Review

The PreparedStatement opened in line 636 is never closed.
(Same finding as mudetect-18 and mudetectxp-8)

• missing/call

database/SocialNetworkDatabasePosts.java

getPost(Connection, String, String, String, int)

class SocialNetworkDatabasePosts {
	/** Gets a post from the designated board and region
	 *  with the given post number.
	 *  ASSUMES that the board, region, and post are all valid.
	 */
	public static String getPost(Connection conn, String username, String boardName, 
			String regionName, int postNum) {
		String getOriginalPost = "";
		String getReplies = "";
		String postAndReplies = "";
		
		/*No joining of results because of redundancy of data returned*/
		if (boardName.equals("freeforall")) {
			getOriginalPost = "SELECT * FROM freeforall.posts " +
			"WHERE pid = ?";
			getReplies = "SELECT * FROM freeforall.replies " +
			"WHERE pid = ? ORDER BY dateReplied ASC";
		}
		else {
			getOriginalPost = "SELECT * FROM " + boardName + ".posts " +
			"WHERE pid = ? AND rname = ?";
			getReplies = "SELECT * FROM " + boardName + ".replies " +
			"WHERE pid = ? AND rname = ? ORDER BY dateReplied ASC";
		}
		
		PreparedStatement originalPost = null;
		ResultSet postResult = null;
		
		PreparedStatement replies = null;
		ResultSet repliesResult = null;
		
		boolean sqlex = false;
		try {
			originalPost = conn.prepareStatement(getOriginalPost);
			replies = conn.prepareStatement(getReplies);
			originalPost.setInt(1, postNum);
			replies.setInt(1, postNum);
			if (!boardName.equals("freeforall")) {
				originalPost.setString(2, regionName);
				replies.setString(2, regionName);
			}
			
			postResult = originalPost.executeQuery();
			if (postResult.next()) { /*Only expect one post result*/
				//Make sure the checksum is correct
				if (!Arrays.equals(
						Hash.generateChecksum((SharedKeyCrypto.decrypt(postResult.getString("content"))).getBytes("UTF8")),
						CryptoUtil.decode(postResult.getString("checksum")))) {
					postAndReplies +=
							"print ----- Post# " + postNum + "[" + postResult.getString("postedBy") + "]----- " +
									postResult.getTimestamp("datePosted").toString() + ";print \t" +
									"Content could not be fetched -- Integrity Failure!" + ";";
				}
				else {
					postAndReplies += 
						"print ----- Post# " + postNum + "[" + postResult.getString("postedBy") + "]----- " +
						postResult.getTimestamp("datePosted").toString() + ";print \t" +
						SharedKeyCrypto.decrypt(postResult.getString("content")) + ";";
				}
				
				repliesResult = replies.executeQuery();
				while (repliesResult.next()) { //Print out all replies
					//for each reply, make sure the checksum is correct.
					if(!Arrays.equals(
							Hash.generateChecksum((SharedKeyCrypto.decrypt(repliesResult.getString("content"))).getBytes("UTF8")),
							CryptoUtil.decode(repliesResult.getString("checksum")))) {
						postAndReplies += "print ----- Reply[" + repliesResult.getString("repliedBy") + "] ----- " +
						repliesResult.getTimestamp("dateReplied").toString() + ";print \t" +
						"Content could not be fetched -- Integrity Failure!" + ";";
					}
					else {
						postAndReplies += "print ----- Reply[" + repliesResult.getString("repliedBy") + "] ----- " +
						repliesResult.getTimestamp("dateReplied").toString() + ";print \t" +
						SharedKeyCrypto.decrypt(repliesResult.getString("content")) + ";";
					}
				}
			}
			// if there's no postResult, the post DNE.
		}
		catch (SQLException e) {
			e.printStackTrace();
			sqlex = true;
		} catch (UnsupportedEncodingException e) {
			// This should not happen.
		}
		if (postAndReplies.equals("") && !sqlex) {
			return "print Error: Post does not exist. Refresh. If the problem persists, contact an admin.";
		}
		else if (sqlex) {
			return "print Error: Database error while querying post and replies. Contact an admin.";
		}
		else return postAndReplies;
	}
}