Review

Detector:

MuDetect_180214_ExcludeVeryPrevalent

Target:

project '

chensun

' version

cf23b99

Tags:

Potential Misuse

Anomaly identified by the detector. Please review whether this anomaly corresponds to a misuse.

Finding:	finding-17
In File:	/mubench/checkouts/chensun/cf23b99/build/CS5430/src/server/SocialNetworkPosts.java
In Method:	authorizedToReply(String, String, String, int)
Code with Finding:	class SocialNetworkPosts { //Returns "true" when everything is good, or a msg when something is wrong. public static String authorizedToReply(String username, String boardName, String regionName, int postNum) { Connection dbconn = DBManager.getConnection(); String bname = boardName.trim().toLowerCase(); if (bname.equals("freeforall")) { //regionName might be null Boolean postExists = postExists("freeforall", null, postNum); if (postExists == null) { DBManager.closeConnection(dbconn); return "print Error: Database error while verifying existence of post. " + "If the problem persists, contact an admin."; } else if (postExists.booleanValue()) { //AUTHORIZATION FUNCTION Boolean authReply = SocialNetworkDatabasePosts.authorizedFFAPost(dbconn, username, postNum, "reply"); if (authReply == null) { DBManager.closeConnection(dbconn); return "print Error: Database error while creating the reply."; } else if (!authReply.booleanValue()) { DBManager.closeConnection(dbconn); return "print Error: Cannot view this post."; } DBManager.closeConnection(dbconn); return "true"; } else { DBManager.closeConnection(dbconn); return "print Error: Cannot view this post."; } } //regionname not null String rname = regionName.trim().toLowerCase(); Boolean boardExists = SocialNetworkBoards.boardExists(bname); if (boardExists == null) { DBManager.closeConnection(dbconn); return "print Error: Database error while verifying existence of board. " + "If the problem persists, contact an admin."; } else if (boardExists.booleanValue()) { Boolean regionExists = SocialNetworkRegions.regionExists(bname, rname); if (regionExists == null) { DBManager.closeConnection(dbconn); return "print Error: Database error while verifying existence of region. " + "If the problem persists, contact an admin."; } else if (regionExists.booleanValue()) { Boolean postExists = postExists(bname, rname, postNum); if (postExists == null) { DBManager.closeConnection(dbconn); return "print Error: Database error while verifying existence of post. " + "If the problem persists, contact an admin."; } else if (postExists.booleanValue()) { //AUTHORIZATION FUNCTION Boolean authReply = SocialNetworkDatabasePosts.authorizedToPostNotFFA(dbconn, username, boardName, regionName); if (authReply == null) { DBManager.closeConnection(dbconn); return "print Error: Database error while creating the reply."; } else if (!authReply.booleanValue()) { DBManager.closeConnection(dbconn); return "print Error: Cannot reply to post."; } DBManager.closeConnection(dbconn); return "true"; } else { DBManager.closeConnection(dbconn); return "print Error: Cannot reply to post."; } } else { DBManager.closeConnection(dbconn); return "print Error: Region does not exist. Refresh. " + "If the problem persists, contact an admin."; } } else { DBManager.closeConnection(dbconn); return "print Error: Board does not exist. Refresh. " + "If the problem persists, contact an admin."; } } }

Metadata

Hit	Rank	Confidence	Confidence String	Pattern Examples	Pattern Support	Pattern Violation	Target Environment Mapping	Violation Types
?	17	0.01725327812284334	(pattern support = 10 / 18)(pattern violations = 1 / 23)(overlap = 5.00 / 7.00)	chensun/cf23b99/build/CS5430/src/server/ServerInputProcessor.java#processRemoveAdmins() chensun/cf23b99/build/CS5430/src/server/ServerInputProcessor.java#processRemoveParticipants() chensun/cf23b99/build/CS5430/src/server/ServerInputProcessor.java#processChangeUserRole() chensun/cf23b99/build/CS5430/src/server/ServerInputProcessor.java#processDeleteUser() chensun/cf23b99/build/CS5430/src/server/ServerInputProcessor.java#processEditParticipants()	10