Skip to content

Commit

Permalink
Add front end servlet method invocation JSP taint application validat…
Browse files Browse the repository at this point in the history 
…ion.
  • Loading branch information
skenny committed Jul 22, 2015
1 parent 3508f9b commit 30c806c
Show file tree
Hide file tree
Showing 7 changed files with 292 additions and 0 deletions.
185 changes: 185 additions & 0 deletions src/main/java/com/waratek/spiracle/sql/servlet/misc/HttpRequestMethod.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,185 @@
package com.waratek.spiracle.sql.servlet.misc;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.log4j.Logger;

/**
* Servlet implementation class HttpRequestMethod
*/
@WebServlet("/HttpRequestMethod")
public class HttpRequestMethod extends HttpServlet {
private static final Logger logger = Logger.getLogger(HttpRequestMethod.class);
private static final long serialVersionUID = 1L;

private final String GET_HEADER = "getHeader";
private final String GET_HEADERS = "getHeaders";
private final String GET_METHOD = "getMethod";
private final String GET_PATH_INFO = "getPathInfo";
private final String GET_PATH_TRANSLATED = "getPathTranslated";
private final String GET_QUERY_STRING = "getQueryString";
private final String GET_REQUEST_URI = "getRequestURI";
private final String GET_REQUEST_URL = "getRequestURL";
private final String GET_SERVLET_PATH = "getServletPath";

private final String GET_COMMENT = "getComment";
private final String GET_NAME = "getName";
private final String GET_DOMAIN = "getDomain";
private final String GET_PATH = "getPath";
private final String GET_VALUE = "getValue";

private Map<String, Integer> methodMap;

/**
* @see HttpServlet#HttpServlet()
*/
public HttpRequestMethod() {
super();
methodMap = new HashMap<String, Integer>();

methodMap.put(GET_HEADER, 0);
methodMap.put(GET_HEADERS, 1);
methodMap.put(GET_METHOD, 2);
methodMap.put(GET_PATH_INFO, 3);
methodMap.put(GET_PATH_TRANSLATED, 4);
methodMap.put(GET_QUERY_STRING, 5);
methodMap.put(GET_REQUEST_URI, 6);
methodMap.put(GET_REQUEST_URL, 7);
methodMap.put(GET_SERVLET_PATH, 8);

methodMap.put(GET_COMMENT, 9);
methodMap.put(GET_NAME, 10);
methodMap.put(GET_DOMAIN, 11);
methodMap.put(GET_PATH, 12);
methodMap.put(GET_VALUE, 13);
}

/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
invoke(request, response);
}

/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
invoke(request, response);
}

public void invoke(HttpServletRequest request, HttpServletResponse response) throws IOException {
HttpSession session = request.getSession();
Cookie [] cookies = request.getCookies();
String method = request.getParameter("method");
String arg = request.getParameter("arg");

String methodReturn = "";

if(method != null && !method.isEmpty()) {
int invokeVar = methodMap.get(method);
switch (invokeVar) {
case 0:
if(arg != null && !arg.isEmpty()) {
System.out.println(arg);
methodReturn = request.getHeader(arg);
session.setAttribute("methodReturn", methodReturn);
logger.info(method + " - " + request.getHeader(arg));
}
break;
case 1:
if(arg != null && !arg.isEmpty()) {
methodReturn = request.getHeaders(arg).toString();
session.setAttribute("methodReturn", methodReturn);
logger.info(method + " - " + request.getHeaders(arg));
}
break;
case 2:
methodReturn = request.getMethod();
session.setAttribute("methodReturn", methodReturn);
logger.info(method + " - " + request.getMethod());
break;
case 3:
methodReturn = request.getPathInfo();
session.setAttribute("methodReturn", methodReturn);
logger.info(method + " - " + request.getPathInfo());
break;
case 4:
methodReturn = request.getPathTranslated();
session.setAttribute("methodReturn", methodReturn);
logger.info(method + " - " + request.getPathTranslated());
break;
case 5:
methodReturn = request.getQueryString();
session.setAttribute("methodReturn", methodReturn);
logger.info(method + " - " + request.getQueryString());
break;
case 6:
methodReturn = request.getRequestURI();
session.setAttribute("methodReturn", methodReturn);
logger.info(method + " - " + request.getRequestURI());
break;
case 7:
methodReturn = request.getRequestURL().toString();
session.setAttribute("methodReturn", methodReturn);
logger.info(method + " - " + request.getRequestURL());
break;
case 8:
methodReturn = request.getServletPath();
session.setAttribute("methodReturn", methodReturn);
logger.info(method + " - " + request.getServletPath());
break;
case 9:
if(cookies.length > 0) {
methodReturn = cookies[0].getComment();
session.setAttribute("methodReturn", methodReturn);
logger.info(method + " - " + cookies[0].getComment());
}
break;
case 10:
if(cookies.length > 0) {
methodReturn = cookies[0].getName();
session.setAttribute("methodReturn", methodReturn);
logger.info(method + " - " + cookies[0].getName());
}
break;
case 11:
if(cookies.length > 0) {
methodReturn = cookies[0].getDomain();
session.setAttribute("methodReturn", methodReturn);
logger.info(method + " - " + cookies[0].getDomain());
}
break;
case 12:
if(cookies.length > 0) {
methodReturn = cookies[0].getPath();
session.setAttribute("methodReturn", methodReturn);
logger.info(method + " - " + cookies[0].getPath());
}
break;
case 13:
if(cookies.length > 0) {
methodReturn = cookies[0].getValue();
session.setAttribute("methodReturn", methodReturn);
logger.info(method + " - " + cookies[0].getValue());
}
break;
default:
break;
}
}
response.sendRedirect("misc.jsp");
}
}
1 change: 1 addition & 0 deletions src/main/webapp/file.jsp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
<li class="active"><a href="file.jsp">File</a></li>
<li><a href="network.jsp">Network</a></li>
<li><a href="sql.jsp">SQL</a></li>
<li><a href="misc.jsp">Misc</a></li>
</ul>
</div>
</div>
Expand Down
1 change: 1 addition & 0 deletions src/main/webapp/index.jsp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
<li><a href="file.jsp">File</a></li>
<li><a href="network.jsp">Network</a></li>
<li><a href="sql.jsp">SQL</a></li>
<li><a href="misc.jsp">Misc</a></li>
</ul>
</div>
</div>
Expand Down
94 changes: 94 additions & 0 deletions src/main/webapp/misc.jsp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="stylesheet" type="text/css" href="css/bootstrap.min.css">
<link rel="stylesheet" type="text/css"
href="css/bootstrap-theme.min.css">
<link rel="stylesheet" type="text/css" href="css/style.css">
<title>Spiracle - Misc</title>
</head>

<body>
<div class="navbar navbar-default navbar-fixed-top" role="navigation">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed"
data-toggle="collapse" data-target=".navbar-collapse">
<span class="sr-only">Toggle navigation</span> <span
class="icon-bar"></span> <span class="icon-bar"></span> <span
class="icon-bar"></span>
</button>
<a class="navbar-brand" href="index.jsp">Spiracle</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav">
<li><a href="index.jsp">Overview</a></li>
<li><a href="file.jsp">File</a></li>
<li><a href="network.jsp">Network</a></li>
<li><a href="sql.jsp">SQL</a></li>
<li class="active"><a href="misc.jsp">Misc</a></li>
</ul>
</div>
</div>
</div>

<div class="container">
<%
String methodReturn = (String) session.getAttribute("methodReturn");
if (methodReturn == null) {
methodReturn = "";
}
%>
<h1>Misc</h1>
<div class="panel panel-default">
<div class="panel-heading">HttpServletRequest Method Return</div>
<div class="panel-body">
<form action="HttpRequestMethod" method="post">
<select name="method">
<option value="getHeader">getHeader()</option>
<option value="getHeaders">getHeaders()</option>
<option value="getMethod">getMethod()</option>
<option value="getPathInfo">getPathInfo()</option>
<option value="getPathTranslated">getPathTranslated()</option>
<option value="getQueryString">getQueryString()</option>
<option value="getRequestURI">getRequestURI()</option>
<option value="getRequestURL">getRequestURL()</option>
<option value="getServletPath">getServletPath()</option>
<option value="getComment">getComment()</option>
<option value="getName">getName()</option>
<option value="getDomain">getDomain()</option>
<option value="getPath">getPath()</option>
<option value="getValue">getValue()</option>
</select>
<input type="text" name="arg">
<input type="submit">
</form>
</div>
<div class="panel-footer">
Return Value: <%=methodReturn%>
</div>
</div>
</div>

<footer class="footer">
<div class="container">
<ul class="list-inline">
<li><a href="./LICENSE.html">License</a></li>
<li>&middot;</li>
<li><a href="https://github.com/waratek/spiracle">GitHub</a></li>
<li>&middot;</li>
<li><a href="https://github.com/waratek/spiracle/releases">Releases</a></li>
</ul>
</div>
</footer>

<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="js/jquery.min.js"></script>
<script src="js/bootstrap.min.js"></script>
</body>
</html>
1 change: 1 addition & 0 deletions src/main/webapp/network.jsp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
<li><a href="file.jsp">File</a></li>
<li class="active"><a href="network.jsp">Network</a></li>
<li><a href="sql.jsp">SQL</a></li>
<li><a href="misc.jsp">Misc</a></li>
</ul>
</div>
</div>
Expand Down
1 change: 1 addition & 0 deletions src/main/webapp/sql.jsp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
<li><a href="file.jsp">File</a></li>
<li><a href="network.jsp">Network</a></li>
<li class="active"><a href="sql.jsp">SQL</a></li>
<li><a href="misc.jsp">Misc</a></li>
</ul>
</div>
</div>
Expand Down
9 changes: 9 additions & 0 deletions src/main/xml/web-25.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,15 @@
<url-pattern>/UrlServlet</url-pattern>
</servlet-mapping>

<servlet>
<servlet-name>HttpRequestMethod</servlet-name>
<servlet-class>com.waratek.spiracle.sql.servlet.misc.HttpRequestMethodt</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>HttpRequestMethod</servlet-name>
<url-pattern>/HttpRequestMethod</url-pattern>
</servlet-mapping>

<servlet>
<servlet-name>MsSql_Get_Implicit_Join</servlet-name>
<servlet-class>com.waratek.spiracle.sql.servlet.mssql.MsSql_Get_Implicit_Join</servlet-class>
Expand Down

0 comments on commit 30c806c

Please sign in to comment.