violation	Target Environment Mapping	Violation Types
Yes	12	0.09210526315789473	(overlap = 14.00 / 19.00)(pattern support = 5 / 10)(violation support = 1 / 4)	davidou123/java_resource/./JDBC/prepareStatement_Delete.java#main(String[]) nnmm666/web_programming_A-/./page/LetsTalkMVC/src/DAO/KeywordDAO.java#getKeywords() ab0oo/AVRS/src/main/java/net/ab0oo/aprs/avrs/db/jdbc/JdbcAVRSDao.java#listClosestCities(Position) ab0oo/AVRS/src/main/java/net/ab0oo/aprs/avrs/db/jdbc/JdbcAVRSDao.java#getNodes(String) ab0oo/AVRS/src/main/java/net/ab0oo/aprs/avrs/db/jdbc/JdbcAVRSDao.java#getAllCallsignsForBase(String)	5

Reviewer Name:	sven
Comment: