fix JoyChou93#70

Author: JoyChou93

java-sec-code.iml

@@ -212,7 +212,7 @@
     <orderEntry type="library" name="Maven: org.springframework.plugin:spring-plugin-metadata:1.2.0.RELEASE" level="project" />
     <orderEntry type="library" name="Maven: org.mapstruct:mapstruct:1.2.0.Final" level="project" />
     <orderEntry type="library" name="Maven: io.springfox:springfox-swagger-ui:2.9.2" level="project" />
-    <orderEntry type="library" scope="PROVIDED" name="Maven: org.projectlombok:lombok:1.18.16" level="project" />
+    <orderEntry type="library" scope="PROVIDED" name="Maven: org.projectlombok:lombok:1.18.20" level="project" />
     <orderEntry type="library" name="Maven: org.yaml:snakeyaml:1.21" level="project" />
     <orderEntry type="library" name="Maven: org.springframework:spring-test:4.3.6.RELEASE" level="project" />
     <orderEntry type="library" name="Maven: junit:junit:4.12" level="project" />
@@ -228,5 +228,7 @@
     <orderEntry type="library" name="Maven: net.minidev:json-smart:2.2.1" level="project" />
     <orderEntry type="library" name="Maven: net.minidev:accessors-smart:1.1" level="project" />
     <orderEntry type="library" name="Maven: org.xmlbeam:xmlprojector:1.4.13" level="project" />
+    <orderEntry type="library" name="Maven: org.postgresql:postgresql:42.3.1" level="project" />
+    <orderEntry type="library" scope="RUNTIME" name="Maven: org.checkerframework:checker-qual:3.5.0" level="project" />
   </component>
 </module>

pom.xml

@@ -260,7 +260,7 @@
         <dependency>
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>
-            <version>1.18.16</version>
+            <version>1.18.20</version>
             <scope>provided</scope>
         </dependency>
 
@@ -330,6 +330,13 @@
             <version>1.4.13</version>
         </dependency>
 
+        <!-- CVE-2022-21724 -->
+        <dependency>
+            <groupId>org.postgresql</groupId>
+            <artifactId>postgresql</artifactId>
+            <version>42.3.1</version>
+        </dependency>
+
     </dependencies>
 
     <dependencyManagement>

src/main/java/org/joychou/controller/Rce.java

@@ -1,6 +1,7 @@
 package org.joychou.controller;
 
 import groovy.lang.GroovyShell;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -14,13 +15,15 @@
 import java.io.BufferedInputStream;
 import java.io.BufferedReader;
 import java.io.InputStreamReader;
+import java.sql.DriverManager;
 
 
 /**
  * Java code execute
  *
  * @author JoyChou @ 2018-05-24
  */
+@Slf4j
 @RestController
 @RequestMapping("/rce")
 public class Rce {
@@ -128,5 +131,16 @@ public void groovyshell(String content) {
         groovyShell.evaluate(content);
     }
 
+    /**
+     * <a href="https://github.com/JoyChou93/java-sec-code/wiki/CVE-2022-21724">CVE-2022-21724</a>
+     */
+    @RequestMapping("/postgresql")
+    public void postgresql(String jdbcUrlBase64) throws Exception{
+        byte[] b = java.util.Base64.getDecoder().decode(jdbcUrlBase64);
+        String jdbcUrl = new String(b);
+        log.info(jdbcUrl);
+        DriverManager.getConnection(jdbcUrl);
+    }
+
 }
 

src/main/java/org/joychou/controller/XXE.java

@@ -234,7 +234,7 @@ public String DigesterSec(HttpServletRequest request) {
      * Use request.getInputStream to support UTF16 encoding.
      */
     @RequestMapping(value = "/DocumentBuilder/vuln", method = RequestMethod.POST)
-    public String DocumentBuilderVuln01(HttpServletRequest request) {
+    public String DocumentBuilderVuln(HttpServletRequest request) {
         try {
             DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
             DocumentBuilder db = dbf.newDocumentBuilder();

src/main/resources/templates/index.html

@@ -5,29 +5,29 @@
     <title>Home Page</title>
 </head>
 <body>
-    <p>Hello <span th:text="${user}"></span>.</p>
-    <p>Welcome to login java-sec-code application. <a th:href="@{/appInfo}">Application Infomation</a></p>
-    <p>
-        <a th:href="@{/swagger-ui.html}">Swagger</a>&nbsp;&nbsp;
-        <a th:href="@{/codeinject?filepath=/tmp;cat /etc/passwd}">CmdInject</a>&nbsp;&nbsp;
-        <a th:href="@{/jsonp/getToken?_callback=test}">JSONP</a>&nbsp;&nbsp;
-        <a th:href="@{/file/pic}">Picture Upload</a>&nbsp;&nbsp;
-        <a th:href="@{/file/any}">File Upload</a>&nbsp;&nbsp;
-        <a th:href="@{cors/sec/originFilter}">Cors</a>&nbsp;&nbsp;
-        <a th:href="@{/path_traversal/vul?filepath=../../../../../etc/passwd}">PathTraversal</a>&nbsp;&nbsp;
-        <a th:href="@{sqli/mybatis/vuln01?username=joychou' or '1'='1}">SqlInject</a>&nbsp;&nbsp;
-        <a th:href="@{/ssrf/urlConnection/vuln?url=file:///etc/passwd}">SSRF</a>&nbsp;&nbsp;
-        <a th:href="@{/rce/exec?cmd=whoami}">RCE</a>&nbsp;&nbsp;
-        <a th:href="@{/ooxml/upload}">ooxml XXE</a>&nbsp;&nbsp;
-        <a th:href="@{/xlsx-streamer/upload}">xlsx-streamer XXE</a>
-    </p>
+<p>Hello <span th:text="${user}"></span>.</p>
+<p>Welcome to login java-sec-code application. <a th:href="@{/appInfo}">Application Infomation</a></p>
+<p>
+    <a th:href="@{/swagger-ui.html}">Swagger</a>&nbsp;&nbsp;
+    <a th:href="@{/codeinject?filepath=/tmp;cat /etc/passwd}">CmdInject</a>&nbsp;&nbsp;
+    <a th:href="@{/jsonp/getToken?_callback=test}">JSONP</a>&nbsp;&nbsp;
+    <a th:href="@{/file/pic}">Picture Upload</a>&nbsp;&nbsp;
+    <a th:href="@{/file/any}">File Upload</a>&nbsp;&nbsp;
+    <a th:href="@{cors/sec/originFilter}">Cors</a>&nbsp;&nbsp;
+    <a th:href="@{/path_traversal/vul?filepath=../../../../../etc/passwd}">PathTraversal</a>&nbsp;&nbsp;
+    <a th:href="@{sqli/mybatis/vuln01?username=joychou' or '1'='1}">SqlInject</a>&nbsp;&nbsp;
+    <a th:href="@{/ssrf/urlConnection/vuln?url=file:///etc/passwd}">SSRF</a>&nbsp;&nbsp;
+    <a th:href="@{/rce/exec?cmd=whoami}">RCE</a>&nbsp;&nbsp;
+    <a th:href="@{/ooxml/upload}">ooxml XXE</a>&nbsp;&nbsp;
+    <a th:href="@{/xlsx-streamer/upload}">xlsx-streamer XXE</a>
+</p>
 
-    <P>
-        <a th:href="@{/jwt/createToken}">JWTCreateToken</a>
-        <a th:href="@{/jwt/getName}">GetUserFromJWTToken</a>
-    </P>
-    <p>...</p>
-    <a th:href="@{/logout}">logout</a>
+<P>
+    <a th:href="@{/jwt/createToken}">JWTCreateToken</a>
+    <a th:href="@{/jwt/getName}">GetUserFromJWTToken</a>
+</P>
+<p>...</p>
+<a th:href="@{/logout}">logout</a>
 
 </body>
 </html>