PatchWork AutoFix

WebContent/static/inside_community.htm

@@ -6,12 +6,12 @@ <h1>Community Affairs</h1>
 <p>The successes of Altoro Mutual afford the opportunity to make the communities we serve better places to live, work and do business.</p>
 
 <h2>Volunteering</h2>
-<p>The employees of Altoro Mutual not only give millions of dollars in donations but thousands of hours of volunteer time to their communities each year. Learn about our current <a href="index.jsp?content=inside_volunteering.htm">volunteer programs</a>.</p>
+<p>The employees of Altoro Mutual not only give millions of dollars in donations but thousands of hours of volunteer time to their communities each year. Learn about our current <a href="https://www.example.com/index.jsp?content=inside_volunteering.htm">volunteer programs</a>.</p>
 
 <h2>Summer 2006</h2>
-<p>The 2006 community efforts of Altoro Mutual and our employees is quite impressive including charitable contributions, volunteerism, diversity initiatives, and other support.  <a href="pr/communityannualreport.pdf">View</a> the summary report (PDF, 800KB).</p>
+<p>The 2006 community efforts of Altoro Mutual and our employees is quite impressive including charitable contributions, volunteerism, diversity initiatives, and other support.  <a href="https://www.example.com/pr/communityannualreport.pdf">View</a> the summary report (PDF, 800KB).</p>
 
 <p><img src="images/adobe.gif" border=0 alt="Adobe Reader"><br />
-<a href="http://www.adobe.com/products/acrobat/readstep2.html">Download free Adobe Reader</a>.</p>
+<a href="https://www.adobe.com/products/acrobat/readstep2.html">Download free Adobe Reader</a>.</p>
 
-</div>
+</div>

src/com/ibm/security/appscan/altoromutual/servlet/LoginServlet.java

@@ -4,7 +4,7 @@
 application security testing tools. These vulnerabilities may present risks to the
 technical environment in which the application is installed. You must delete and
 uninstall this demonstration application upon completion of the demonstration for
-which it is intended. 
+which it is intended.
 
 IBM DISCLAIMS ALL LIABILITY OF ANY KIND RESULTING FROM YOUR USE OF THE APPLICATION
 OR YOUR FAILURE TO DELETE THE APPLICATION FROM YOUR ENVIRONMENT UPON COMPLETION OF
@@ -14,7 +14,7 @@
 
 IBM AltoroJ
 (c) Copyright IBM Corp. 2008, 2013 All Rights Reserved.
- */
+*/
 package com.ibm.security.appscan.altoromutual.servlet;
 
 import java.io.IOException;
@@ -31,77 +31,79 @@
 import com.ibm.security.appscan.altoromutual.util.ServletUtil;
 
 /**
- * This servlet processes user's login and logout operations
- * Servlet implementation class LoginServlet
- * @author Alexei
- */
+* This servlet processes user's login and logout operations
+* Servlet implementation class LoginServlet
+* @author Alexei
+*/
 public class LoginServlet extends HttpServlet {
-	private static final long serialVersionUID = 1L;
-	
+    private static final long serialVersionUID = 1L;
+
     /**
-     * @see HttpServlet#HttpServlet()
-     */
+    * @see HttpServlet#HttpServlet()
+    */
     public LoginServlet() {
         super();
     }
 
-	/**
-	 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
-	 */
-	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-		//log out
-		try {
-			HttpSession session = request.getSession(false);
-			session.removeAttribute(ServletUtil.SESSION_ATTR_USER);
-		} catch (Exception e){
-			// do nothing
-		} finally {
-			response.sendRedirect("index.jsp");
-		}
-
-	}
-
-	/**
-	 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
-	 */
-	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-		//log in
-		// Create session if there isn't one:
-		HttpSession session = request.getSession(true);
-
-		String username = null;
-
-		try {
-			username = request.getParameter("uid");
-			if (username != null)
-				username = username.trim().toLowerCase();
-
-			String password = request.getParameter("passw");
-			password = password.trim().toLowerCase(); //in real life the password usually is case sensitive and this cast would not be done
-
-			if (!DBUtil.isValidUser(username, password)){
-				Log4AltoroJ.getInstance().logError("Login failed >>> User: " +username + " >>> Password: " + password);
-				throw new Exception("Login Failed: We're sorry, but this username or password was not found in our system. Please try again.");
-			}
-		} catch (Exception ex) {
-			request.getSession(true).setAttribute("loginError", ex.getLocalizedMessage());
-			response.sendRedirect("login.jsp");
-			return;
-		}
-
-		//Handle the cookie using ServletUtil.establishSession(String)
-		try{
-			Cookie accountCookie = ServletUtil.establishSession(username,session);
-			response.addCookie(accountCookie);
-			response.sendRedirect(request.getContextPath()+"/bank/main.jsp");
-			}
-		catch (Exception ex){
-			ex.printStackTrace();
-			response.sendError(500);
-		}
-
-
-		return;
-	}
+    /**
+    * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
+    */
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        //log out
+        try {
+            HttpSession session = request.getSession(false);
+            session.removeAttribute(ServletUtil.SESSION_ATTR_USER);
+        } catch (Exception e){
+            // do nothing
+        } finally {
+            response.sendRedirect("index.jsp");
+        }
+
+    }
+
+    /**
+    * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
+    */
+    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        //log in
+        // Create session if there isn't one:
+        HttpSession session = request.getSession(true);
+
+        String username = null;
+
+        try {
+            username = request.getParameter("uid");
+            if (username != null)
+                username = username.trim().toLowerCase();
+
+            String password = request.getParameter("passw");
+            password = password.trim().toLowerCase(); //in real life the password usually is case sensitive and this cast would not be done
+
+            if (!DBUtil.isValidUser(username, password)){
+                Log4AltoroJ.getInstance().logError("Login failed >>> User: " +username + " >>> Password: " + password);
+                throw new Exception("Login Failed: We're sorry, but this username or password was not found in our system. Please try again.");
+            }
+        } catch (Exception ex) {
+            request.getSession(true).setAttribute("loginError", ex.getLocalizedMessage());
+            response.sendRedirect("login.jsp");
+            return;
+        }
+
+        //Handle the cookie using ServletUtil.establishSession(String)
+        try{
+            Cookie accountCookie = ServletUtil.establishSession(username,session);
+            accountCookie.setHttpOnly(true);
+            accountCookie.setSecure(true);
+            response.addCookie(accountCookie);
+            response.sendRedirect(request.getContextPath()+"/bank/main.jsp");
+            }
+        catch (Exception ex){
+            ex.printStackTrace();
+            response.sendError(500);
+        }
+
+
+        return;
+    }
 
 }