Answered step by step
Verified Expert Solution
Question
1 Approved Answer
find the vulnerability category. Options are below import org.springframework.web.bind.annotation.M.odelatt gibutes import org.springframework.web.bind.annotation.pativariables import org.springframework.web.bind.annotation. Requestmappings import org.springframework.web.bind.annotation.Requesthethods import org.springframework.web.servlet.mvc.support.RedirectAttributes; public class UserhomeController f private static
find the vulnerability category. Options are below
import org.springframework.web.bind.annotation.M.odelatt gibutes import org.springframework.web.bind.annotation.pativariables import org.springframework.web.bind.annotation. Requestmappings import org.springframework.web.bind.annotation.Requesthethods import org.springframework.web.servlet.mvc.support.RedirectAttributes; public class UserhomeController f private static final Logger logger = Logger.getLogger(UserhomeController.class); QAutowired private UserInfoSenvice userservice; QAutowired private FileUploadservice filleUploadservice; evalue("\$\{upload. location } ") private String UPLOAD DIR PATH; QAutowired StorageEncryptionservice storagencryptionservice; * render the User Home Page * Oreturn y public String vievusentonerage(htotpsecviletiequest request, Hodel nodel, Redirectattributes redir) \& /logs exception (Niogger-error("This is Eenor message at getloginpage method n, new Exception("page Error )); Userinfo user = (Userinfo)request, getsession(false). getattiribute("usern); model, addattinibute (Hilistoffiles; 1 is toffilies)/5 return Appeonstants URL USER Hine; UserFileInfo userfileInfo = fileUploadService,getFilebyId(fileId); String dirPath = AppUtil.getUploadFilePath(UPLOAD DIR PATH, userFileInfo.getFileowner()); String fileName = AppUti1,getUploadFileNameWithPrefix(userfileInfo.getFileName()); // check if file exist in server or not before download the file if (IApputil. checkIfFileExistInServer(dirPath+File. separator+fileName)) \{ //5ystem. out. println ("File not found.."); logger.error("File is invalid, can not be read,", new ApplicationException(AppConstants.INVALID_FILE_CODE, "File is invalid, can not be read.")); sendHome(request, response, "error"); 3 redir-addFlashAttribute("ownerId", userFileInfo, getFileowner()); redir-addF1ashAttribute("filename", userfileinfo, getFilename()); downloadfile(userfileinfo. getfileo,iner(), userfileinfo,getfileniame(), userfileinfo-getEncryptionkey(), response); If redirect the page in the case to error when domiloading the file private void sendHome(HttpServletRequest request, HittpServletresponse response, String page) throws IOException, ServletExceptionf response.sendRedirect(request.getContextPath ()+"+page)i/1 I 3 Jump. Jeasch( Nu berfon atijxception e)\{ redir-addiashateribute("errorMessage", "Link was broken or invalid file."); return "redirect:/home"; 3 Userfiletnfo dbFileInfo = fileUploadService.getFilebyId(fileId); model. addattribute("userFileInfo", dbFileInfo); return AppConstants.URL_USER_UPLOAD; 3 f * To delete the uploaded file if user is authorized * eparam request * Qparam model * ereturn *f long fileId =01 //logs exception If (user=mi11) neturn "redirect:/invaliduser"; trg{ fileId = Long, valucof ( 1d ) 9 redir.addFlashAttribute("erronkessage", "Link was broken or invalid file."); return "redirect:/home"; 3 UserfileInfo fileinfo = fileUploadService. getFilebyId(fileId); If ( fileInfo ==nu11)t^ redir.addF1ashAttribute("erformessage", "File not exist. ") s return "redirect:/home"s 3 fileuploadservice,deleteUserfile (fileinfo); redir.addFlashAttribute( success Message", "The fille is successfunly deleted. "); return "redinect:/home": jparan usertid oreturn private ListuUserfileInfo> getListoffilesperimitted(long userId) \{ List 1istoffiles a new ArroyListeUserfileInfo>(); 1istoffiles = fileUploadService - GetA11PermittedfilesforUserId(userId); return listoffiles; 3 * Method used to populate the user 1st in view. * Note that here you can call external systems to provide real data. */ GHodelattribute("11stuser") Userinfo loginuser = (Userinfo)request. getsession(false).getAttribute("user"); List userList = userservice.getuserListWithCustomerRole(); while (iterator.haskext()) f if (iterator, next() , Betid ()=10ginuser,B tid ()) i iterator, renove()s breaks 3 3 return userlists 3 3 Select Vulnerability Category Identify the type of vulnerability present in the code and select it from the options below. The vulnerable files and lines of code have been marked with x
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started