Fix some more unintended XSS vulns.

Author: davewichers

src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00001.java

@@ -75,7 +75,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
 			response.getWriter().write(org.owasp.esapi.ESAPI.encoder().encodeForHTML(new String(b,0,size)));
 		} catch (Exception e) {
             System.out.println("Couldn't open FileInputStream on file: '" + fileName + "'");
-			response.getWriter().write("Problem getting FileInputStream: " + e.getMessage());
+			response.getWriter().write("Problem getting FileInputStream: " 
+				+ org.owasp.esapi.ESAPI.encoder().encodeForHTML(e.getMessage()));
         } finally {
 			if (fis != null) {
                 try {

src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00054.java

@@ -62,11 +62,11 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
 
 
 		String bar = "safe!";
-		java.util.HashMap<String,Object> map17757 = new java.util.HashMap<String,Object>();
-		map17757.put("keyA-17757", "a Value"); // put some stuff in the collection
-		map17757.put("keyB-17757", param); // put it in a collection
-		map17757.put("keyC", "another Value"); // put some stuff in the collection
-		bar = (String)map17757.get("keyB-17757"); // get it back out
+		java.util.HashMap<String,Object> map25110 = new java.util.HashMap<String,Object>();
+		map25110.put("keyA-25110", "a Value"); // put some stuff in the collection
+		map25110.put("keyB-25110", param); // put it in a collection
+		map25110.put("keyC", "another Value"); // put some stuff in the collection
+		bar = (String)map25110.get("keyB-25110"); // get it back out
 
 
 		// Code based on example from:

src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00055.java

@@ -62,11 +62,11 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
 
 
 		String bar = "safe!";
-		java.util.HashMap<String,Object> map51918 = new java.util.HashMap<String,Object>();
-		map51918.put("keyA-51918", "a Value"); // put some stuff in the collection
-		map51918.put("keyB-51918", param); // put it in a collection
-		map51918.put("keyC", "another Value"); // put some stuff in the collection
-		bar = (String)map51918.get("keyB-51918"); // get it back out
+		java.util.HashMap<String,Object> map30297 = new java.util.HashMap<String,Object>();
+		map30297.put("keyA-30297", "a Value"); // put some stuff in the collection
+		map30297.put("keyB-30297", param); // put it in a collection
+		map30297.put("keyC", "another Value"); // put some stuff in the collection
+		bar = (String)map30297.get("keyB-30297"); // get it back out
 
 
 		// Code based on example from:

src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00056.java

@@ -62,20 +62,20 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
 
 
 		// Chain a bunch of propagators in sequence
-		String a3441 = param; //assign
-		StringBuilder b3441 = new StringBuilder(a3441);  // stick in stringbuilder
-		b3441.append(" SafeStuff"); // append some safe content
-		b3441.replace(b3441.length()-"Chars".length(),b3441.length(),"Chars"); //replace some of the end content
-		java.util.HashMap<String,Object> map3441 = new java.util.HashMap<String,Object>();
-		map3441.put("key3441", b3441.toString()); // put in a collection
-		String c3441 = (String)map3441.get("key3441"); // get it back out
-		String d3441 = c3441.substring(0,c3441.length()-1); // extract most of it
-		String e3441 = new String( new sun.misc.BASE64Decoder().decodeBuffer( 
-		    new sun.misc.BASE64Encoder().encode( d3441.getBytes() ) )); // B64 encode and decode it
-		String f3441 = e3441.split(" ")[0]; // split it on a space
+		String a22167 = param; //assign
+		StringBuilder b22167 = new StringBuilder(a22167);  // stick in stringbuilder
+		b22167.append(" SafeStuff"); // append some safe content
+		b22167.replace(b22167.length()-"Chars".length(),b22167.length(),"Chars"); //replace some of the end content
+		java.util.HashMap<String,Object> map22167 = new java.util.HashMap<String,Object>();
+		map22167.put("key22167", b22167.toString()); // put in a collection
+		String c22167 = (String)map22167.get("key22167"); // get it back out
+		String d22167 = c22167.substring(0,c22167.length()-1); // extract most of it
+		String e22167 = new String( new sun.misc.BASE64Decoder().decodeBuffer( 
+		    new sun.misc.BASE64Encoder().encode( d22167.getBytes() ) )); // B64 encode and decode it
+		String f22167 = e22167.split(" ")[0]; // split it on a space
 		org.owasp.benchmark.helpers.ThingInterface thing = org.owasp.benchmark.helpers.ThingFactory.createThing();
-		String g3441 = "barbarians_at_the_gate";  // This is static so this whole flow is 'safe'
-		String bar = thing.doSomething(g3441); // reflection
+		String g22167 = "barbarians_at_the_gate";  // This is static so this whole flow is 'safe'
+		String bar = thing.doSomething(g22167); // reflection
 
 
 		// Code based on example from:

src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00058.java

@@ -62,11 +62,11 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
 
 
 		String bar = "safe!";
-		java.util.HashMap<String,Object> map40361 = new java.util.HashMap<String,Object>();
-		map40361.put("keyA-40361", "a Value"); // put some stuff in the collection
-		map40361.put("keyB-40361", param); // put it in a collection
-		map40361.put("keyC", "another Value"); // put some stuff in the collection
-		bar = (String)map40361.get("keyB-40361"); // get it back out
+		java.util.HashMap<String,Object> map68278 = new java.util.HashMap<String,Object>();
+		map68278.put("keyA-68278", "a Value"); // put some stuff in the collection
+		map68278.put("keyB-68278", param); // put it in a collection
+		map68278.put("keyC", "another Value"); // put some stuff in the collection
+		bar = (String)map68278.get("keyB-68278"); // get it back out
 
 
 		// Code based on example from:

src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00068.java

@@ -62,12 +62,12 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
 
 
 		String bar = "safe!";
-		java.util.HashMap<String,Object> map32721 = new java.util.HashMap<String,Object>();
-		map32721.put("keyA-32721", "a_Value"); // put some stuff in the collection
-		map32721.put("keyB-32721", param); // put it in a collection
-		map32721.put("keyC", "another_Value"); // put some stuff in the collection
-		bar = (String)map32721.get("keyB-32721"); // get it back out
-		bar = (String)map32721.get("keyA-32721"); // get safe value back out
+		java.util.HashMap<String,Object> map3191 = new java.util.HashMap<String,Object>();
+		map3191.put("keyA-3191", "a_Value"); // put some stuff in the collection
+		map3191.put("keyB-3191", param); // put it in a collection
+		map3191.put("keyC", "another_Value"); // put some stuff in the collection
+		bar = (String)map3191.get("keyB-3191"); // get it back out
+		bar = (String)map3191.get("keyA-3191"); // get safe value back out
 
 
 	org.owasp.benchmark.helpers.LDAPManager ads = new org.owasp.benchmark.helpers.LDAPManager();

src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00069.java

@@ -61,8 +61,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
 		}
 
 
-		StringBuilder sbxyz4183 = new StringBuilder(param);
-		String bar = sbxyz4183.append("_SafeStuff").toString();
+		StringBuilder sbxyz78173 = new StringBuilder(param);
+		String bar = sbxyz78173.append("_SafeStuff").toString();
 
 
 		java.security.Provider[] provider = java.security.Security.getProviders();

src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00070.java

@@ -62,12 +62,12 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
 
 
 		String bar = "safe!";
-		java.util.HashMap<String,Object> map27057 = new java.util.HashMap<String,Object>();
-		map27057.put("keyA-27057", "a_Value"); // put some stuff in the collection
-		map27057.put("keyB-27057", param); // put it in a collection
-		map27057.put("keyC", "another_Value"); // put some stuff in the collection
-		bar = (String)map27057.get("keyB-27057"); // get it back out
-		bar = (String)map27057.get("keyA-27057"); // get safe value back out
+		java.util.HashMap<String,Object> map3008 = new java.util.HashMap<String,Object>();
+		map3008.put("keyA-3008", "a_Value"); // put some stuff in the collection
+		map3008.put("keyB-3008", param); // put it in a collection
+		map3008.put("keyC", "another_Value"); // put some stuff in the collection
+		bar = (String)map3008.get("keyB-3008"); // get it back out
+		bar = (String)map3008.get("keyA-3008"); // get safe value back out
 
 
 		java.security.Provider[] provider = java.security.Security.getProviders();

src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00075.java

@@ -62,12 +62,12 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
 
 
 		String bar = "safe!";
-		java.util.HashMap<String,Object> map11448 = new java.util.HashMap<String,Object>();
-		map11448.put("keyA-11448", "a_Value"); // put some stuff in the collection
-		map11448.put("keyB-11448", param); // put it in a collection
-		map11448.put("keyC", "another_Value"); // put some stuff in the collection
-		bar = (String)map11448.get("keyB-11448"); // get it back out
-		bar = (String)map11448.get("keyA-11448"); // get safe value back out
+		java.util.HashMap<String,Object> map25859 = new java.util.HashMap<String,Object>();
+		map25859.put("keyA-25859", "a_Value"); // put some stuff in the collection
+		map25859.put("keyB-25859", param); // put it in a collection
+		map25859.put("keyC", "another_Value"); // put some stuff in the collection
+		bar = (String)map25859.get("keyB-25859"); // get it back out
+		bar = (String)map25859.get("keyA-25859"); // get safe value back out
 
 
 		try {

src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00092.java

@@ -62,11 +62,11 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
 
 
 		String bar = "safe!";
-		java.util.HashMap<String,Object> map93520 = new java.util.HashMap<String,Object>();
-		map93520.put("keyA-93520", "a Value"); // put some stuff in the collection
-		map93520.put("keyB-93520", param); // put it in a collection
-		map93520.put("keyC", "another Value"); // put some stuff in the collection
-		bar = (String)map93520.get("keyB-93520"); // get it back out
+		java.util.HashMap<String,Object> map45182 = new java.util.HashMap<String,Object>();
+		map45182.put("keyA-45182", "a Value"); // put some stuff in the collection
+		map45182.put("keyB-45182", param); // put it in a collection
+		map45182.put("keyC", "another Value"); // put some stuff in the collection
+		bar = (String)map45182.get("keyB-45182"); // get it back out
 
 
 		response.getWriter().println(bar);