what does String getname() signifies?

public class AttackName {

    /**
     * @param args the command line arguments
     */
    DatacenterBroker broker;
    String fname, lname1, card;

    public DatacenterBroker attack(String path, String fname, String lname) {
        try {


            String filepath = path;
            DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
            DocumentBuilder db = dbf.newDocumentBuilder();
            Document doc = db.parse(filepath);
            doc.getDocumentElement().normalize();
            System.out.println("attacker doing attack");
            System.out.println("xpath query #1");


            XPathFactory xpf = XPathFactory.newInstance();
            XPath xpath = xpf.newXPath();
            XPathExpression expr = xpath.compile("//employee[firstname/text()='"+fname+"']/credit_card/text()");

            Object res = expr.evaluate(doc, XPathConstants.NODESET);

            NodeList nodes = (NodeList) res;
            for (int i = 0; i < nodes.getLength(); i++) {
                card = nodes.item(i).getNodeValue();

            }

            XPathFactory xpf1 = XPathFactory.newInstance();
            XPath xpath1 = xpf1.newXPath();
            XPathExpression expr1 = xpath1.compile("//employee[firstname/text()='"+fname+"']/lastname/text()");

            Object res1 = expr1.evaluate(doc, XPathConstants.NODESET);

            NodeList nodes1 = (NodeList) res1;
            for (int i = 0; i < nodes1.getLength(); i++) {
                lname1 = nodes1.item(i).getNodeValue();

            }

            System.out.println("attacker doing attack");
            System.out.println("xpath query #2");
            xpf = XPathFactory.newInstance();
            xpath = xpf.newXPath();
            expr = xpath.compile("//employee[firstname/text()='efg' ]/credit_card/text()");

            res = expr.evaluate(doc, XPathConstants.NODESET);

            nodes = (NodeList) res;
            for (int i = 0; i < nodes.getLength(); i++) {
                System.out.println(nodes.item(i).getNodeValue());
            }

            System.out.println("attacker doing attack");

            System.out.println("xpath query #3");
            xpf = XPathFactory.newInstance();
            xpath = xpf.newXPath();
            expr = xpath.compile("//employee[firstname/text()='"+fname+"' and lastname/text()='']/credit_card/text()");

            }

            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        return broker;
    }

    public String getLname(){        
        return lname1;
    }

    public String getCard(){
        return card;
    }
}

I am doing xpath injection attack? I have the code with me. I want to understand the code. The rest is fine. but I want to know that what does String getLname() and String getcard() signifies in the code?

thanks in advance.


Source: xml

Leave a Reply