File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes IDEs, Version Control and other tools and the fly likes AppDos Vulnerability with BufferedReader.readLine() Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » IDEs, Version Control and other tools
Bookmark "AppDos Vulnerability with BufferedReader.readLine() " Watch "AppDos Vulnerability with BufferedReader.readLine() " New topic
Author

AppDos Vulnerability with BufferedReader.readLine()

thiru maram
Greenhorn

Joined: Sep 13, 2009
Posts: 4
Hi when my application is going through an security scanner I am getting AppDos Vulnerability error...

Could anyone help me out on this issue?Thanks in advance...My Code Goes here.

public static void parse(BufferedReader reader, PrintWriter writer) throws Exception
{
String line = null;
while((line = reader.readLine())!= null)
{

// Remove JavaScript
if (isPartOfString("somecode", line))
{
while ((!isPartOfString("somecode", line)) && ((line = reader.readLine())!= null));
continue;
}

// Remove comments
if (isPartOfString("somecode", line))
{
while ((!isPartOfString("somecode", line)) && ((line = reader.readLine())!= null));
continue;
}

//Replace images
if (isPartOfString("somecode", line) || isPartOfString("somecode", line))
{
continue;
}
else
{
String replacementStr;
if (isPartOfString("somestring", line))
{
replacementStr = "somestring";

if (isPartOfString("somestring", line))
{
replacementStr = "somestring";
}
if (isPartOfString(somestring, line))
{
replacementStr = somestring;
}
line = replaceImgTag(line, replacementStr);

}
else
{
if (isPartOfString(somestring, line))
{
replacementStr = somestring;
if (isPartOfString(somestring, line))
{
replacementStr = somestring;
}
line = replaceImgTag(line, replacementStr);
}
else
{
if (isPartOfString(somestring, line))
{
line = somestring;
}
}
}
}
line = line.trim();

if (line.length() > 0)
{
writer.println(line);
}
}
writer.flush();
reader.close();
}
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18882
    
    8

When I googled for the keywords "AppDos Vulnerability" I got this thread and some other links. This link probably explains the message you're getting.
thiru maram
Greenhorn

Joined: Sep 13, 2009
Posts: 4
Could you clear me here..

What is the difference with that buffer which has the same size of the line which i am reading from the buffer.
1) What I meant to say is both are one and the same.

2) I could not able to anticipate the max_buffer_size in my case.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16228
    
  21

A buffered reader for a string (line) would do something like this, by default:


So there are actually 2 potential offences here. First, a really long inputstream without a line terminator in it will cause output to get bigger and bigger and bigger until memory is exhausted. Secondly, since the actual storage used by output is a fixed size, periodically the string manager will run out of room and have to re-allocate a new character buffer within the String, so that's extra processing overhead.

To avoid this, their recommended practice is basically to implement your own version of the readLine method, but to put a check in at the point I marked (XXXX) that says once a certain number of characters have been processed, something is wrong. Throw an exception or truncate the string.

Note that I have simplified what actually happens here, so don't try to use this code verbatim!

Customer surveys are for companies who didn't pay proper attention to begin with.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: AppDos Vulnerability with BufferedReader.readLine()