File tree Expand file tree Collapse file tree 1 file changed +8
-37
lines changed
java/ql/src/experimental/Security/CWE/CWE-400 Expand file tree Collapse file tree 1 file changed +8
-37
lines changed Original file line number Diff line number Diff line change 1- public class ThreadResourceAbuse extends HttpServlet {
2- protected void doGet (HttpServletRequest request , HttpServletResponse response ) throws ServletException , IOException {
3- // Get thread pause time from request parameter
4- String delayTimeStr = request .getParameter ("DelayTime" );
5- try {
6- int delayTime = Integer .valueOf (delayTimeStr );
7- new SyncAction (delayTime ).start ();
8- } catch (NumberFormatException e ) {
9- }
10- }
11-
12- class SyncAction extends Thread {
13- int waitTime ;
14-
15- public SyncAction (int waitTime ) {
16- this .waitTime = waitTime ;
17- }
18-
19- @ Override
20- public void run () {
21- try {
22- {
23- // BAD: no boundary check on wait time
24- Thread .sleep (waitTime );
25- }
26-
27-
28- {
29- // GOOD: enforce an upper limit on wait time
30- if (waitTime > 0 && waitTime < 5000 ) {
31- Thread .sleep (waitTime );
32- }
33- }
34-
35- //Do other updates
36- } catch (InterruptedException e ) {
37- }
1+ class SleepTest {
2+ public void test (int userSuppliedWaitTime ) throws Exception {
3+ // BAD: no boundary check on wait time
4+ Thread .sleep (waitTime );
5+
6+ // GOOD: enforce an upper limit on wait time
7+ if (waitTime > 0 && waitTime < 5000 ) {
8+ Thread .sleep (waitTime );
389 }
3910 }
4011}
You can’t perform that action at this time.
0 commit comments