This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@RequestMapping(value={"/upload/patch"}, method={RequestMethod.POST}) | |
public A3StatusBean uploadPatch( | |
.... | |
@RequestParam(value="accessToken") String accessToken | |
@RequestParam(value="file") String file,) { | |
(...) | |
FILE = [file] | |
//SaveToPath |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
#Suggested file name: searchjars | |
if [[ $1 = "-h" || $1 = "--help" ]] | |
then | |
echo "Usage: $0 [STRING] [DIRECTORY]..." | |
echo "Search DIRECTORY(s) for Jar files. For each Jar, search the archived" | |
echo "files for STRING." | |
echo "" | |
echo "Default directory path is the current directory. Multiple directory " |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//define the source function and attacker controlled vector (which is the email address parameter) | |
val source = cpg.method.fullNameExact("org.baeldung.web.controller.RegistrationController.resetPasswordBad:org.baeldung.web.util.GenericResponse(javax.servlet.http.HttpServletRequest,java.lang.String)").parameter.evalType("java.lang.String") | |
//define email channel sink function name | |
val EMAIL_CHANNEL_SINK="org.springframework.mail.javamail.JavaMailSender.send:void(org.springframework.mail.SimpleMailMessage)" | |
//define the sink function that participates in the data flow | |
val sink = cpg.method.fullNameExact(EMAIL_CHANNEL_SINK).parameter.evalType("java.lang.String") | |
// Verify BUSINESS LOGIC FLAW check to determine if attack controller vector (email) is used in emailSend function, rather than the registered user email (determined after fetch from DB in step #1) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//define the source function and attacker controlled vector (which is the email address parameter) | |
val source = cpg.method.fullNameExact("org.baeldung.web.controller.RegistrationController.resetPasswordBad:org.baeldung.web.util.GenericResponse(javax.servlet.http.HttpServletRequest,java.lang.String)").parameter.evalType("java.lang.String") | |
// The DB lookup function is a part of the IUserService interface, implemented by UserService here https://github.com/conikeec/spring-security-registration/blob/master/src/main/java/org/baeldung/service/UserService.java#L136 | |
val DB_LOOKUP_FN_EXPR = ".*findUserByEmail.*" | |
//define the sink function that participates in the data flow | |
val sink = cpg.method.name(DB_LOOKUP_FN_EXPR).parameter.evalType("java.lang.String") | |
// Verify BUSINESS LOGIC FLAW check to determine if attack controller vector (email) is caseFolded prior to DB lookup |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
git clone git@github.com:conikeec/spring-security-registration.git | |
cd spring-security-registration | |
//compile and create package artifact | |
mvn -Dmaven.test.skip=true clean package | |
// Download trial distribution of Ocular (https://ocular.shiftleft.io). Install and thereafter fire up the prompt to commence investigation | |
./ocular.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"results": [ | |
{ | |
"verifyingFunction": "WebSecurityConfigurerAdapterEnabled", | |
"configured": true, | |
"coordinates": [ | |
[ | |
{ | |
"name": "org.conikee.rest.config.SecurityConfig.configure:void(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder)", | |
"fileName": "org/conikee/rest/config/SecurityConfig.java", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"name" : "@SensitiveRedact", | |
"modelName" : "io.shiftleft.tarpit.model.Order", | |
"members" : [ | |
"creditCardNumber" | |
], | |
"baseTypes" : [ | |
"Object" | |
], | |
"isToStringOverriden" : true, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
git clone git@github.com:conikeec/tarpit.git | |
cd tarpit | |
mvn clean compile | |
// Download trial distribution of Ocular. Install and thereafter fire up the prompt to commence investigation | |
./ocular.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Clone and build the project | |
git clone git@github.com:conikeec/tarpit.git | |
cd tarpit | |
mvn clean compile | |
// Download trial distribution of Ocular. Install and thereafter fire up the prompt to commence investigation |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
val source = serverCpg.method.name("wrapStream").methodReturn | |
val sink = serverCpg.method.fullName(".*ObjectInputStream.*readObject.*").parameter | |
val exploitiveFlow = sink.reachableBy(source).flows.p | |
[main] INFO mainTasksSize: 1, reachedEndNode: 1, | |
res16: List[String] = List( | |
""" ________________________________________________________________________________________________________________________________________ | |
| tracked | lineNumber| method | file | |