add swagger-ui & ssrf of httpsyncclient

Author: JoyChou93

java-sec-code.iml

@@ -49,7 +49,6 @@
     <orderEntry type="library" name="Maven: org.hibernate:hibernate-validator:5.3.4.Final" level="project" />
     <orderEntry type="library" name="Maven: javax.validation:validation-api:1.1.0.Final" level="project" />
     <orderEntry type="library" name="Maven: org.jboss.logging:jboss-logging:3.3.0.Final" level="project" />
-    <orderEntry type="library" name="Maven: com.fasterxml:classmate:1.3.3" level="project" />
     <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-databind:2.8.6" level="project" />
     <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-annotations:2.8.0" level="project" />
     <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-core:2.8.6" level="project" />
@@ -76,7 +75,7 @@
     <orderEntry type="library" name="Maven: org.codehaus.mojo:animal-sniffer-annotations:1.14" level="project" />
     <orderEntry type="library" name="Maven: commons-collections:commons-collections:3.1" level="project" />
     <orderEntry type="library" name="Maven: commons-lang:commons-lang:2.4" level="project" />
-    <orderEntry type="library" name="Maven: org.apache.httpcomponents:httpclient:4.3.6" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.httpcomponents:httpclient:4.5.12" level="project" />
     <orderEntry type="library" name="Maven: org.apache.httpcomponents:httpcore:4.4.6" level="project" />
     <orderEntry type="library" name="Maven: commons-codec:commons-codec:1.10" level="project" />
     <orderEntry type="library" name="Maven: org.apache.httpcomponents:fluent-hc:4.3.6" level="project" />
@@ -200,5 +199,21 @@
     <orderEntry type="library" name="Maven: org.slf4j:slf4j-api:1.7.22" level="project" />
     <orderEntry type="library" name="Maven: org.jsoup:jsoup:1.10.2" level="project" />
     <orderEntry type="library" name="Maven: commons-io:commons-io:2.5" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.httpcomponents:httpasyncclient:4.1.4" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.httpcomponents:httpcore-nio:4.4.10" level="project" />
+    <orderEntry type="library" name="Maven: io.springfox:springfox-swagger2:2.9.2" level="project" />
+    <orderEntry type="library" name="Maven: io.swagger:swagger-annotations:1.5.20" level="project" />
+    <orderEntry type="library" name="Maven: io.swagger:swagger-models:1.5.20" level="project" />
+    <orderEntry type="library" name="Maven: io.springfox:springfox-spi:2.9.2" level="project" />
+    <orderEntry type="library" name="Maven: io.springfox:springfox-core:2.9.2" level="project" />
+    <orderEntry type="library" name="Maven: net.bytebuddy:byte-buddy:1.8.12" level="project" />
+    <orderEntry type="library" name="Maven: io.springfox:springfox-schema:2.9.2" level="project" />
+    <orderEntry type="library" name="Maven: io.springfox:springfox-swagger-common:2.9.2" level="project" />
+    <orderEntry type="library" name="Maven: io.springfox:springfox-spring-web:2.9.2" level="project" />
+    <orderEntry type="library" name="Maven: com.fasterxml:classmate:1.3.3" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.plugin:spring-plugin-core:1.2.0.RELEASE" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.plugin:spring-plugin-metadata:1.2.0.RELEASE" level="project" />
+    <orderEntry type="library" name="Maven: org.mapstruct:mapstruct:1.2.0.Final" level="project" />
+    <orderEntry type="library" name="Maven: io.springfox:springfox-swagger-ui:2.9.2" level="project" />
   </component>
 </module>

pom.xml

@@ -87,7 +87,7 @@
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>
-            <version>4.3.6</version>
+            <version>4.5.12</version>
         </dependency>
 
         <dependency>
@@ -222,12 +222,32 @@
             <version>1.10.2</version>
         </dependency>
 
-        <!-- ssrf -->
+        <!-- SSRF -->
         <dependency>
             <groupId>commons-io</groupId>
             <artifactId>commons-io</artifactId>
             <version>2.5</version>
         </dependency>
+
+        <!-- SSRF -->
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpasyncclient</artifactId>
+            <version>4.1.4</version>
+        </dependency>
+
+        <dependency>
+            <groupId>io.springfox</groupId>
+            <artifactId>springfox-swagger2</artifactId>
+            <version>2.9.2</version>
+        </dependency>
+
+        <dependency>
+            <groupId>io.springfox</groupId>
+            <artifactId>springfox-swagger-ui</artifactId>
+            <version>2.9.2</version>
+        </dependency>
+
     </dependencies>
 
     <dependencyManagement>

src/main/java/org/joychou/config/SwaggerConfig.java

@@ -0,0 +1,31 @@
+package org.joychou.config;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import springfox.documentation.builders.PathSelectors;
+import springfox.documentation.builders.RequestHandlerSelectors;
+
+import springfox.documentation.spi.DocumentationType;
+import springfox.documentation.spring.web.plugins.Docket;
+import springfox.documentation.swagger2.annotations.EnableSwagger2;
+
+
+@Configuration
+@EnableSwagger2
+public class SwaggerConfig {
+
+    @Value("${swagger.enable}")
+    private boolean enableSwagger;
+
+    @Bean
+    public Docket api() {
+        return new Docket(DocumentationType.SWAGGER_2)
+                .enable(enableSwagger)
+                .select()
+                .apis(RequestHandlerSelectors.any())
+                .paths(PathSelectors.any())
+                .build();
+    }
+
+}

src/main/java/org/joychou/controller/Cookies.java

@@ -1,6 +1,7 @@
 package org.joychou.controller;
 
 import org.springframework.web.bind.annotation.CookieValue;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 
 import javax.servlet.http.Cookie;
@@ -17,14 +18,14 @@ public class Cookies {
 
     private static String NICK = "nick";
 
-    @RequestMapping(value = "/vuln01")
+    @GetMapping(value = "/vuln01")
     public String vuln01(HttpServletRequest req) {
         String nick = WebUtils.getCookieValueByName(req, NICK); // key code
         return "Cookie nick: " + nick;
     }
 
 
-    @RequestMapping(value = "/vuln02")
+    @GetMapping(value = "/vuln02")
     public String vuln02(HttpServletRequest req) {
         String nick = null;
         Cookie[] cookie = req.getCookies();
@@ -37,7 +38,7 @@ public String vuln02(HttpServletRequest req) {
     }
 
 
-    @RequestMapping(value = "/vuln03")
+    @GetMapping(value = "/vuln03")
     public String vuln03(HttpServletRequest req) {
         String nick = null;
         Cookie cookies[] = req.getCookies();
@@ -53,7 +54,7 @@ public String vuln03(HttpServletRequest req) {
     }
 
 
-    @RequestMapping(value = "/vuln04")
+    @GetMapping(value = "/vuln04")
     public String vuln04(HttpServletRequest req) {
         String nick = null;
         Cookie cookies[] = req.getCookies();
@@ -68,13 +69,13 @@ public String vuln04(HttpServletRequest req) {
     }
 
 
-    @RequestMapping(value = "/vuln05")
+    @GetMapping(value = "/vuln05")
     public String vuln05(@CookieValue("nick") String nick) {
         return "Cookie nick: " + nick;
     }
 
 
-    @RequestMapping(value = "/vuln06")
+    @GetMapping(value = "/vuln06")
     public String vuln06(@CookieValue(value = "nick") String nick) {
         return "Cookie nick: " + nick;
     }

src/main/java/org/joychou/controller/Cors.java

@@ -4,6 +4,7 @@
 import org.joychou.util.LoginUtils;
 import org.springframework.security.web.csrf.CsrfToken;
 import org.springframework.web.bind.annotation.CrossOrigin;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -21,25 +22,25 @@ public class Cors {
 
     private static String info = "{\"name\": \"JoyChou\", \"phone\": \"18200001111\"}";
 
-    @RequestMapping("/vuln/origin")
-    public static String vuls1(HttpServletRequest request, HttpServletResponse response) {
+    @GetMapping("/vuln/origin")
+    public String vuls1(HttpServletRequest request, HttpServletResponse response) {
         String origin = request.getHeader("origin");
         response.setHeader("Access-Control-Allow-Origin", origin); // 设置Origin值为Header中获取到的
         response.setHeader("Access-Control-Allow-Credentials", "true");  // cookie
         return info;
     }
 
-    @RequestMapping("/vuln/setHeader")
-    public static String vuls2(HttpServletResponse response) {
+    @GetMapping("/vuln/setHeader")
+    public String vuls2(HttpServletResponse response) {
         // 后端设置Access-Control-Allow-Origin为*的情况下，跨域的时候前端如果设置withCredentials为true会异常
         response.setHeader("Access-Control-Allow-Origin", "*");
         return info;
     }
 
 
-    @CrossOrigin("*")
+    @GetMapping("*")
     @RequestMapping("/vuln/crossOrigin")
-    public static String vuls3() {
+    public String vuls3() {
         return info;
     }
 
@@ -50,8 +51,8 @@ public static String vuls3() {
      * 代码：org/joychou/security/CustomCorsProcessor
      */
     @CrossOrigin(origins = {"joychou.org", "http://test.joychou.me"})
-    @RequestMapping("/sec/crossOrigin")
-    public static String secCrossOrigin() {
+    @GetMapping("/sec/crossOrigin")
+    public String secCrossOrigin() {
         return info;
     }
 
@@ -61,7 +62,7 @@ public static String secCrossOrigin() {
      * 支持自定义checkOrigin
      * 代码：org/joychou/config/CorsConfig.java
      */
-    @RequestMapping("/sec/webMvcConfigurer")
+    @GetMapping("/sec/webMvcConfigurer")
     public CsrfToken getCsrfToken_01(CsrfToken token) {
         return token;
     }
@@ -72,7 +73,7 @@ public CsrfToken getCsrfToken_01(CsrfToken token) {
      * 不支持自定义checkOrigin，因为spring security优先于setCorsProcessor执行
      * 代码：org/joychou/security/WebSecurityConfig.java
      */
-    @RequestMapping("/sec/httpCors")
+    @GetMapping("/sec/httpCors")
     public CsrfToken getCsrfToken_02(CsrfToken token) {
         return token;
     }
@@ -83,7 +84,7 @@ public CsrfToken getCsrfToken_02(CsrfToken token) {
      * 支持自定义checkOrigin
      * 代码：org/joychou/filter/OriginFilter.java
      */
-    @RequestMapping("/sec/originFilter")
+    @GetMapping("/sec/originFilter")
     public CsrfToken getCsrfToken_03(CsrfToken token) {
         return token;
     }
@@ -100,7 +101,7 @@ public CsrfToken getCsrfToken_04(CsrfToken token) {
     }
 
 
-    @RequestMapping("/sec/checkOrigin")
+    @GetMapping("/sec/checkOrigin")
     public String seccode(HttpServletRequest request, HttpServletResponse response) {
         String origin = request.getHeader("Origin");
 

src/main/java/org/joychou/controller/Fastjson.java

@@ -16,7 +16,7 @@ public class Fastjson {
 
     @RequestMapping(value = "/deserialize", method = {RequestMethod.POST})
     @ResponseBody
-    public static String Deserialize(@RequestBody String params) {
+    public String Deserialize(@RequestBody String params) {
         // 如果Content-Type不设置application/json格式，post数据会被url编码
         try {
             // 将post提交的string转换为json

src/main/java/org/joychou/controller/GetRequestURI.java

@@ -5,6 +5,7 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.util.AntPathMatcher;
 import org.springframework.util.PathMatcher;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -30,7 +31,7 @@ public class GetRequestURI {
 
     private final Logger logger = LoggerFactory.getLogger(this.getClass());
 
-    @RequestMapping(value = "/exclued/vuln")
+    @GetMapping(value = "/exclued/vuln")
     public String exclued(HttpServletRequest request) {
 
         String[] excluedPath = {"/css/**", "/js/**"};

src/main/java/org/joychou/controller/Rce.java

@@ -1,7 +1,7 @@
 package org.joychou.controller;
 
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;
 
 import java.io.BufferedInputStream;
@@ -17,8 +17,7 @@
 @RequestMapping("/rce")
 public class Rce {
 
-    @RequestMapping("/exec")
-    @ResponseBody
+    @GetMapping("/exec")
     public String CommandExec(String cmd) {
         Runtime run = Runtime.getRuntime();
         StringBuilder sb = new StringBuilder();