Review

Detector:

MuDetectXP_180223_KeepInstanceFragments

Target:

project '

chensun

' version

cf23b99

Tags:

Potential Misuse

Anomaly identified by the detector. Please review whether this anomaly corresponds to a misuse.

Finding:	finding-18
In File:	/mubench/checkouts/chensun/cf23b99/build/CS5430/src/database/DatabaseAdmin.java
In Method:	changePassword(Connection, String, String)
Code with Finding:	class DatabaseAdmin { public static int changePassword(Connection conn, String username, String pwdStore) { int status = -1; String fetchAnswer = "SELECT secanswer FROM main.users WHERE username = ?"; String query = "UPDATE main.users SET pwhash = ?, checksum = ? WHERE username = ?"; PreparedStatement answerStmt = null; ResultSet rs = null; PreparedStatement pstmt = null; try { answerStmt = conn.prepareStatement(fetchAnswer); answerStmt.setString(1, username); rs = answerStmt.executeQuery(); if (rs.next()) { String secA = SharedKeyCrypto.decrypt(rs.getString("secanswer")); //recalculate the new hash to update this user's entry //create checksum to add as 5th element byte[] userBytes = username.getBytes("UTF8"); byte[] pwBytes = pwdStore.getBytes("UTF8"); byte[] ansBytes = secA.getBytes("UTF8"); byte[] toChecksum = new byte[userBytes.length + pwBytes.length + ansBytes.length]; System.arraycopy(userBytes, 0, toChecksum, 0, userBytes.length); System.arraycopy(pwBytes, 0, toChecksum, userBytes.length, pwBytes.length); System.arraycopy(ansBytes, 0, toChecksum, pwBytes.length + userBytes.length, ansBytes.length); pstmt = conn.prepareStatement(query); pstmt.setString(1, SharedKeyCrypto.encrypt(pwdStore)); pstmt.setString(2, CryptoUtil.encode(Hash.generateChecksum(toChecksum))); pstmt.setString(3, username); status = pstmt.executeUpdate(); } else { //this cannot happen, checked before function is entered } } catch (SQLException e) { status = -1; } catch (UnsupportedEncodingException e) { //cannot happen } finally { DBManager.closeResultSet(rs); DBManager.closeStatement(answerStmt); DBManager.closePreparedStatement(pstmt); } return status; } } class DatabaseAdmin { /** * Retrieves a list of all users of a group given the group's aid. Returns null * if error. * @param conn * @param aid * @return / public static List<String> getAllUsersOfGroup(Connection conn, int aid) { List<String> users = new ArrayList<String>(); String query = "SELECT username FROM main.users WHERE aid = ?"; PreparedStatement pstmt = null; ResultSet result = null; try { pstmt = conn.prepareStatement(query); pstmt.setInt(1, aid); result = pstmt.executeQuery(); while (result.next()) { users.add(result.getString("username")); } if (users.size() == 0) { users = null; } } catch (SQLException e) { if (DEBUG) e.printStackTrace(); users = null; } finally { DBManager.closeResultSet(result); DBManager.closePreparedStatement(pstmt); } return users; } } class DatabaseAdmin { /* * Returns the number of friend requests the user has. Return 0 on error * @param conn * @param username * @return */ public static int getFriendReqCount(Connection conn, String username) { int requestCount = 0; PreparedStatement pstmt = null; ResultSet requests = null; String query = "SELECT COUNT(requestee) as count " + "FROM main.friendrequests WHERE requestee = ?"; try { pstmt = conn.prepareStatement(query); pstmt.setString(1, username); requests = pstmt.executeQuery(); while (requests.next()) { requestCount = requests.getInt("count"); } } catch (SQLException e) { requestCount = 0; } finally { DBManager.closeResultSet(requests); DBManager.closePreparedStatement(pstmt); } return requestCount; } } `class DatabaseAdmin { private static boolean addReplRegionManQueries(Connection conn, Statement stmt, List<String[]> boards, String username) { boolean success = true; try { for (String[] board: boards) { String query = "UPDATE " + board[0] + ".regions SET managedby = '" + board[1] + "' WHERE managedby = '" + username + "'"; stmt.addBatch(query); } } catch (SQLException e) { success = false; } return success; } }`

Metadata

Hit	Rank	Confidence	Confidence String	Pattern Examples	Pattern Support	Pattern Violation	Target Environment Mapping	Violation Types
?	18	0.07954545454545454	(overlap = 7.00 / 11.00)(pattern support = 5 / 10)(violation support = 1 / 4)	camptocamp/secureOWS/owsproxyserver/src/org/deegree/security/drm/SQLRegistry.java#getUsersWithRole(SecurityAccess, Role) camptocamp/secureOWS/owsproxyserver/src/org/deegree/security/drm/SQLRegistry.java#getGroupsForUser(SecurityAccess, User) boolivar/AccountService/src/bool/server/AccountService.java#read(int) iflux1990/tieBreak/Project TieBreak/src/DAL/BookingDBManager.java#getByCourt(int) iflux1990/tieBreak/Project TieBreak/src/DAL/MemberDBManager.java#matchIdPass(int, String)	5