This week's book giveaway is in the Kotlin forum.
We're giving away four copies of Kotlin in Action and have Dmitry Jemerov & Svetlana Isakova on-line!
See this thread for details.
Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

AppDos Vulnerability with BufferedReader.readLine()  RSS feed

 
thiru maram
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi when my application is going through an security scanner I am getting AppDos Vulnerability error...

Could anyone help me out on this issue?Thanks in advance...My Code Goes here.

public static void parse(BufferedReader reader, PrintWriter writer) throws Exception
{
String line = null;
while((line = reader.readLine())!= null)
{

// Remove JavaScript
if (isPartOfString("somecode", line))
{
while ((!isPartOfString("somecode", line)) && ((line = reader.readLine())!= null));
continue;
}

// Remove comments
if (isPartOfString("somecode", line))
{
while ((!isPartOfString("somecode", line)) && ((line = reader.readLine())!= null));
continue;
}

//Replace images
if (isPartOfString("somecode", line) || isPartOfString("somecode", line))
{
continue;
}
else
{
String replacementStr;
if (isPartOfString("somestring", line))
{
replacementStr = "somestring";

if (isPartOfString("somestring", line))
{
replacementStr = "somestring";
}
if (isPartOfString(somestring, line))
{
replacementStr = somestring;
}
line = replaceImgTag(line, replacementStr);

}
else
{
if (isPartOfString(somestring, line))
{
replacementStr = somestring;
if (isPartOfString(somestring, line))
{
replacementStr = somestring;
}
line = replaceImgTag(line, replacementStr);
}
else
{
if (isPartOfString(somestring, line))
{
line = somestring;
}
}
}
}
line = line.trim();

if (line.length() > 0)
{
writer.println(line);
}
}
writer.flush();
reader.close();
}
 
Paul Clapham
Sheriff
Posts: 22493
43
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When I googled for the keywords "AppDos Vulnerability" I got this thread and some other links. This link probably explains the message you're getting.
 
thiru maram
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Could you clear me here..

What is the difference with that buffer which has the same size of the line which i am reading from the buffer.
1) What I meant to say is both are one and the same.

2) I could not able to anticipate the max_buffer_size in my case.
 
Tim Holloway
Bartender
Posts: 18709
71
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A buffered reader for a string (line) would do something like this, by default:


So there are actually 2 potential offences here. First, a really long inputstream without a line terminator in it will cause output to get bigger and bigger and bigger until memory is exhausted. Secondly, since the actual storage used by output is a fixed size, periodically the string manager will run out of room and have to re-allocate a new character buffer within the String, so that's extra processing overhead.

To avoid this, their recommended practice is basically to implement your own version of the readLine method, but to put a check in at the point I marked (XXXX) that says once a certain number of characters have been processed, something is wrong. Throw an exception or truncate the string.

Note that I have simplified what actually happens here, so don't try to use this code verbatim!
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!