diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..1aff237 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,5 @@ +target/ +.git/ +.idea/ +*.iml +mise.toml diff --git a/.gitignore b/.gitignore index 98842dc..b9cc0bc 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,5 @@ /target/ -/src/main/webapp/WEB-INF/lib/ojdbc14.jar /src/main/webapp/WEB-INF/lib/ojdbc6.jar -/src/main/webapp/WEB-INF/lib/db2jcc.jar # Intellij .idea/ diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..5f5f9e5 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,51 @@ +# Stage 1: build the WAR using Java 8 + Maven +FROM maven:3.9-eclipse-temurin-8 AS build + +WORKDIR /build +COPY pom.xml . +COPY src ./src + +RUN mvn install -Dversion.jdk=1.4 -Dversion.webxml=25 -DskipTests -q + +# --------------------------------------------------------------------------- +# Stage 2: runtime — Tomcat 9 + JRE 8 +# --------------------------------------------------------------------------- +FROM tomcat:9-jre8-temurin AS runtime + +# Remove default webapps +RUN rm -rf "$CATALINA_HOME/webapps/ROOT" \ + "$CATALINA_HOME/webapps/docs" \ + "$CATALINA_HOME/webapps/examples" \ + "$CATALINA_HOME/webapps/host-manager" \ + "$CATALINA_HOME/webapps/manager" + +# Copy and pre-explode the WAR so the entrypoint can edit conf/ on disk +COPY --from=build /build/target/spiracle.war /tmp/spiracle.war +RUN apt-get update -qq && apt-get install -y --no-install-recommends unzip && rm -rf /var/lib/apt/lists/* \ + && mkdir -p "$CATALINA_HOME/webapps/spiracle" \ + && unzip -q /tmp/spiracle.war -d "$CATALINA_HOME/webapps/spiracle" \ + && rm /tmp/spiracle.war + +# ---- JDBC drivers (downloaded at image build time from Maven Central) ---- + +# MySQL Connector/J 5.1.49 — has com.mysql.jdbc.Driver (legacy classname) +RUN curl -fsSL \ + "https://repo1.maven.org/maven2/mysql/mysql-connector-java/5.1.49/mysql-connector-java-5.1.49.jar" \ + -o "$CATALINA_HOME/lib/mysql-connector-java-5.1.49.jar" + +# MSSQL JDBC — jre8 classifier +RUN curl -fsSL \ + "https://repo1.maven.org/maven2/com/microsoft/sqlserver/mssql-jdbc/12.4.2.jre8/mssql-jdbc-12.4.2.jre8.jar" \ + -o "$CATALINA_HOME/lib/mssql-jdbc-12.4.2.jre8.jar" + +# Oracle ojdbc8 — Java 8 compatible +RUN curl -fsSL \ + "https://repo1.maven.org/maven2/com/oracle/database/jdbc/ojdbc8/21.13.0.0/ojdbc8-21.13.0.0.jar" \ + -o "$CATALINA_HOME/lib/ojdbc8-21.13.0.0.jar" + +# ---- entrypoint ---- +COPY docker/entrypoint.sh /usr/local/bin/entrypoint.sh +RUN chmod +x /usr/local/bin/entrypoint.sh + +EXPOSE 8080 +ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] diff --git a/README.adoc b/README.adoc index 7653232..e8ce8f2 100644 --- a/README.adoc +++ b/README.adoc @@ -1,6 +1,6 @@ = Spiracle -Spiracle is an insecure web application used to test system security controls. +Spiracle is an insecure web application used to test system security controls. It can be used to read/write arbitrary files and open network connections. The application is also vulnerable to numerous other vulnerabilities such as: @@ -12,14 +12,46 @@ The application is also vulnerable to numerous other vulnerabilities such as: * Deserialization (CWE-502) * and many more... -CAUTION: Due to its insecure design, this application should NOT be deployed on an unsecured network or system. +CAUTION: Due to its insecure design, this application should NOT be deployed on an unsecured network or system. Run on localhost or throwaway networks only. This application has been tested on the following application servers: -* Apache Tomcat 5.0.x +* Apache Tomcat 7.x +* IBM WebSphere Liberty Core 8.5.5.3 Your mileage may vary with other application servers. +== Docker (quickstart) + +The fastest way to run Spiracle. No local Tomcat or database install needed. + +Pick a database and run its compose file from the repo root: + +---- +# MySQL (smallest image — recommended for first run) +$ docker compose -f docker-compose.mysql.yml up --build + +# Microsoft SQL Server (~1.5 GB image) +$ docker compose -f docker-compose.mssql.yml up --build + +# Oracle XE (~2–4 GB image; first pull takes several minutes) +$ docker compose -f docker-compose.oracle.yml up --build +---- + +Once healthy, browse to: http://localhost:8080/spiracle/ + +Tear down (removes volumes): + +---- +$ docker compose -f docker-compose.mysql.yml down -v +---- + +The multi-stage `Dockerfile` builds the WAR with JDK 8 / Maven (using `-Dversion.jdk=1.4 -Dversion.webxml=25`) and deploys it on Tomcat 9. MySQL, MSSQL, and Oracle JDBC drivers are bundled in the image; `docker/entrypoint.sh` rewrites `conf/Spiracle.properties` from environment variables at startup. + +NOTE: The MySQL compose file pins `mysql:5.7`. The `java4` WAR bundles the legacy `mysql-connector 3.1.14`, which cannot negotiate MySQL 8's `utf8mb4` charset (index 255); MySQL 5.7 is required for the old connector to connect. + +Full Docker reference: link:docker/README.md[docker/README.md] + == Installation * Download pre-built `spiracle.war` file from the releases page: https://github.com/waratek/spiracle/releases @@ -28,10 +60,51 @@ Your mileage may vary with other application servers. * Copy the war file to the `$CATALINA_HOME/webapps/` directory. +=== Liberty Core + +* Ensure that the application war file is extracted to your server's apps directory: ++ +---- +$ mkdir ./wlp/usr/servers/defaultServer/apps/spiracle +$ cd ./wlp/usr/servers/defaultServer/apps/spiracle +$ jar xvf /path/to/downloaded/spiracle.war +---- + +* Modify `server.xml` as follows: ++ +[source,xml] +---- + + + + + jsp-2.2 + Servlet-3.0 + + + + + + + httpPort="9080" + httpsPort="9443"/> + +---- ++ +<1> Enable `Servlet-3.0` as a feature +<2> Add a `webApplication` tag referencing Spiracle +<3> Change `httpSession` parameter length +<4> Add a `host` attribute + +NOTE: WebSphere Liberty has no Servlet 2.5 feature; `Servlet-3.0` is the lowest available and serves this branch's Servlet 2.5 WAR. It honors the older `web-app version="2.5"` descriptor and skips annotation scanning, so servlets register from `web-25.xml` (matching the Tomcat behavior on this branch). + === Database setup If you would like to run the SQL injection tests, the database should be populated as follows. Data files are available in the web applications `spiracle/conf/` directory after the `spiracle.war` file has been deployed and exploded. +NOTE: When using Docker, database initialisation is handled automatically by the compose stack. Manual setup is only needed for bare-metal deployments. + ==== Oracle . Ensure that the link:http://www.oracle.com/technetwork/database/enterprise-edition/jdbc-112010-090769.html[Oracle Database JDBC Driver] (ojdbc6.jar) is installed in the applications `WEB-INF/lib/` directory after the `spiracle.war` file is exploded on first run. @@ -72,8 +145,6 @@ c3p0.username=test c3p0.password=test ---- -NOTE: Spiracle is bundled with MySQL Connector 3.1.14. If this version is not compatible with your MySQL installation replace `mysql-connector-java-5.1.34.jar` under `WEB-INF/lib/` with a compatible version. - == Running After deployment, the Spiracle application will be available at: @@ -82,33 +153,75 @@ After deployment, the Spiracle application will be available at: http://ip:port/spiracle/ ---- +Properties file can be overridden when submitting the request by appending the new value to the URL: + +---- +&connectionType=c3p0.mysql +---- + +== Testing + +Spiracle ships with a link:tests/hurl/README.md[Hurl] test harness under `tests/hurl/`. Tests are endpoint-based and run against any deployment (Docker or bare-metal). + +=== Suites + +[cols="1,1,3",options="header"] +|=== +|Suite |Agent required |What it covers + +|`smoke/` +|No +|App root responds 200; benign query returns data; unblocked SQLi widens result set (confirming injections succeed without agent) + +|`functional/` +|No +|SendRedirect, SQL queries, reflected XSS via `customTag.jsp`, path traversal, 404/empty-result/no-param negative cases + +|`rasp/` +|Yes (Waratek RASP) +|440-case SQL injection matrix (139 MySQL, 301 Oracle); asserts status `550`, which is only emitted when the Waratek agent intercepts the query +|=== + +=== Quick run (plain Docker stack) + +---- +# Bring up MySQL stack +$ docker compose -f docker-compose.mysql.yml up -d + +# Smoke +$ ./tests/hurl/run.sh smoke localhost 8080 + +# Functional +$ ./tests/hurl/run.sh functional localhost 8080 +---- + +The `rasp/` suite will fail on a plain deployment — expected. Run it only with the Waratek agent attached to Tomcat. + +Full harness reference: link:tests/hurl/README.md[tests/hurl/README.md] + == Building Prerequisites: -* Java >= 1.4 +* Java 8 toolchain (compiles `-source 1.4 -target 1.4`; this branch targets Java 1.4 source level with a Servlet 2.5 descriptor) * Apache Maven * link:http://www.oracle.com/technetwork/database/enterprise-edition/jdbc-112010-090769.html[Oracle Database JDBC Driver] (ojdbc6.jar) -* link:https://www.oracle.com/technetwork/apps-tech/jdbc-10201-088211.html[Java 4 Oracle Database JDBC Driver] (ojdbc14.jar) -* link:http://www-01.ibm.com/support/docview.wss?uid=swg21363866[Java 4 DB2 JDBC Driver] (db2jcc.jar v3.69.66 is good) -The connection pooling dependencies for Java 4 are not in Maven, and need to be manually downloaded and installed into your local Maven repository. +If you wish to use the database features, ensure that the Oracle database JDBC driver file `ojdbc6.jar` is available under `./src/main/webapp/WEB-INF/lib` - - Download https://master.dl.sourceforge.net/project/c3p0/c3p0-bin/c3p0-0.9.2/jdk14-versions/c3p0-0.9.2-jdk14.bin.zip - - Unzip the downloaded file - - The 2 required jar files are in the lib directory - - To install into a local Maven repository: +=== Build flags - $ mvn install:install-file -DgroupId=com.mchange -DartifactId=c3p0 -Dversion=0.9.2-j14 -Dpackaging=jar -Dfile=c3p0-0.9.2-jdk14.jar +Two flags parameterise the build: - $ mvn install:install-file -DgroupId=com.mchange -DartifactId=mchange-commons-java -Dversion=0.2.3.3-j14 -Dpackaging=jar -Dfile=mchange-commons-java-0.2.3.3-jdk14.jar +`-Dversion.jdk=`:: Sets the Java source and target compiler level. On this branch the only supported value is `1.4`. +`-Dversion.webxml=<25|30>`:: Selects the Servlet descriptor version. On this branch use `25` (Servlet 2.5 — `@WebServlet` annotations are not available in Java 1.4). -If you wish to use the database features, ensure that the appropriate database JDBC driver file is available under `./src/main/webapp/WEB-INF/lib` - -To build the Spiracle Test Application WAR file, run: - - $ mvn package -Dversion.webxml=24 -Dversion.jdk=1.4 +Representative invocation: +---- +# Java 1.4, Servlet 2.5 (required for this branch) +$ mvn install -Dversion.jdk=1.4 -Dversion.webxml=25 +---- To clean the build infrastructure, run: @@ -118,6 +231,28 @@ The WAR file will be output to: ./target/spiracle.war +=== Toolchain + +The repo carries a `mise.toml` pinning Temurin 8 and Maven 3.9. With link:https://mise.jdx.dev[mise] installed: + +---- +$ mise install # installs pinned JDK + Maven +$ mvn install -Dversion.jdk=1.4 -Dversion.webxml=25 +---- + +The Docker image pins its own JDK via its base image — no local JDK is needed when building through Docker. + +=== Branch model + +`java4` (this branch):: Java 1.4 source-compatible variant. Servlets registered in `web-25.xml` instead of `@WebServlet` annotations. Legacy dependency set: Servlet 2.4 API, Spring 2.5, JSTL 1.0, jTDS for MSSQL, `mysql-connector 3.1.14`. MySQL compose stack pins `mysql:5.7` because the legacy connector cannot negotiate MySQL 8's `utf8mb4`. +`master`:: Modern, parameterised source tree. Java 5–8 source level. Use `-Dversion.jdk` to select. Switch to `master` if you do not need Java 1.4 source compatibility. + +== Recent fixes + +* *#8* — `Content-Type: text/plain` is now set on the `SendRedirect` fallback response (no-parameter case). +* *#33* — `setupdb_mysql.sql` is idempotent; uses `IF [NOT] EXISTS` guards so re-running does not error. +* *#103* — Oracle connection NPE fixed in `CreateC3p0Connection`; was reading non-existent property keys from `Spiracle.properties`. Java 1.4 adaptation: uses `length() == 0` instead of `String.isEmpty()` (added in Java 6). + == License ---- @@ -135,4 +270,3 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ---- - diff --git a/docker-compose.mssql.yml b/docker-compose.mssql.yml new file mode 100644 index 0000000..a59bd62 --- /dev/null +++ b/docker-compose.mssql.yml @@ -0,0 +1,52 @@ +services: + db: + image: mcr.microsoft.com/mssql/server:2022-latest + environment: + ACCEPT_EULA: "Y" + SA_PASSWORD: "Spiracle_SA_2024!" + MSSQL_PID: Developer + healthcheck: + test: + - "CMD-SHELL" + - | + /opt/mssql-tools18/bin/sqlcmd -S localhost -U SA -P 'Spiracle_SA_2024!' \ + -No -Q 'SELECT 1' > /dev/null 2>&1 + interval: 10s + timeout: 5s + retries: 15 + start_period: 30s + + db-init: + image: mcr.microsoft.com/mssql/server:2022-latest + environment: + SA_PASSWORD: "Spiracle_SA_2024!" + volumes: + - ./src/main/webapp/conf/setupdb_mssql.sql:/init/setupdb_mssql.sql:ro + - ./docker/mssql-create-login.sql:/init/mssql-create-login.sql:ro + depends_on: + db: + condition: service_healthy + entrypoint: + - /bin/bash + - -c + - | + /opt/mssql-tools18/bin/sqlcmd -S db -U SA -P "$$SA_PASSWORD" -No \ + -i /init/setupdb_mssql.sql && \ + /opt/mssql-tools18/bin/sqlcmd -S db -U SA -P "$$SA_PASSWORD" -No \ + -d spiracle -i /init/mssql-create-login.sql + restart: "no" + + app: + build: + context: . + dockerfile: Dockerfile + ports: + - "8080:8080" + environment: + SPIRACLE_DEFAULT_CONNECTION: c3p0.mssql + SPIRACLE_DB_HOST: db + depends_on: + db: + condition: service_healthy + db-init: + condition: service_completed_successfully diff --git a/docker-compose.mysql.yml b/docker-compose.mysql.yml new file mode 100644 index 0000000..2d42166 --- /dev/null +++ b/docker-compose.mysql.yml @@ -0,0 +1,35 @@ +services: + db: + # java4 bundles the legacy mysql-connector 3.1.14, which cannot negotiate + # MySQL 8's utf8mb4 (charset index 255). Pin to 5.7 (also the floor for the + # CREATE USER IF NOT EXISTS seed) so the old connector can connect. + image: mysql:5.7 + environment: + MYSQL_ROOT_PASSWORD: rootpassword + MYSQL_DATABASE: test + MYSQL_USER: test + MYSQL_PASSWORD: test + volumes: + # Seed SQL mounted outside initdb.d so the shell script controls execution + - ./src/main/webapp/conf/setupdb_mysql.sql:/init/setupdb_mysql.sql:ro + # Shell script in initdb.d runs seed with --force (bare DROPs on fresh DB) + - ./docker/mysql-seed.sh:/docker-entrypoint-initdb.d/01-seed.sh:ro + healthcheck: + test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u", "root", "--password=rootpassword"] + interval: 10s + timeout: 5s + retries: 10 + start_period: 30s + + app: + build: + context: . + dockerfile: Dockerfile + ports: + - "8080:8080" + environment: + SPIRACLE_DEFAULT_CONNECTION: c3p0.mysql + SPIRACLE_DB_HOST: db + depends_on: + db: + condition: service_healthy diff --git a/docker-compose.oracle.yml b/docker-compose.oracle.yml new file mode 100644 index 0000000..a845e43 --- /dev/null +++ b/docker-compose.oracle.yml @@ -0,0 +1,29 @@ +services: + db: + image: gvenzl/oracle-xe:21-slim + environment: + ORACLE_PASSWORD: oraclepassword + APP_USER: test + APP_USER_PASSWORD: test + volumes: + - ./src/main/webapp/conf/setupdb_oracle.sql:/container-entrypoint-initdb.d/setupdb_oracle.sql:ro + healthcheck: + test: ["CMD", "healthcheck.sh"] + interval: 30s + timeout: 10s + retries: 20 + start_period: 120s + + app: + build: + context: . + dockerfile: Dockerfile + ports: + - "8080:8080" + environment: + SPIRACLE_DEFAULT_CONNECTION: c3p0.oracle + # gvenzl runs initdb scripts in the PDB (XEPDB1); use service-name URL form + SPIRACLE_DB_URL: "jdbc:oracle:thin:@//db:1521/XEPDB1" + depends_on: + db: + condition: service_healthy diff --git a/docker/README.md b/docker/README.md new file mode 100644 index 0000000..02461aa --- /dev/null +++ b/docker/README.md @@ -0,0 +1,67 @@ +# Spiracle — Docker usage + +**WARNING: Spiracle is an intentionally-vulnerable application. Run on localhost / throwaway networks only. Never expose to the internet.** + +## Prerequisites + +- Docker Engine 24+ with the Compose v2 plugin (`docker compose`) +- No local Tomcat or database installation needed + +## Quick start + +Pick one database and run the corresponding compose file from the repo root. + +### MySQL (recommended for first run — smallest image) + +```sh +docker compose -f docker-compose.mysql.yml up --build +``` + +Browse to: http://localhost:8080/spiracle/ + +Tear down (removes volumes): +```sh +docker compose -f docker-compose.mysql.yml down -v +``` + +### Microsoft SQL Server + +```sh +docker compose -f docker-compose.mssql.yml up --build +``` + +SQL Server image (~1.5 GB). A one-shot `db-init` service seeds the database after SQL Server becomes healthy. + +Browse to: http://localhost:8080/spiracle/ + +```sh +docker compose -f docker-compose.mssql.yml down -v +``` + +### Oracle XE + +```sh +docker compose -f docker-compose.oracle.yml up --build +``` + +Oracle XE image (~2–4 GB). First pull takes several minutes. The container has a long startup; wait for the `db` service to show `healthy` before the app becomes ready. + +Browse to: http://localhost:8080/spiracle/ + +```sh +docker compose -f docker-compose.oracle.yml down -v +``` + +## How it works + +- A multi-stage Dockerfile builds the WAR with JDK 8 / Maven, then deploys it on Tomcat 9. +- MySQL (Connector/J 5.1.49), MSSQL (mssql-jdbc jre8) and Oracle (ojdbc8) JDBC drivers are bundled in the image. +- `docker/entrypoint.sh` rewrites `conf/Spiracle.properties` from environment variables before Tomcat starts. The committed `Spiracle.properties` is never modified. + +## Environment variables (app service) + +| Variable | Purpose | Example | +|---|---|---| +| `SPIRACLE_DEFAULT_CONNECTION` | Sets `default.connection` in properties | `c3p0.mysql` | +| `SPIRACLE_DB_HOST` | Replaces `localhost` in the chosen db URL | `db` | +| `SPIRACLE_DB_URL` | Overrides the entire URL line (Oracle service-name form) | `jdbc:oracle:thin:@//db:1521/XEPDB1` | diff --git a/docker/docker-grants-mysql.sql b/docker/docker-grants-mysql.sql new file mode 100644 index 0000000..4aef196 --- /dev/null +++ b/docker/docker-grants-mysql.sql @@ -0,0 +1,6 @@ +-- Docker-only: grant remote access for the 'test' user created by setupdb_mysql.sql. +-- setupdb_mysql.sql creates 'test'@'localhost'; that cannot connect from the app container. +-- This file runs AFTER setupdb_mysql.sql (lexicographic order ensures 0-prefix runs first). +CREATE USER IF NOT EXISTS 'test'@'%' IDENTIFIED BY 'test'; +GRANT ALL PRIVILEGES ON *.* TO 'test'@'%' WITH GRANT OPTION; +FLUSH PRIVILEGES; diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh new file mode 100644 index 0000000..e52039c --- /dev/null +++ b/docker/entrypoint.sh @@ -0,0 +1,27 @@ +#!/bin/sh +# Rewrite Spiracle.properties from env vars before Tomcat starts. +# All changes are made to the exploded webapp copy only — source files untouched. + +PROPS="$CATALINA_HOME/webapps/spiracle/conf/Spiracle.properties" + +# SPIRACLE_DEFAULT_CONNECTION — e.g. "c3p0.mysql" +if [ -n "$SPIRACLE_DEFAULT_CONNECTION" ]; then + sed -i "s|^default\.connection=.*|default.connection=${SPIRACLE_DEFAULT_CONNECTION}|" "$PROPS" +fi + +# Derive the db key from the connection name (e.g. c3p0.mysql → mysql) +if [ -n "$SPIRACLE_DEFAULT_CONNECTION" ]; then + DB_KEY="${SPIRACLE_DEFAULT_CONNECTION#c3p0.}" +else + DB_KEY="" +fi + +# SPIRACLE_DB_URL — override the whole url line for this db (takes priority) +if [ -n "$SPIRACLE_DB_URL" ] && [ -n "$DB_KEY" ]; then + sed -i "s|^c3p0\.${DB_KEY}\.url=.*|c3p0.${DB_KEY}.url=${SPIRACLE_DB_URL}|" "$PROPS" +elif [ -n "$SPIRACLE_DB_HOST" ] && [ -n "$DB_KEY" ]; then + # Replace only 'localhost' in the specific db url line + sed -i "/^c3p0\.${DB_KEY}\.url=/ s|localhost|${SPIRACLE_DB_HOST}|g" "$PROPS" +fi + +exec "$CATALINA_HOME/bin/catalina.sh" run diff --git a/docker/mssql-create-login.sql b/docker/mssql-create-login.sql new file mode 100644 index 0000000..5c70204 --- /dev/null +++ b/docker/mssql-create-login.sql @@ -0,0 +1,17 @@ +-- Docker-only: create the 'test' login and user that Spiracle.properties expects. +-- setupdb_mssql.sql does not create this login; run this first. +IF NOT EXISTS (SELECT 1 FROM sys.server_principals WHERE name = 'test') +BEGIN + CREATE LOGIN [test] WITH PASSWORD = 'Mssql1234', CHECK_POLICY = OFF; +END +GO + +USE spiracle; +GO + +IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = 'test') +BEGIN + CREATE USER [test] FOR LOGIN [test]; + ALTER ROLE db_owner ADD MEMBER [test]; +END +GO diff --git a/docker/mysql-seed.sh b/docker/mysql-seed.sh new file mode 100644 index 0000000..45c36e8 --- /dev/null +++ b/docker/mysql-seed.sh @@ -0,0 +1,15 @@ +#!/bin/bash +# Docker-only init script for MySQL. +# The canonical setupdb_mysql.sql has bare DROP TABLE (no IF EXISTS) which +# errors on a fresh DB. Run it with --force to skip those errors. +set -e + +mysql --force -u root -p"${MYSQL_ROOT_PASSWORD}" < /init/setupdb_mysql.sql + +# Grant remote access for 'test'@'%' so the app container (different host) +# can connect. The canonical seed only creates 'test'@'localhost'. +mysql -u root -p"${MYSQL_ROOT_PASSWORD}" <<'SQL' +CREATE USER IF NOT EXISTS 'test'@'%' IDENTIFIED WITH mysql_native_password BY 'test'; +GRANT ALL PRIVILEGES ON *.* TO 'test'@'%' WITH GRANT OPTION; +FLUSH PRIVILEGES; +SQL diff --git a/src/main/java/com/waratek/spiracle/cookie/CookieFileServlet.java b/src/main/java/com/waratek/spiracle/cookie/CookieFileServlet.java new file mode 100644 index 0000000..0a8b0bb --- /dev/null +++ b/src/main/java/com/waratek/spiracle/cookie/CookieFileServlet.java @@ -0,0 +1,49 @@ +/* + * Copyright 2014 Waratek Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.waratek.spiracle.cookie; + +import com.waratek.spiracle.file.AbstractFileServlet; +import com.waratek.spiracle.misc.CookieUtil; + +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.util.NoSuchElementException; + +/** + * Servlet implementation class CookieFileServlet + */ +public class CookieFileServlet extends AbstractFileServlet +{ + + /** + * @see HttpServlet#HttpServlet() + */ + public CookieFileServlet() { + super(); + } + + protected void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { + final String method = request.getParameter("fileArg"); + final String cookieName = request.getParameter("cookieName"); + final String taintedPath = CookieUtil.getCookieValue(cookieName, request); + + performFileAction(request, taintedPath, method); + response.sendRedirect("file.jsp"); + } +} diff --git a/src/main/java/com/waratek/spiracle/cookie/CookieServlet.java b/src/main/java/com/waratek/spiracle/cookie/CookieServlet.java index d7659d4..f49b1cf 100644 --- a/src/main/java/com/waratek/spiracle/cookie/CookieServlet.java +++ b/src/main/java/com/waratek/spiracle/cookie/CookieServlet.java @@ -1,17 +1,14 @@ package com.waratek.spiracle.cookie; -import java.io.IOException; import javax.servlet.RequestDispatcher; import javax.servlet.ServletException; - import javax.servlet.http.Cookie; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - +import java.io.IOException; public class CookieServlet extends HttpServlet { - protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { String name = req.getParameter("cookieName"); @@ -35,7 +32,6 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) requestDispatcher.forward(req, res); } - protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { doGet(req, resp); diff --git a/src/main/java/com/waratek/spiracle/csrf/CSRFServlet.java b/src/main/java/com/waratek/spiracle/csrf/CSRFServlet.java index afd81db..fb72612 100644 --- a/src/main/java/com/waratek/spiracle/csrf/CSRFServlet.java +++ b/src/main/java/com/waratek/spiracle/csrf/CSRFServlet.java @@ -15,19 +15,28 @@ */ package com.waratek.spiracle.csrf; -import org.apache.log4j.Logger; +import java.io.BufferedWriter; +import java.io.File; +import java.io.FileWriter; +import java.io.IOException; +import java.util.Scanner; import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import java.io.IOException; +import javax.servlet.http.HttpSession; + +import javax.servlet.ServletContext; +import javax.servlet.ServletOutputStream; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.log4j.Logger; /** * Servlet implementation class CSRFServlet */ - public class CSRFServlet extends HttpServlet { private static final Logger logger = Logger.getLogger(CSRFServlet.class); private static final long serialVersionUID = 1L; diff --git a/src/main/java/com/waratek/spiracle/deserial/User.java b/src/main/java/com/waratek/spiracle/deserial/User.java new file mode 100644 index 0000000..ce0f1c4 --- /dev/null +++ b/src/main/java/com/waratek/spiracle/deserial/User.java @@ -0,0 +1,34 @@ +package com.waratek.spiracle.deserial; + +public class User { + + private String name; + private int age; + + /** + * Needed for XML deserialization. + */ + public User() {} + + public User(String name, int age) { + this.name = name; + this.age = age; + } + + public String getName() { + return name; + } + public void setName(String name) { + this.name = name; + } + public int getAge() { + return age; + } + public void setAge(int age) { + this.age = age; + } + + public String toString() { + return "User [name=" + name + ", age=" + age + "]"; + } +} diff --git a/src/main/java/com/waratek/spiracle/deserial/XSSviaXMLDeserialization.java b/src/main/java/com/waratek/spiracle/deserial/XSSviaXMLDeserialization.java new file mode 100644 index 0000000..c03175f --- /dev/null +++ b/src/main/java/com/waratek/spiracle/deserial/XSSviaXMLDeserialization.java @@ -0,0 +1,68 @@ +package com.waratek.spiracle.deserial; + +import java.beans.ExceptionListener; +import java.beans.XMLDecoder; +import java.beans.XMLEncoder; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.IOException; +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +public class XSSviaXMLDeserialization extends HttpServlet { + + private static final long serialVersionUID = 1L; + private static final String XML_FILE = "user.xml"; + + public XSSviaXMLDeserialization() { + } + + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + String name = request.getParameter("name"); + String ageStr = request.getParameter("age"); + int age = 0; + + if (ageStr != null && ageStr.trim().length() != 0) { + age = Integer.parseInt(ageStr); + } + + User user = new User(name, age); + + serializeToXML(user, XML_FILE); + + User decodedUser = deserializeFromXML(XML_FILE); + + request.setAttribute("attack", "xss"); + request.setAttribute("name", decodedUser.getName()); + request.setAttribute("age", new Integer(decodedUser.getAge())); + + RequestDispatcher rd = request.getRequestDispatcher("/deserial.jsp"); + rd.forward(request, response); + } + + private static void serializeToXML (User settings, String path) throws IOException + { + FileOutputStream fos = new FileOutputStream(path); + XMLEncoder encoder = new XMLEncoder(fos); + encoder.setExceptionListener(new ExceptionListener() { + public void exceptionThrown(Exception e) { + System.out.println("Exception! :"+e.toString()); + } + }); + encoder.writeObject(settings); + encoder.close(); + fos.close(); + } + + private static User deserializeFromXML(String path) throws IOException { + FileInputStream fis = new FileInputStream(path); + XMLDecoder decoder = new XMLDecoder(fis); + User decodedUser = (User) decoder.readObject(); + decoder.close(); + fis.close(); + return decodedUser; + } +} diff --git a/src/main/java/com/waratek/spiracle/file/AbstractFileServlet.java b/src/main/java/com/waratek/spiracle/file/AbstractFileServlet.java new file mode 100644 index 0000000..3024f5d --- /dev/null +++ b/src/main/java/com/waratek/spiracle/file/AbstractFileServlet.java @@ -0,0 +1,137 @@ +/* + * Copyright 2014 Waratek Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.waratek.spiracle.file; + +import org.apache.log4j.Logger; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import java.io.BufferedWriter; +import java.io.File; +import java.io.FileWriter; +import java.io.IOException; +import java.util.Scanner; + +/** + * Abstract class to contain common functionality of File Servlets + */ +public abstract class AbstractFileServlet extends HttpServlet { + protected static final Logger logger = Logger.getLogger(AbstractFileServlet.class); + protected static final long serialVersionUID = 1L; + + /** + * @see HttpServlet#HttpServlet() + */ + protected AbstractFileServlet() { + super(); + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) + */ + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + executeRequest(request, response); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) + */ + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + executeRequest(request, response); + } + + protected abstract void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException; + + protected void delete(HttpSession session, String path) { + File f = new File(path); + f.delete(); + session.setAttribute("fileContents", ""); + } + + protected void read(HttpSession session, String path) { + session.setAttribute("fileContents", readFile(path)); + } + + protected void write(HttpSession session, String path, String textData) + throws IOException { + logger.info("Attempting to write '" + textData + "'at filepath: " + path); + File f = new File(path); + FileWriter fw = null; + BufferedWriter bw = null; + try + { + fw = new FileWriter(f); + bw = new BufferedWriter(fw); + bw.write(textData); + } + finally + { + if (bw != null) { + bw.close(); + } + if (fw != null) + { + fw.close(); + } + } + + read(session, path); + } + + protected String readFile(String pathname) { + try { + File file = new File(pathname); + StringBuffer fileContents = new StringBuffer((int)file.length()); + Scanner scanner = new Scanner(file); + String lineSeparator = System.getProperty("line.separator"); + + try { + while(scanner.hasNextLine()) { + fileContents.append(scanner.nextLine() + lineSeparator); + } + return fileContents.toString(); + } finally { + scanner.close(); + } + } catch (IOException e) { + e.printStackTrace(); + return e.getMessage(); + } + } + + protected void performFileAction(HttpServletRequest request, String path, String method) throws IOException { + performFileAction(request, path, method, ""); + } + + protected void performFileAction(HttpServletRequest request, String path, String method, String textData) throws IOException + { + final HttpSession session = request.getSession(); + if (method.equals("read")) { + read(session, path); + } else if (method.equals("write")) { + write(session, path, textData); + } else if (method.equals("delete")) { + delete(session, path); + } else { + throw new RuntimeException("Unknown file method: " + method); + } + + logger.info(method + " " + path + " " + textData); + } +} diff --git a/src/main/java/com/waratek/spiracle/file/FileExecServlet.java b/src/main/java/com/waratek/spiracle/file/FileExecServlet.java index 7704c19..dc5e1bf 100644 --- a/src/main/java/com/waratek/spiracle/file/FileExecServlet.java +++ b/src/main/java/com/waratek/spiracle/file/FileExecServlet.java @@ -15,6 +15,7 @@ */ package com.waratek.spiracle.file; +import com.waratek.spiracle.filepaths.FilePathUtil; import org.apache.log4j.Logger; import javax.servlet.ServletException; @@ -24,16 +25,13 @@ import javax.servlet.http.HttpSession; import java.io.BufferedReader; import java.io.IOException; -import java.io.InputStream; import java.io.InputStreamReader; /** * Servlet implementation class FileServlet */ - public class FileExecServlet extends HttpServlet { - private static final Logger logger = Logger.getLogger(FileExecServlet.class); private static final long serialVersionUID = 1L; private static final String LINE_SEPARATOR = System.getProperty("line.separator"); @@ -63,20 +61,37 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) } private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { - HttpSession session = request.getSession(); + final HttpSession session = request.getSession(); + final String command = request.getParameter("cmd"); + final String commandSource = request.getParameter("pathSource"); + final String taintedCmd = FilePathUtil.forcePathSource(command, commandSource, request); + + final String commandOutput = executeCommand(taintedCmd); + session.setAttribute("fileContents", commandOutput); - String command = request.getParameter("cmd"); + response.sendRedirect("file.jsp"); + } - Process p = Runtime.getRuntime().exec(command); - BufferedReader br = new BufferedReader(new InputStreamReader(p.getInputStream())); - String stringBuilder = ""; - String line; - while ((line = br.readLine()) != null) { - stringBuilder += line; - stringBuilder += LINE_SEPARATOR; + private String executeCommand(String command) { + String output; + try + { + Process p = Runtime.getRuntime().exec(command); + BufferedReader br = new BufferedReader(new InputStreamReader(p.getInputStream())); + StringBuffer stringBuilder = new StringBuffer(); + String line; + while ((line = br.readLine()) != null) + { + stringBuilder.append(line).append(LINE_SEPARATOR); + } + output = stringBuilder.toString(); + } + catch (IOException e) { + e.printStackTrace(); + output = e.getMessage(); } - session.setAttribute("fileContents", stringBuilder); - response.sendRedirect("file.jsp"); + return output; + } } diff --git a/src/main/java/com/waratek/spiracle/file/FileResourceStreamServlet.java b/src/main/java/com/waratek/spiracle/file/FileResourceStreamServlet.java index 10a271f..d2a02af 100644 --- a/src/main/java/com/waratek/spiracle/file/FileResourceStreamServlet.java +++ b/src/main/java/com/waratek/spiracle/file/FileResourceStreamServlet.java @@ -1,6 +1,10 @@ package com.waratek.spiracle.file; -import org.apache.log4j.Logger; +import java.io.IOException; +import java.io.InputStream; +import java.io.UnsupportedEncodingException; +import java.util.ArrayList; +import java.util.List; import javax.servlet.ServletContext; import javax.servlet.ServletException; @@ -8,15 +12,12 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -import java.io.BufferedReader; -import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; + +import org.apache.log4j.Logger; /** * Servlet implementation class FileResourceStream */ - public class FileResourceStreamServlet extends HttpServlet { private static final Logger logger = Logger.getLogger(FileResourceStreamServlet.class); private static final long serialVersionUID = 1L; @@ -32,7 +33,6 @@ public FileResourceStreamServlet() { /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -40,7 +40,6 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ - protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -62,28 +61,18 @@ private void executeRequest(HttpServletRequest request, HttpServletResponse resp } } - private String read(InputStream inStream) throws IOException { - BufferedReader br = null; - String out = ""; - - String line; - try { - - br = new BufferedReader(new InputStreamReader(inStream)); - while ((line = br.readLine()) != null) { - out += line; - } - - } finally { - if (br != null) { - try { - br.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } + private String read(InputStream inStream) throws IOException, UnsupportedEncodingException { + List byteList = new ArrayList(); + int streamBuf = inStream.read(); + while(streamBuf != -1) { + byteList.add(new Byte((byte) streamBuf)); + streamBuf = inStream.read(); + } + byte [] byteArr = new byte[byteList.size()]; + for(int i = 0; i < byteList.size(); i++) { + byteArr[i] = ((Byte) byteList.get(i)).byteValue(); } - return out; + return new String(byteArr, "UTF-8"); } } diff --git a/src/main/java/com/waratek/spiracle/file/FileServlet.java b/src/main/java/com/waratek/spiracle/file/FileServlet.java index b9f569b..b1d8a7a 100644 --- a/src/main/java/com/waratek/spiracle/file/FileServlet.java +++ b/src/main/java/com/waratek/spiracle/file/FileServlet.java @@ -15,22 +15,17 @@ */ package com.waratek.spiracle.file; -import org.apache.log4j.Logger; +import com.waratek.spiracle.filepaths.FilePathUtil; -import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import java.io.*; +import java.io.IOException; /** * Servlet implementation class FileServlet */ - -public class FileServlet extends HttpServlet { - private static final Logger logger = Logger.getLogger(FileServlet.class); - private static final long serialVersionUID = 1L; +public class FileServlet extends AbstractFileServlet { /** * @see HttpServlet#HttpServlet() @@ -40,85 +35,15 @@ public FileServlet() { // TODO Auto-generated constructor stub } - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) - */ - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - executeRequest(request, response); - } - - /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) - */ - protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - executeRequest(request, response); - } - - private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { - HttpSession session = request.getSession(); - String method = request.getParameter("fileArg"); - String path = request.getParameter("filePath"); - String textData = request.getParameter("fileText"); - - if(method.equals("read")) { - read(session, path); - } else if(method.equals("write")) { - write(session, path, textData); - } else if(method.equals("delete")) { - delete(session, path); - } - - logger.info(method + " " + path + " " + textData); + protected void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { + final String userProvidedPath = request.getParameter("filePath"); + final String method = request.getParameter("fileArg"); + final String textData = request.getParameter("fileText"); + final String pathSource = request.getParameter("pathSource"); + final String taintedPath = FilePathUtil.forcePathSource(userProvidedPath, pathSource, request); + performFileAction(request, taintedPath, method, textData); response.sendRedirect("file.jsp"); } - - private void delete(HttpSession session, String path) { - File f = new File(path); - f.delete(); - session.setAttribute("fileContents", ""); - } - - private void read(HttpSession session, String path) { - session.setAttribute("fileContents", readFile(path)); - } - - private void write(HttpSession session, String path, String textData) - throws IOException { - File f = new File(path); - FileWriter fw = new FileWriter(f); - BufferedWriter bw = new BufferedWriter(fw); - bw.write(textData); - bw.close(); - fw.close(); - - read(session, path); - } - - private String readFile(String pathname) { - try { - File file = new File(pathname); - String fileContents = ""; - String lineSeparator = System.getProperty("line.separator"); - - BufferedReader br = new BufferedReader(new FileReader(file)); - try { - String line; - while ((line = br.readLine()) != null) { - fileContents += line + lineSeparator; - } - } - finally { - br.close(); - } - - return fileContents; - - } catch (IOException e) { - e.printStackTrace(); - return e.getMessage(); - } - - } } diff --git a/src/main/java/com/waratek/spiracle/file/FileUrlServlet.java b/src/main/java/com/waratek/spiracle/file/FileUrlServlet.java index 5cd0a15..f9e0524 100644 --- a/src/main/java/com/waratek/spiracle/file/FileUrlServlet.java +++ b/src/main/java/com/waratek/spiracle/file/FileUrlServlet.java @@ -1,24 +1,25 @@ package com.waratek.spiracle.file; -import org.apache.log4j.Logger; +import java.io.IOException; +import java.io.InputStream; +import java.io.UnsupportedEncodingException; +import java.net.MalformedURLException; +import java.net.URL; +import java.net.URLConnection; +import java.util.ArrayList; +import java.util.List; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -import java.io.BufferedReader; -import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.net.MalformedURLException; -import java.net.URL; -import java.net.URLConnection; + +import org.apache.log4j.Logger; /** * Servlet implementation class FileUrlServlet */ - public class FileUrlServlet extends HttpServlet { private static final Logger logger = Logger.getLogger(FileUrlServlet.class); private static final long serialVersionUID = 1L; @@ -34,7 +35,6 @@ public FileUrlServlet() { /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -42,7 +42,6 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ - protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -66,34 +65,24 @@ private void executeRequest(HttpServletRequest request, HttpServletResponse resp } } - private InputStream getUrlInputStream(String path) throws IOException { + private InputStream getUrlInputStream(String path) throws MalformedURLException, IOException { URL url = new URL(path); URLConnection con = url.openConnection(); return con.getInputStream(); } - private String read(InputStream inStream) throws IOException { - BufferedReader br = null; - String out = ""; - - String line; - try { - - br = new BufferedReader(new InputStreamReader(inStream)); - while ((line = br.readLine()) != null) { - out += line; - } - - } finally { - if (br != null) { - try { - br.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } + private String read(InputStream inStream) throws IOException, UnsupportedEncodingException { + List byteList = new ArrayList(); + int streamBuf = inStream.read(); + while(streamBuf != -1) { + byteList.add(new Byte((byte) streamBuf)); + streamBuf = inStream.read(); + } + byte [] byteArr = new byte[byteList.size()]; + for(int i = 0; i < byteList.size(); i++) { + byteArr[i] = ((Byte) byteList.get(i)).byteValue(); } - return out; + return new String(byteArr, "UTF-8"); } } diff --git a/src/main/java/com/waratek/spiracle/filepaths/FilePath.java b/src/main/java/com/waratek/spiracle/filepaths/FilePath.java new file mode 100644 index 0000000..4b40a45 --- /dev/null +++ b/src/main/java/com/waratek/spiracle/filepaths/FilePath.java @@ -0,0 +1,28 @@ +package com.waratek.spiracle.filepaths; + +import java.io.Serializable; + +public class FilePath implements Serializable +{ + private String path; + + /** + * Needed for Java/XML deserialization. + */ + public FilePath() {} + + public FilePath(String path) { + this.path = path; + } + + public String getPath() { + return path; + } + public void setPath(String path) { + this.path = path; + } + + public String toString() { + return "File [path=" + path + "]"; + } +} diff --git a/src/main/java/com/waratek/spiracle/filepaths/FilePathUtil.java b/src/main/java/com/waratek/spiracle/filepaths/FilePathUtil.java new file mode 100644 index 0000000..0012cb0 --- /dev/null +++ b/src/main/java/com/waratek/spiracle/filepaths/FilePathUtil.java @@ -0,0 +1,56 @@ +package com.waratek.spiracle.filepaths; + +import com.waratek.spiracle.misc.DataSourceUtil; +import org.apache.log4j.Logger; + +import javax.servlet.http.HttpServletRequest; +import java.io.IOException; + +public class FilePathUtil +{ + private FilePathUtil() {} + protected static final Logger logger = Logger.getLogger(FilePathUtil.class); + + /** + * Serialize filepath to file and then deserialize it back out + * If nothing interrupts the process, the input will be the same as the output + */ + public static String javaSerializeAndDeserializePath(String path) throws IOException + { + FilePath filePath = new FilePath(path); + FilePath deserialFilePath = (FilePath) DataSourceUtil.javaSerializeAndDeserializeObject(filePath); + return deserialFilePath.getPath(); + } + + /** + * Write path to an XML file, and then deserialize the same path from that file. + * If nothing interrupts the process, the input will be the same as the output + */ + public static String xmlSerializeAndDeserializePath(String path) throws IOException { + FilePath filePath = new FilePath(path); + FilePath deserialFilePath = (FilePath) DataSourceUtil.xmlSerializeAndDeserializeObject(filePath); + return deserialFilePath.getPath(); + } + + /** + * Takes a path string (which is assumed to come from http by default), and if the requested source is not http, stores it in a database + * or serialized format, and then retrieves and returns the same value from that format. + */ + public static String forcePathSource(String path, String pathSource, HttpServletRequest request) throws IOException + { + String taintedPath; + if (pathSource.equals("http")) { + taintedPath = path; + } else if (pathSource.equals("deserialJava")) { + taintedPath = javaSerializeAndDeserializePath(path); + } else if (pathSource.equals("deserialXml")) { + taintedPath = xmlSerializeAndDeserializePath(path); + } else if (pathSource.equals("database")) { + DataSourceUtil.putStringInDatabase(path, request); + taintedPath = DataSourceUtil.retrieveStringFromDatabase(request); + } else { + throw new RuntimeException("Unknown source type: " + pathSource); + } + return taintedPath; + } +} diff --git a/src/main/java/com/waratek/spiracle/init/SpiracleInit.java b/src/main/java/com/waratek/spiracle/init/SpiracleInit.java index f83240a..47e3d4b 100644 --- a/src/main/java/com/waratek/spiracle/init/SpiracleInit.java +++ b/src/main/java/com/waratek/spiracle/init/SpiracleInit.java @@ -34,7 +34,6 @@ import com.waratek.spiracle.sql.util.Constants; import java.text.MessageFormat; - public class SpiracleInit implements ServletContextListener { private static final Logger logger = Logger.getLogger(SpiracleInit.class); @@ -46,6 +45,7 @@ public void contextDestroyed(ServletContextEvent arg0) { ((ComboPooledDataSource) application.getAttribute(Constants.MSSQL_CONNECTION_POOL)).close(); ((ComboPooledDataSource) application.getAttribute(Constants.DB2_CONNECTION_POOL)).close(); ((ComboPooledDataSource) application.getAttribute(Constants.SYBASE_CONNECTION_POOL)).close(); + ((ComboPooledDataSource) application.getAttribute(Constants.POSTGRES_CONNECTION_POOL)).close(); } public void contextInitialized(ServletContextEvent arg0) { @@ -70,6 +70,9 @@ public void contextInitialized(ServletContextEvent arg0) { ComboPooledDataSource sybaseSqlDs = getConnectionPool(props, Constants.SYBASE); setNamedConnectionPool(application, sybaseSqlDs, Constants.SYBASE_CONNECTION_POOL, Constants.SYBASE_CONNECTION_DATA); + ComboPooledDataSource postgresSqlDs = getConnectionPool(props, Constants.POSTGRES); + setNamedConnectionPool(application, postgresSqlDs, Constants.POSTGRES_CONNECTION_POOL, Constants.POSTGRES_CONNECTION_DATA); + setDefaultConnection(application, props); setFetchSize(application, props); try { @@ -78,6 +81,7 @@ public void contextInitialized(ServletContextEvent arg0) { Class.forName(props.getProperty(Constants.C3P0_MSSQL_CLASSNAME)); Class.forName(props.getProperty(Constants.C3P0_DB2_CLASSNAME)); Class.forName(props.getProperty(Constants.C3P0_SYBASE_CLASSNAME)); + Class.forName(props.getProperty(Constants.C3P0_POSTGRES_CLASSNAME)); } catch (ClassNotFoundException e) { logger.error("Unable to load JDBC connector classes from config."); e.printStackTrace(); @@ -107,7 +111,7 @@ private Properties loadProperties(ServletContext application) { } private void loadLog4jConfig(Properties props) { - boolean loggingEnabled = new Boolean(((String) props.get("application.loggingEnabled"))).booleanValue(); + boolean loggingEnabled = "true".equalsIgnoreCase(((String) props.get("application.loggingEnabled"))); if (loggingEnabled) { PropertyConfigurator.configure(props); logger.info("Sucessfully loaded Spiracle log4j configuration."); diff --git a/src/main/java/com/waratek/spiracle/misc/AddCookies.java b/src/main/java/com/waratek/spiracle/misc/AddCookies.java index 9ad1338..d6dce30 100644 --- a/src/main/java/com/waratek/spiracle/misc/AddCookies.java +++ b/src/main/java/com/waratek/spiracle/misc/AddCookies.java @@ -1,13 +1,21 @@ package com.waratek.spiracle.misc; -import javax.servlet.ServletConfig; +import java.io.BufferedWriter; +import java.io.File; +import java.io.FileWriter; +import java.io.IOException; +import java.util.Scanner; + import javax.servlet.ServletException; -import javax.servlet.http.Cookie; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import java.io.IOException; +import javax.servlet.http.HttpSession; +import javax.servlet.http.Cookie; +import javax.servlet.ServletConfig; +import javax.servlet.ServletContext; +import javax.servlet.ServletOutputStream; public class AddCookies extends HttpServlet { @@ -27,11 +35,11 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { ServletConfig config = getServletConfig(); - //int servletMajorVersion = config.getServletContext().getMajorVersion(); - //int httpOnlyMinServletVersion = 3; + int servletMajorVersion = config.getServletContext().getMajorVersion(); + int httpOnlyMinServletVersion = 3; String secureString = "Secure"; - //String httpOnlyString = "HttpOnly"; + String httpOnlyString = "HttpOnly"; String cookiePath = "/"; int cookieMaxAge = 86400; // 24 hours @@ -48,8 +56,8 @@ private void executeRequest(HttpServletRequest request, HttpServletResponse resp Cookie testCookieSecureHttpOnly2 = new Cookie("TestCookieNameSecureHttpOnly2", "TestCookieValueSecureHttpOnly2"); Cookie[] cookies = {testCookieDefault1, testCookieDefault2, testCookieSecure1, testCookieSecure2, - testCookieHttpOnly1, testCookieHttpOnly2, testCookieSecureHttpOnly1, - testCookieSecureHttpOnly2}; + testCookieHttpOnly1, testCookieHttpOnly2, testCookieSecureHttpOnly1, + testCookieSecureHttpOnly2}; for (int i = 0; i < cookies.length; i++) { Cookie newCookie = cookies[i]; @@ -57,20 +65,22 @@ private void executeRequest(HttpServletRequest request, HttpServletResponse resp newCookie.setPath(cookiePath); newCookie.setMaxAge(cookieMaxAge); - if (newCookie.getName().indexOf(secureString) != -1) { + if(newCookie.getName().contains(secureString)){ newCookie.setSecure(true); } - /** java4 - if(newCookie.getName().indexOf(httpOnlyString) != -1){ + if(newCookie.getName().contains(httpOnlyString)){ + if(servletMajorVersion >= httpOnlyMinServletVersion){ + try { + java.lang.reflect.Method setHttpOnly = newCookie.getClass().getMethod("setHttpOnly", new Class[]{boolean.class}); + setHttpOnly.invoke(newCookie, new Object[]{Boolean.TRUE}); + } catch (Exception e) { + // setHttpOnly not available in this servlet container + } + } - if(servletMajorVersion >= httpOnlyMinServletVersion){ - newCookie.setHttpOnly(true); - } - - } - */ + } response.addCookie(newCookie); } diff --git a/src/main/java/com/waratek/spiracle/misc/AddHeaders.java b/src/main/java/com/waratek/spiracle/misc/AddHeaders.java index f86ccad..b3b79bd 100644 --- a/src/main/java/com/waratek/spiracle/misc/AddHeaders.java +++ b/src/main/java/com/waratek/spiracle/misc/AddHeaders.java @@ -3,12 +3,10 @@ import java.io.IOException; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - public class AddHeaders extends HttpServlet { public AddHeaders() { diff --git a/src/main/java/com/waratek/spiracle/misc/CookieUtil.java b/src/main/java/com/waratek/spiracle/misc/CookieUtil.java new file mode 100644 index 0000000..eb97ff9 --- /dev/null +++ b/src/main/java/com/waratek/spiracle/misc/CookieUtil.java @@ -0,0 +1,39 @@ +package com.waratek.spiracle.misc; + +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import java.util.NoSuchElementException; + +public class CookieUtil +{ + private CookieUtil() {} + + public static boolean containsCookie(HttpServletRequest request, String cookieName) + { + Cookie[] cookies = request.getCookies(); + if (cookies == null) + { + return false; + } + for (int i = 0; i < cookies.length; i++) + { + Cookie cookie = cookies[i]; + if (cookie.getName().equals(cookieName)) + { + return true; + } + } + return false; + } + + public static String getCookieValue(String cookieName, HttpServletRequest request) { + Cookie[] cookies = request.getCookies(); + for (int i = 0; i < cookies.length; i++) { + Cookie cookie = cookies[i]; + if (cookie.getName().equals(cookieName)){ + return cookie.getValue(); + } + } + throw new NoSuchElementException("Could not find cookie with name: " + cookieName); + } +} diff --git a/src/main/java/com/waratek/spiracle/misc/CrashJvm.java b/src/main/java/com/waratek/spiracle/misc/CrashJvm.java index 791347a..9a26ea3 100644 --- a/src/main/java/com/waratek/spiracle/misc/CrashJvm.java +++ b/src/main/java/com/waratek/spiracle/misc/CrashJvm.java @@ -5,24 +5,20 @@ import java.util.logging.Level; import java.util.logging.Logger; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import sun.misc.Unsafe; - public class CrashJvm extends HttpServlet { private static final org.apache.log4j.Logger logger = org.apache.log4j.Logger.getLogger(CrashJvm.class); private static final long serialVersionUID = 1L; - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } - protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } diff --git a/src/main/java/com/waratek/spiracle/misc/DataSourceUtil.java b/src/main/java/com/waratek/spiracle/misc/DataSourceUtil.java new file mode 100644 index 0000000..a13e87a --- /dev/null +++ b/src/main/java/com/waratek/spiracle/misc/DataSourceUtil.java @@ -0,0 +1,196 @@ +package com.waratek.spiracle.misc; + +import com.waratek.spiracle.sql.util.SelectUtil; +import com.waratek.spiracle.sql.util.UpdateUtil; +import org.apache.commons.io.FileUtils; +import org.apache.log4j.Logger; + +import javax.servlet.ServletContext; +import javax.servlet.http.HttpServletRequest; +import java.beans.ExceptionListener; +import java.beans.XMLDecoder; +import java.beans.XMLEncoder; +import java.io.*; +import java.sql.SQLException; +import java.util.ArrayList; + +public class DataSourceUtil +{ + private DataSourceUtil() + { + } + + protected static final Logger logger = Logger.getLogger(DataSourceUtil.class); + private static final File TEMP_WRITE_FILE = new File("spiracleTmpWriteFile"); + private static final String JAVA_SERIALIZED_FILE = "javaObjectSerialized"; + private static final String XML_SERIALIZED_FILE = "xmlObjectSerialized.xml"; + + public static String makeStringUntainted(String taintedString) throws IOException + { + FileWriter fileWriter = new FileWriter(TEMP_WRITE_FILE); + fileWriter.write(taintedString); + fileWriter.close(); + return FileUtils.readFileToString(TEMP_WRITE_FILE); + } + + /** + * Takes a string (which is assumed to come from http by default), and if the requested source is not http, stores it in a database + * or serialized format, and then retrieves and returns the same value from that format. + */ + public static String forceStringInputSource(String input, String source, HttpServletRequest request) throws IOException + { + String taintedString; + if (source.equals("http")) { + taintedString = input; + } else if (source.equals("deserialJava")) { + taintedString = (String) javaSerializeAndDeserializeObject(input); + } else if (source.equals("deserialXml")) { + taintedString = (String) xmlSerializeAndDeserializeObject(input); + } else if (source.equals("database")) { + putStringInDatabase(input, request); + taintedString = retrieveStringFromDatabase(request); + } else { + throw new RuntimeException("Unknown source type: " + source); + } + return taintedString; + } + + public static void putStringInDatabase(String input, HttpServletRequest request) + { + logger.info("String to put into database: " + input); + final ServletContext application = request.getSession().getServletContext(); + logger.info("Dropping Tmp table if it exists already"); + dropTmpTableIfExists(application, request); + + final String escapedInput = input.replace("\\", "\\\\") // Escape backslash, so it's inserted literally, not as an escape character + .replace("'", "\\'"); // Escape quote characters so they are inserted literally + final String sqlCreateTable = getSqlCreateTmpCommand(escapedInput); + final String sqlInsert = getSqlInsertStringCommand(escapedInput); + + try { + logger.info("Creating Tmp table"); + UpdateUtil.executeUpdateWithoutNewPage(sqlCreateTable, application, request); + logger.info("Adding '" + input + "' to Tmp table"); + UpdateUtil.executeUpdateWithoutNewPage(sqlInsert, application, request); + } + catch (SQLException e) + { + logger.error(e.getMessage()); + throw new RuntimeException(e); + } + } + + public static String retrieveStringFromDatabase(HttpServletRequest request) throws IOException + { + final ServletContext application = request.getSession().getServletContext(); + final String sqlSelect = "SELECT * FROM Tmp"; + ArrayList resultList; + try + { + resultList = SelectUtil.executeQueryWithoutNewPage(sqlSelect, application, request); + } + catch (SQLException e) + { + logger.error(e.getMessage()); + throw new RuntimeException(e); + } + + final String retrievedString = ((ArrayList) resultList.get(0)).get(0).toString(); + logger.info("String retrieved from database: " + retrievedString); + + return retrievedString; + } + + private static String getSqlInsertStringCommand(String input) + { + return "INSERT INTO Tmp VALUES('" + input + "')"; + } + + private static String getSqlCreateTmpCommand(String input) + { + return "CREATE TABLE Tmp (inputString varchar(" + input.length() + "))"; + } + + private static void dropTmpTableIfExists(ServletContext application, HttpServletRequest request) + { + final String sqlDropTable = "DROP TABLE Tmp"; + try { + UpdateUtil.executeUpdateWithoutNewPage(sqlDropTable, application, request); + } + catch (SQLException e) + { + logger.info("'" + sqlDropTable + "' failed, probably the table doesn't exist. Error msg = " + e.getMessage()); + } + } + + /** + * Serialize object to file and then deserialize it back out + * If nothing interrupts the process, the input will be the same as the output + */ + public static Object javaSerializeAndDeserializeObject(Object objectToSerialize) throws IOException + { + serializeToJava(objectToSerialize); + return deserializeFromJava(); + } + + private static void serializeToJava(Object objectToSerialize) throws IOException { + logger.info("Serializing(java): " + objectToSerialize); + FileOutputStream fos = new FileOutputStream(JAVA_SERIALIZED_FILE); + ObjectOutputStream oos = new ObjectOutputStream(fos); + oos.writeObject(objectToSerialize); + oos.close(); + fos.close(); + } + + private static Object deserializeFromJava() throws IOException { + FileInputStream fis = new FileInputStream(JAVA_SERIALIZED_FILE); + ObjectInputStream ois = new ObjectInputStream(fis); + Object deserializedObject; + try + { + deserializedObject = ois.readObject(); + } + catch (ClassNotFoundException e) + { + throw new RuntimeException(e); + } + ois.close(); + fis.close(); + + logger.info("Deserialized(java): " + deserializedObject); + return deserializedObject; + } + + /** + * Serialize object to XML file and then deserialize it back out + * If nothing interrupts the process, the input will be the same as the output + */ + public static Object xmlSerializeAndDeserializeObject(Object objectToSerialize) throws IOException { + serializeToXml(objectToSerialize); + return deserializeFromXml(); + } + + private static void serializeToXml(Object objectToSerialize) throws IOException { + logger.info("Serializing(xml): " + objectToSerialize); + FileOutputStream fos = new FileOutputStream(XML_SERIALIZED_FILE); + XMLEncoder encoder = new XMLEncoder(fos); + encoder.setExceptionListener(new ExceptionListener() { + public void exceptionThrown(Exception e) { + logger.error("Exception! :"+e.toString()); + } + }); + encoder.writeObject(objectToSerialize); + encoder.close(); + fos.close(); + } + + private static Object deserializeFromXml() throws IOException { + FileInputStream fis = new FileInputStream(XML_SERIALIZED_FILE); + XMLDecoder decoder = new XMLDecoder(fis); + Object deserializedObject = decoder.readObject(); + decoder.close(); + fis.close(); + logger.info("Deserialized(xml): " + deserializedObject); + return deserializedObject; + } +} diff --git a/src/main/java/com/waratek/spiracle/misc/GetThreadStack.java b/src/main/java/com/waratek/spiracle/misc/GetThreadStack.java index b68ba6e..ac21f43 100644 --- a/src/main/java/com/waratek/spiracle/misc/GetThreadStack.java +++ b/src/main/java/com/waratek/spiracle/misc/GetThreadStack.java @@ -1,37 +1,33 @@ package com.waratek.spiracle.misc; import java.io.IOException; -import java.io.PrintWriter; -import java.io.StringWriter; import java.util.ArrayList; import java.util.Arrays; +import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Set; import java.util.logging.Level; import java.util.logging.Logger; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; /** + * * @author skenny */ - public class GetThreadStack extends HttpServlet { private static final org.apache.log4j.Logger logger = org.apache.log4j.Logger.getLogger(GetThreadStack.class); private static final long serialVersionUID = 1L; - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } - protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -41,20 +37,20 @@ private void executeRequest(HttpServletRequest request, HttpServletResponse resp HttpSession session = request.getSession(); String threadName = request.getParameter("threadName"); - /* I don't think this is possible in java4 - Map stacktraceMap = Thread.getAllStackTraces(); - Set threadSet = stacktraceMap.keySet(); + Map stacktraceMap = Thread.getAllStackTraces(); + Set threadSet = stacktraceMap.keySet(); - List stackTrace = null; - for (Thread thread : threadSet.toArray(new Thread[threadSet.size()])) { - if (thread.getName().equals(threadName)) { - logger.info("Found thread: " + threadName + ". Getting Stack Trace."); - stackTrace = new ArrayList(Arrays.asList(stacktraceMap.get(thread))); - } - } - session.setAttribute("stackTrace", stackTrace); - */ + List stackTrace = null; + Thread[] threadArray = (Thread[]) threadSet.toArray(new Thread[threadSet.size()]); + for (int i = 0; i < threadArray.length; i++) { + Thread thread = threadArray[i]; + if (thread.getName().equals(threadName)) { + logger.info("Found thread: " + threadName + ". Getting Stack Trace."); + stackTrace = new ArrayList(Arrays.asList((StackTraceElement[]) stacktraceMap.get(thread))); + } + } + session.setAttribute("stackTrace", stackTrace); session.setAttribute("threadName", threadName); response.sendRedirect("misc.jsp"); diff --git a/src/main/java/com/waratek/spiracle/misc/SendRedirect.java b/src/main/java/com/waratek/spiracle/misc/SendRedirect.java index 9e35914..3413a28 100644 --- a/src/main/java/com/waratek/spiracle/misc/SendRedirect.java +++ b/src/main/java/com/waratek/spiracle/misc/SendRedirect.java @@ -3,12 +3,10 @@ import java.io.IOException; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - public class SendRedirect extends HttpServlet { public SendRedirect() { @@ -36,6 +34,7 @@ protected void executeRequest(HttpServletRequest request, HttpServletResponse re response.sendRedirect(redirectURI); } else { + response.setHeader("Content-Type", "text/plain;charset=UTF-8"); response.getWriter().println("Parameter '" + inputUriParam + "' not set in the URI."); response.getWriter().println("Please update URI to include '?" + inputUriParam + "=URI_TO_REDIRECT_TO'"); } diff --git a/src/main/java/com/waratek/spiracle/misc/SendRedirectHostnameHardcoded.java b/src/main/java/com/waratek/spiracle/misc/SendRedirectHostnameHardcoded.java index 2396163..99fb2a5 100644 --- a/src/main/java/com/waratek/spiracle/misc/SendRedirectHostnameHardcoded.java +++ b/src/main/java/com/waratek/spiracle/misc/SendRedirectHostnameHardcoded.java @@ -3,11 +3,9 @@ import java.io.IOException; import javax.servlet.ServletException; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - public class SendRedirectHostnameHardcoded extends SendRedirect { private static final String HOSTNAME = "https://www.google.com/#q="; diff --git a/src/main/java/com/waratek/spiracle/misc/ThreadKill.java b/src/main/java/com/waratek/spiracle/misc/ThreadKill.java index f448218..eca3a45 100644 --- a/src/main/java/com/waratek/spiracle/misc/ThreadKill.java +++ b/src/main/java/com/waratek/spiracle/misc/ThreadKill.java @@ -5,23 +5,19 @@ import java.util.logging.Level; import java.util.logging.Logger; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - public class ThreadKill extends HttpServlet { private static final org.apache.log4j.Logger logger = org.apache.log4j.Logger.getLogger(ThreadKill.class); private static final long serialVersionUID = 1L; - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } - protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -29,23 +25,13 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) { try { String[] threadNames = request.getParameterValues("threadNames"); - ThreadGroup rootGroup = Thread.currentThread().getThreadGroup(); - ThreadGroup parentGroup; - while ((parentGroup = rootGroup.getParent()) != null) { - rootGroup = parentGroup; - } - Thread[] threadArray = new Thread[rootGroup.activeCount()]; - while (rootGroup.enumerate(threadArray, true ) == threadArray.length) { - threadArray = new Thread[threadArray.length * 2]; - } - /* java4 Set threadSet = Thread.getAllStackTraces().keySet(); - Thread[] threadArray = threadSet.toArray(new Thread[threadSet.size()]); - */ - for (int i = 0; i < threadNames.length ; i++) { + Thread[] threadArray = (Thread[]) threadSet.toArray(new Thread[threadSet.size()]); + + for (int i = 0; i < threadNames.length; i++) { String threadName = threadNames[i]; - for (int j = 0 ; j < threadArray.length ; j++) { + for (int j = 0; j < threadArray.length; j++) { Thread thread = threadArray[j]; if (thread.getName().equals(threadName)) { logger.info(thread); @@ -53,7 +39,6 @@ private void executeRequest(HttpServletRequest request, HttpServletResponse resp } } } - response.sendRedirect("misc.jsp"); } catch (SecurityException ex) { Logger.getLogger(ThreadKill.class.getName()).log(Level.SEVERE, null, ex); diff --git a/src/main/java/com/waratek/spiracle/network/ServerSocketServlet.java b/src/main/java/com/waratek/spiracle/network/ServerSocketServlet.java index e82ff89..48726b2 100644 --- a/src/main/java/com/waratek/spiracle/network/ServerSocketServlet.java +++ b/src/main/java/com/waratek/spiracle/network/ServerSocketServlet.java @@ -15,13 +15,15 @@ */ package com.waratek.spiracle.network; +import com.waratek.spiracle.file.AbstractFileServlet; +import org.apache.log4j.Logger; + import java.io.IOException; import java.net.InetSocketAddress; import java.net.ServerSocket; import java.net.Socket; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -30,8 +32,8 @@ /** * Servlet implementation class ServerSocketServlet */ - public class ServerSocketServlet extends HttpServlet { + protected static final Logger logger = Logger.getLogger(ServerSocketServlet.class); private static final long serialVersionUID = 1L; private static ServerSocket ss; private static Socket s; @@ -76,12 +78,15 @@ private void executeRequest(HttpServletRequest request, HttpServletResponse resp } ss.setSoTimeout(20000); s = ss.accept(); + logger.info("ServerSocket accepted socket: " + s.toString()); session.setAttribute("serverSocketInfo", ss.toString()); response.sendRedirect("network.jsp"); } catch (Throwable e) { if(ss != null) { ss.close(); + } + if(s != null) { s.close(); } e.printStackTrace(); diff --git a/src/main/java/com/waratek/spiracle/network/SocketServlet.java b/src/main/java/com/waratek/spiracle/network/SocketServlet.java index 958da04..545e69c 100644 --- a/src/main/java/com/waratek/spiracle/network/SocketServlet.java +++ b/src/main/java/com/waratek/spiracle/network/SocketServlet.java @@ -20,7 +20,6 @@ import java.net.Socket; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -29,7 +28,6 @@ /** * Servlet implementation class SocketServlet */ - public class SocketServlet extends HttpServlet { private static final long serialVersionUID = 1L; private static Socket s; @@ -66,19 +64,19 @@ private void executeRequest(HttpServletRequest request, HttpServletResponse resp String bindHost = request.getParameter("bindHost"); String remoteHost = request.getParameter("remoteHost"); - Integer bindPort; - Integer remotePort; + Integer bindPort = new Integer(0); + Integer remotePort = new Integer(0); String bindPortRaw = request.getParameter("bindPort"); String remotePortRaw = request.getParameter("remotePort"); if(bindPortRaw.length() > 0) { - bindPort = new Integer(bindPortRaw); + bindPort = new Integer(Integer.parseInt((String)bindPortRaw)); } else { bindPort = null; } if(remotePortRaw.length() > 0) { - remotePort = new Integer(remotePortRaw); + remotePort = new Integer(Integer.parseInt((String)remotePortRaw)); } else { remotePort = null; } diff --git a/src/main/java/com/waratek/spiracle/network/UrlServlet.java b/src/main/java/com/waratek/spiracle/network/UrlServlet.java index e10e8ef..f711992 100644 --- a/src/main/java/com/waratek/spiracle/network/UrlServlet.java +++ b/src/main/java/com/waratek/spiracle/network/UrlServlet.java @@ -15,24 +15,25 @@ */ package com.waratek.spiracle.network; +import com.waratek.spiracle.filepaths.FilePathUtil; + import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -import java.io.BufferedReader; import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; +import java.io.PrintWriter; +import java.io.StringWriter; import java.net.MalformedURLException; import java.net.URL; import java.net.URLConnection; import java.net.UnknownHostException; +import java.util.Scanner; /** * Servlet implementation class UrlServlet */ - public class UrlServlet extends HttpServlet { private static final long serialVersionUID = 1L; @@ -58,50 +59,48 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) executeRequest(request, response); } - private void executeRequest(HttpServletRequest request, - HttpServletResponse response) throws IOException { - HttpSession session = request.getSession(); - String urlPath = request.getParameter("urlPath"); + private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { + final HttpSession session = request.getSession(); + final String urlPath = request.getParameter("urlPath"); + final String urlSource = request.getParameter("urlSource"); + final String taintedUrlPath = FilePathUtil.forcePathSource(urlPath, urlSource, request); - session.setAttribute("urlContents", readUrl(urlPath)); + session.setAttribute("urlContents", readUrl(taintedUrlPath)); response.sendRedirect("network.jsp"); } private String readUrl(String pathname) throws IOException { try { URLConnection con = new URL(pathname).openConnection(); - InputStream inStream = con.getInputStream(); + Scanner scanner = new Scanner(con.getInputStream()); + StringBuffer fileContents = new StringBuffer(); String lineSeparator = System.getProperty("line.separator"); - BufferedReader br = null; - String out = ""; - - String line; try { - - br = new BufferedReader(new InputStreamReader(inStream)); - while ((line = br.readLine()) != null) { - out += line + lineSeparator; + while(scanner.hasNextLine()) { + fileContents.append(scanner.nextLine() + lineSeparator); } - + return fileContents.toString(); } finally { - if (br != null) { - try { - br.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } + scanner.close(); } - - return out; - } catch (MalformedURLException e) { e.printStackTrace(); return "Please enter a valid URL"; } catch (UnknownHostException e) { e.printStackTrace(); return "Please enter a valid URL"; + } catch (Exception e) { + e.printStackTrace(); + return getStackTraceString(e); } } + + private static String getStackTraceString(Exception e) { + StringWriter stringWriter = new StringWriter(); + PrintWriter printWriter = new PrintWriter(stringWriter); + e.printStackTrace(printWriter); + return stringWriter.toString(); + + } } diff --git a/src/main/java/com/waratek/spiracle/path_traversal/FileInputStreamServlet01.java b/src/main/java/com/waratek/spiracle/path_traversal/FileInputStreamServlet01.java index ec8ab05..5aee24b 100644 --- a/src/main/java/com/waratek/spiracle/path_traversal/FileInputStreamServlet01.java +++ b/src/main/java/com/waratek/spiracle/path_traversal/FileInputStreamServlet01.java @@ -72,7 +72,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) } finally { - System.out.println(newLine + getClass().getName() + newLine + s); + System.out.println(newLine + getClass().getSimpleName() + newLine + s); session.setAttribute("outputFileInputStream", s.toString()); response.sendRedirect("pathTraversal.jsp"); } diff --git a/src/main/java/com/waratek/spiracle/path_traversal/FileInputStreamServlet02.java b/src/main/java/com/waratek/spiracle/path_traversal/FileInputStreamServlet02.java index bbf7bb8..56931ff 100644 --- a/src/main/java/com/waratek/spiracle/path_traversal/FileInputStreamServlet02.java +++ b/src/main/java/com/waratek/spiracle/path_traversal/FileInputStreamServlet02.java @@ -72,7 +72,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) } finally { - System.out.println(newLine + getClass().getName() + newLine + s); + System.out.println(newLine + getClass().getSimpleName() + newLine + s); session.setAttribute("outputFileInputStream", s.toString()); response.sendRedirect("pathTraversal.jsp"); } diff --git a/src/main/java/com/waratek/spiracle/path_traversal/FileInputStreamServlet03.java b/src/main/java/com/waratek/spiracle/path_traversal/FileInputStreamServlet03.java index 72573df..75a7d52 100644 --- a/src/main/java/com/waratek/spiracle/path_traversal/FileInputStreamServlet03.java +++ b/src/main/java/com/waratek/spiracle/path_traversal/FileInputStreamServlet03.java @@ -20,7 +20,6 @@ import java.io.IOException; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -29,7 +28,6 @@ /** * Servlet implementation class FileInputStreamServlet03 */ - public class FileInputStreamServlet03 extends HttpServlet { private static final long serialVersionUID = 1L; @@ -70,7 +68,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) s = "Couldn't open file input stream for file:" + newLine + "'" + absolutePathToTestFile + "'"; } finally { - System.out.println(newLine + getClass().getName() + newLine + s); + System.out.println(newLine + getClass().getSimpleName() + newLine + s); session.setAttribute("outputFileInputStream", s.toString()); response.sendRedirect("pathTraversal.jsp"); } diff --git a/src/main/java/com/waratek/spiracle/path_traversal/FileOutputStreamServlet01.java b/src/main/java/com/waratek/spiracle/path_traversal/FileOutputStreamServlet01.java index 179060c..e06e0a0 100644 --- a/src/main/java/com/waratek/spiracle/path_traversal/FileOutputStreamServlet01.java +++ b/src/main/java/com/waratek/spiracle/path_traversal/FileOutputStreamServlet01.java @@ -20,7 +20,6 @@ import java.io.IOException; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -29,7 +28,6 @@ /** * Servlet implementation class FileOutputStreamServlet01 */ - public class FileOutputStreamServlet01 extends HttpServlet { private static final long serialVersionUID = 1L; @@ -74,7 +72,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) } finally { - System.out.println(newLine + getClass().getName() + newLine + s); + System.out.println(newLine + getClass().getSimpleName() + newLine + s); session.setAttribute("outputFileOutputStream", s.toString()); response.sendRedirect("pathTraversal.jsp"); } diff --git a/src/main/java/com/waratek/spiracle/path_traversal/FileOutputStreamServlet02.java b/src/main/java/com/waratek/spiracle/path_traversal/FileOutputStreamServlet02.java index b05538f..3d01318 100644 --- a/src/main/java/com/waratek/spiracle/path_traversal/FileOutputStreamServlet02.java +++ b/src/main/java/com/waratek/spiracle/path_traversal/FileOutputStreamServlet02.java @@ -20,7 +20,6 @@ import java.io.IOException; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -29,7 +28,6 @@ /** * Servlet implementation class FileOutputStreamServlet02 */ - public class FileOutputStreamServlet02 extends HttpServlet { private static final long serialVersionUID = 1L; @@ -74,7 +72,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) } finally { - System.out.println(newLine + getClass().getName() + newLine + s); + System.out.println(newLine + getClass().getSimpleName() + newLine + s); session.setAttribute("outputFileOutputStream", s.toString()); response.sendRedirect("pathTraversal.jsp"); } diff --git a/src/main/java/com/waratek/spiracle/path_traversal/FileOutputStreamServlet03.java b/src/main/java/com/waratek/spiracle/path_traversal/FileOutputStreamServlet03.java index 51362f5..bf9c9c9 100644 --- a/src/main/java/com/waratek/spiracle/path_traversal/FileOutputStreamServlet03.java +++ b/src/main/java/com/waratek/spiracle/path_traversal/FileOutputStreamServlet03.java @@ -20,7 +20,6 @@ import java.io.IOException; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -29,7 +28,6 @@ /** * Servlet implementation class FileOutputStreamServlet03 */ - public class FileOutputStreamServlet03 extends HttpServlet { private static final long serialVersionUID = 1L; @@ -71,7 +69,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) } finally { - System.out.println(newLine + getClass().getName() + newLine + s); + System.out.println(newLine + getClass().getSimpleName() + newLine + s); session.setAttribute("outputFileOutputStream", s.toString()); response.sendRedirect("pathTraversal.jsp"); } diff --git a/src/main/java/com/waratek/spiracle/path_traversal/FileServlet01.java b/src/main/java/com/waratek/spiracle/path_traversal/FileServlet01.java index 8ae862a..1933b50 100644 --- a/src/main/java/com/waratek/spiracle/path_traversal/FileServlet01.java +++ b/src/main/java/com/waratek/spiracle/path_traversal/FileServlet01.java @@ -19,7 +19,6 @@ import java.io.IOException; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -28,7 +27,6 @@ /** * Servlet implementation class FileServlet01 */ - public class FileServlet01 extends HttpServlet { private static final long serialVersionUID = 1L; @@ -75,7 +73,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) s = s + fileDoesNotExistMessage; } - System.out.println(newLine + getClass().getName() + newLine + s); + System.out.println(newLine + getClass().getSimpleName() + newLine + s); session.setAttribute("outputFile", s.toString()); response.sendRedirect("pathTraversal.jsp"); } diff --git a/src/main/java/com/waratek/spiracle/path_traversal/FileServlet02.java b/src/main/java/com/waratek/spiracle/path_traversal/FileServlet02.java index 774a96f..9840518 100644 --- a/src/main/java/com/waratek/spiracle/path_traversal/FileServlet02.java +++ b/src/main/java/com/waratek/spiracle/path_traversal/FileServlet02.java @@ -19,7 +19,6 @@ import java.io.IOException; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -28,7 +27,6 @@ /** * Servlet implementation class FileServlet02 */ - public class FileServlet02 extends HttpServlet { private static final long serialVersionUID = 1L; @@ -75,7 +73,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) s = s + fileDoesNotExistMessage; } - System.out.println(newLine + getClass().getName() + newLine + s); + System.out.println(newLine + getClass().getSimpleName() + newLine + s); session.setAttribute("outputFile", s.toString()); response.sendRedirect("pathTraversal.jsp"); } diff --git a/src/main/java/com/waratek/spiracle/path_traversal/FileServlet03.java b/src/main/java/com/waratek/spiracle/path_traversal/FileServlet03.java index e92bec9..d835464 100644 --- a/src/main/java/com/waratek/spiracle/path_traversal/FileServlet03.java +++ b/src/main/java/com/waratek/spiracle/path_traversal/FileServlet03.java @@ -19,7 +19,6 @@ import java.io.IOException; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -71,7 +70,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) s = s + fileDoesNotExistMessage; } - System.out.println(newLine + getClass().getName() + newLine + s); + System.out.println(newLine + getClass().getSimpleName() + newLine + s); session.setAttribute("outputFile", s.toString()); response.sendRedirect("pathTraversal.jsp"); } diff --git a/src/main/java/com/waratek/spiracle/path_traversal/RandomAccessFileServlet01.java b/src/main/java/com/waratek/spiracle/path_traversal/RandomAccessFileServlet01.java index 6934550..901dd2d 100644 --- a/src/main/java/com/waratek/spiracle/path_traversal/RandomAccessFileServlet01.java +++ b/src/main/java/com/waratek/spiracle/path_traversal/RandomAccessFileServlet01.java @@ -20,7 +20,6 @@ import java.io.IOException; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -80,7 +79,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) } finally { - System.out.println(newLine + getClass().getName() + newLine + s); + System.out.println(newLine + getClass().getSimpleName() + newLine + s); session.setAttribute("outputRandomAccessFile", s.toString()); response.sendRedirect("pathTraversal.jsp"); } diff --git a/src/main/java/com/waratek/spiracle/path_traversal/RandomAccessFileServlet02.java b/src/main/java/com/waratek/spiracle/path_traversal/RandomAccessFileServlet02.java index 5b818c7..1cfbe22 100644 --- a/src/main/java/com/waratek/spiracle/path_traversal/RandomAccessFileServlet02.java +++ b/src/main/java/com/waratek/spiracle/path_traversal/RandomAccessFileServlet02.java @@ -20,7 +20,6 @@ import java.io.IOException; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -80,7 +79,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) } finally { - System.out.println(newLine + getClass().getName() + newLine + s); + System.out.println(newLine + getClass().getSimpleName() + newLine + s); session.setAttribute("outputRandomAccessFile", s.toString()); response.sendRedirect("pathTraversal.jsp"); } diff --git a/src/main/java/com/waratek/spiracle/path_traversal/RandomAccessFileServlet03.java b/src/main/java/com/waratek/spiracle/path_traversal/RandomAccessFileServlet03.java index fb57278..76dec70 100644 --- a/src/main/java/com/waratek/spiracle/path_traversal/RandomAccessFileServlet03.java +++ b/src/main/java/com/waratek/spiracle/path_traversal/RandomAccessFileServlet03.java @@ -20,7 +20,6 @@ import java.io.IOException; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -77,7 +76,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) } finally { - System.out.println(newLine + getClass().getName() + newLine + s); + System.out.println(newLine + getClass().getSimpleName() + newLine + s); session.setAttribute("outputRandomAccessFile", s.toString()); response.sendRedirect("pathTraversal.jsp"); } diff --git a/src/main/java/com/waratek/spiracle/sql/c3p0/CreateC3p0Connection.java b/src/main/java/com/waratek/spiracle/sql/c3p0/CreateC3p0Connection.java index 725532f..b17bbbf 100644 --- a/src/main/java/com/waratek/spiracle/sql/c3p0/CreateC3p0Connection.java +++ b/src/main/java/com/waratek/spiracle/sql/c3p0/CreateC3p0Connection.java @@ -23,7 +23,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -34,7 +33,6 @@ /** * Servlet implementation class CreateConnection */ - public class CreateC3p0Connection extends HttpServlet { private static final long serialVersionUID = 1L; @@ -65,12 +63,16 @@ public void init() { // TODO Auto-generated catch block e.printStackTrace(); } - jdbcDriver = prop.getProperty("c3p0.classname"); - url = prop.getProperty("c3p0.url"); - username = prop.getProperty("c3p0.username"); - password = prop.getProperty("c3p0.password"); + String prefix = prop.getProperty("default.connection"); + if (prefix == null || prefix.trim().length() == 0) { + prefix = "c3p0.oracle"; + } + jdbcDriver = prop.getProperty(prefix + ".classname"); + url = prop.getProperty(prefix + ".url"); + username = prop.getProperty(prefix + ".username"); + password = prop.getProperty(prefix + ".password"); try { - maxPoolSize = Integer.parseInt(prop.getProperty("c3p0.maxPoolSize")); + maxPoolSize = Integer.parseInt(prop.getProperty(prefix + ".maxPoolSize")); } catch (NumberFormatException e) { maxPoolSize = 25; } diff --git a/src/main/java/com/waratek/spiracle/sql/jndi/CreateJndiConnectionPool.java b/src/main/java/com/waratek/spiracle/sql/jndi/CreateJndiConnectionPool.java index f9cbad8..3ae71b6 100644 --- a/src/main/java/com/waratek/spiracle/sql/jndi/CreateJndiConnectionPool.java +++ b/src/main/java/com/waratek/spiracle/sql/jndi/CreateJndiConnectionPool.java @@ -1,10 +1,14 @@ package com.waratek.spiracle.sql.jndi; -import org.apache.log4j.Logger; - +import javax.naming.Context; +import javax.naming.InitialContext; +import javax.naming.NamingException; +import javax.servlet.ServletContext; import javax.servlet.ServletContextEvent; import javax.servlet.ServletContextListener; +import javax.sql.DataSource; +import org.apache.log4j.Logger; public class CreateJndiConnectionPool implements ServletContextListener { private static final Logger logger = Logger.getLogger(CreateJndiConnectionPool.class); @@ -14,8 +18,6 @@ public void contextDestroyed(ServletContextEvent arg0) { } public void contextInitialized(ServletContextEvent arg0) { - // java4 - /* try { Context ctx = new InitialContext(); DataSource ds = (DataSource) ctx.lookup("java:comp/env/jdbc/oracle"); @@ -26,6 +28,5 @@ public void contextInitialized(ServletContextEvent arg0) { logger.error("JNDI reference not found."); e.printStackTrace(); } - */ } } diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_Union.java b/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_Union.java index 3d6e8d9..350b4b2 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_Union.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_Union.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_Union */ - public class Db2_Get_Union extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,12 +59,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("id"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT name, surname FROM spiracle.users WHERE id = " + id + " UNION SELECT address_1, address_2 FROM spiracle.address WHERE id = " + id; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_Union_quote_id.java b/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_Union_quote_id.java index 02fb701..c62b064 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_Union_quote_id.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_Union_quote_id.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_Union */ - public class Db2_Get_Union_quote_id extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,12 +59,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("id"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT name, surname FROM \"SPIRACLE\".\"USERS\" WHERE id = " + id + " UNION SELECT address_1, address_2 FROM spiracle.address WHERE id = " + id; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_int.java b/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_int.java index 4c540d7..a6b7249 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_int.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_int.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_int */ - public class Db2_Get_int extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,12 +59,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("id"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT * FROM SPIRACLE.USERS WHERE id = '" + id + "'"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_int_quote_id.java b/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_int_quote_id.java index 4f6b3ed..f4d3a44 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_int_quote_id.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_int_quote_id.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_int */ - public class Db2_Get_int_quote_id extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,12 +59,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("id"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT * FROM \"SPIRACLE\".\"USERS\" WHERE id = '" + id + "'"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_string.java b/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_string.java index f899715..ac00a59 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_string.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_string.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_string */ - public class Db2_Get_string extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,12 +59,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("name"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String name = (String)nullSanitizedMap.get("name"); + String name = (String) nullSanitizedMap.get("name"); String sql = "SELECT * FROM spiracle.users WHERE name = '" + name + "'"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_string_param_question_mark.java b/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_string_param_question_mark.java index 0ded85b..d5764a3 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_string_param_question_mark.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_string_param_question_mark.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_string */ - public class Db2_Get_string_param_question_mark extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,12 +59,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("name"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String name = (String)nullSanitizedMap.get("name"); + String name = (String) nullSanitizedMap.get("name"); String sql = "SELECT * FROM spiracle.users where name <> ? and name = '" + name + "'"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_string_quote_id.java b/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_string_quote_id.java index e020b16..f817812 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_string_quote_id.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Get_string_quote_id.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_string */ - public class Db2_Get_string_quote_id extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,12 +59,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("name"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String name = (String)nullSanitizedMap.get("name"); + String name = (String) nullSanitizedMap.get("name"); String sql = "SELECT * FROM \"SPIRACLE\".\"USERS\" WHERE name = '" + name + "'"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Implicit_Join_Namespace.java b/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Implicit_Join_Namespace.java index a6be56d..9eccaa6 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Implicit_Join_Namespace.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Implicit_Join_Namespace.java @@ -7,7 +7,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -18,7 +17,6 @@ /** * Servlet implementation class Implicit_Join_Namespace */ - public class Db2_Implicit_Join_Namespace extends HttpServlet { private static final long serialVersionUID = 1L; @@ -46,12 +44,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("id"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT * FROM SPIRACLE.USERS, SPIRACLE.ADDRESS where SPIRACLE.USERS.ID = " + id + " AND SPIRACLE.ADDRESS.ID = SPIRACLE.USERS.ID"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Implicit_Join_Namespace_quote_id.java b/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Implicit_Join_Namespace_quote_id.java index 604a825..e9ac92a 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Implicit_Join_Namespace_quote_id.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/db2/Db2_Implicit_Join_Namespace_quote_id.java @@ -7,7 +7,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -18,7 +17,6 @@ /** * Servlet implementation class Implicit_Join_Namespace */ - public class Db2_Implicit_Join_Namespace_quote_id extends HttpServlet { private static final long serialVersionUID = 1L; @@ -46,12 +44,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("id"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT * FROM \"SPIRACLE\".\"USERS\", SPIRACLE.ADDRESS where SPIRACLE.USERS.ID = " + id + " AND SPIRACLE.ADDRESS.ID = SPIRACLE.USERS.ID"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/misc/HttpRequestMethod.java b/src/main/java/com/waratek/spiracle/sql/servlet/misc/HttpRequestMethod.java index b91ba4e..e6d0a9c 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/misc/HttpRequestMethod.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/misc/HttpRequestMethod.java @@ -5,7 +5,6 @@ import java.util.Map; import javax.servlet.ServletException; - import javax.servlet.http.Cookie; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; @@ -17,7 +16,6 @@ /** * Servlet implementation class HttpRequestMethod */ - public class HttpRequestMethod extends HttpServlet { private static final Logger logger = Logger.getLogger(HttpRequestMethod.class); private static final long serialVersionUID = 1L; @@ -67,7 +65,6 @@ public HttpRequestMethod() { /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { invoke(request, response); } @@ -75,7 +72,6 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ - protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { invoke(request, response); } @@ -89,7 +85,7 @@ public void invoke(HttpServletRequest request, HttpServletResponse response) thr String methodReturn = ""; if(method != null && method.length() != 0) { - int invokeVar = ((Integer)methodMap.get(method)).intValue(); + int invokeVar = ((Integer) methodMap.get(method)).intValue(); switch (invokeVar) { case 0: if(arg != null && arg.length() != 0) { diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/mssql/MsSql_Get_Implicit_Join.java b/src/main/java/com/waratek/spiracle/sql/servlet/mssql/MsSql_Get_Implicit_Join.java index ec512b0..b88ef06 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/mssql/MsSql_Get_Implicit_Join.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/mssql/MsSql_Get_Implicit_Join.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_Inner_Join */ - public class MsSql_Get_Implicit_Join extends HttpServlet { private static final long serialVersionUID = 1L; @@ -48,7 +46,6 @@ public MsSql_Get_Implicit_Join() { /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -56,7 +53,6 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ - protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -68,7 +64,7 @@ private void executeRequest(HttpServletRequest request, HttpServletResponse resp Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT * FROM users, address WHERE users.id = " + id + " AND users.id = address.id"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/mssql/MsSql_Get_Union.java b/src/main/java/com/waratek/spiracle/sql/servlet/mssql/MsSql_Get_Union.java index a385d6b..2000909 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/mssql/MsSql_Get_Union.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/mssql/MsSql_Get_Union.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_Union */ - public class MsSql_Get_Union extends HttpServlet { private static final long serialVersionUID = 1L; @@ -48,7 +46,6 @@ public MsSql_Get_Union() { /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -56,7 +53,6 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ - protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -68,7 +64,7 @@ private void executeRequest(HttpServletRequest request, HttpServletResponse resp Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT name, surname, CONVERT(varchar(500),dob,3) FROM users WHERE id = " + id + " UNION SELECT address_1, address_2, address_3 FROM address WHERE id = " + id; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/mssql/MsSql_Get_int.java b/src/main/java/com/waratek/spiracle/sql/servlet/mssql/MsSql_Get_int.java index f4736f1..ecdb094 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/mssql/MsSql_Get_int.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/mssql/MsSql_Get_int.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_int */ - public class MsSql_Get_int extends HttpServlet { private static final long serialVersionUID = 1L; @@ -48,7 +46,6 @@ public MsSql_Get_int() { /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -56,7 +53,6 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ - protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -68,7 +64,7 @@ private void executeRequest(HttpServletRequest request, HttpServletResponse resp Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT * FROM users WHERE id = '" + id + "'"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/mssql/MsSql_Get_string.java b/src/main/java/com/waratek/spiracle/sql/servlet/mssql/MsSql_Get_string.java index 1eafcbb..4f118b2 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/mssql/MsSql_Get_string.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/mssql/MsSql_Get_string.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_string */ - public class MsSql_Get_string extends HttpServlet { private static final long serialVersionUID = 1L; @@ -48,7 +46,6 @@ public MsSql_Get_string() { /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -56,7 +53,6 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ - protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -68,7 +64,7 @@ private void executeRequest(HttpServletRequest request, HttpServletResponse resp Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String name = (String)nullSanitizedMap.get("name"); + String name = (String) nullSanitizedMap.get("name"); String sql = "SELECT * FROM users WHERE name = '" + name + "'"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/mssql/MsSql_Get_string_param_question_mark.java b/src/main/java/com/waratek/spiracle/sql/servlet/mssql/MsSql_Get_string_param_question_mark.java index 245e646..c646b58 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/mssql/MsSql_Get_string_param_question_mark.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/mssql/MsSql_Get_string_param_question_mark.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_string */ - public class MsSql_Get_string_param_question_mark extends HttpServlet { private static final long serialVersionUID = 1L; @@ -48,7 +46,6 @@ public MsSql_Get_string_param_question_mark() { /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -56,7 +53,6 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ - protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -68,7 +64,7 @@ private void executeRequest(HttpServletRequest request, HttpServletResponse resp Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String name = (String)nullSanitizedMap.get("name"); + String name = (String) nullSanitizedMap.get("name"); String sql = "SELECT top 5 id, name, surname FROM users where name <> ? and name = '" + name + "'"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/mssql/MsSql_Implicit_Join_Namespace.java b/src/main/java/com/waratek/spiracle/sql/servlet/mssql/MsSql_Implicit_Join_Namespace.java index 3eeec96..d2dcc05 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/mssql/MsSql_Implicit_Join_Namespace.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/mssql/MsSql_Implicit_Join_Namespace.java @@ -7,7 +7,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -18,7 +17,6 @@ /** * Servlet implementation class Implicit_Join_Namespace */ - public class MsSql_Implicit_Join_Namespace extends HttpServlet { private static final long serialVersionUID = 1L; @@ -33,7 +31,6 @@ public MsSql_Implicit_Join_Namespace() { /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -41,7 +38,6 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ - protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -53,7 +49,7 @@ private void executeRequest(HttpServletRequest request, HttpServletResponse resp Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT * FROM dbo.users, dbo.address WHERE dbo.users.id = " + id + " AND dbo.users.id = dbo.address.id"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/mysql/MySql_Get_Implicit_Join.java b/src/main/java/com/waratek/spiracle/sql/servlet/mysql/MySql_Get_Implicit_Join.java index e7f1e04..f7a24d4 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/mysql/MySql_Get_Implicit_Join.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/mysql/MySql_Get_Implicit_Join.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_Inner_Join */ - public class MySql_Get_Implicit_Join extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,12 +59,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("id"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT * FROM users, address WHERE users.id = " + id + " AND users.id = address.id"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/mysql/MySql_Get_Union.java b/src/main/java/com/waratek/spiracle/sql/servlet/mysql/MySql_Get_Union.java index 59e7157..6877380 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/mysql/MySql_Get_Union.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/mysql/MySql_Get_Union.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_Union */ - public class MySql_Get_Union extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,12 +59,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("id"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT name, surname, dob FROM users WHERE id = " + id + " UNION SELECT address_1, address_2, address_3 FROM address WHERE id = " + id; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/mysql/MySql_Get_int.java b/src/main/java/com/waratek/spiracle/sql/servlet/mysql/MySql_Get_int.java index 6936ccb..f465146 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/mysql/MySql_Get_int.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/mysql/MySql_Get_int.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_int */ - public class MySql_Get_int extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,7 +59,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("id"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/mysql/MySql_Get_string.java b/src/main/java/com/waratek/spiracle/sql/servlet/mysql/MySql_Get_string.java index 8bc0172..834fc41 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/mysql/MySql_Get_string.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/mysql/MySql_Get_string.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_string */ - public class MySql_Get_string extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,12 +59,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("name"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String name = (String)nullSanitizedMap.get("name"); + String name = (String) nullSanitizedMap.get("name"); String sql = "SELECT * FROM users WHERE name = '" + name + "'"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/mysql/MySql_Get_string_param_question_mark.java b/src/main/java/com/waratek/spiracle/sql/servlet/mysql/MySql_Get_string_param_question_mark.java index fb688a9..926be09 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/mysql/MySql_Get_string_param_question_mark.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/mysql/MySql_Get_string_param_question_mark.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_string */ - public class MySql_Get_string_param_question_mark extends HttpServlet { private static final long serialVersionUID = 1L; @@ -48,7 +46,6 @@ public MySql_Get_string_param_question_mark() { /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -56,19 +53,18 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ - protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList (); + List queryStringList = new ArrayList(); queryStringList.add("name"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String name = (String)nullSanitizedMap.get("name"); + String name = (String) nullSanitizedMap.get("name"); // The '?' syntax is invalid for MySQL, so this query never successfully execute. String sql = "SELECT top 5 id, name, surname FROM users where name <> ? and name = '" + name + "'"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/mysql/MySql_Implicit_Join_Namespace.java b/src/main/java/com/waratek/spiracle/sql/servlet/mysql/MySql_Implicit_Join_Namespace.java index 39f9b7f..d916903 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/mysql/MySql_Implicit_Join_Namespace.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/mysql/MySql_Implicit_Join_Namespace.java @@ -7,7 +7,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -18,7 +17,6 @@ /** * Servlet implementation class Implicit_Join_Namespace */ - public class MySql_Implicit_Join_Namespace extends HttpServlet { private static final long serialVersionUID = 1L; @@ -46,12 +44,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("id"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT * FROM test.users, test.address WHERE test.users.id = " + id + " AND test.users.id = test.address.id"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Delete_User.java b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Delete_User.java index d1bc395..0c78a62 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Delete_User.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Delete_User.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Delete_User */ - public class Delete_User extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,14 +59,14 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList (); + List queryStringList = new ArrayList(); queryStringList.add("id"); queryStringList.add("name"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); - String name = (String)nullSanitizedMap.get("name"); + String id = (String) nullSanitizedMap.get("id"); + String name = (String) nullSanitizedMap.get("name"); String sql = "DELETE FROM users WHERE id = " + id + " OR name = '" + name + "'"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_Full_Outer_Join.java b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_Full_Outer_Join.java index fcd5156..600c4bb 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_Full_Outer_Join.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_Full_Outer_Join.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_Ful_Outer_Join */ - public class Get_Full_Outer_Join extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,12 +59,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("id"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT * FROM users FULL OUTER JOIN address ON users.id = address.id AND users.id = " + id; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_Implicit_Join.java b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_Implicit_Join.java index 74b80c2..3685a00 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_Implicit_Join.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_Implicit_Join.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_Inner_Join */ - public class Get_Implicit_Join extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,7 +59,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("id"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_Union.java b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_Union.java index 02c8997..78cdb8e 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_Union.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_Union.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_Union */ - public class Get_Union extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,12 +59,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("id"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT name, surname, TO_CHAR(dob) FROM users WHERE id = " + id + " UNION SELECT address_1, address_2, address_3 FROM address WHERE id = " + id; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int.java b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int.java index c92d281..1987155 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_int */ - public class Get_int extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,12 +59,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("id"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT * FROM users WHERE id = '" + id + "'"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_groupby.java b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_groupby.java index d6bf7ae..053219f 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_groupby.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_groupby.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_int_groupby */ - public class Get_int_groupby extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,12 +59,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("id"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT count(name), name FROM users GROUP BY " + id; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_having.java b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_having.java index 25e1bc2..0655fbc 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_having.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_having.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_int_having */ - public class Get_int_having extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,12 +59,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("id"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT MIN(name) from users GROUP BY id HAVING id = " + id; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_inline.java b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_inline.java index b0fb8d1..bef95f2 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_inline.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_inline.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_int_inline */ - public class Get_int_inline extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,12 +59,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("id"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = id; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_no_quote.java b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_no_quote.java index b489efb..ad10d9a 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_no_quote.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_no_quote.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_int_no_quote */ - public class Get_int_no_quote extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,12 +59,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("id"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT * FROM users WHERE id = " + id; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_nooutput.java b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_nooutput.java index 82e7ad6..eea83a7 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_nooutput.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_nooutput.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_int_nooutput */ - public class Get_int_nooutput extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,18 +59,18 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("id"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT * FROM users WHERE id = '" + id + "'"; - Boolean showErrors = Boolean.TRUE; + Boolean showErrors = Boolean.FALSE; Boolean allResults = Boolean.TRUE; - Boolean showOutput = Boolean.TRUE; + Boolean showOutput = Boolean.FALSE; SelectUtil.executeQuery(sql, application, request, response, showErrors, allResults, showOutput); } diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_orderby.java b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_orderby.java index a772248..081d59c 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_orderby.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_orderby.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_int_orderby */ - public class Get_int_orderby extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,12 +59,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("id"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT * FROM users ORDER BY " + id; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_partialunion.java b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_partialunion.java index 1eb208f..1b4f5ab 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_partialunion.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_int_partialunion.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_int_partialunion */ - public class Get_int_partialunion extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,12 +59,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("id"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT * FROM users WHERE id = '" + id + "'"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_string.java b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_string.java index 2bdc5d4..a11d81b 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_string.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_string.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_string */ - public class Get_string extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,12 +59,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("name"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String name = (String)nullSanitizedMap.get("name"); + String name = (String) nullSanitizedMap.get("name"); String sql = "SELECT * FROM users WHERE name = '" + name + "'"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_string_constructor.java b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_string_constructor.java index 66c7ed0..155df04 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_string_constructor.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_string_constructor.java @@ -7,7 +7,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -18,7 +17,6 @@ /** * Servlet implementation class Get_string_constructor */ - public class Get_string_constructor extends HttpServlet { private static final long serialVersionUID = 1L; @@ -46,12 +44,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("name"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String name = (String)nullSanitizedMap.get("name"); + String name = (String) nullSanitizedMap.get("name"); String new_name = new String(name); diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_string_no_quote.java b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_string_no_quote.java index 35e15f1..7245ba9 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_string_no_quote.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_string_no_quote.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_string_no_quote */ - public class Get_string_no_quote extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,12 +59,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("name"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String name = (String)nullSanitizedMap.get("name"); + String name = (String) nullSanitizedMap.get("name"); String sql = "SELECT * FROM users WHERE name = " + name; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_string_no_quote_sanitised.java b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_string_no_quote_sanitised.java index 284d7ef..029dc97 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_string_no_quote_sanitised.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_string_no_quote_sanitised.java @@ -7,7 +7,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -18,7 +17,6 @@ /** * Servlet implementation class Get_string_no_quote */ - public class Get_string_no_quote_sanitised extends HttpServlet { private static final long serialVersionUID = 1L; @@ -46,14 +44,14 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("name"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String name = (String)nullSanitizedMap.get("name"); + String name = (String) nullSanitizedMap.get("name"); - String newName = name.replaceAll( "'", "''" ); + String newName = name.replace( "'", "''" ); String sql = "SELECT * FROM users WHERE name = " + newName; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_string_param_question_mark.java b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_string_param_question_mark.java index 1ad6a6b..00d3035 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_string_param_question_mark.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_string_param_question_mark.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_string */ - public class Get_string_param_question_mark extends HttpServlet { private static final long serialVersionUID = 1L; @@ -48,7 +46,6 @@ public Get_string_param_question_mark() { /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -56,7 +53,6 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ - protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -68,7 +64,7 @@ private void executeRequest(HttpServletRequest request, HttpServletResponse resp Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String name = (String)nullSanitizedMap.get("name"); + String name = (String) nullSanitizedMap.get("name"); String sql = "SELECT * FROM users where name <> ? and name = '" + name + "'"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_string_sanitised.java b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_string_sanitised.java index 9d03b51..e515148 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_string_sanitised.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Get_string_sanitised.java @@ -7,7 +7,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -18,7 +17,6 @@ /** * Servlet implementation class Get_string */ - public class Get_string_sanitised extends HttpServlet { private static final long serialVersionUID = 1L; @@ -46,13 +44,13 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("name"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String name = (String)nullSanitizedMap.get("name"); - String newName = (String)name.replaceAll( "'", "''" ); + String name = (String) nullSanitizedMap.get("name"); + String newName = name.replace( "'", "''" ); String sql = "SELECT * FROM users WHERE name = '" + newName + "'"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Implicit_Join_Namespace.java b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Implicit_Join_Namespace.java index 18a4519..4be06bc 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Implicit_Join_Namespace.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Implicit_Join_Namespace.java @@ -7,7 +7,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -18,7 +17,6 @@ /** * Servlet implementation class Implicit_Join_Namespace */ - public class Implicit_Join_Namespace extends HttpServlet { private static final long serialVersionUID = 1L; @@ -47,12 +45,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("id"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT users.id FROM users, address WHERE users.id = address.id AND users.id = " + id; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Insert_Raw_Text.java b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Insert_Raw_Text.java index ebb4967..4946b57 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Insert_Raw_Text.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Insert_Raw_Text.java @@ -7,7 +7,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -18,7 +17,6 @@ /** * Servlet implementation class Insert_Raw_Text */ - public class Insert_Raw_Text extends HttpServlet { private static final long serialVersionUID = 1L; @@ -46,15 +44,15 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("id"); queryStringList.add("text"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); - String text = (String)nullSanitizedMap.get("text"); + String id = (String) nullSanitizedMap.get("id"); + String text = (String) nullSanitizedMap.get("text"); String sql = "INSERT INTO TEXT_STORE VALUES (" + id + ", '" + text + "')"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Insert_Raw_Text_Sanitised.java b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Insert_Raw_Text_Sanitised.java index ed96161..a4ce513 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Insert_Raw_Text_Sanitised.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Insert_Raw_Text_Sanitised.java @@ -7,7 +7,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -18,7 +17,6 @@ /** * Servlet implementation class Insert_Raw_Text_Sanitised */ - public class Insert_Raw_Text_Sanitised extends HttpServlet { private static final long serialVersionUID = 1L; @@ -46,16 +44,16 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("id"); queryStringList.add("text"); Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); - String text = (String)nullSanitizedMap.get("text"); - text = text.replaceAll("'", "''"); + String id = (String) nullSanitizedMap.get("id"); + String text = (String) nullSanitizedMap.get("text"); + text = text.replace("'", "''"); String sql = "INSERT INTO TEXT_STORE VALUES (" + id + ", '" + text + "')"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Insert_User.java b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Insert_User.java index b5f920d..2621f3f 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Insert_User.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Insert_User.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Create_User */ - public class Insert_User extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,7 +59,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("id"); queryStringList.add("name"); @@ -72,12 +70,12 @@ private void executeRequest(HttpServletRequest request, HttpServletResponse resp Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); - String name = (String)nullSanitizedMap.get("name"); - String surname = (String)nullSanitizedMap.get("surname"); - String dob = (String)nullSanitizedMap.get("dob"); - String credit_card = (String)nullSanitizedMap.get("credit_card"); - String cvv = (String)nullSanitizedMap.get("cvv"); + String id = (String) nullSanitizedMap.get("id"); + String name = (String) nullSanitizedMap.get("name"); + String surname = (String) nullSanitizedMap.get("surname"); + String dob = (String) nullSanitizedMap.get("dob"); + String credit_card = (String) nullSanitizedMap.get("credit_card"); + String cvv = (String) nullSanitizedMap.get("cvv"); String sql = "INSERT INTO users VALUES (" + id + ", '" + name + "', '" + surname + "', '" + dob + "', '" + credit_card + "', '" + cvv + "')"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Run_Any_Sql.java b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Run_Any_Sql.java new file mode 100644 index 0000000..a4e6665 --- /dev/null +++ b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Run_Any_Sql.java @@ -0,0 +1,135 @@ +/* + * Copyright 2014 Waratek Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.waratek.spiracle.sql.servlet.oracle; + +import com.waratek.spiracle.misc.CookieUtil; +import com.waratek.spiracle.misc.DataSourceUtil; +import com.waratek.spiracle.sql.servlet.util.ParameterNullFix; +import com.waratek.spiracle.sql.util.SelectUtil; +import org.apache.log4j.Logger; + +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.net.URLDecoder; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import java.util.Map; + +/** + * Servlet implementation class Run_Any_Sql + */ +public class Run_Any_Sql extends HttpServlet +{ + private static final Logger logger = Logger.getLogger(Run_Any_Sql.class); + private static final long serialVersionUID = 1L; + private static final String SQL = "sql"; + private static final String ARGS = "args"; + private static final String ARRAY_SPLITTER = "~"; + private static final String ARG_SOURCES = "argSources"; + + /** + * @see HttpServlet#HttpServlet() + */ + public Run_Any_Sql() + { + super(); + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) + */ + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException + { + executeRequest(request, response); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) + */ + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException + { + executeRequest(request, response); + } + + private String[] setArgDataSource(String[] sqlArgs, String argSources, HttpServletRequest request) throws IOException + { + if (argSources.equals("")) + { + return sqlArgs; // No change needed + } + String[] argSourcesArray = argSources.split(ARRAY_SPLITTER); + if (sqlArgs.length != argSourcesArray.length) + { + throw new RuntimeException("Different number of args and argSources not allowed.\nargs=" + Arrays.toString(sqlArgs) + "\nargSources=" + Arrays.toString(argSourcesArray)); + } + String[] newArgArray = new String[sqlArgs.length]; + for (int i = 0; i < sqlArgs.length; i++) + { + newArgArray[i] = DataSourceUtil.forceStringInputSource(sqlArgs[i], argSourcesArray[i], request); + } + return newArgArray; + } + + private String[] getSqlArgs(HttpServletRequest request) throws UnsupportedEncodingException + { + String sqlArgs; + if (CookieUtil.containsCookie(request, ARGS)) //take args from cookie if it exists + { + sqlArgs = CookieUtil.getCookieValue(ARGS, request); + sqlArgs = URLDecoder.decode(sqlArgs, "UTF-8"); + } + else + { + List queryStringList = new ArrayList(); + queryStringList.add(ARGS); + sqlArgs = (String) ParameterNullFix.sanitizeNull(queryStringList, request).get(ARGS); //take args from URL param if args cookie doesn't exist + } + return sqlArgs.split(ARRAY_SPLITTER); + } + + private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException + { + ServletContext application = this.getServletConfig().getServletContext(); + List queryStringList = new ArrayList(); + queryStringList.add(SQL); + queryStringList.add(ARGS); + queryStringList.add(ARG_SOURCES); + + Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); + + String unformattedSql = (String) nullSanitizedMap.get(SQL); + unformattedSql = DataSourceUtil.makeStringUntainted(unformattedSql); + final String argSources = (String) nullSanitizedMap.get(ARG_SOURCES); + String[] sqlArgs = getSqlArgs(request); + sqlArgs = setArgDataSource(sqlArgs, argSources, request); + + String sql = unformattedSql; + for (int i = 0; i < sqlArgs.length; i++) { + int idx = sql.indexOf("%s"); + if (idx >= 0) { + sql = sql.substring(0, idx) + sqlArgs[i] + sql.substring(idx + 2); + } + } + + SelectUtil.executeQuery(sql, application, request, response); + } +} diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Update_User.java b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Update_User.java index ef4db56..4844046 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Update_User.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/oracle/Update_User.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Update_User */ - public class Update_User extends HttpServlet { private static final long serialVersionUID = 1L; @@ -61,7 +59,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { ServletContext application = this.getServletConfig().getServletContext(); - List queryStringList = new ArrayList(); + List queryStringList = new ArrayList(); queryStringList.add("id"); queryStringList.add("name"); @@ -70,9 +68,9 @@ private void executeRequest(HttpServletRequest request, HttpServletResponse resp Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); - String name = (String)nullSanitizedMap.get("name"); - String surname = (String)nullSanitizedMap.get("surname"); + String id = (String) nullSanitizedMap.get("id"); + String name = (String) nullSanitizedMap.get("name"); + String surname = (String) nullSanitizedMap.get("surname"); String sql = "UPDATE users SET name = '" + name + "', surname = '" + surname + "' WHERE id = " + id; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/postgres/Postgres_Get_Union.java b/src/main/java/com/waratek/spiracle/sql/servlet/postgres/Postgres_Get_Union.java new file mode 100644 index 0000000..871b772 --- /dev/null +++ b/src/main/java/com/waratek/spiracle/sql/servlet/postgres/Postgres_Get_Union.java @@ -0,0 +1,78 @@ +/* + * Copyright 2019 Waratek Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.waratek.spiracle.sql.servlet.postgres; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import com.waratek.spiracle.sql.servlet.util.ParameterNullFix; +import com.waratek.spiracle.sql.util.SelectUtil; + +/** + * Servlet implementation class Get_Union + */ +public class Postgres_Get_Union extends HttpServlet { + private static final long serialVersionUID = 1L; + + /** + * @see HttpServlet#HttpServlet() + */ + public Postgres_Get_Union() { + super(); + // TODO Auto-generated constructor stub + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) + */ + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + executeRequest(request, response); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) + */ + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + executeRequest(request, response); + } + + private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { + ServletContext application = this.getServletConfig().getServletContext(); + List queryStringList = new ArrayList(); + queryStringList.add("id"); + + Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); + + String id = (String) nullSanitizedMap.get("id"); + + String sql = "SELECT name, surname, CAST (dob AS VARCHAR(500)) FROM users WHERE id = " + id + " UNION SELECT address_1, address_2, address_3 FROM address WHERE id = " + id; + + Boolean showErrors = Boolean.TRUE; + Boolean allResults = Boolean.TRUE; + Boolean showOutput = Boolean.TRUE; + + SelectUtil.executeQuery(sql, application, request, response, showErrors, allResults, showOutput); + } + +} diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/postgres/Postgres_Get_string_unicode_identifier.java b/src/main/java/com/waratek/spiracle/sql/servlet/postgres/Postgres_Get_string_unicode_identifier.java new file mode 100644 index 0000000..59d25fb --- /dev/null +++ b/src/main/java/com/waratek/spiracle/sql/servlet/postgres/Postgres_Get_string_unicode_identifier.java @@ -0,0 +1,78 @@ +/* + * Copyright 2019 Waratek Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.waratek.spiracle.sql.servlet.postgres; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import com.waratek.spiracle.sql.servlet.util.ParameterNullFix; +import com.waratek.spiracle.sql.util.SelectUtil; + +/** + * Servlet implementation class Get_string + */ +public class Postgres_Get_string_unicode_identifier extends HttpServlet { + private static final long serialVersionUID = 1L; + + /** + * @see HttpServlet#HttpServlet() + */ + public Postgres_Get_string_unicode_identifier() { + super(); + // TODO Auto-generated constructor stub + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) + */ + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + executeRequest(request, response); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) + */ + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + executeRequest(request, response); + } + + private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { + ServletContext application = this.getServletConfig().getServletContext(); + List queryStringList = new ArrayList(); + queryStringList.add("name"); + + Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); + + String name = (String) nullSanitizedMap.get("name"); + + String sql = "SELECT * FROM U&\"\\0075\\0073\\0065\\0072\\0073\" WHERE name = '" + name + "'"; + + Boolean showErrors = Boolean.TRUE; + Boolean allResults = Boolean.TRUE; + Boolean showOutput = Boolean.TRUE; + + SelectUtil.executeQuery(sql, application, request, response, showErrors, allResults, showOutput); + } + +} diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/postgres/Postgres_Implicit_Join_Namespace.java b/src/main/java/com/waratek/spiracle/sql/servlet/postgres/Postgres_Implicit_Join_Namespace.java new file mode 100644 index 0000000..4fae2da --- /dev/null +++ b/src/main/java/com/waratek/spiracle/sql/servlet/postgres/Postgres_Implicit_Join_Namespace.java @@ -0,0 +1,77 @@ +/* + * Copyright 2019 Waratek Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.waratek.spiracle.sql.servlet.postgres; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import com.waratek.spiracle.sql.servlet.util.ParameterNullFix; +import com.waratek.spiracle.sql.util.SelectUtil; + +/** + * Servlet implementation class Implicit_Join_Namespace + */ +public class Postgres_Implicit_Join_Namespace extends HttpServlet { + private static final long serialVersionUID = 1L; + + /** + * @see HttpServlet#HttpServlet() + */ + public Postgres_Implicit_Join_Namespace() { + super(); + // TODO Auto-generated constructor stub + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) + */ + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + executeRequest(request, response); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) + */ + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + executeRequest(request, response); + } + + private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { + ServletContext application = this.getServletConfig().getServletContext(); + List queryStringList = new ArrayList(); + queryStringList.add("id"); + + Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); + + String id = (String) nullSanitizedMap.get("id"); + + String sql = "SELECT * FROM public.users, public.address WHERE public.users.id = " + id + " AND public.users.id = public.address.id"; + + Boolean showErrors = Boolean.TRUE; + Boolean allResults = Boolean.TRUE; + Boolean showOutput = Boolean.TRUE; + + SelectUtil.executeQuery(sql, application, request, response, showErrors, allResults, showOutput); + } +} diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_Implicit_Join.java b/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_Implicit_Join.java index 0c79dee..e12e9e7 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_Implicit_Join.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_Implicit_Join.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_Inner_Join */ - public class Sybase_Get_Implicit_Join extends HttpServlet { private static final long serialVersionUID = 1L; @@ -48,7 +46,6 @@ public Sybase_Get_Implicit_Join() { /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -56,7 +53,6 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ - protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -68,7 +64,7 @@ private void executeRequest(HttpServletRequest request, HttpServletResponse resp Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT * FROM users, address WHERE users.id = " + id + " AND users.id = address.id"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_Union.java b/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_Union.java index 51b2b8b..76cd16c 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_Union.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_Union.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_Union */ - public class Sybase_Get_Union extends HttpServlet { private static final long serialVersionUID = 1L; @@ -48,7 +46,6 @@ public Sybase_Get_Union() { /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -56,7 +53,6 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ - protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -68,7 +64,7 @@ private void executeRequest(HttpServletRequest request, HttpServletResponse resp Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT name, surname, CONVERT(varchar(500),dob,3) FROM users WHERE id = " + id + " UNION SELECT address_1, address_2, address_3 FROM address WHERE id = " + id; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_int_no_quote.java b/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_int_no_quote.java index 13d99b9..a2196ba 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_int_no_quote.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_int_no_quote.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_int */ - public class Sybase_Get_int_no_quote extends HttpServlet { private static final long serialVersionUID = 1L; @@ -48,7 +46,6 @@ public Sybase_Get_int_no_quote() { /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -56,7 +53,6 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ - protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -68,7 +64,7 @@ private void executeRequest(HttpServletRequest request, HttpServletResponse resp Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT * FROM users WHERE id = " + id; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_string.java b/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_string.java index 75034c0..f85b145 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_string.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_string.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_string */ - public class Sybase_Get_string extends HttpServlet { private static final long serialVersionUID = 1L; @@ -48,7 +46,6 @@ public Sybase_Get_string() { /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -56,7 +53,6 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ - protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -68,7 +64,7 @@ private void executeRequest(HttpServletRequest request, HttpServletResponse resp Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String name = (String)nullSanitizedMap.get("name"); + String name = (String) nullSanitizedMap.get("name"); String sql = "SELECT * FROM users WHERE name = '" + name + "'"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_string_no_quote.java b/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_string_no_quote.java index e1b42e4..341599c 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_string_no_quote.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_string_no_quote.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_string */ - public class Sybase_Get_string_no_quote extends HttpServlet { private static final long serialVersionUID = 1L; @@ -48,7 +46,6 @@ public Sybase_Get_string_no_quote() { /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -56,7 +53,6 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ - protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -68,7 +64,7 @@ private void executeRequest(HttpServletRequest request, HttpServletResponse resp Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String name = (String)nullSanitizedMap.get("name"); + String name = (String) nullSanitizedMap.get("name"); String sql = "SELECT * FROM users WHERE name = " + name; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_string_param_question_mark.java b/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_string_param_question_mark.java index e6f05bc..c960498 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_string_param_question_mark.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_string_param_question_mark.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Get_string */ - public class Sybase_Get_string_param_question_mark extends HttpServlet { private static final long serialVersionUID = 1L; @@ -48,7 +46,6 @@ public Sybase_Get_string_param_question_mark() { /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -56,7 +53,6 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ - protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -68,7 +64,7 @@ private void executeRequest(HttpServletRequest request, HttpServletResponse resp Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String name = (String)nullSanitizedMap.get("name"); + String name = (String) nullSanitizedMap.get("name"); String sql = "SELECT top 5 id, name, surname FROM users where name <> ? and name = '" + name + "'"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Implicit_Join_Namespace.java b/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Implicit_Join_Namespace.java index 8e33609..e86abff 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Implicit_Join_Namespace.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Implicit_Join_Namespace.java @@ -22,7 +22,6 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; - import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,7 +32,6 @@ /** * Servlet implementation class Implicit_Join_Namespace */ - public class Sybase_Implicit_Join_Namespace extends HttpServlet { private static final long serialVersionUID = 1L; @@ -48,7 +46,6 @@ public Sybase_Implicit_Join_Namespace() { /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -56,7 +53,6 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ - protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { executeRequest(request, response); } @@ -68,7 +64,7 @@ private void executeRequest(HttpServletRequest request, HttpServletResponse resp Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); - String id = (String)nullSanitizedMap.get("id"); + String id = (String) nullSanitizedMap.get("id"); String sql = "SELECT * FROM dbo.users, dbo.address WHERE dbo.users.id = " + id + " AND dbo.users.id = dbo.address.id"; diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/util/ParameterNullFix.java b/src/main/java/com/waratek/spiracle/sql/servlet/util/ParameterNullFix.java index 9036265..7a681cf 100644 --- a/src/main/java/com/waratek/spiracle/sql/servlet/util/ParameterNullFix.java +++ b/src/main/java/com/waratek/spiracle/sql/servlet/util/ParameterNullFix.java @@ -16,6 +16,7 @@ package com.waratek.spiracle.sql.servlet.util; import java.util.HashMap; +import java.util.Iterator; import java.util.List; import java.util.Map; @@ -28,8 +29,8 @@ public class ParameterNullFix { public static Map sanitizeNull(List inputList, HttpServletRequest request) { Map outputMap = new HashMap(); - for(int i = 0 ; i < inputList.size() ; i++) { - String item = (String)inputList.get(i); + for (Iterator it = inputList.iterator(); it.hasNext();) { + String item = (String) it.next(); String val = request.getParameter(item); if(val == null) { logger.info("Expected parameter {" + item + "} is null"); diff --git a/src/main/java/com/waratek/spiracle/sql/util/ConnectionUtil.java b/src/main/java/com/waratek/spiracle/sql/util/ConnectionUtil.java index 9659e7f..abc1762 100644 --- a/src/main/java/com/waratek/spiracle/sql/util/ConnectionUtil.java +++ b/src/main/java/com/waratek/spiracle/sql/util/ConnectionUtil.java @@ -19,6 +19,7 @@ import java.sql.SQLException; import javax.servlet.ServletContext; +import javax.servlet.http.HttpServletRequest; import javax.sql.DataSource; import org.apache.log4j.Logger; @@ -50,6 +51,9 @@ public static Connection getConnection(ServletContext application, String connec } else if (connectionType.equals(Constants.C3P0_SYBASE)) { ComboPooledDataSource ds = (ComboPooledDataSource) application.getAttribute(Constants.SYBASE_CONNECTION_POOL); con = ds.getConnection(); + } else if (connectionType.equals(Constants.C3P0_POSTGRES)) { + ComboPooledDataSource ds = (ComboPooledDataSource) application.getAttribute(Constants.POSTGRES_CONNECTION_POOL); + con = ds.getConnection(); } else if (connectionType.equals("spring")) { FileSystemXmlApplicationContext context = (FileSystemXmlApplicationContext) application.getAttribute("springContext"); DriverManagerDataSource dmds = (DriverManagerDataSource) context.getBean("dataSource"); @@ -62,4 +66,18 @@ public static Connection getConnection(ServletContext application, String connec logger.info("Returning connection: " + con.toString()); return con; } + + public static Connection getConnection(ServletContext application, HttpServletRequest request) throws SQLException + { + String defaultConnection = (String) application.getAttribute(Constants.DEFAULT_CONNECTION); + //Checking if connectionType is set, defaulting it to c3p0 if not set. + String connectionType; + if(request.getParameter("connectionType") == null) { + logger.warn("'connectionType' parameter not set, defaulting to: " + defaultConnection); + connectionType = defaultConnection; + } else { + connectionType = request.getParameter("connectionType"); + } + return getConnection(application, connectionType); + } } diff --git a/src/main/java/com/waratek/spiracle/sql/util/Constants.java b/src/main/java/com/waratek/spiracle/sql/util/Constants.java index e07b542..874c76e 100644 --- a/src/main/java/com/waratek/spiracle/sql/util/Constants.java +++ b/src/main/java/com/waratek/spiracle/sql/util/Constants.java @@ -20,28 +20,33 @@ public class Constants { public static final String C3P0_MSSQL = "c3p0.mssql"; public static final String C3P0_DB2 = "c3p0.db2"; public static final String C3P0_SYBASE = "c3p0.sybase"; + public static final String C3P0_POSTGRES = "c3p0.postgres"; public static final String C3P0_ORACLE_CLASSNAME = "c3p0.oracle.classname"; public static final String C3P0_MYSQL_CLASSNAME = "c3p0.mysql.classname"; public static final String C3P0_MSSQL_CLASSNAME = "c3p0.mssql.classname"; public static final String C3P0_DB2_CLASSNAME = "c3p0.db2.classname"; public static final String C3P0_SYBASE_CLASSNAME = "c3p0.sybase.classname"; + public static final String C3P0_POSTGRES_CLASSNAME = "c3p0.postgres.classname"; public static final String ORACLE = "oracle"; public static final String MYSQL = "mysql"; public static final String MSSQL = "mssql"; public static final String DB2 = "db2"; public static final String SYBASE = "sybase"; + public static final String POSTGRES = "postgres"; public static final String ORACLE_CONNECTION_POOL = "oracleConnectionPool"; public static final String MYSQL_CONNECTION_POOL = "mysqlConnectionPool"; public static final String MSSQL_CONNECTION_POOL = "mssqlConnectionPool"; public static final String DB2_CONNECTION_POOL = "db2ConnectionPool"; public static final String SYBASE_CONNECTION_POOL = "sybaseConnectionPool"; + public static final String POSTGRES_CONNECTION_POOL = "postgresConnectionPool"; public final static String ORACLE_CONNECTION_DATA = "oracleConnectionData"; public final static String MYSQL_CONNECTION_DATA = "mysqlConnectionData"; public final static String MSSQL_CONNECTION_DATA = "mssqlConnectionData"; public final static String DB2_CONNECTION_DATA = "db2ConnectionData"; public final static String SYBASE_CONNECTION_DATA = "sybaseConnectionData"; + public final static String POSTGRES_CONNECTION_DATA = "postgresConnectionData"; } diff --git a/src/main/java/com/waratek/spiracle/sql/util/SelectUtil.java b/src/main/java/com/waratek/spiracle/sql/util/SelectUtil.java index 32c2494..926f8ac 100644 --- a/src/main/java/com/waratek/spiracle/sql/util/SelectUtil.java +++ b/src/main/java/com/waratek/spiracle/sql/util/SelectUtil.java @@ -21,6 +21,7 @@ import java.sql.ResultSet; import java.sql.ResultSetMetaData; import java.sql.SQLException; +import java.util.ArrayList; import javax.servlet.ServletContext; import javax.servlet.ServletOutputStream; @@ -33,29 +34,23 @@ public class SelectUtil { private static final Logger logger = Logger.getLogger(SelectUtil.class); - public static void executeQuery(String sql, ServletContext application, HttpServletRequest request, HttpServletResponse response, Boolean showErrors, Boolean allResults, Boolean showOutput) throws IOException { + private static void executeQuery( + String sql, ServletContext application, HttpServletRequest request, HttpServletResponse response, Boolean showErrors, Boolean allResults, Boolean showOutput, boolean setString) + throws IOException + { response.setHeader("Content-Type", "text/html;charset=UTF-8"); ServletOutputStream out = response.getOutputStream(); - String connectionType = null; Connection con = null; - int fetchSize = ((Integer) application.getAttribute(Constants.JDBC_FETCH_SIZE)).intValue(); - String defaultConnection = (String) application.getAttribute(Constants.DEFAULT_CONNECTION); + int fetchSize = getFetchSize(application).intValue(); PreparedStatement stmt = null; - ResultSet rs = null; TagUtil.printPageHead(out); TagUtil.printPageNavbar(out); TagUtil.printContentDiv(out); try { - //Checking if connectionType is set, defaulting it to c3p0 if not set. - if(request.getParameter("connectionType") == null) { - connectionType = defaultConnection; - } else { - connectionType = request.getParameter("connectionType"); - } - con = ConnectionUtil.getConnection(application, connectionType); + con = ConnectionUtil.getConnection(application, request); out.println("
"); out.println("

SQL Query:

"); out.println("
");
@@ -66,68 +61,111 @@ public static void executeQuery(String sql, ServletContext application, HttpServ
 
 			stmt = con.prepareStatement(sql);
 			logger.info("Created PreparedStatement: " + sql);
-			executePreparedStatement(stmt, fetchSize, rs, sql, out, allResults, showOutput);
+			if (setString){
+				stmt.setString(1, "something");
+				logger.info("Substituted parameter in PreparedStatement: " + sql);
+			}
+			executePreparedStatement(stmt, fetchSize, sql, out, allResults, showOutput);
 		} catch(SQLException sqlexception) {
 			verifySQLException(sqlexception, application, response, out);
 		} finally {
-			cleanup(rs, stmt, con);
+			cleanup(stmt, con);
 			TagUtil.printPageFooter(out);
 			out.close();
 		}
 	}
 
-	public static void executeQuerySetString(String sql, ServletContext application, HttpServletRequest request, HttpServletResponse response, Boolean showErrors, Boolean allResults, Boolean showOutput) throws IOException {
-		response.setHeader("Content-Type", "text/html;charset=UTF-8");
-		ServletOutputStream out = response.getOutputStream();
-		String connectionType = null;
-		Connection con = null;
-		int fetchSize = ((Integer) application.getAttribute(Constants.JDBC_FETCH_SIZE)).intValue();
-		String defaultConnection = (String) application.getAttribute(Constants.DEFAULT_CONNECTION);
+	public static void executeQuery(
+			String sql, ServletContext application, HttpServletRequest request, HttpServletResponse response, Boolean showErrors, Boolean allResults, Boolean showOutput)
+			throws IOException
+	{
+		boolean setString = false;
+		executeQuery(sql, application, request, response, showErrors, allResults, showOutput, setString);
+	}
 
-		PreparedStatement stmt = null;
-		ResultSet rs = null;
+	public static void executeQuery(
+			String sql, ServletContext application, HttpServletRequest request, HttpServletResponse response)
+			throws IOException
+	{
+		executeQuery(sql, application, request, response, Boolean.TRUE, Boolean.TRUE, Boolean.TRUE);
+	}
 
-		TagUtil.printPageHead(out);
-		TagUtil.printPageNavbar(out);
-		TagUtil.printContentDiv(out);
+	public static void executeQuerySetString(String sql, ServletContext application, HttpServletRequest request, HttpServletResponse response, Boolean showErrors, Boolean allResults, Boolean showOutput) throws IOException {
+		boolean setString = true;
+		executeQuery(sql, application, request, response, showErrors, allResults, showOutput, setString);
+	}
 
+	public static ArrayList executeQueryWithoutNewPage(String sql, ServletContext application, HttpServletRequest request)
+			throws IOException, SQLException
+	{
+		Connection con = null;
+		PreparedStatement stmt = null;
+		ArrayList resultList;
 		try {
-			//Checking if connectionType is set, defaulting it to c3p0 if not set.
-			if(request.getParameter("connectionType") == null) {
-				connectionType = defaultConnection;
-			} else {
-				connectionType = request.getParameter("connectionType");
-			}
-			con = ConnectionUtil.getConnection(application, connectionType);
-			out.println("
");
-			out.println("
SQL Query:
");
-			out.println("
");
-			out.println(sql);
-			out.println("
");
-
+			con = ConnectionUtil.getConnection(application, request);
 			logger.info(sql);
-
 			stmt = con.prepareStatement(sql);
 			logger.info("Created PreparedStatement: " + sql);
-                        stmt.setString(1, "something");
-                        logger.info("Substituted parameter in PreparedStatement: " + sql);
-			executePreparedStatement(stmt, fetchSize, rs, sql, out, allResults, showOutput);
-		} catch(SQLException sqlexception) {
-			verifySQLException(sqlexception, application, response, out);
+			ResultSet rs = executePreparedStatementWithoutWriting(stmt, getFetchSize(application).intValue(), sql);
+			resultList = convertResultSetToList(rs);
 		} finally {
-			cleanup(rs, stmt, con);
-			TagUtil.printPageFooter(out);
-			out.close();
+			cleanup(stmt, con);
 		}
+		return resultList;
 	}
 
-        private static void executePreparedStatement(PreparedStatement stmt, int fetchSize, ResultSet rs, String sql, ServletOutputStream out, Boolean allResults, Boolean showOutput) throws IOException, SQLException {
-            stmt.setFetchSize(fetchSize);
-            rs = stmt.executeQuery();
-            logger.info("Executed: " + sql);
+	private static Integer getFetchSize(ServletContext application) {
+		return (Integer) application.getAttribute(Constants.JDBC_FETCH_SIZE);
+	}
 
-            writeToResponse(allResults, showOutput, out, rs);
-        }
+	private static void executePreparedStatement(PreparedStatement stmt, int fetchSize, String sql, ServletOutputStream out, Boolean allResults, Boolean showOutput)
+			throws IOException, SQLException
+	{
+		boolean shouldWriteToResponse = true;
+		executePreparedStatement(stmt, fetchSize, sql, out, allResults.booleanValue(), showOutput.booleanValue(), shouldWriteToResponse);
+	}
+
+	private static ResultSet executePreparedStatement(
+			PreparedStatement stmt, int fetchSize, String sql, ServletOutputStream out, boolean allResults, boolean showOutput, boolean shouldWriteToResponse)
+			throws IOException, SQLException
+	{
+		stmt.setFetchSize(fetchSize);
+		ResultSet rs = stmt.executeQuery();
+		logger.info("Executed: " + sql);
+
+		if (shouldWriteToResponse)
+		{
+			writeToResponse(new Boolean(allResults), new Boolean(showOutput), out, rs);
+		}
+		return rs;
+	}
+
+	private static ResultSet executePreparedStatementWithoutWriting(PreparedStatement stmt, int fetchSize, String sql)
+			throws IOException, SQLException
+	{
+		ServletOutputStream out = null;
+		boolean allResults = false;
+		boolean showOutput = false;
+		boolean shouldWriteToResponse = false;
+
+		return executePreparedStatement(stmt, fetchSize, sql, out, allResults, showOutput, shouldWriteToResponse);
+	}
+
+	private static ArrayList convertResultSetToList(ResultSet rs) throws SQLException
+	{
+		ArrayList resultList = new ArrayList();
+		int columnCount = rs.getMetaData().getColumnCount();
+		while (rs.next())
+		{
+			ArrayList resultRow = new ArrayList();
+			for (int i = 1; i <= columnCount; i++)
+			{
+				resultRow.add(rs.getObject(i));
+			}
+			resultList.add(resultRow);
+		}
+		return resultList;
+	}
 
 	private static void writeToResponse(Boolean allResults, Boolean showOutput, ServletOutputStream out, ResultSet rs) throws SQLException, IOException {
 		ResultSetMetaData metaData = rs.getMetaData();
@@ -170,69 +208,55 @@ private static void writeRow(ServletOutputStream out, ResultSet rs, ResultSetMet
 		out.println("");
 	}
 
-        private static void verifySQLException(SQLException sqlexception, ServletContext application, HttpServletResponse response, ServletOutputStream out) throws IOException{
-                if(sqlexception.getMessage().equals("Attempted to execute a query with one or more bad parameters.")) {
-                        int error = Integer.parseInt((String) application.getAttribute("defaultError"));
-                        response.setStatus(error);
-                } else {
-                        response.setStatus(500);
-                }
-
-                out.println("
");
-                out.println("SQLException: " + sqlexception.getMessage() + "
");
-
-                if(logger.isDebugEnabled()) {
-                        logger.debug(sqlexception.getMessage(), sqlexception);
-                } else {
-                        logger.error(sqlexception);
-                }
-
-                while((sqlexception = sqlexception.getNextException()) != null) {
-                        out.println(sqlexception.getMessage() + "
");
-            }
-        }
-
-        private static void cleanup(ResultSet rs, PreparedStatement stmt, Connection con) throws IOException{
-                try {
-        	        if(rs != null) {
-                                logger.info("Closing ResultSet " + rs);
-                                rs.close();
-                                logger.info("Closed ResultSet " + rs);
-                        }
-                } catch (SQLException rsCloseException) {
-                        if(logger.isDebugEnabled()) {
-                                logger.debug(rsCloseException.getMessage(), rsCloseException);
-                        } else {
-                                logger.error(rsCloseException);
-                        }
-                }
-
-                try {
-        	        if(stmt != null) {
-                	            logger.info("Closing PreparedStatement " + stmt);
-                                    stmt.close();
-                                    logger.info("Closed PreparedStatement " + stmt);
-                        }
-                } catch (SQLException stmtCloseException) {
-                        if(logger.isDebugEnabled()) {
-                                logger.debug(stmtCloseException.getMessage(), stmtCloseException);
-                        } else {
-                                logger.error(stmtCloseException);
-                        }
-                }
-
-                try {
-                        if(con != null) {
-                                logger.info("Closing Connection " + con);
-                                con.close();
-                                logger.info("Closed Connection " + con);
-                        }
-                } catch (SQLException conCloseException) {
-                        if(logger.isDebugEnabled()) {
-                                logger.debug(conCloseException.getMessage(), conCloseException);
-                        } else {
-                                logger.error(conCloseException);
-                        }
-                }
+	public static void verifySQLException(SQLException sqlexception, ServletContext application, HttpServletResponse response, ServletOutputStream out) throws IOException{
+		if(sqlexception.getMessage().equals("Attempted to execute a query with one or more bad parameters.")) {
+			int error = Integer.parseInt((String) application.getAttribute("defaultError"));
+			response.setStatus(error);
+		} else {
+			response.setStatus(500);
+		}
+
+		out.println("
");
+		out.println("SQLException: " + sqlexception.getMessage() + "
");
+
+		if(logger.isDebugEnabled()) {
+			logger.debug(sqlexception.getMessage(), sqlexception);
+		} else {
+			logger.error(sqlexception);
+		}
+
+		while((sqlexception = sqlexception.getNextException()) != null) {
+			out.println(sqlexception.getMessage() + "
");
+	    }
+	}
+
+	public static void cleanup(PreparedStatement stmt, Connection con) {
+		try {
+			if(stmt != null) {
+				logger.info("Closing PreparedStatement " + stmt);
+				stmt.close();
+				logger.info("Closed PreparedStatement " + stmt);
+			}
+		} catch (SQLException stmtCloseException) {
+			if(logger.isDebugEnabled()) {
+				logger.debug(stmtCloseException.getMessage(), stmtCloseException);
+			} else {
+				logger.error(stmtCloseException);
+			}
+		}
+
+		try {
+			if(con != null) {
+				logger.info("Closing Connection " + con);
+				con.close();
+				logger.info("Closed Connection " + con);
+			}
+		} catch (SQLException conCloseException) {
+			if(logger.isDebugEnabled()) {
+				logger.debug(conCloseException.getMessage(), conCloseException);
+			} else {
+				logger.error(conCloseException);
+			}
+		}
 	}
 }
diff --git a/src/main/java/com/waratek/spiracle/sql/util/UpdateUtil.java b/src/main/java/com/waratek/spiracle/sql/util/UpdateUtil.java
index 9f70f61..206dab9 100644
--- a/src/main/java/com/waratek/spiracle/sql/util/UpdateUtil.java
+++ b/src/main/java/com/waratek/spiracle/sql/util/UpdateUtil.java
@@ -33,7 +33,6 @@ public class UpdateUtil {
 	public static void executeUpdate(String sql, ServletContext application, HttpServletRequest request, HttpServletResponse response) throws IOException{
 		response.setHeader("Content-Type", "text/html;charset=UTF-8");
 		ServletOutputStream out = response.getOutputStream();
-		String connectionType = null;
 		Connection con = null;
 
 		PreparedStatement stmt = null;
@@ -43,13 +42,7 @@ public static void executeUpdate(String sql, ServletContext application, HttpSer
 		TagUtil.printContentDiv(out);
 
 		try {
-			//Checking if connectionType is not, defaulting it to c3p0 if not set.
-			if(request.getParameter("connectionType") == null) {
-				connectionType = "c3p0";
-			} else {
-				connectionType = request.getParameter("connectionType");
-			}
-			con = ConnectionUtil.getConnection(application, connectionType);
+			con = ConnectionUtil.getConnection(application, request);
 			out.println("
");
 			out.println("
SQL Query:
");
 			out.println("
");
@@ -66,53 +59,31 @@ public static void executeUpdate(String sql, ServletContext application, HttpSer
 			out.println("
Altered Rows:
");
 			out.print("
" + result + "
");
 		} catch(SQLException e) {
-			if(e.getMessage().equals("Attempted to execute a query with one or more bad parameters.")) {
-                int error = Integer.parseInt((String) application.getAttribute("defaultError"));
-				response.setStatus(error);
-			} else {
-				response.setStatus(500);
-			}
-			out.println("
");
-			out.println("SQLException: " + e.getMessage() + "
");
-			if(logger.isDebugEnabled()) {
-				logger.debug(e.getMessage(), e);
-			} else {
-				logger.error(e);
-			}
-			while((e = e.getNextException()) != null) {
-				out.println(e.getMessage() + "
");
-			}
+			SelectUtil.verifySQLException(e, application, response, out);
 		} finally {
-			try {
-				if(stmt != null) {
-					logger.info("Closing PreparedStatement " + stmt);
-					stmt.close();
-					logger.info("Closed PreparedStatement " + stmt);
-				}
-			} catch (SQLException stmtCloseException) {
-				if(logger.isDebugEnabled()) {
-					logger.debug(stmtCloseException.getMessage(), stmtCloseException);
-				} else {
-					logger.error(stmtCloseException);
-				}
-			}
-			try {
-				if(con != null) {
-					logger.info("Closing Connection " + con);
-					con.close();
-					logger.info("Closed Connection " + con);
-				}
-			} catch (SQLException conCloseException) {
-				if(logger.isDebugEnabled()) {
-					logger.debug(conCloseException.getMessage(), conCloseException);
-				} else {
-					logger.error(conCloseException);
-				}
-			}
+			SelectUtil.cleanup(stmt, con);
 
 			out.println("
");
 			TagUtil.printPageFooter(out);
 			out.close();
 		}
 	}
+
+	public static void executeUpdateWithoutNewPage(String sql, ServletContext application, HttpServletRequest request)
+			throws SQLException
+	{
+		PreparedStatement stmt = null;
+		Connection con = null;
+		try {
+			con = ConnectionUtil.getConnection(application, request);
+			logger.info(sql);
+			stmt = con.prepareStatement(sql);
+			logger.info("Created PreparedStatement: " + sql);
+			int result = stmt.executeUpdate();
+			logger.info("Executed: " + sql);
+			logger.info("Query result: " + result);
+		} finally {
+			SelectUtil.cleanup(stmt, con);
+		}
+	}
 }
diff --git a/src/main/java/com/waratek/spiracle/xss/HelloUserTag.java b/src/main/java/com/waratek/spiracle/xss/HelloUserTag.java
new file mode 100755
index 0000000..7aba92b
--- /dev/null
+++ b/src/main/java/com/waratek/spiracle/xss/HelloUserTag.java
@@ -0,0 +1,35 @@
+package com.waratek.spiracle.xss;
+
+import javax.servlet.jsp.tagext.*;
+import javax.servlet.jsp.*;
+import java.io.*;
+
+public class HelloUserTag extends SimpleTagSupport {
+
+   private String username;
+   private StringWriter sw = new StringWriter();
+
+   public void setUsername(String name) {
+        this.username = name;
+   }
+
+   public void doTag() throws JspException, IOException {
+        JspWriter out = getJspContext().getOut();
+        getJspBody().invoke(sw);
+
+        out.println("Hello Spiracle user: " + username + "!");
+        out.println("
");
+
+        JspWriter oldout;
+        do {
+            oldout = getJspContext().getOut();
+            out = getJspContext().popBody();
+        } while (oldout != out);
+
+        out.print("Welcome to Spiracle");
+        out.write(", an insecure web application used to test system security controls.".toCharArray());
+        out.println("
");
+
+        getJspContext().getOut().println(sw.toString());
+   }
+}
\ No newline at end of file
diff --git a/src/main/java/com/waratek/spiracle/xss/ReadHTML.java b/src/main/java/com/waratek/spiracle/xss/ReadHTML.java
index 62256bf..c8bfff5 100644
--- a/src/main/java/com/waratek/spiracle/xss/ReadHTML.java
+++ b/src/main/java/com/waratek/spiracle/xss/ReadHTML.java
@@ -7,6 +7,8 @@
 
 import javax.servlet.ServletOutputStream;
 import javax.servlet.ServletRequest;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
 
 public class ReadHTML {
 
@@ -14,14 +16,14 @@ static void readHTML(Object out, String taintedInput, ServletRequest req)
             throws IOException {
         String line = "";
         String XSS = "XSS";
-        String htmlFile = req.getRealPath("/") + "xss.html";
+        String htmlFile = ((HttpServletRequest) req).getSession().getServletContext().getRealPath("/") + "xss.html";
 
         BufferedReader in = new BufferedReader(new FileReader(htmlFile));
         while ((line = in.readLine()) != null) {
             if (line.indexOf(XSS) != -1) {
                 System.out.println("Transforming:");
                 System.out.println(line);
-                line = line.replaceAll(XSS, taintedInput);
+                line = line.replace(XSS, taintedInput);
                 System.out.println(line);
             }
 
diff --git a/src/main/java/com/waratek/spiracle/xss/XSSWebAppHSRPW.java b/src/main/java/com/waratek/spiracle/xss/XSSWebAppHSRPW.java
index bb65383..4a60b59 100644
--- a/src/main/java/com/waratek/spiracle/xss/XSSWebAppHSRPW.java
+++ b/src/main/java/com/waratek/spiracle/xss/XSSWebAppHSRPW.java
@@ -4,12 +4,10 @@
 import java.io.PrintWriter;
 
 import javax.servlet.ServletException;
-
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-
 public class XSSWebAppHSRPW extends HttpServlet {
 
     public void doGet(HttpServletRequest req, HttpServletResponse res)
@@ -19,7 +17,6 @@ public void doGet(HttpServletRequest req, HttpServletResponse res)
         ReadHTML.readHTML(out, req.getParameter("taintedtext"), req);
     }
 
-
     protected void doPost(HttpServletRequest req, HttpServletResponse resp)
             throws ServletException, IOException {
         doGet(req, resp);
diff --git a/src/main/java/com/waratek/spiracle/xss/XSSWebAppHSRSOS.java b/src/main/java/com/waratek/spiracle/xss/XSSWebAppHSRSOS.java
index 09275e2..21e82c2 100644
--- a/src/main/java/com/waratek/spiracle/xss/XSSWebAppHSRSOS.java
+++ b/src/main/java/com/waratek/spiracle/xss/XSSWebAppHSRSOS.java
@@ -4,12 +4,10 @@
 
 import javax.servlet.ServletException;
 import javax.servlet.ServletOutputStream;
-
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-
 public class XSSWebAppHSRSOS extends HttpServlet {
 
     public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
@@ -18,7 +16,6 @@ public void doGet(HttpServletRequest req, HttpServletResponse res) throws Servle
         ReadHTML.readHTML(out, req.getParameter("taintedtext"), req);
     }
 
-
     protected void doPost(HttpServletRequest req, HttpServletResponse resp)
             throws ServletException, IOException {
         doGet(req, resp);
diff --git a/src/main/java/com/waratek/spiracle/xss/XSSWebAppHSRSOSDelay.java b/src/main/java/com/waratek/spiracle/xss/XSSWebAppHSRSOSDelay.java
index bfe30d8..c86c677 100644
--- a/src/main/java/com/waratek/spiracle/xss/XSSWebAppHSRSOSDelay.java
+++ b/src/main/java/com/waratek/spiracle/xss/XSSWebAppHSRSOSDelay.java
@@ -4,12 +4,10 @@
 
 import javax.servlet.ServletException;
 import javax.servlet.ServletOutputStream;
-
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-
 public class XSSWebAppHSRSOSDelay extends HttpServlet {
 
     public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
@@ -23,7 +21,6 @@ public void doGet(HttpServletRequest req, HttpServletResponse res) throws Servle
         ReadHTML.readHTML(out, req.getParameter("taintedtext"), req);
     }
 
-
     protected void doPost(HttpServletRequest req, HttpServletResponse resp)
             throws ServletException, IOException {
         doGet(req, resp);
diff --git a/src/main/java/com/waratek/spiracle/xss/XSSWebAppSRPW.java b/src/main/java/com/waratek/spiracle/xss/XSSWebAppSRPW.java
index 4153261..35508fd 100644
--- a/src/main/java/com/waratek/spiracle/xss/XSSWebAppSRPW.java
+++ b/src/main/java/com/waratek/spiracle/xss/XSSWebAppSRPW.java
@@ -6,22 +6,18 @@
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
-
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-
 public class XSSWebAppSRPW extends HttpServlet {
 
-
     public void service(ServletRequest req, ServletResponse res) throws ServletException, IOException {
         res.setContentType("text/html");
         PrintWriter out = res.getWriter();
         ReadHTML.readHTML(out, req.getParameter("taintedtext"), req);
     }
 
-
     protected void doPost(HttpServletRequest req, HttpServletResponse resp)
             throws ServletException, IOException {
         doGet(req, resp);
diff --git a/src/main/java/com/waratek/spiracle/xss/XSSWebAppSRPWDelay.java b/src/main/java/com/waratek/spiracle/xss/XSSWebAppSRPWDelay.java
index f8e4432..242bc29 100644
--- a/src/main/java/com/waratek/spiracle/xss/XSSWebAppSRPWDelay.java
+++ b/src/main/java/com/waratek/spiracle/xss/XSSWebAppSRPWDelay.java
@@ -7,15 +7,12 @@
 import javax.servlet.ServletOutputStream;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
-
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-
 public class XSSWebAppSRPWDelay extends HttpServlet {
 
-
     public void service(ServletRequest req, ServletResponse res) throws ServletException, IOException {
         try {
             Thread.sleep(10000);
@@ -27,7 +24,6 @@ public void service(ServletRequest req, ServletResponse res) throws ServletExcep
         ReadHTML.readHTML(out, req.getParameter("taintedtext"), req);
     }
 
-
     protected void doPost(HttpServletRequest req, HttpServletResponse resp)
             throws ServletException, IOException {
         doGet(req, resp);
diff --git a/src/main/java/com/waratek/spiracle/xss/XSSWebAppSRSOS.java b/src/main/java/com/waratek/spiracle/xss/XSSWebAppSRSOS.java
index 1d30f1e..8a1c258 100644
--- a/src/main/java/com/waratek/spiracle/xss/XSSWebAppSRSOS.java
+++ b/src/main/java/com/waratek/spiracle/xss/XSSWebAppSRSOS.java
@@ -6,22 +6,18 @@
 import javax.servlet.ServletOutputStream;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
-
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-
 public class XSSWebAppSRSOS extends HttpServlet {
 
-
     public void service(ServletRequest req, ServletResponse res) throws ServletException, IOException {
         res.setContentType("text/html");
         ServletOutputStream out = res.getOutputStream();
         ReadHTML.readHTML(out, req.getParameter("taintedtext"), req);
     }
 
-
     protected void doPost(HttpServletRequest req, HttpServletResponse resp)
             throws ServletException, IOException {
         doGet(req, resp);
diff --git a/src/main/java/com/waratek/spiracle/xss/XSSWebAppSRSOSDelay.java b/src/main/java/com/waratek/spiracle/xss/XSSWebAppSRSOSDelay.java
index 3fef19b..442e10a 100644
--- a/src/main/java/com/waratek/spiracle/xss/XSSWebAppSRSOSDelay.java
+++ b/src/main/java/com/waratek/spiracle/xss/XSSWebAppSRSOSDelay.java
@@ -6,15 +6,12 @@
 import javax.servlet.ServletOutputStream;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
-
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-
 public class XSSWebAppSRSOSDelay extends HttpServlet {
 
-
     public void service(ServletRequest req, ServletResponse res) throws ServletException, IOException {
         try {
             Thread.sleep(10000);
@@ -26,7 +23,6 @@ public void service(ServletRequest req, ServletResponse res) throws ServletExcep
         ReadHTML.readHTML(out, req.getParameter("taintedtext"), req);
     }
 
-
     protected void doPost(HttpServletRequest req, HttpServletResponse resp)
             throws ServletException, IOException {
         doGet(req, resp);
diff --git a/src/main/webapp/WEB-INF/custom.tld b/src/main/webapp/WEB-INF/custom.tld
new file mode 100755
index 0000000..d0085ea
--- /dev/null
+++ b/src/main/webapp/WEB-INF/custom.tld
@@ -0,0 +1,15 @@
+
+   1.0
+   2.0
+   Waratek
+   
+   
+      HelloUser
+      com.waratek.spiracle.xss.HelloUserTag
+      scriptless
+      
+         username
+         true
+      
+   
+
\ No newline at end of file
diff --git a/src/main/webapp/conf/Spiracle.properties b/src/main/webapp/conf/Spiracle.properties
index 81ca0cf..58cec1d 100644
--- a/src/main/webapp/conf/Spiracle.properties
+++ b/src/main/webapp/conf/Spiracle.properties
@@ -1,3 +1,7 @@
+# Spiracle can work with either of the below databases.
+# It is sufficient to install and configure one of them.
+default.connection=c3p0.oracle
+
 c3p0.oracle.classname=oracle.jdbc.driver.OracleDriver
 c3p0.oracle.url=jdbc:oracle:thin:@localhost:1521:XE
 c3p0.oracle.username=test
@@ -10,10 +14,10 @@ c3p0.mysql.username=test
 c3p0.mysql.password=test
 c3p0.mysql.maxPoolSize=50
 
-c3p0.mssql.classname=net.sourceforge.jtds.jdbc.Driver
-c3p0.mssql.url=jdbc:sqlserver://localhost:1433
+c3p0.mssql.classname=com.microsoft.sqlserver.jdbc.SQLServerDriver
+c3p0.mssql.url=jdbc:sqlserver://localhost:1433;databaseName=spiracle;encrypt=true;trustServerCertificate=true
 c3p0.mssql.username=test
-c3p0.mssql.password=test
+c3p0.mssql.password=Mssql1234
 c3p0.mssql.maxPoolSize=50
 
 c3p0.db2.classname=com.ibm.db2.jcc.DB2Driver
@@ -22,18 +26,22 @@ c3p0.db2.username=test
 c3p0.db2.password=test
 c3p0.db2.maxPoolSize=50
 
-c3p0.sybase.classname=net.sourceforge.jtds.jdbc.Driver
-c3p0.sybase.url=jdbc:jtds:sybase://localhost:5000/test
+c3p0.sybase.classname=com.sybase.jdbc4.jdbc.SybDriver
+c3p0.sybase.url=jdbc:sybase:Tds:localhost:5000/test
 c3p0.sybase.username=sa
 c3p0.sybase.password=sybase
 c3p0.sybase.maxPoolSize=50
 
+c3p0.postgres.classname=org.postgresql.Driver
+c3p0.postgres.url=jdbc:postgresql://localhost:5432/test
+c3p0.postgres.username=test
+c3p0.postgres.password=test
+c3p0.postgres.maxPoolSize=50
+
 jdbc.fetchsize=25
 
 waratek.error=550
 
-default.connection=c3p0.oracle
-
 spring.path=/path/to/spring-context.xml
 
 application.loggingEnabled=True
diff --git a/src/main/webapp/conf/setupdb_mssql.sql b/src/main/webapp/conf/setupdb_mssql.sql
index 91a7844..14af500 100644
--- a/src/main/webapp/conf/setupdb_mssql.sql
+++ b/src/main/webapp/conf/setupdb_mssql.sql
@@ -1,5 +1,7 @@
 create database spiracle;
 
+use spiracle;
+
 DROP TABLE users;
 DROP TABLE address;
 DROP TABLE TEXT_STORE;
diff --git a/src/main/webapp/conf/setupdb_mysql.sql b/src/main/webapp/conf/setupdb_mysql.sql
index fa44f3b..ba771b8 100644
--- a/src/main/webapp/conf/setupdb_mysql.sql
+++ b/src/main/webapp/conf/setupdb_mysql.sql
@@ -1,11 +1,13 @@
-CREATE USER 'test'@'localhost' IDENTIFIED BY 'test';
+CREATE USER IF NOT EXISTS 'test'@'localhost' IDENTIFIED BY 'test';
 GRANT ALL PRIVILEGES ON *.* TO 'test'@'localhost' WITH GRANT OPTION;
 
+CREATE DATABASE IF NOT EXISTS test;
+
 use test;
 
-DROP TABLE users;
-DROP TABLE address;
-DROP TABLE TEXT_STORE;
+DROP TABLE IF EXISTS users;
+DROP TABLE IF EXISTS address;
+DROP TABLE IF EXISTS TEXT_STORE;
 
 CREATE TABLE users (
     id int,
@@ -229,4 +231,4 @@ INSERT INTO address (id, address_1, address_2, address_3) VALUES (96, '608-1826
 INSERT INTO address (id, address_1, address_2, address_3) VALUES (97, 'P.O. Box 169,  2049 Eu Avenue', 'Duncan', 'Burundi');
 INSERT INTO address (id, address_1, address_2, address_3) VALUES (98, '833-9890 Curabitur Rd.', 'Bierce', 'Cocos (Keeling) Islands');
 INSERT INTO address (id, address_1, address_2, address_3) VALUES (99, 'P.O. Box 135,  833 Id,  St.', 'Beaumaris', 'Syria');
-INSERT INTO address (id, address_1, address_2, address_3) VALUES (100, '881-6186 Pharetra. Ave', 'La Baie', 'United Arab Emirates');
\ No newline at end of file
+INSERT INTO address (id, address_1, address_2, address_3) VALUES (100, '881-6186 Pharetra. Ave', 'La Baie', 'United Arab Emirates');
diff --git a/src/main/webapp/customTag.jsp b/src/main/webapp/customTag.jsp
new file mode 100755
index 0000000..e785deb
--- /dev/null
+++ b/src/main/webapp/customTag.jsp
@@ -0,0 +1,14 @@
+<%@ taglib prefix = "ex" uri = "WEB-INF/custom.tld"%>
+
+
+   
+      Custom Tag test
+   
+   
+   
+   		<%
+            String username = request.getParameter("name");
+   		%>
+		Can you exploit it?
+   
+
\ No newline at end of file
diff --git a/src/main/webapp/deserial.jsp b/src/main/webapp/deserial.jsp
index ded09c8..4c63d9e 100644
--- a/src/main/webapp/deserial.jsp
+++ b/src/main/webapp/deserial.jsp
@@ -14,7 +14,7 @@
              

                <%
                     if (request.getMethod().equals("POST")) {
-                         out.println("Performing the deserialization of the HTTP request input stream.
");
+                         out.println("Performing Java deserialization of the HTTP request input stream.
");
 
                          // get the request's input stream
                          ServletInputStream untrusted = request.getInputStream();
@@ -34,5 +34,58 @@
              

          

      

+     
+     

+         

+             

+                 
Test XML deserialization vulnerability

+             

+             

+             
+             <%
+                 String attack = (String) request.getAttribute("attack");
+                 String name = (String) request.getAttribute("name");
+                 
+                 if (name == null) {
+                     name = "";
+                 }
+                 
+                 Integer age = (Integer) request.getAttribute("age");
+                 
+                 if (age == null) {
+                     age = 0;
+                 }
+
+                 if (attack != null) {
+                     if ("xss".equals(attack)) {
+                         out.println("
Deserialized User

");
+                         out.println("Name: " + name + "
");
+                         out.println("Age: " + age + "
");
+                         out.println("
");
+                     }
+                     request.setAttribute("attack", null);
+                 }
+             %>
+
+               

+                    
+                        
+                            
+                            
+                        
+                        
+                            
+                            
+                        
+                        
+                            
+                        
+                    
Name: 
Age: 

+               

+               
+             

+         

+     

 
 <%@ include file="footer.jsp" %>
diff --git a/src/main/webapp/file.jsp b/src/main/webapp/file.jsp
index 670c542..afce422 100644
--- a/src/main/webapp/file.jsp
+++ b/src/main/webapp/file.jsp
@@ -1,8 +1,8 @@
 <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
 
-  
-    
-  
+	
+	
+	
 
 	

 		
File

@@ -17,11 +17,18 @@
 			
File

 			

 				

-					Path: 
 Read 

-					Write 

-					Delete 

-					
+					Path: 

+					ConnectionType (DB only): 

+					Path Source: 

+					    HTTP

+					    Deserialization(Java)

+					    Deserialization(XML)

+					    Database

+					Action: 

+					    Read

+					    Write

+					    Delete

+					   
 				

 			

 			
File URL

@@ -40,12 +47,18 @@
 				
 			

 
-                        
 File Exec

+			
 File Exec

 			

 				

-					Path:  
+					Path:  

+					ConnectionType (DB only): 

+					Path Source: 

+					    HTTP

+					    Deserialization(Java)

+					    Deserialization(XML)

+					    Database

+					
 				

 			

 
@@ -56,7 +69,19 @@
 						style="width: 100%; height: 20em"><%=textData%>
+ +
File from Cookie
+
+
+ Cookie name:
+ Action:
+    Read
+    Write
+    Delete
+    +
+
- <%@ include file="footer.jsp" %> + <%@ include file="footer.jsp" %> diff --git a/src/main/webapp/header.jsp b/src/main/webapp/header.jsp index ee30add..27134d1 100644 --- a/src/main/webapp/header.jsp +++ b/src/main/webapp/header.jsp @@ -4,7 +4,7 @@ <%@ page import="java.util.Map"%> <%@ page import="java.util.LinkedHashMap"%> <% - Map namesMap = new LinkedHashMap(); + Map namesMap = new LinkedHashMap(); namesMap.put("Overview", "index"); namesMap.put("File", "file"); namesMap.put("Network", "network"); diff --git a/src/main/webapp/misc.jsp b/src/main/webapp/misc.jsp index d14e2ca..75df070 100644 --- a/src/main/webapp/misc.jsp +++ b/src/main/webapp/misc.jsp @@ -20,6 +20,17 @@ } %>

Misc

+
+
Diagnostic Self-tests
+
+
+ +
+
+
Automatic tests that trigger common web attacks. + It can be used as a sanity test to confirm basic appsec protection and configuration of RASP, IAST and WAF products.
+
+
HttpServletRequest Method Return
@@ -61,19 +72,9 @@
Thread Terminate
<% - //Set threadSet = Thread.getAllStackTraces().keySet(); - //Thread[] threadArray = threadSet.toArray(new Thread[threadSet.size()]); - //List threadList = new ArrayList(Arrays.asList(threadArray)); - ThreadGroup rootGroup = Thread.currentThread().getThreadGroup(); - ThreadGroup parentGroup; - while ((parentGroup = rootGroup.getParent()) != null) { - rootGroup = parentGroup; - } - Thread[] threadArray = new Thread[rootGroup.activeCount()]; - while (rootGroup.enumerate(threadArray, true ) == threadArray.length) { - threadArray = new Thread[threadArray.length * 2]; - } - List threadList = new ArrayList(Arrays.asList(threadArray)); + Set threadSet = Thread.getAllStackTraces().keySet(); + Thread[] threadArray = threadSet.toArray(new Thread[threadSet.size()]); + List threadList = new ArrayList(Arrays.asList(threadArray)); pageContext.setAttribute("threadList", threadList); %>
@@ -88,7 +89,7 @@
Warning, may cause application server to become unresponsive or crash JVM.
- +
<%@ include file="footer.jsp" %> diff --git a/src/main/webapp/network.jsp b/src/main/webapp/network.jsp index 9abea22..4b6f0a5 100644 --- a/src/main/webapp/network.jsp +++ b/src/main/webapp/network.jsp @@ -65,8 +65,14 @@ } %> - Url: + Url:
+ ConnectionType (DB only):
+ Path Source:
+    HTTP
+    Deserialization(Java)
+    Deserialization(XML)
+    Database
+
diff --git a/src/main/webapp/selfTest.jsp b/src/main/webapp/selfTest.jsp new file mode 100644 index 0000000..9711956 --- /dev/null +++ b/src/main/webapp/selfTest.jsp @@ -0,0 +1,110 @@ +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> + + + + + + + + + + + +
+

Diagnostic Self-tests

+

 

+ +

File Read Test (/etc/passwd):  

+

File Write Test (/tmp/dummy):  

+

Process Forking (ping):  

+

Path Traversal Relative Test (../../):  

+

Path Traversal Absolute Test (/etc/hosts):  

+

Network Accept Test (localhost:<% out.print(request.getLocalPort()); %>):  

+

XSS Test:  

+ +

 

+
+
+ Please check the logs and events of your RASP/IAST/WAF solution to confirm the attacks were detected or protected. +
+
+ +
+ + <%@ include file="footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/sql.jsp b/src/main/webapp/sql.jsp index 7cf1238..5b1c080 100644 --- a/src/main/webapp/sql.jsp +++ b/src/main/webapp/sql.jsp @@ -87,6 +87,22 @@ 
<%=sybaseSqlConnectionData%>
+
+
+
Postgres C3P0 Connection Pool
+
+ <% + String postgresSqlConnectionData = (String) application + .getAttribute(Constants.POSTGRES_CONNECTION_DATA); + if (postgresSqlConnectionData == null) { + postgresSqlConnectionData = ""; + } + %> +
+ Connection Information + 
<%=postgresSqlConnectionData%>
+
+
Injectable URLS
@@ -390,6 +406,35 @@
+
+

Postgres

+ + + + + + + + + + + + + + + + + + + + + +
RequestSQL Statement
Postgres_Get_string_unicode_identifier?name=wu"SELECT * FROM U&"\0075\0073\0065\0072\0073" WHERE name = '" + name + + "'";
Postgres_Get_Union?id=1"SELECT name, surname, CAST (dob AS VARCHAR(500)) FROM users WHERE + id = " + id + " UNION SELECT address_1, address_2, address_3 + FROM address WHERE id = " + id;
Postgres_Implicit_Join_Namespace?id=1"SELECT * FROM public.users, public.address WHERE + public.users.id = " + id + " AND public.users.id = public.address.id";
+
diff --git a/src/main/webapp/xss.jsp b/src/main/webapp/xss.jsp index 31c8609..999cd1d 100644 --- a/src/main/webapp/xss.jsp +++ b/src/main/webapp/xss.jsp @@ -20,11 +20,9 @@ <% - List attrList = new ArrayList(); - Enumeration attrs = request.getParameterNames(); - List attrsList = Collections.list(attrs); - for(int i =0; i < attrsList.size(); i++){ - String str = (String) attrsList.get(i); + List attrList = new ArrayList(); + Enumeration attrs = request.getParameterNames(); + for (String str : Collections.list(attrs)) { String buf = (String) request.getParameter(str); if (buf != null) { attrList.add(buf); @@ -37,10 +35,26 @@

Reflected Parameters

+
+ + + + + + + + + + + + +
Set the Payload
+
+ - + diff --git a/src/main/xml/web-24.xml b/src/main/xml/web-24.xml deleted file mode 100644 index 53f918c..0000000 --- a/src/main/xml/web-24.xml +++ /dev/null @@ -1,830 +0,0 @@ - - - Spiracle - - index.html - index.htm - index.jsp - default.html - default.htm - default.jsp - - - - com.waratek.spiracle.init.SpiracleInit - - - - com.waratek.spiracle.sql.jndi.CreateJndiConnectionPool - - - - FileServlet - com.waratek.spiracle.file.FileServlet - - - FileServlet - /FileServlet - - - - FileUrlServlet - com.waratek.spiracle.file.FileUrlServlet - - - FileUrlServlet - /FileUrlServlet - - - - FileExecServlet - com.waratek.spiracle.file.FileExecServlet - - - FileExecServlet - /FileExecServlet - - - - FileResourceStreamServlet - com.waratek.spiracle.file.FileResourceStreamServlet - - - FileResourceStreamServlet - /FileResourceStreamServlet - - - - ServerSocketServlet - com.waratek.spiracle.network.ServerSocketServlet - - - ServerSocketServlet - /ServerSocketServlet - - - - SocketServlet - com.waratek.spiracle.network.SocketServlet - - - SocketServlet - /SocketServlet - - - - UrlServlet - com.waratek.spiracle.network.UrlServlet - - - UrlServlet - /UrlServlet - - - - HttpRequestMethod - com.waratek.spiracle.sql.servlet.misc.HttpRequestMethod - - - HttpRequestMethod - /HttpRequestMethod - - - - MsSql_Get_Implicit_Join - com.waratek.spiracle.sql.servlet.mssql.MsSql_Get_Implicit_Join - - - MsSql_Get_Implicit_Join - /MsSql_Get_Implicit_Join - - - - MsSql_Get_int - com.waratek.spiracle.sql.servlet.mssql.MsSql_Get_int - - - MsSql_Get_int - /MsSql_Get_int - - - - MsSql_Get_string - com.waratek.spiracle.sql.servlet.mssql.MsSql_Get_string - - - MsSql_Get_string - /MsSql_Get_string - - - - MsSql_Get_string_param_question_mark - com.waratek.spiracle.sql.servlet.mssql.MsSql_Get_string_param_question_mark - - - MsSql_Get_string_param_question_mark - /MsSql_Get_string_param_question_mark - - - - MsSql_Get_Union - com.waratek.spiracle.sql.servlet.mssql.MsSql_Get_Union - - - MsSql_Get_Union - /MsSql_Get_Union - - - - MsSql_Implicit_Join_Namespace - com.waratek.spiracle.sql.servlet.mssql.MsSql_Implicit_Join_Namespace - - - MsSql_Implicit_Join_Namespace - /MsSql_Implicit_Join_Namespace - - - - MySql_Get_Implicit_Join - com.waratek.spiracle.sql.servlet.mysql.MySql_Get_Implicit_Join - - - MySql_Get_Implicit_Join - /MySql_Get_Implicit_Join - - - - MySql_Get_int - com.waratek.spiracle.sql.servlet.mysql.MySql_Get_int - - - MySql_Get_int - /MySql_Get_int - - - - MySql_Get_string - com.waratek.spiracle.sql.servlet.mysql.MySql_Get_string - - - MySql_Get_string - /MySql_Get_string - - - - MySql_Get_string_param_question_mark - com.waratek.spiracle.sql.servlet.mysql.MySql_Get_string_param_question_mark - - - MySql_Get_string_param_question_mark - /MySql_Get_string_param_question_mark - - - - MySql_Get_Union - com.waratek.spiracle.sql.servlet.mysql.MySql_Get_Union - - - MySql_Get_Union - /MySql_Get_Union - - - - MySql_Implicit_Join_Namespace - com.waratek.spiracle.sql.servlet.mysql.MySql_Implicit_Join_Namespace - - - MySql_Implicit_Join_Namespace - /MySql_Implicit_Join_Namespace - - - - Db2_Get_Union - com.waratek.spiracle.sql.servlet.db2.Db2_Get_Union - - - Db2_Get_Union - /Db2_Get_Union - - - - Db2_Get_Union_quote_id - com.waratek.spiracle.sql.servlet.db2.Db2_Get_Union_quote_id - - - Db2_Get_Union_quote_id - /Db2_Get_Union_quote_id - - - - Db2_Get_int - com.waratek.spiracle.sql.servlet.db2.Db2_Get_int - - - Db2_Get_int - /Db2_Get_int - - - - Db2_Get_int_quote_id - com.waratek.spiracle.sql.servlet.db2.Db2_Get_int_quote_id - - - Db2_Get_int_quote_id - /Db2_Get_int_quote_id - - - - Db2_Get_string - com.waratek.spiracle.sql.servlet.db2.Db2_Get_istring - - - Db2_Get_string - /Db2_Get_string - - - - Db2_Get_string_param_question_mark - com.waratek.spiracle.sql.servlet.db2.Db2_Get_string_param_question_mark - - - Db2_Get_string_param_question_mark - /Db2_Get_string_param_question_mark - - - - Db2_Get_string_quote_id - com.waratek.spiracle.sql.servlet.db2.Db2_Get_istring_quote_id - - - Db2_Get_string_quote_id - /Db2_Get_string_quote_id - - - - Db2_Implicit_Join_Namespace - com.waratek.spiracle.sql.servlet.db2.Db2_Implicit_Join_Namespace - - - Db2_Implicit_Join_Namespace - /Db2_Implicit_Join_Namespace - - - - Db2_Implicit_Join_Namespace_quote_id - com.waratek.spiracle.sql.servlet.db2.Db2_Implicit_Join_Namespace_quote_id - - - Db2_Implicit_Join_Namespace_quote_id - /Db2_Implicit_Join_Namespace_quote_id - - - - Delete_User - com.waratek.spiracle.sql.servlet.oracle.Delete_User - - - Delete_User - /Delete_User - - - - Get_Full_Outer_Join - com.waratek.spiracle.sql.servlet.oracle.Get_Full_Outer_Join - - - Get_Full_Outer_Join - /Get_Full_Outer_Join - - - - Get_Implicit_Join - com.waratek.spiracle.sql.servlet.oracle.Get_Implicit_Join - - - Get_Implicit_Join - /Get_Implicit_Join - - - - Get_int_groupby - com.waratek.spiracle.sql.servlet.oracle.Get_int_groupby - - - Get_int_groupby - /Get_int_groupby - - - - Get_int_having - com.waratek.spiracle.sql.servlet.oracle.Get_int_having - - - Get_int_having - /Get_int_having - - - - Get_int_inline - com.waratek.spiracle.sql.servlet.oracle.Get_int_inline - - - Get_int_inline - /Get_int_inline - - - - Get_int_no_quote - com.waratek.spiracle.sql.servlet.oracle.Get_int_no_quote - - - Get_int_no_quote - /Get_int_no_quote - - - - Get_int_nooutput - com.waratek.spiracle.sql.servlet.oracle.Get_int_nooutput - - - Get_int_nooutput - /Get_int_nooutput - - - - Get_int_orderby - com.waratek.spiracle.sql.servlet.oracle.Get_int_orderby - - - Get_int_orderby - /Get_int_orderby - - - - Get_int_partialunion - com.waratek.spiracle.sql.servlet.oracle.Get_int_partialunion - - - Get_int_partialunion - /Get_int_partialunion - - - - Get_int - com.waratek.spiracle.sql.servlet.oracle.Get_int - - - Get_int - /Get_int - - - - Get_string_constructor - com.waratek.spiracle.sql.servlet.oracle.Get_string_constructor - - - Get_string_constructor - /Get_string_constructor - - - - Get_string_no_quote_sanitised - com.waratek.spiracle.sql.servlet.oracle.Get_string_no_quote_sanitised - - - Get_string_no_quote_sanitised - /Get_string_no_quote_sanitised - - - - Get_string_no_quote - com.waratek.spiracle.sql.servlet.oracle.Get_string_no_quote - - - Get_string_no_quote - /Get_string_no_quote - - - - Get_string_param_question_mark - com.waratek.spiracle.sql.servlet.oracle.Get_string_param_question_mark - - - Get_string_param_question_mark - /Get_string_param_question_mark - - - - Get_string_sanitised - com.waratek.spiracle.sql.servlet.oracle.Get_string_sanitised - - - Get_string_sanitised - /Get_string_sanitised - - - - Get_string - com.waratek.spiracle.sql.servlet.oracle.Get_string - - - Get_string - /Get_string - - - - Get_Union - com.waratek.spiracle.sql.servlet.oracle.Get_Union - - - Get_Union - /Get_Union - - - - Implicit_Join_Namespace - com.waratek.spiracle.sql.servlet.oracle.Implicit_Join_Namespace - - - Implicit_Join_Namespace - /Implicit_Join_Namespace - - - - Insert_Raw_Text_Sanitised - com.waratek.spiracle.sql.servlet.oracle.Insert_Raw_Text_Sanitised - - - Insert_Raw_Text_Sanitised - /Insert_Raw_Text_Sanitised - - - - Insert_Raw_Text - com.waratek.spiracle.sql.servlet.oracle.Insert_Raw_Text - - - Insert_Raw_Text - /Insert_Raw_Text - - - - Insert_User - com.waratek.spiracle.sql.servlet.oracle.Insert_User - - - Insert_User - /Insert_User - - - - Update_User - com.waratek.spiracle.sql.servlet.oracle.Update_User - - - Update_User - /Update_User - - - - Sybase_Get_Implicit_Join - com.waratek.spiracle.sql.servlet.sybase.Sybase_Get_Implicit_Join - - - Sybase_Get_Implicit_Join - /Sybase_Get_Implicit_Join - - - - Sybase_Get_Union - com.waratek.spiracle.sql.servlet.sybase.Sybase_Get_Union - - - Sybase_Get_Union - /Sybase_Get_Union - - - - Sybase_Get_int_no_quote - com.waratek.spiracle.sql.servlet.sybase.Sybase_Get_int_no_quote - - - Sybase_Get_int_no_quote - /Sybase_Get_int_no_quote - - - - Sybase_Get_string - com.waratek.spiracle.sql.servlet.sybase.Sybase_Get_string - - - Sybase_Get_string - /Sybase_Get_string - - - - Sybase_Get_string_no_quote - com.waratek.spiracle.sql.servlet.sybase.Sybase_Get_string_no_quote - - - Sybase_Get_string_no_quote - /Sybase_Get_string_no_quote - - - - Sybase_Get_string_param_question_mark - com.waratek.spiracle.sql.servlet.sybase.Sybase_Get_string_param_question_mark - - - Sybase_Get_string_param_question_mark - /Sybase_Get_string_param_question_mark - - - - Sybase_Implicit_Join_Namespace - com.waratek.spiracle.sql.servlet.sybase.Sybase_Implicit_Join_Namespace - - - Sybase_Implicit_Join_Namespace - /Sybase_Implicit_Join_Namespace - - - - CreateC3p0Connection - com.waratek.spiracle.sql.c3p0.CreateC3p0Connection - - - CreateC3p0Connection - /CreateC3p0Connection - - - - CreateSpringContext - com.waratek.spiracle.sql.spring.CreateSpringContext - - - CreateSpringContext - /CreateSpringContext - - - - XSSWebAppHSRPW - com.waratek.spiracle.xss.XSSWebAppHSRPW - - - XSSWebAppHSRPW - /XSSWebAppHSRPW - - - XSSWebAppHSRPWDelay - com.waratek.spiracle.xss.XSSWebAppHSRPWDelay - - - XSSWebAppHSRPWDelay - /XSSWebAppHSRPWDelay - - - - XSSWebAppHSRSOS - com.waratek.spiracle.xss.XSSWebAppHSRSOS - - - XSSWebAppHSRSOS - /XSSWebAppHSRSOS - - - XSSWebAppHSRSOSDelay - com.waratek.spiracle.xss.XSSWebAppHSRSOSDelay - - - XSSWebAppHSRSOSDelay - /XSSWebAppHSRSOSDelay - - - - XSSWebAppSRPW - com.waratek.spiracle.xss.XSSWebAppSRPW - - - XSSWebAppSRPW - /XSSWebAppSRPW - - - XSSWebAppSRPWDelay - com.waratek.spiracle.xss.XSSWebAppSRPWDelay - - - XSSWebAppSRPWDelay - /XSSWebAppSRPWDelay - - - - XSSWebAppSRSOS - com.waratek.spiracle.xss.XSSWebAppSRSOS - - - XSSWebAppSRSOS - /XSSWebAppSRSOS - - - XSSWebAppSRSOSDelay - com.waratek.spiracle.xss.XSSWebAppSRSOSDelay - - - XSSWebAppSRSOSDelay - /XSSWebAppSRSOSDelay - - - - AddHeaders - com.waratek.spiracle.misc.AddHeaders - - - AddHeaders - /AddHeaders - - - - CrashJvm - com.waratek.spiracle.misc.CrashJvm - - - CrashJvm - /CrashJvm - - - - GetThreadStack - com.waratek.spiracle.misc.GetThreadStack - - - GetThreadStack - /GetThreadStack - - - - SendRedirect - com.waratek.spiracle.misc.SendRedirect - - - SendRedirect - /SendRedirect - - - - SendRedirectHostnameHardcoded - com.waratek.spiracle.misc.SendRedirectHostnameHardcoded - - - SendRedirectHostnameHardcoded - /SendRedirectHostnameHardcoded - - - - ThreadKill - com.waratek.spiracle.misc.ThreadKill - - - ThreadKill - /ThreadKill - - - - AddCookies - com.waratek.spiracle.misc.AddCookies - - - AddCookies - /AddCookies - - - - CookieServlet - com.waratek.spiracle.cookie.CookieServlet - - - CookieServlet - /CookieServlet - - - - CSRFServlet - com.waratek.spiracle.csrf.CSRFServlet - - - CSRFServlet - /CSRFServlet - - - - FileServlet01 - com.waratek.spiracle.path_traversal.FileServlet01 - - - FileServlet01 - /FileServlet01 - - - - FileServlet02 - com.waratek.spiracle.path_traversal.FileServlet02 - - - FileServlet02 - /FileServlet02 - - - - FileServlet03 - com.waratek.spiracle.path_traversal.FileServlet03 - - - FileServlet03 - /FileServlet03 - - - - FileInputStreamServlet01 - com.waratek.spiracle.path_traversal.FileInputStreamServlet01 - - - FileInputStreamServlet01 - /FileInputStreamServlet01 - - - - FileInputStreamServlet02 - com.waratek.spiracle.path_traversal.FileInputStreamServlet02 - - - FileInputStreamServlet02 - /FileInputStreamServlet02 - - - - FileInputStreamServlet03 - com.waratek.spiracle.path_traversal.FileInputStreamServlet03 - - - FileInputStreamServlet03 - /FileInputStreamServlet03 - - - - FileOutputStreamServlet01 - com.waratek.spiracle.path_traversal.FileOutputStreamServlet01 - - - FileOutputStreamServlet01 - /FileOutputStreamServlet01 - - - - FileOutputStreamServlet02 - com.waratek.spiracle.path_traversal.FileOutputStreamServlet02 - - - FileOutputStreamServlet02 - /FileOutputStreamServlet02 - - - - FileOutputStreamServlet03 - com.waratek.spiracle.path_traversal.FileOutputStreamServlet03 - - - FileOutputStreamServlet03 - /FileOutputStreamServlet03 - - - - RandomAccessFileServlet01 - com.waratek.spiracle.path_traversal.RandomAccessFileServlet01 - - - RandomAccessFileServlet01 - /RandomAccessFileServlet01 - - - - RandomAccessFileServlet02 - com.waratek.spiracle.path_traversal.RandomAccessFileServlet02 - - - RandomAccessFileServlet02 - /RandomAccessFileServlet02 - - - - RandomAccessFileServlet03 - com.waratek.spiracle.path_traversal.RandomAccessFileServlet03 - - - RandomAccessFileServlet03 - /RandomAccessFileServlet03 - - diff --git a/src/main/xml/web-25.xml b/src/main/xml/web-25.xml index b6dfec8..a8710df 100644 --- a/src/main/xml/web-25.xml +++ b/src/main/xml/web-25.xml @@ -334,6 +334,14 @@ Get_int_inline/Get_int_inline + + Get_int_inline + /MsSql_Get_int_inline + + + Get_int_inline + /MySql_Get_int_inline + Get_int_no_quote @@ -343,6 +351,14 @@ Get_int_no_quote /Get_int_no_quote + + Get_int_no_quote + /MsSql_Get_int_no_quote + + + Get_int_no_quote + /MySql_Get_int_no_quote + Get_int_nooutput @@ -406,6 +422,14 @@ Get_string_no_quote /Get_string_no_quote + + Get_string_no_quote + /MsSql_Get_string_no_quote + + + Get_string_no_quote + /MySql_Get_string_no_quote + Get_string_param_question_mark @@ -488,6 +512,15 @@ /Update_User + + Run_Any_Sql + com.waratek.spiracle.sql.servlet.oracle.Run_Any_Sql + + + Run_Any_Sql + /Run_Any_Sql + + Sybase_Get_Implicit_Join com.waratek.spiracle.sql.servlet.sybase.Sybase_Get_Implicit_Join @@ -551,6 +584,33 @@ /Sybase_Implicit_Join_Namespace + + Postgres_Get_Union + com.waratek.spiracle.sql.servlet.postgres.Postgres_Get_Union + + + Postgres_Get_Union + /Postgres_Get_Union + + + + Postgres_Get_string_unicode_identifier + com.waratek.spiracle.sql.servlet.postgres.Postgres_Get_string_unicode_identifier + + + Postgres_Get_string_unicode_identifier + /Postgres_Get_string_unicode_identifier + + + + Postgres_Implicit_Join_Namespace + com.waratek.spiracle.sql.servlet.postgres.Postgres_Implicit_Join_Namespace + + + Postgres_Implicit_Join_Namespace + /Postgres_Implicit_Join_Namespace + + CreateC3p0Connection com.waratek.spiracle.sql.c3p0.CreateC3p0Connection @@ -645,6 +705,15 @@ XSSBufferTest /XSSBufferTest + + + XSSviaXMLDeserialization + com.waratek.spiracle.deserial.XSSviaXMLDeserialization + + + XSSviaXMLDeserialization + /XSSviaXMLDeserialization + AddHeaders @@ -718,6 +787,15 @@ /CookieServlet + + CookieFileServlet + com.waratek.spiracle.cookie.CookieFileServlet + + + CookieFileServlet + /CookieFileServlet + + CSRFServlet com.waratek.spiracle.csrf.CSRFServlet diff --git a/tests/hurl/README.md b/tests/hurl/README.md new file mode 100644 index 0000000..caa8ceb --- /dev/null +++ b/tests/hurl/README.md @@ -0,0 +1,171 @@ +# Spiracle Hurl Test Harness + +Language-agnostic HTTP tests using [Hurl](https://hurl.dev) (v5+). +Replaces the old `tests/spiracle_sqli_test.py` (Python 2, bespoke `` format). + +--- + +## The critical semantic: 550 requires the Waratek RASP agent + +The number `550` is **not** a standard HTTP status code. +`SelectUtil.verifySQLException` emits it **only** when the SQLException +message is exactly `"Attempted to execute a query with one or more bad +parameters."` — that string is produced by the **Waratek RASP agent** +intercepting the query before it reaches the database. + +**Without the Waratek agent** (e.g. plain Tomcat, CI Docker stack): + +| Payload type | Status code | +|--------------------------|-------------| +| Valid-SQL injection | **200** | +| Malformed/syntax error | **500** | +| Agent-blocked injection | **550** | + +You will **never** see 550 on a plain deployment. +The RASP suite will fail entirely without the agent — this is expected. + +--- + +## Suite layout + +``` +tests/hurl/ +├── generate.py # Generator: mysql.txt + oracle.txt → .hurl files +├── run.sh # Runner wrapper +├── functional/ # Endpoint-level functional suite (no agent required) +│ ├── local.env # Variables: host=localhost, port=8080 +│ ├── redirect.hurl # 2 tests: SendRedirect regression (#8 Content-Type fix) +│ ├── sql.hurl # 5 tests: benign queries + unprotected SQLi demo +│ ├── xss.hurl # 2 tests: reflected XSS via customTag.jsp +│ ├── traversal.hurl # 4 tests: benign file + path traversal demo +│ └── negative.hurl # 3 tests: 404, empty result set, no-param graceful +├── rasp/ # RASP-efficacy suite (needs Waratek agent) +│ ├── protected.env # Variables: host, port, block_status=550 +│ ├── mysql/ # MySQL servlet tests (139 cases, 5 files) +│ │ ├── get_int.hurl +│ │ ├── get_string.hurl +│ │ ├── get_union.hurl +│ │ ├── get_implicit_join.hurl +│ │ └── implicit_join_namespace.hurl +│ └── oracle/ # Oracle servlet tests (301 cases, 12 files) +│ ├── get_int.hurl +│ ├── get_string.hurl +│ └── ... +└── smoke/ # Smoke suite (no agent required) + ├── local.env # Variables: host=localhost, port=8080 + └── smoke.hurl # 3 tests: up-check, benign query, SQLi succeeds +``` + +Source of truth for the RASP payload matrices: +- `tests/mysql.txt` (139 cases) +- `tests/oracle.txt` (301 cases) + +--- + +## Running the functional suite (plain Docker / CI) + +The functional suite validates endpoint behaviour without any RASP agent: + +| File | Requests | What it covers | +|------------------|----------|----------------| +| `redirect.hurl` | 2 | SendRedirect: no-param→200+text/plain (#8 regression); param→302+Location | +| `sql.hurl` | 5 | MySql_Get_int, MySql_Get_string, MySql_Get_Implicit_Join (benign + SQLi), MySql_Get_Union | +| `xss.hurl` | 2 | customTag.jsp benign name; `` reflected unescaped | +| `traversal.hurl` | 4 | FileInputStreamServlet01 benign TestFile; `../TestFile` traversal succeeds | +| `negative.hurl` | 3 | 404 on unknown path; empty result set; no-param graceful 200 | + +```sh +# Start the Docker MySQL stack +docker compose -f docker-compose.mysql.yml up -d + +# Run functional tests +./tests/hurl/run.sh functional localhost 8080 + +# Or with hurl directly +hurl --test --variables-file tests/hurl/functional/local.env \ + tests/hurl/functional/*.hurl +``` + +**XSS note:** The ReadHTML-based servlets (`XSSWebAppHSRPW` etc.) do NOT reflect +the `taintedtext` param because `xss.html` contains no literal `"XSS"` token. +`customTag.jsp` is the GET-accessible reflected-XSS endpoint used here. + +--- + +## Running the smoke suite (plain Docker / CI) + +The smoke suite validates: +1. App root responds `200` +2. `GET /spiracle/MySql_Get_string?name=Patrick` → `200`, body contains `Moss` +3. SQLi payload widens the result set (body contains `Thomas`) → `200` + (documenting that injections are NOT blocked without the agent) + +```sh +# Start the Docker MySQL stack +docker compose -f docker-compose.mysql.yml up -d + +# Run smoke tests +./tests/hurl/run.sh smoke localhost 8080 + +# Or with hurl directly +hurl --test --variables-file tests/hurl/smoke/local.env \ + tests/hurl/smoke/smoke.hurl +``` + +--- + +## Running the RASP suite (Waratek agent required) + +```sh +# With agent attached to Tomcat: +./tests/hurl/run.sh rasp localhost 8080 + +# Override host/port: +./tests/hurl/run.sh rasp myserver.internal 9090 + +# Override expected block status (if agent uses a different code): +BLOCK_STATUS=403 ./tests/hurl/run.sh rasp localhost 8080 + +# Run a single servlet's cases: +hurl --test \ + --variables-file tests/hurl/rasp/protected.env \ + tests/hurl/rasp/mysql/get_int.hurl +``` + +Reports are written as JUnit XML to `/tmp/spiracle-{smoke,rasp}-report/junit.xml`. +Override with `REPORT_DIR=/path/to/dir ./tests/hurl/run.sh ...`. + +--- + +## Regenerating the .hurl files + +If `mysql.txt` or `oracle.txt` are updated, regenerate: + +```sh +python3 tests/hurl/generate.py +``` + +The generator: +- Reads `tests/mysql.txt` and `tests/oracle.txt` (one case per line, `` delimiter) +- Groups cases by servlet path +- Encodes URL-illegal characters (`space`, `|`, `"`, `<`, `>`) in query strings +- Emits `status == {{block_status}}` for 550-expected cases (variable-driven) +- Emits `status == 200` (literal) for the one benign probe case in mysql.txt +- Overwrites all files under `tests/hurl/rasp/` + +Commit the regenerated files — the suite must run without needing to regenerate. + +--- + +## Hurl assertion form used + +`HTTP {{var}}` in the status line is **not** valid in Hurl 5.x. +All files use the `[Asserts]` form: + +``` +HTTP * +[Asserts] +status == {{block_status}} +``` + +This was verified against Hurl 5.0.1 before committing. diff --git a/tests/hurl/functional/local.env b/tests/hurl/functional/local.env new file mode 100644 index 0000000..0182d07 --- /dev/null +++ b/tests/hurl/functional/local.env @@ -0,0 +1,2 @@ +host=localhost +port=8080 diff --git a/tests/hurl/functional/negative.hurl b/tests/hurl/functional/negative.hurl new file mode 100644 index 0000000..4fd3108 --- /dev/null +++ b/tests/hurl/functional/negative.hurl @@ -0,0 +1,29 @@ +# negative.hurl — boundary and error cases. +# +# These cases verify that the app responds deterministically to invalid +# or missing inputs, providing a stable baseline for regression. + +# ── 1. Non-existent servlet path → 404 ─────────────────────────────── +GET http://{{host}}:{{port}}/spiracle/NoSuchServletXYZ + +HTTP 404 + +# ── 2. MySql_Get_string with unknown name → 200, empty results ─────── +# No rows match name='NoSuchUser99'; the app still returns 200 with an +# empty result table (no error, no crash). +GET http://{{host}}:{{port}}/spiracle/MySql_Get_string?name=NoSuchUser99 + +HTTP 200 +[Asserts] +body contains "Results" +# App echoes param in SQL query preview but no " + +# ── 3. MySql_Get_int with no param → 200, empty results ───────────── +# ParameterNullFix sanitises null to empty string; the SQL query +# WHERE id = '' returns zero rows — app handles gracefully. +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int + +HTTP 200 +[Asserts] +body contains "Results" diff --git a/tests/hurl/functional/redirect.hurl b/tests/hurl/functional/redirect.hurl new file mode 100644 index 0000000..57eede2 --- /dev/null +++ b/tests/hurl/functional/redirect.hurl @@ -0,0 +1,24 @@ +# redirect.hurl — regression tests for SendRedirect behaviour. +# +# Source: src/main/java/com/waratek/spiracle/misc/SendRedirect.java +# @WebServlet("/SendRedirect") +# +# Regression for #8: when redirectMeTo param is absent the servlet must +# respond 200 with Content-Type: text/plain and explain the missing param. +# If the fix is reverted the Content-Type header will be missing/wrong. + +# ── 1. No param → 200 plain text with usage hint ───────────────────── +GET http://{{host}}:{{port}}/spiracle/SendRedirect + +HTTP 200 +[Asserts] +header "Content-Type" contains "text/plain" +body contains "redirectMeTo" + +# ── 2. Valid param → 302 redirect to supplied URL ──────────────────── +# Hurl does NOT follow redirects by default; the 302 is directly observable. +GET http://{{host}}:{{port}}/spiracle/SendRedirect?redirectMeTo=https://example.com + +HTTP 302 +[Asserts] +header "Location" contains "example.com" diff --git a/tests/hurl/functional/sql.hurl b/tests/hurl/functional/sql.hurl new file mode 100644 index 0000000..d9a54bb --- /dev/null +++ b/tests/hurl/functional/sql.hurl @@ -0,0 +1,60 @@ +# sql.hurl — functional SQL tests against the unprotected MySQL stack. +# +# Sources: +# MySql_Get_int → @WebServlet("/MySql_Get_int") param: id +# MySql_Get_string → @WebServlet("/MySql_Get_string") param: name +# MySql_Get_Implicit_Join → @WebServlet("/MySql_Get_Implicit_Join") param: id +# MySql_Get_Union → @WebServlet("/MySql_Get_Union") param: id +# +# Seed data (setupdb_mysql.sql): +# id=1 → Patrick Moss +# id=2 → Margaret Thomas +# address id=1 → 2128 Vestibulum, St. / Dubuisson / San Marino + +# ── 1. MySql_Get_int benign: id=1 returns Patrick Moss ─────────────── +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id=1 + +HTTP 200 +[Asserts] +body contains "Patrick" +body contains "Moss" + +# ── 2. MySql_Get_string benign: name=Patrick returns surname Moss ──── +GET http://{{host}}:{{port}}/spiracle/MySql_Get_string?name=Patrick + +HTTP 200 +[Asserts] +body contains "Moss" + +# ── 3. MySql_Get_Implicit_Join benign: id=1 returns row + address ──── +# Query: SELECT * FROM users, address WHERE users.id = 1 AND users.id = address.id +# Proves the join works for a known row. +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id=1 + +HTTP 200 +[Asserts] +body contains "Patrick" +body contains "Dubuisson" + +# ── 4. Unprotected SQL injection on MySql_Get_Implicit_Join ────────── +# Payload: id=1 OR 1=1 +# Query becomes: SELECT * FROM users, address WHERE users.id = 1 OR 1=1 AND users.id = address.id +# Without the Waratek RASP agent this executes and returns ALL users. +# id=1 only returns Patrick Moss; injection adds Margaret Thomas (id=2). +# Asserting both surnames proves injection executed and widened the result. +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id=1%20OR%201%3D1 + +HTTP 200 +[Asserts] +body contains "Moss" +body contains "Thomas" + +# ── 5. MySql_Get_Union benign: id=1 returns user + address rows ────── +# Query: SELECT name,surname,dob FROM users ... UNION SELECT address_1,address_2,address_3 FROM address ... +# Both result sets for id=1 are returned. +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Union?id=1 + +HTTP 200 +[Asserts] +body contains "Moss" +body contains "Dubuisson" diff --git a/tests/hurl/functional/traversal.hurl b/tests/hurl/functional/traversal.hurl new file mode 100644 index 0000000..a3e9fd8 --- /dev/null +++ b/tests/hurl/functional/traversal.hurl @@ -0,0 +1,39 @@ +# traversal.hurl — path traversal demonstration (unprotected). +# +# Source: src/main/java/com/waratek/spiracle/path_traversal/FileInputStreamServlet01.java +# @WebServlet("/FileInputStreamServlet01") param: FileInputStream01 +# +# The servlet constructs: +# absolutePathToTestFile = /pathTraversal/testFilesParent/testFilesChild/ +# + File.separator + FileInputStream01 +# No sanitisation is applied. A "../" sequence traverses up one directory. +# The servlet stores "File input stream opened for file: ''" in the +# session, then redirects to pathTraversal.jsp which renders it. +# Hurl follows the redirect automatically (session cookie carried). +# +# Known test files in the deployment: +# testFilesChild/TestFile (the intended target) +# testFilesParent/TestFile (one level up — requires traversal) + +# ── 1. Benign: access known file in testFilesChild ─────────────────── +GET http://{{host}}:{{port}}/spiracle/FileInputStreamServlet01?FileInputStream01=TestFile +[Options] +location: true + +HTTP 200 +[Asserts] +body contains "File input stream opened for file:" +body contains "testFilesChild" + +# ── 2. Path traversal: ../TestFile escapes testFilesChild ──────────── +# %2F = / so ../TestFile URL-encodes to ..%2FTestFile +# The constructed path resolves to testFilesParent/TestFile. +# Without a RASP agent the traversal is NOT blocked and the stream opens. +GET http://{{host}}:{{port}}/spiracle/FileInputStreamServlet01?FileInputStream01=..%2FTestFile +[Options] +location: true + +HTTP 200 +[Asserts] +body contains "File input stream opened for file:" +body contains "testFilesParent" diff --git a/tests/hurl/functional/xss.hurl b/tests/hurl/functional/xss.hurl new file mode 100644 index 0000000..2ad1e3c --- /dev/null +++ b/tests/hurl/functional/xss.hurl @@ -0,0 +1,28 @@ +# xss.hurl — reflected XSS demonstration (unprotected). +# +# Source: src/main/webapp/customTag.jsp +# The JSP reads request.getParameter("name") and passes it to HelloUserTag, +# which writes: Hello Spiracle user: NAME! +# No escaping is applied, so a script payload in "name" is reflected verbatim. +# +# Note: the ReadHTML-based XSS servlets (XSSWebAppHSRPW, XSSWebAppSRPW etc.) +# do NOT reflect the param because xss.html contains no literal "XSS" token +# to substitute — those are agent-trigger targets, not reflection endpoints. +# customTag.jsp is the cleanest GET-accessible reflected-XSS endpoint. + +# ── 1. Benign name: confirm normal reflection ──────────────────────── +GET http://{{host}}:{{port}}/spiracle/customTag.jsp?name=Alice + +HTTP 200 +[Asserts] +body contains "Hello Spiracle user" +body contains "Alice" + +# ── 2. XSS payload reflected unescaped ────────────────────────────── +# %3Cscript%3Ealert%281%29%3C%2Fscript%3E = +# Without sanitisation the raw tag appears in the HTML body. +GET http://{{host}}:{{port}}/spiracle/customTag.jsp?name=%3Cscript%3Ealert%281%29%3C%2Fscript%3E + +HTTP 200 +[Asserts] +body contains "" diff --git a/tests/hurl/generate.py b/tests/hurl/generate.py new file mode 100644 index 0000000..4c56310 --- /dev/null +++ b/tests/hurl/generate.py @@ -0,0 +1,173 @@ +#!/usr/bin/env python3 +""" +Generate Hurl RASP test files from the -delimited payload matrices. + +Usage: + python3 tests/hurl/generate.py + +Reads: + tests/mysql.txt + tests/oracle.txt + +Writes: + tests/hurl/rasp/mysql/.hurl + tests/hurl/rasp/oracle/.hurl + +Each file contains one Hurl entry per test case for that servlet. +Status assertion uses: + HTTP * + [Asserts] + status == {{block_status}} + +so the expected status (550 for RASP-blocked, 200 for benign) is +injected at runtime via --variable block_status=550. + +NOTE: Raw spaces in URLs break Hurl's URL parser; the generator +percent-encodes bare spaces (0x20) only, preserving all other +characters (including already-encoded sequences like %25, %27, etc.) +exactly as they appear in the source files. +""" + +import os +import re +import sys +from collections import defaultdict + +TESTS_DIR = os.path.join(os.path.dirname(__file__), "..") +RASP_DIR = os.path.join(os.path.dirname(__file__), "rasp") + +SOURCES = { + "mysql": os.path.join(TESTS_DIR, "mysql.txt"), + "oracle": os.path.join(TESTS_DIR, "oracle.txt"), +} + +# Map servlet path segment → output filename (lowercase, underscores) +SERVLET_NAME_MAP = { + # MySQL servlets + "MySql_Get_int": "get_int", + "MySql_Get_string": "get_string", + "MySql_Get_Implicit_Join": "get_implicit_join", + "MySql_Implicit_Join_Namespace": "implicit_join_namespace", + "Get_Union": "get_union", # shared by both; mysql.txt uses it + # Oracle servlets + "Get_int": "get_int", + "Get_int_no_quote": "get_int_no_quote", + "Get_int_partialunion": "get_int_partialunion", + "Get_int_groupby": "get_int_groupby", + "Get_int_nooutput": "get_int_nooutput", + "Get_int_having": "get_int_having", + "Get_int_inline": "get_int_inline", + "Get_string": "get_string", + "Get_string_no_quote": "get_string_no_quote", + "Get_Implicit_Join": "get_implicit_join", + "Get_Full_Outer_Join": "get_full_outer_join", +} + + +def encode_url_illegal(s): + """ + Percent-encode characters that Hurl's URL parser rejects in GET lines. + + Hurl rejects: space, |, ", <, > + Everything else (including already-encoded %xx sequences, ', (, ), etc.) + is left intact so payload semantics are preserved exactly. + """ + replacements = [ + (" ", "%20"), + ("|", "%7C"), + ('"', "%22"), + ("<", "%3C"), + (">", "%3E"), + ] + for char, enc in replacements: + s = s.replace(char, enc) + return s + + +def servlet_from_path(path): + """Extract servlet name from /spiracle/.""" + return path.lstrip("/").split("/")[-1] + + +def output_filename(servlet): + return SERVLET_NAME_MAP.get(servlet, servlet.lower()) + ".hurl" + + +def parse_data_file(filepath): + """Return list of (path, querystring, expected_status) tuples.""" + cases = [] + with open(filepath, encoding="utf-8") as f: + for lineno, line in enumerate(f, 1): + line = line.rstrip("\n") + if not line: + continue + parts = line.split("") + if len(parts) != 3: + print( + f"WARNING: {filepath}:{lineno} — expected 3 parts, got {len(parts)}: {line!r}", + file=sys.stderr, + ) + continue + cases.append((parts[0], parts[1], parts[2])) + return cases + + +def generate_hurl_file(cases, base_url_template): + """ + Build Hurl file content for a list of (path, querystring, expected_status). + base_url_template: string with {path} and {querystring} slots. + """ + lines = [] + for path, qs, expected_status in cases: + # Encode URL-illegal chars in querystring only (not path) + safe_qs = encode_url_illegal(qs) + url = "http://{{{{host}}}}:{{{{port}}}}{path}{qs}".format( + path=path, qs=safe_qs + ) + lines.append(f"GET {url}") + lines.append("") + lines.append("HTTP *") + lines.append("[Asserts]") + # Use {{block_status}} variable for the standard blocked status (550). + # Cases with a different expected status (e.g. 200 for a benign probe) + # get the literal value so they remain correct regardless of variables. + if expected_status == "550": + lines.append(f"status == {{{{block_status}}}}") + else: + lines.append(f"status == {expected_status}") + lines.append("") + return "\n".join(lines) + + +def main(): + total = 0 + by_db = {} + + for db, filepath in SOURCES.items(): + cases = parse_data_file(filepath) + print(f"Read {len(cases)} cases from {filepath}") + total += len(cases) + by_db[db] = cases + + # Group by servlet + groups = defaultdict(list) + for path, qs, expected_status in cases: + servlet = servlet_from_path(path) + groups[servlet].append((path, qs, expected_status)) + + out_dir = os.path.join(RASP_DIR, db) + os.makedirs(out_dir, exist_ok=True) + + for servlet, servlet_cases in sorted(groups.items()): + fname = output_filename(servlet) + out_path = os.path.join(out_dir, fname) + content = generate_hurl_file(servlet_cases, "") + with open(out_path, "w", encoding="utf-8") as f: + f.write(content) + print(f" Wrote {len(servlet_cases):3d} cases → {out_path}") + + print(f"\nTotal: {total} cases converted.") + + +if __name__ == "__main__": + main() diff --git a/tests/hurl/rasp/mysql/get_implicit_join.hurl b/tests/hurl/rasp/mysql/get_implicit_join.hurl new file mode 100644 index 0000000..4e2428d --- /dev/null +++ b/tests/hurl/rasp/mysql/get_implicit_join.hurl @@ -0,0 +1,179 @@ +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id='2'%20OR%20'name'%20LIKE%20'Joe' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id='1'%20or%20'name'%20like%20'Joe' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id='1'%20or%20users.id%20like%201 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id='1'%20or%20'users.name'%20like'Joe' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id='1'%20OR%20120=(SELECT%20COUNT(*)%20FROM%20users) + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id='1'%20AND%20'users.cvv'%20IS%20NULL + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id='1'%20AND%20'DOB'%20IS%20NULL + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id='1'%20AND%20'cvv'%20IS%20NULL + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id='1'%20OR%20'x'='x' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id='1'%20or%201=1%20or%20'x'='y' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id='1'%20or%201=1%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id=''%20or%201=1%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id=('hi')%20or%20('a'='a') + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id='a'%20or%20'a'%20=%20'a' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id='joe'%20or%20'1'='1' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id='hi'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id='hi'%20or%20'a'='a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id='a'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id=''%20or%20'x'='x'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id=''%20or%200=0%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id='a'%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id='Joe'%20or%200=0%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id='Joe'%20or%20'a'='a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id=1%20or%20'a'='a' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id=1%20or%20'1'='1' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id=1%20or%20'1'='1' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id=''%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id=''%20%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id=''%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_Implicit_Join?id=%27%27%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} diff --git a/tests/hurl/rasp/mysql/get_int.hurl b/tests/hurl/rasp/mysql/get_int.hurl new file mode 100644 index 0000000..ce71aeb --- /dev/null +++ b/tests/hurl/rasp/mysql/get_int.hurl @@ -0,0 +1,179 @@ +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id=2'%20OR%20name%20LIKE%20'%25'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id=1'%20%7C%7C%20name%20like%20'%25'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id=1'%20or%20users.name%20LIKE%20'%25'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id=1'%20or%20id%20like%20'%25 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id=1'%20OR%20100=(SELECT%20COUNT(*)%20FROM%20users)%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id=1'%20OR%20users.cvv%20IS%20NULL%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id=1'%20AND%20DOB%20IS%20NULL%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id=1'%20OR%20cvv%20IS%20NULL%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id=1'%20OR%20'x'='x'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id=1'%20or%201=1%20or%20'x'='y'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id=1'%20UNION%20ALL%20SELECT%20*%20from%20users%20where%20id=1%20or%201=1%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id=1'%20or%201=1%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id='%20or%201=1%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id=(%22hi%22)'%20or%20('a'='a')-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id=a'%20or%20'a'%20=%20'a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id=joe'%20or%20'1'='1'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id=1'%20UNION%20SELECT%20*%20from%20users%20where%20id=1%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id=hi'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id=hi'%20or%20'a'='a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id=a'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id=%27%20or%20'x'='x'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id='%20or%200=0%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id=a'%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id=Joe'%20or%200=0%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id=Joe'%20or%20'a'='a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id=1'%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id='%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id='%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id=%27%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_int?id='%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} diff --git a/tests/hurl/rasp/mysql/get_string.hurl b/tests/hurl/rasp/mysql/get_string.hurl new file mode 100644 index 0000000..8ab638e --- /dev/null +++ b/tests/hurl/rasp/mysql/get_string.hurl @@ -0,0 +1,119 @@ +GET http://{{host}}:{{port}}/spiracle/MySql_Get_string?name=x'%20or%20name%20like%20'%25'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_string?name=%3C%3E%22%2527%25%3B)(%26%2B + +HTTP * +[Asserts] +status == 200 + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_string?name=x'%20AND%20100=(SELECT%20COUNT(*)%20FROM%20address)%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_string?name=x'%20OR%20cvv%20IS%20NULL-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_string?name=anything'%20OR%20'x'='x + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_string?name=x'%20or%201=1%20or%20'x'='y + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_string?name='%20UNION%20ALL%20SELECT%20*%20from%20users%20where%20id=1%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_string?name='or%201=1%20or%20''=' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_string?name=a'%20or%20'a'%20=%20'a + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_string?name='%20or%20'1'='1'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_string?name='%20UNION%20SELECT%20*%20from%20users-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_string?name=a'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_string?name=%27%20or%20%27x%27=%27x + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_string?name='or%200=0%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_string?name=a'%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_string?name='%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_string?name='%20or%201%20--' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_string?name='%20or%20'a'='a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_string?name=%27%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Get_string?name=x'%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} diff --git a/tests/hurl/rasp/mysql/get_union.hurl b/tests/hurl/rasp/mysql/get_union.hurl new file mode 100644 index 0000000..9b88ada --- /dev/null +++ b/tests/hurl/rasp/mysql/get_union.hurl @@ -0,0 +1,173 @@ +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='2'%20OR%20'name'%20LIKE%20'Joe' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='1'%20or%20'name'%20like%20'Joe' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='1'%20or%20id%20like%201 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='1'%20or%20'name'%20like'Joe' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='1'%20OR%20120=(SELECT%20COUNT(*)%20FROM%20users) + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='1'%20AND%20'users.cvv'%20IS%20NULL + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='1'%20AND%20'DOB'%20IS%20NULL + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='1'%20AND%20'cvv'%20IS%20NULL + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='1'%20OR%20'x'='x' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='1'%20or%201=1%20or%20'x'='y' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='1'%20or%201=1%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='%20or%201=1%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='(%22hi%22)'%20or%20('a'='a')-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='a'%20or%20'a'%20=%20'a' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='joe'%20or%20'1'='1' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='hi'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='hi'%20or%20'a'='a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='a'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id=''%20or%20'x'='x'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id=''%20or%200=0%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='a'%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='Joe'%20or%200=0%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='Joe'%20or%20'a'='a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id=1%20or%20'a'='a' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id=1%20or%20'1'='1' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id=%27%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='%20%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} diff --git a/tests/hurl/rasp/mysql/implicit_join_namespace.hurl b/tests/hurl/rasp/mysql/implicit_join_namespace.hurl new file mode 100644 index 0000000..db24b55 --- /dev/null +++ b/tests/hurl/rasp/mysql/implicit_join_namespace.hurl @@ -0,0 +1,179 @@ +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id='2'%20OR%20'name'%20LIKE%20'Joe' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id='1'%20or%20'name'%20like%20'Joe' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id='1'%20or%20users.id%20like%201 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id='1'%20or%20'users.name'%20like'Joe' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id='1'%20OR%20120=(SELECT%20COUNT(*)%20FROM%20users) + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id='1'%20AND%20'users.cvv'%20IS%20NULL + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id='1'%20AND%20'DOB'%20IS%20NULL + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id='1'%20AND%20'cvv'%20IS%20NULL + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id='1'%20OR%20'x'='x' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id='1'%20or%201=1%20or%20'x'='y' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id='1'%20or%201=1%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id=''%20or%201=1%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id=('hi')%20or%20('a'='a') + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id='a'%20or%20'a'%20=%20'a' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id='joe'%20or%20'1'='1' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id='hi'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id='hi'%20or%20'a'='a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id='a'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id=''%20or%20'x'='x'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id=''%20or%200=0%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id='a'%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id='Joe'%20or%200=0%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id='Joe'%20or%20'a'='a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id=1%20or%20'a'='a' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id=1%20or%20'1'='1' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id=1%20or%20'1'='1' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id=''%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id=''%20%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id=''%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/MySql_Implicit_Join_Namespace?id=%27%27%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} diff --git a/tests/hurl/rasp/oracle/get_full_outer_join.hurl b/tests/hurl/rasp/oracle/get_full_outer_join.hurl new file mode 100644 index 0000000..477e1fd --- /dev/null +++ b/tests/hurl/rasp/oracle/get_full_outer_join.hurl @@ -0,0 +1,173 @@ +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id='2'%20OR%20'name'%20LIKE%20'Joe' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id='1'%20or%20'name'%20like%20'Joe' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id='1'%20or%20users.id%20like%201 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id='1'%20or%20'users.name'%20like'Joe' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id='1'%20OR%20120=(SELECT%20COUNT(*)%20FROM%20users) + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id='1'%20AND%20'users.cvv'%20IS%20NULL + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id='1'%20AND%20'DOB'%20IS%20NULL + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id='1'%20AND%20'cvv'%20IS%20NULL + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id='1'%20OR%20'x'='x' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id='1'%20or%201=1%20or%20'x'='y' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id='1'%20or%201=1%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id=''%20or%201=1%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id=('hi')%20or%20('a'='a') + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id='a'%20or%20'a'%20=%20'a' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id='joe'%20or%20'1'='1' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id='hi'%20or%20'a'='a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id='hi'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id='a'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id=''%20or%200=0%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id=''%20or%20'x'='x'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id='a'%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id='Joe'%20or%200=0%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id='Joe'%20or%20'a'='a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id=1%20or%20'a'='a' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id=1%20or%20'1'='1' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id=''%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id=''%20%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id=%27%27%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Full_Outer_Join?id=''%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} diff --git a/tests/hurl/rasp/oracle/get_implicit_join.hurl b/tests/hurl/rasp/oracle/get_implicit_join.hurl new file mode 100644 index 0000000..6b2df79 --- /dev/null +++ b/tests/hurl/rasp/oracle/get_implicit_join.hurl @@ -0,0 +1,173 @@ +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id='2'%20OR%20'name'%20LIKE%20'Joe' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id='1'%20or%20'name'%20like%20'Joe' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id='1'%20or%20users.id%20like%201 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id='1'%20or%20'users.name'%20like'Joe' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id='1'%20OR%20120=(SELECT%20COUNT(*)%20FROM%20users) + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id='1'%20AND%20'users.cvv'%20IS%20NULL + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id='1'%20AND%20'DOB'%20IS%20NULL + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id='1'%20AND%20'cvv'%20IS%20NULL + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id='1'%20OR%20'x'='x' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id='1'%20or%201=1%20or%20'x'='y' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id='1'%20or%201=1%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id=''%20or%201=1%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id=('hi')%20or%20('a'='a') + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id='a'%20or%20'a'%20=%20'a' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id='joe'%20or%20'1'='1' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id='hi'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id='hi'%20or%20'a'='a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id='a'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id=''%20or%20'x'='x'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id=''%20or%200=0%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id='a'%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id='Joe'%20or%200=0%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id='Joe'%20or%20'a'='a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id=1%20or%20'a'='a' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id=1%20or%20'1'='1' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id=''%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id=''%20%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id=''%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Implicit_Join?id=%27%27%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} diff --git a/tests/hurl/rasp/oracle/get_int.hurl b/tests/hurl/rasp/oracle/get_int.hurl new file mode 100644 index 0000000..4664b88 --- /dev/null +++ b/tests/hurl/rasp/oracle/get_int.hurl @@ -0,0 +1,179 @@ +GET http://{{host}}:{{port}}/spiracle/Get_int?id=2'%20OR%20name%20LIKE%20'%25 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id=1'%20or%20name%20like%20'%25 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id=1'%20or%20id%20like%20'%25 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id='%20or%20name%20like%20'%25 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id=1'%20OR%20120=(SELECT%20COUNT(*)%20FROM%20users)%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id=1'%20AND%20users.cvv%20IS%20NULL%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id=1'%20AND%20DOB%20IS%20NULL%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id=1'%20AND%20cvv%20IS%20NULL%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id=1'%20OR%20'x'='x'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id=1'%20or%201=1%20or%20'x'='y'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id=1'%20UNION%20ALL%20SELECT%20*%20from%20users%20where%20id=1%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id=1'%20or%201=1%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id='%20or%201=1%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id=(%22hi%22)'%20or%20('a'='a')-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id=a'%20or%20'a'%20=%20'a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id=joe'%20or%20'1'='1'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id=1'%20UNION%20SELECT%20*%20from%20users%20where%20id=1%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id=hi'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id=hi'%20or%20'a'='a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id=a'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id=%20or%20'x'='x'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id='%20or%200=0%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id=a'%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id=Joe'%20or%200=0%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id=Joe'%20or%20'a'='a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id=1'%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id='%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id='%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id=%27%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int?id='%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} diff --git a/tests/hurl/rasp/oracle/get_int_groupby.hurl b/tests/hurl/rasp/oracle/get_int_groupby.hurl new file mode 100644 index 0000000..9225de0 --- /dev/null +++ b/tests/hurl/rasp/oracle/get_int_groupby.hurl @@ -0,0 +1,11 @@ +GET http://{{host}}:{{port}}/spiracle/Get_int_groupby?id=name%20union%20all%20select%20null,%20to_char(dob)%20from%20users + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_groupby?id=name%20union%20select%20null,%20to_char(dob)%20from%20users + +HTTP * +[Asserts] +status == {{block_status}} diff --git a/tests/hurl/rasp/oracle/get_int_having.hurl b/tests/hurl/rasp/oracle/get_int_having.hurl new file mode 100644 index 0000000..253fb73 --- /dev/null +++ b/tests/hurl/rasp/oracle/get_int_having.hurl @@ -0,0 +1,11 @@ +GET http://{{host}}:{{port}}/spiracle/Get_int_having?id=1%20union%20select%20to_char(dob)%20from%20users + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_having?id=1%20union%20all%20select%20to_char(dob)%20from%20users + +HTTP * +[Asserts] +status == {{block_status}} diff --git a/tests/hurl/rasp/oracle/get_int_inline.hurl b/tests/hurl/rasp/oracle/get_int_inline.hurl new file mode 100644 index 0000000..9983372 --- /dev/null +++ b/tests/hurl/rasp/oracle/get_int_inline.hurl @@ -0,0 +1,191 @@ +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name%20=%20'x'%20OR%20name%20LIKE%20'Joe' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name%20=%20''%20or%20name%20like%20'' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20id%20=%20''%20or%20id%20like%20'' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name%20=%20''%20or%20name%20like%20'' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name%20='x'%20AND%20users.cvv%20IS%20NULL%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name%20=%20'x'%20OR%20120=(SELECT%20COUNT(*)%20FROM%20users)%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name%20='Joe'%20AND%20DOB%20IS%20NULL%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name%20='Joe'%20AND%20cvv%20IS%20NULL%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name%20='anything'%20OR%20'x'='x' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name%20=%20'x'%20or%201=1%20or%20'x'='y' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name%20='Joe'%20UNION%20ALL%20SELECT%20*%20from%20users%20where%20id=1%20or%201=1 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name%20=%20''%20or%201=1%20or%20''='' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name%20=%20('hi')%20or%20('a'='a') + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name%20=%20'a'%20or%20'a'%20=%20'a' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name%20=%20'joe'%20or%20'1'='1'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name%20='Joe'%20UNION%20SELECT%20*%20from%20users%20where%20id=1%20or%201=1 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name%20=%20(%27%27)%20or%20(%27x%27=%27x%27) + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name=('')%20or%20('a'='a') + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name='hi'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name='hi'%20or%20'a'='a' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name='a'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name=''%20or%20'x'='x' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name=''%20or%200=0%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name='a'%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name='Joe'%20or%200=0%20# + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name='Joe'%20or%20'a'='a' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name='Joe'%20or%20''='' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name='Joe'%20or%201=1 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name='Joe'%20or%20''='' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name='Joe'%20%20or%201=1 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name='Joe%20%27%20or%201=1 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_inline?id=select%20*%20from%20users%20where%20name='Joe'%20or%203=3 + +HTTP * +[Asserts] +status == {{block_status}} diff --git a/tests/hurl/rasp/oracle/get_int_no_quote.hurl b/tests/hurl/rasp/oracle/get_int_no_quote.hurl new file mode 100644 index 0000000..c4d8ab6 --- /dev/null +++ b/tests/hurl/rasp/oracle/get_int_no_quote.hurl @@ -0,0 +1,197 @@ +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id=2%20OR%20name%20LIKE%20'%25' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id=1%20or%20name%20like%20'%25' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id=1%20or%20id%20like%20'%25' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id=1%20or%20name%20like%20'%25' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id=1%20OR%20120=(SELECT%20COUNT(*)%20FROM%20users)%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id=1%20AND%20users.cvv%20IS%20NULL%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id=1%20AND%20DOB%20IS%20NULL%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id=1%20AND%20cvv%20IS%20NULL%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id=1%20OR%20'x'='x' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id=1%20or%201=1%20or%20'x'='y' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id=1%20UNION%20ALL%20SELECT%20*%20from%20users%20where%20id=1%20or%201=1 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id=1%20or%201=1%20or%20''='' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id=''%20or%201=1%20or%20''='' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id=('hi')%20or%20('a'='a') + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id='a'%20or%20'a'%20=%20'a' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id=1%20UNION%20SELECT%20*%20from%20users%20where%20id=1%20or%201=1 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id='joe'%20or%20'1'='1'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id=(%27%27)%20or%20(%27x%27=%27x%27) + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id=('')%20or%20('a'='a') + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id='hi'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id='hi'%20or%20'a'='a' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id='a'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id=''%20or%20'x'='x' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id=''%20or%200=0%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id='a'%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id='Joe'%20or%200=0%20# + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id='Joe'%20or%20'a'='a' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id=1%20or%20''='' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id=1%20or%20''='' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id='Joe'%20or%201=1 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id='Joe'%20%20or%201=1 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id='Joe%20%27%20or%201=1 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_no_quote?id='Joe'%20or%203=3 + +HTTP * +[Asserts] +status == {{block_status}} diff --git a/tests/hurl/rasp/oracle/get_int_nooutput.hurl b/tests/hurl/rasp/oracle/get_int_nooutput.hurl new file mode 100644 index 0000000..bb6e27e --- /dev/null +++ b/tests/hurl/rasp/oracle/get_int_nooutput.hurl @@ -0,0 +1,179 @@ +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id=2'%20OR%20name%20LIKE%20'%25 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id=1'%20or%20name%20like%20'%25 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id=1'%20or%20id%20like%20'%25 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id='%20or%20name%20like%20'%25 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id=1'%20OR%20120=(SELECT%20COUNT(*)%20FROM%20users)%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id=1'%20AND%20users.cvv%20IS%20NULL%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id=1'%20AND%20DOB%20IS%20NULL%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id=1'%20AND%20cvv%20IS%20NULL%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id=1'%20OR%20'x'='x'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id=1'%20or%201=1%20or%20'x'='y'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id=1'%20UNION%20ALL%20SELECT%20*%20from%20users%20where%20id=1%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id=1'%20or%201=1%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id='%20or%201=1%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id=(%22hi%22)'%20or%20('a'='a')-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id=a'%20or%20'a'%20=%20'a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id=joe'%20or%20'1'='1'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id=1'%20UNION%20SELECT%20*%20from%20users%20where%20id=1%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id=hi'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id=hi'%20or%20'a'='a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id=a'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id='%20or%20'x'='x'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id='%20or%200=0%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id=a'%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id=Joe'%20or%200=0%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id=Joe'%20or%20'a'='a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id=1'%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id='%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id=1%27%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id='%20%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_nooutput?id='%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} diff --git a/tests/hurl/rasp/oracle/get_int_partialunion.hurl b/tests/hurl/rasp/oracle/get_int_partialunion.hurl new file mode 100644 index 0000000..a457a3b --- /dev/null +++ b/tests/hurl/rasp/oracle/get_int_partialunion.hurl @@ -0,0 +1,179 @@ +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id=2'%20OR%20name%20LIKE%20'%25 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id=1'%20or%20name%20like%20'%25 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id=1'%20or%20id%20like%20'%25 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id='%20or%20name%20like%20'%25 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id=1'%20OR%20120=(SELECT%20COUNT(*)%20FROM%20users)%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id=1'%20AND%20users.cvv%20IS%20NULL%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id=1'%20AND%20DOB%20IS%20NULL%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id=1'%20AND%20cvv%20IS%20NULL%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id=1'%20OR%20'x'='x'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id=1'%20or%201=1%20or%20'x'='y'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id=1'%20UNION%20ALL%20SELECT%20*%20from%20users%20where%20id=1%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id=1'%20or%201=1%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id='%20or%201=1%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id=(%22hi%22)'%20or%20('a'='a')-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id=a'%20or%20'a'%20=%20'a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id=joe'%20or%20'1'='1'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id=1'%20UNION%20SELECT%20*%20from%20users%20where%20id=1%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id=hi'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id=hi'%20or%20'a'='a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id=a'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id='%20or%20'x'='x'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id='%20or%200=0%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id=a'%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id=Joe'%20or%200=0%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id=Joe'%20or%20'a'='a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id=1'%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id='%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id='%20%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id=%27%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_int_partialunion?id='%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} diff --git a/tests/hurl/rasp/oracle/get_string.hurl b/tests/hurl/rasp/oracle/get_string.hurl new file mode 100644 index 0000000..b7a8263 --- /dev/null +++ b/tests/hurl/rasp/oracle/get_string.hurl @@ -0,0 +1,125 @@ +GET http://{{host}}:{{port}}/spiracle/Get_string?name=x'%20or%20name%20like%20'%25'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string?name=t'exec%20master..xp_cmdshell%20'nslookup%20www%2egoogle%2ecom'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string?name='%3b%20exec%20master%2e%2exp_cmdshell%20'ping%20172%2e10%2e1%2e255'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string?name=x'%20AND%20100=(SELECT%20COUNT(*)%20FROM%20address)%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string?name=x'%20OR%20cvv%20IS%20NULL-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string?name=anything'%20OR%20'x'='x + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string?name=x'%20or%201=1%20or%20'x'='y + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string?name='%20UNION%20ALL%20SELECT%20*%20from%20users%20where%20id=1%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string?name='or%201=1%20or%20''=' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string?name=a'%20or%20'a'%20=%20'a + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string?name='%20or%20'1'='1'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string?name='%20UNION%20SELECT%20*%20from%20users-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string?name=a'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string?name=%27%20or%20%27x%27=%27x + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string?name='or%200=0%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string?name=a'%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string?name='%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string?name='%20or%201%20--' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string?name='%20or%20'a'='a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string?name=%27%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string?name=x'%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} diff --git a/tests/hurl/rasp/oracle/get_string_no_quote.hurl b/tests/hurl/rasp/oracle/get_string_no_quote.hurl new file mode 100644 index 0000000..a7ac1d7 --- /dev/null +++ b/tests/hurl/rasp/oracle/get_string_no_quote.hurl @@ -0,0 +1,203 @@ +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name='2'%20OR%20name%20LIKE%20'Joe' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name='Jon'%20or%20name%20like%20'Joe' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name='1'%20or%20id%20like%20'2' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name='1'%20or%20name%20like%20'Joe' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name='Joe'%20OR%20120=(SELECT%20COUNT(*)%20FROM%20users)%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name='1'%20or%20name%20like%20'Sammy' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name='1'%20AND%20users.cvv%20IS%20NULL%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name='1'%20AND%20DOB%20IS%20NULL%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name='1'%20AND%20cvv%20IS%20NULL%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name='1'%20OR%20'x'='x' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name='1'%20or%201=1%20or%20'x'='y'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name='1'%20UNION%20ALL%20SELECT%20*%20from%20users%20where%20id=1%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name=''%20or%201=1%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name='1'%20or%201=1%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name=(1)%20or%20('a'='a')-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name=1%20or%20'a'%20=%20'a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name=1%20or%20'1'='1'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name='Joe'%20UNION%20SELECT%20*%20from%20users%20where%20id=1%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name=('')%20or%20('a'='a')-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name=('')%20or%20('x'='x')-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name=''%20or%20'a'='a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name=''%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name='a'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name=%27%27%20or%20%27x%27%3D%27x%27-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name='a'%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name=''%20or%200=0%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name='Joe'%20or%200=0%20# + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name='Joe'%20or%20'a'='a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name='Joe'%20or%20'a'='a' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name='1'%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name='Joe'%20%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name='Joe'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name='Joe%20%27%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_string_no_quote?name='Joe'%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} diff --git a/tests/hurl/rasp/oracle/get_union.hurl b/tests/hurl/rasp/oracle/get_union.hurl new file mode 100644 index 0000000..9b88ada --- /dev/null +++ b/tests/hurl/rasp/oracle/get_union.hurl @@ -0,0 +1,173 @@ +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='2'%20OR%20'name'%20LIKE%20'Joe' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='1'%20or%20'name'%20like%20'Joe' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='1'%20or%20id%20like%201 + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='1'%20or%20'name'%20like'Joe' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='1'%20OR%20120=(SELECT%20COUNT(*)%20FROM%20users) + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='1'%20AND%20'users.cvv'%20IS%20NULL + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='1'%20AND%20'DOB'%20IS%20NULL + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='1'%20AND%20'cvv'%20IS%20NULL + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='1'%20OR%20'x'='x' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='1'%20or%201=1%20or%20'x'='y' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='1'%20or%201=1%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='%20or%201=1%20or%20''=''-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='(%22hi%22)'%20or%20('a'='a')-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='a'%20or%20'a'%20=%20'a' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='joe'%20or%20'1'='1' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='hi'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='hi'%20or%20'a'='a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='a'%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id=''%20or%20'x'='x'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id=''%20or%200=0%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='a'%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='Joe'%20or%200=0%20-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='Joe'%20or%20'a'='a'-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id=1%20or%20'a'='a' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id=1%20or%20'1'='1' + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id=%27%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='%20%20or%201=1-- + +HTTP * +[Asserts] +status == {{block_status}} + +GET http://{{host}}:{{port}}/spiracle/Get_Union?id='%20or%203=3-- + +HTTP * +[Asserts] +status == {{block_status}} diff --git a/tests/hurl/rasp/protected.env b/tests/hurl/rasp/protected.env new file mode 100644 index 0000000..b6c1f83 --- /dev/null +++ b/tests/hurl/rasp/protected.env @@ -0,0 +1,3 @@ +host=localhost +port=8080 +block_status=550 diff --git a/tests/hurl/run.sh b/tests/hurl/run.sh new file mode 100755 index 0000000..19b8aab --- /dev/null +++ b/tests/hurl/run.sh @@ -0,0 +1,77 @@ +#!/bin/sh +# run.sh — Spiracle Hurl test runner +# +# Usage: +# ./tests/hurl/run.sh smoke [host] [port] +# ./tests/hurl/run.sh functional [host] [port] +# ./tests/hurl/run.sh rasp [host] [port] +# +# Arguments: +# suite — "smoke", "functional", or "rasp" +# host — hostname/IP of Spiracle (default: localhost) +# port — TCP port (default: 8080) +# +# Environment: +# BLOCK_STATUS — expected RASP block code (default: 550) +# only used by the "rasp" suite +# +# Requirements: +# hurl v5+ at ~/.local/bin/hurl or on PATH + +set -eu + +SUITE="${1:-smoke}" +HOST="${2:-localhost}" +PORT="${3:-8080}" +BLOCK_STATUS="${BLOCK_STATUS:-550}" + +# Resolve hurl binary +HURL="" +if command -v hurl >/dev/null 2>&1; then + HURL="hurl" +elif [ -x "$HOME/.local/bin/hurl" ]; then + HURL="$HOME/.local/bin/hurl" +else + echo "ERROR: hurl not found. Install from https://hurl.dev" >&2 + exit 1 +fi + +SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" + +case "$SUITE" in + smoke) + VARS_FILE="$SCRIPT_DIR/smoke/local.env" + FILES="$SCRIPT_DIR/smoke/smoke.hurl" + REPORT_DIR="${REPORT_DIR:-/tmp/spiracle-smoke-report}" + ;; + functional) + VARS_FILE="$SCRIPT_DIR/functional/local.env" + FILES="$SCRIPT_DIR/functional/redirect.hurl $SCRIPT_DIR/functional/sql.hurl $SCRIPT_DIR/functional/xss.hurl $SCRIPT_DIR/functional/traversal.hurl $SCRIPT_DIR/functional/negative.hurl" + REPORT_DIR="${REPORT_DIR:-/tmp/spiracle-functional-report}" + ;; + rasp) + VARS_FILE="$SCRIPT_DIR/rasp/protected.env" + FILES="$SCRIPT_DIR/rasp/mysql/*.hurl $SCRIPT_DIR/rasp/oracle/*.hurl" + REPORT_DIR="${REPORT_DIR:-/tmp/spiracle-rasp-report}" + ;; + *) + echo "ERROR: unknown suite '$SUITE'. Use 'smoke', 'functional', or 'rasp'." >&2 + exit 1 + ;; +esac + +mkdir -p "$REPORT_DIR" + +echo "Running Spiracle $SUITE suite against http://$HOST:$PORT" +echo "Report: $REPORT_DIR/junit.xml" +echo "" + +# shellcheck disable=SC2086 +$HURL \ + --test \ + --variables-file "$VARS_FILE" \ + --variable host="$HOST" \ + --variable port="$PORT" \ + --variable block_status="$BLOCK_STATUS" \ + --report-junit "$REPORT_DIR/junit.xml" \ + $FILES diff --git a/tests/hurl/smoke/local.env b/tests/hurl/smoke/local.env new file mode 100644 index 0000000..0182d07 --- /dev/null +++ b/tests/hurl/smoke/local.env @@ -0,0 +1,2 @@ +host=localhost +port=8080 diff --git a/tests/hurl/smoke/smoke.hurl b/tests/hurl/smoke/smoke.hurl new file mode 100644 index 0000000..c6fe4ac --- /dev/null +++ b/tests/hurl/smoke/smoke.hurl @@ -0,0 +1,32 @@ +# Spiracle smoke suite — runs against a PLAIN (no RASP agent) deployment. +# +# Purpose: prove the app is up, DB round-trips work, and that SQLi is +# NOT blocked without the Waratek agent. A 550 here would mean the +# agent is unexpectedly present; plain Tomcat returns 200 for valid +# SQL injections and 500 for malformed ones. + +# ── 1. App root is reachable ───────────────────────────────────────── +GET http://{{host}}:{{port}}/spiracle/ + +HTTP 200 + +# ── 2. Benign query returns the expected row ───────────────────────── +# Patrick Moss is id=1, name='Patrick' in the seed data. +# MySql_Get_string queries by name and returns the surname. +GET http://{{host}}:{{port}}/spiracle/MySql_Get_string?name=Patrick + +HTTP 200 +[Asserts] +body contains "Moss" + +# ── 3. SQL injection succeeds unprotected ─────────────────────────── +# Without the Waratek RASP agent the injection is NOT blocked. +# The payload ' OR '1'='1 widens the WHERE clause to match all rows. +# Margaret Thomas (id=2) is NOT in the result set for name='Patrick', +# but WILL appear when the injection succeeds. Asserting her surname +# proves more rows were returned than the benign query would give. +GET http://{{host}}:{{port}}/spiracle/MySql_Get_string?name=Patrick'%20OR%20'1'='1 + +HTTP 200 +[Asserts] +body contains "Thomas" diff --git a/tests/spiracle_sqli_test.py b/tests/spiracle_sqli_test.py deleted file mode 100755 index 3433c51..0000000 --- a/tests/spiracle_sqli_test.py +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/python - -from collections import defaultdict -import requests -import argparse - -parser = argparse.ArgumentParser(description="Run SQLI Tests") -parser.add_argument("-hn", "--hostname", help="Hostname", required=True) -parser.add_argument("-p", "--port", help="Port", required=True) -parser.add_argument("-f", "--file", help="Data file", required=True) -parser.add_argument("-d", "--debug", action="store_true") -args = parser.parse_args() - -input_file = open(args.file) -expected_dict = defaultdict(list) -actual_dict = defaultdict(list) -url = "http://{0}:{1}".format(args.hostname, args.port) - -for entry in input_file: - parts = entry.strip().split("") - if parts[0] in expected_dict: - expected_dict[parts[0]].append((parts[1], parts[2])) - else: - expected_dict[parts[0]] = [] - expected_dict[parts[0]].append((parts[1], parts[2])) - -for key in expected_dict.keys(): - actual_dict[key] = [] - -for key in expected_dict.keys(): - for entry in expected_dict[key]: - r = requests.get("{0}{1}{2}" - .format(url, key, entry[0])) - if args.debug: - print r.url, r.status_code - - actual_dict[key].append((entry[0], r.status_code)) - -successful_tests = 0 -log = open("results.csv", "a+") -for key in actual_dict.keys(): - counter = len(actual_dict[key]) - for x in range(0, counter): - if str(expected_dict[key][x][1]) == str(actual_dict[key][x][1]): - successful_tests += 1 - log.write("{0}{1},{2},{3}\n".format(url, key, expected_dict[key][x][1], - actual_dict[key][x][1])) - print("Servlet {0} had {1} tests. Pass: {2} Fail {3}" - .format(key, counter, successful_tests, counter - successful_tests)) - successful_tests = 0 -log.close()
PayloadReflected Payload
rows should appear +body not contains "NoSuchUser99