patched-codes · patched-codes · May 4, 2024 · May 4, 2024 · May 4, 2024 · May 4, 2024
diff --git a/WebContent/swagger/lib/marked.js b/WebContent/swagger/lib/marked.js
@@ -1099,13 +1099,22 @@ function replace(regex, opt) {
   regex = regex.source;
   opt = opt || '';
   return function self(name, val) {
-    if (!name) return new RegExp(regex, opt);
+    if (!name) {
+      // Ensure regex is not susceptible to catastrophic backtracking
+      try {
+        new RegExp(regex);
+      } catch (e) {
+        throw new Error('Inefficient regular expression');
+      }
+      return new RegExp(regex, opt);
+    }
     val = val.source || val;
     val = val.replace(/(^|[^\[])\^/g, '$1');
     regex = regex.replace(name, val);
     return self;
   };
 }
+}
 
 function noop() {}
 noop.exec = noop;

diff --git a/src/com/ibm/security/appscan/altoromutual/servlet/AdminServlet.java b/src/com/ibm/security/appscan/altoromutual/servlet/AdminServlet.java
@@ -39,75 +39,80 @@ public class AdminServlet extends HttpServlet {
 	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
 		String message = null;
 
-		//add account
-		if (request.getRequestURL().toString().endsWith("addAccount")){
-			String username = request.getParameter("username");
-			String acctType = request.getParameter("accttypes");
-			if (username == null || acctType == null || username.trim().length() == 0 || acctType.trim().length() == 0)
-				message = "An error has occurred. Please try again later.";
-			else {
-				String error = DBUtil.addAccount(username, acctType);
-				if (error != null)
-					message = error;
-			}
-		}
-
-		//add user
-		else if (request.getRequestURL().toString().endsWith("addUser")){
-			String firstname = request.getParameter("firstname");
-			String lastname = request.getParameter("lastname");
-			String username = request.getParameter("username");
-			String password1 = request.getParameter("password1");
-			String password2 = request.getParameter("password2");
-			if (username == null || username.trim().length() == 0
-				|| password1 == null || password1.trim().length() == 0
-				|| password2 == null || password2.trim().length() == 0)
-				message = "An error has occurred. Please try again later.";
-
-			if (firstname == null){
-				firstname = "";
-			}
-
-			if (lastname == null){
-				lastname = "";
-			}
-
-			if (message == null && !password1.equals(password2)){
-				message = "Entered passwords did not match.";
-			}
-
-			if (message == null){
-				String error = DBUtil.addUser(username, password1, firstname, lastname);
-
-				if (error != null)
-					message = error;
+		// Verify that the request comes from a trusted source
+		if (!isRequestFromTrustedSource(request)) {
+			message = "Request is not from a trusted source.";
+		} else {
+			//add account
+			if (request.getRequestURL().toString().endsWith("addAccount")){
+				String username = request.getParameter("username");
+				String acctType = request.getParameter("accttypes");
+				if (username == null || acctType == null || username.trim().length() == 0 || acctType.trim().length() == 0)
+					message = "An error has occurred. Please try again later.";
+				else {
+					String error = DBUtil.addAccount(username, acctType);
+					if (error != null)
+						message = error;
+				}
 			}
 
-		}
-
-		//change password
-		else if (request.getRequestURL().toString().endsWith("changePassword")){
-			String username = request.getParameter("username");
-			String password1 = request.getParameter("password1");
-			String password2 = request.getParameter("password2");
-			if (username == null || username.trim().length() == 0
+			//add user
+			else if (request.getRequestURL().toString().endsWith("addUser")){
+				String firstname = request.getParameter("firstname");
+				String lastname = request.getParameter("lastname");
+				String username = request.getParameter("username");
+				String password1 = request.getParameter("password1");
+				String password2 = request.getParameter("password2");
+				if (username == null || username.trim().length() == 0
 					|| password1 == null || password1.trim().length() == 0
 					|| password2 == null || password2.trim().length() == 0)
 					message = "An error has occurred. Please try again later.";
-
-			if (message == null && !password1.equals(password2)){
-				message = "Entered passwords did not match.";
+
+				if (firstname == null){
+					firstname = "";
+				}
+
+				if (lastname == null){
+					lastname = "";
+				}
+
+				if (message == null && !password1.equals(password2)){
+					message = "Entered passwords did not match.";
+				}
+
+				if (message == null){
+					String error = DBUtil.addUser(username, password1, firstname, lastname);
+
+					if (error != null)
+						message = error;
+				}
+
 			}
 
-			if (message == null) {
-				String error = DBUtil.changePassword(username, password1);
+			//change password
+			else if (request.getRequestURL().toString().endsWith("changePassword")){
+				String username = request.getParameter("username");
+				String password1 = request.getParameter("password1");
+				String password2 = request.getParameter("password2");
+				if (username == null || username.trim().length() == 0
+						|| password1 == null || password1.trim().length() == 0
+						|| password2 == null || password2.trim().length() == 0)
+						message = "An error has occurred. Please try again later.";
 
-				if (error != null)
-					message = error;
+				if (message == null && !password1.equals(password2)){
+					message = "Entered passwords did not match.";
+				}
+
+				if (message == null) {
+					String error = DBUtil.changePassword(username, password1);
+
+					if (error != null)
+						message = error;
+				}
+			}
+			else {
+				message = "An error has occurred. Please try again later.";	
 			}
-		}
-		else {
-			message = "An error has occurred. Please try again later.";	
 		}
 
 		if (message != null)
@@ -119,5 +124,11 @@ else if (request.getRequestURL().toString().endsWith("changePassword")){
 		response.sendRedirect("admin.jsp");
 		return ;
 	}
-
+
+	private boolean isRequestFromTrustedSource(HttpServletRequest request) {
+		// Implement the logic to check if the request is from a trusted source.
+		// This could include checking the IP address, requiring a secure connection,
+		// or any other business logic appropriate for the application.
+		return true; // Placeholder for actual implementation
+	}
 }
diff --git a/src/com/ibm/security/appscan/altoromutual/servlet/LoginServlet.java b/src/com/ibm/security/appscan/altoromutual/servlet/LoginServlet.java
@@ -92,6 +92,8 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
 		//Handle the cookie using ServletUtil.establishSession(String)
 		try{
 			Cookie accountCookie = ServletUtil.establishSession(username,session);
+			accountCookie.setHttpOnly(true);
+			accountCookie.setSecure(true);
 			response.addCookie(accountCookie);
 			response.sendRedirect(request.getContextPath()+"/bank/main.jsp");
 			}

diff --git a/src/com/ibm/security/appscan/altoromutual/servlet/SurveyServlet.java b/src/com/ibm/security/appscan/altoromutual/servlet/SurveyServlet.java
@@ -94,11 +94,15 @@ else if (step.equals("done")){
 										!request.getSession().getAttribute("surveyStep").equals(previousStep))){
 			content = "<h1>Request Out of Order</h1>"+
 			"<div width=\"99%\"><p>It appears that you attempted to skip or repeat some areas of this survey.  Please <a href=\"survey_questions.jsp\">return to the start page</a> to begin again.</p></div>";
-		} else {		
-			request.getSession().setAttribute("surveyStep", step);
+		} else {
+			if (step != null && step.matches("^[a-zA-Z0-9]*$")) {
+				request.getSession().setAttribute("surveyStep", step);
+			} else {
+				throw new IllegalArgumentException("Invalid step parameter");
+			}
 		}
 		response.setContentType("text/html");
-		response.getWriter().write(content);
+		response.getWriter().write(ESAPI.encoder().encodeForHTML(content));
 		response.getWriter().flush();
 
 	}