Update README.md #1

davidka91 · 2024-12-04T13:13:06Z

No description provided.

github-actions · 2024-12-04T13:19:32Z

github-actions · 2024-12-04T13:19:33Z

return HttpUtils.HttpURLConnection(url);

at src/main/java/org/joychou/controller/SSRF.java (line 78)

🎯 Static Application Security Testing (SAST) Vulnerability

Severity	Finding
High	Untrusted input is included in web page content

Full description

Overview

XSS, or Cross-Site Scripting, is a type of vulnerability that allows an attacker to
inject malicious code into a website or web application.
This can allow the attacker to steal sensitive information from users, such as their
cookies or login credentials, or to perform unauthorized actions on their behalf.

Vulnerable example

public class xss_vuln {
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        String username = request.getParameter("username");
        //If username exists in the db - do something and write a response
        //if it doesn't exists -
        response.getWriter().println("Unable to find user " + username);
        response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
    }
}

In this example, a user-provided data is injected directly into the
response.getWriter().println command.

Remediation

+ import org.owasp.html.HtmlPolicyBuilder;
+ import org.owasp.html.PolicyFactory;
public class xss_safe {
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        String username = request.getParameter("username");
        //If username exists in the db - do something and write a response
        //if it doesn't exists -
        + PolicyFactory policy = new HtmlPolicyBuilder().toFactory();
        + String htmlResponse = policy.sanitize("Unable to find user " + username);
        + response.getWriter().println(htmlResponse);
        - response.getWriter().println("Unable to find user " + username);
        response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
    }
}

Using PolicyFactory library, we escape the user-provided data, before
getting into the response.getWriter().println command.

Code Flows

Vulnerable data flow analysis result

↘️ in.readLine() (at src/main/java/org/joychou/util/HttpUtils.java line 128)

↘️ inputLine (at src/main/java/org/joychou/util/HttpUtils.java line 128)

↘️ inputLine (at src/main/java/org/joychou/util/HttpUtils.java line 129)

↘️ html (at src/main/java/org/joychou/util/HttpUtils.java line 129)

↘️ html (at src/main/java/org/joychou/util/HttpUtils.java line 132)

↘️ html.toString() (at src/main/java/org/joychou/util/HttpUtils.java line 132)

↘️ return html.toString(); (at src/main/java/org/joychou/util/HttpUtils.java line 132)

↘️ HttpUtils.HttpURLConnection(url) (at src/main/java/org/joychou/controller/SSRF.java line 78)

↘️ return HttpUtils.HttpURLConnection(url); (at src/main/java/org/joychou/controller/SSRF.java line 78)

🐸 JFrog Frogbot

github-actions · 2024-12-04T13:19:34Z

return HttpUtils.httpClient(url);

at src/main/java/org/joychou/controller/SSRF.java (line 192)

🎯 Static Application Security Testing (SAST) Vulnerability

Severity	Finding
High	Untrusted input is included in web page content

Full description

Overview

XSS, or Cross-Site Scripting, is a type of vulnerability that allows an attacker to
inject malicious code into a website or web application.
This can allow the attacker to steal sensitive information from users, such as their
cookies or login credentials, or to perform unauthorized actions on their behalf.

Vulnerable example

public class xss_vuln {
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        String username = request.getParameter("username");
        //If username exists in the db - do something and write a response
        //if it doesn't exists -
        response.getWriter().println("Unable to find user " + username);
        response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
    }
}

In this example, a user-provided data is injected directly into the
response.getWriter().println command.

Remediation

+ import org.owasp.html.HtmlPolicyBuilder;
+ import org.owasp.html.PolicyFactory;
public class xss_safe {
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        String username = request.getParameter("username");
        //If username exists in the db - do something and write a response
        //if it doesn't exists -
        + PolicyFactory policy = new HtmlPolicyBuilder().toFactory();
        + String htmlResponse = policy.sanitize("Unable to find user " + username);
        + response.getWriter().println(htmlResponse);
        - response.getWriter().println("Unable to find user " + username);
        response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
    }
}

Using PolicyFactory library, we escape the user-provided data, before
getting into the response.getWriter().println command.

Code Flows

Vulnerable data flow analysis result

↘️ rd.readLine() (at src/main/java/org/joychou/util/HttpUtils.java line 80)

↘️ line (at src/main/java/org/joychou/util/HttpUtils.java line 80)

↘️ line (at src/main/java/org/joychou/util/HttpUtils.java line 81)

↘️ result (at src/main/java/org/joychou/util/HttpUtils.java line 81)

↘️ result (at src/main/java/org/joychou/util/HttpUtils.java line 84)

↘️ result.toString() (at src/main/java/org/joychou/util/HttpUtils.java line 84)

↘️ return result.toString(); (at src/main/java/org/joychou/util/HttpUtils.java line 84)

↘️ HttpUtils.httpClient(url) (at src/main/java/org/joychou/controller/SSRF.java line 192)

↘️ return HttpUtils.httpClient(url); (at src/main/java/org/joychou/controller/SSRF.java line 192)

🐸 JFrog Frogbot

github-actions · 2024-12-04T13:19:35Z

return HttpUtils.URLConnection(url);

at src/main/java/org/joychou/controller/SSRF.java (line 60)

🎯 Static Application Security Testing (SAST) Vulnerability

Severity	Finding
High	Untrusted input is included in web page content

Full description

Overview

XSS, or Cross-Site Scripting, is a type of vulnerability that allows an attacker to
inject malicious code into a website or web application.
This can allow the attacker to steal sensitive information from users, such as their
cookies or login credentials, or to perform unauthorized actions on their behalf.

Vulnerable example

public class xss_vuln {
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        String username = request.getParameter("username");
        //If username exists in the db - do something and write a response
        //if it doesn't exists -
        response.getWriter().println("Unable to find user " + username);
        response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
    }
}

In this example, a user-provided data is injected directly into the
response.getWriter().println command.

Remediation

+ import org.owasp.html.HtmlPolicyBuilder;
+ import org.owasp.html.PolicyFactory;
public class xss_safe {
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        String username = request.getParameter("username");
        //If username exists in the db - do something and write a response
        //if it doesn't exists -
        + PolicyFactory policy = new HtmlPolicyBuilder().toFactory();
        + String htmlResponse = policy.sanitize("Unable to find user " + username);
        + response.getWriter().println(htmlResponse);
        - response.getWriter().println("Unable to find user " + username);
        response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
    }
}

Using PolicyFactory library, we escape the user-provided data, before
getting into the response.getWriter().println command.

Code Flows

Vulnerable data flow analysis result

↘️ in.readLine() (at src/main/java/org/joychou/util/HttpUtils.java line 100)

↘️ inputLine (at src/main/java/org/joychou/util/HttpUtils.java line 100)

↘️ inputLine (at src/main/java/org/joychou/util/HttpUtils.java line 101)

↘️ html (at src/main/java/org/joychou/util/HttpUtils.java line 101)

↘️ html (at src/main/java/org/joychou/util/HttpUtils.java line 104)

↘️ html.toString() (at src/main/java/org/joychou/util/HttpUtils.java line 104)

↘️ return html.toString(); (at src/main/java/org/joychou/util/HttpUtils.java line 104)

↘️ HttpUtils.URLConnection(url) (at src/main/java/org/joychou/controller/SSRF.java line 60)

↘️ return HttpUtils.URLConnection(url); (at src/main/java/org/joychou/controller/SSRF.java line 60)

🐸 JFrog Frogbot

github-actions · 2024-12-04T13:19:36Z

url

at src/main/java/org/joychou/util/HttpUtils.java (line 209)

🎯 Static Application Security Testing (SAST) Vulnerability

Severity	Finding
Medium	Untrusted input may influence outgoing network requests

Full description

Overview

Server-Side Request Forgery (SSRF) is a type of attack in which an attacker
can send a request from a vulnerable server to a chosen target server on
behalf of the vulnerable server.
This can allow the attacker to access resources on the target server and
its local network that are otherwise not publicly accessible, potentially
leading to the disclosure of sensitive information or the ability to
perform unauthorized actions.

Vulnerable example

public class ssrf_vuln {
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        URL url = new URL(request.getParameter("url"));
        HttpURLConnection con = (HttpURLConnection) url.openConnection();
        con.setRequestMethod("GET");
        if (con.getResponseCode() ==  HttpURLConnection.HTTP_OK) {
            String htmlRes = new String(con.getInputStream().readAllBytes(),
                StandardCharsets.UTF_8);
            response.getWriter().println(htmlRes);
            response.setStatus(HttpServletResponse.SC_OK);
        } else {
            response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
        }
    }
}

Remediation

public class ssrf_safe {
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        URL url = new URL(request.getParameter("url"));
+         if (url.getHost() == "api.site.com") {
            HttpURLConnection con = (HttpURLConnection) url.openConnection();
            con.setRequestMethod("GET");
            if (con.getResponseCode() ==  HttpURLConnection.HTTP_OK) {
                String htmlRes = new String(con.getInputStream().readAllBytes(),
                    StandardCharsets.UTF_8);
                response.getWriter().println(htmlRes);
                response.setStatus(HttpServletResponse.SC_OK);
+                return;
-             } else {
+             }
+         }
        response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
-             }
    }
}

Code Flows

Vulnerable data flow analysis result

↘️ @RequestParam("url") String url (at src/main/java/org/joychou/controller/SSRF.java line 266)

↘️ url (at src/main/java/org/joychou/controller/SSRF.java line 267)

↘️ String url (at src/main/java/org/joychou/util/HttpUtils.java line 205)

↘️ url (at src/main/java/org/joychou/util/HttpUtils.java line 209)

🐸 JFrog Frogbot

rebase the dev-dk branch

Update README.md

32c3101

davidka91 had a problem deploying to frogbot December 4, 2024 13:13 — with GitHub Actions Failure

davidka91 had a problem deploying to frogbot December 4, 2024 13:15 — with GitHub Actions Failure

Merge pull request #2 from davidka91/master

9e03595

rebase the dev-dk branch

davidka91 had a problem deploying to frogbot December 5, 2024 17:40 — with GitHub Actions Failure

Update README.md testing pr scan

3e6cc5d

davidka91 had a problem deploying to frogbot December 5, 2024 17:42 — with GitHub Actions Failure

davidka91 merged commit 7da1120 into master Dec 5, 2024
1 check failed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update README.md #1

Update README.md #1

Uh oh!

davidka91 commented Dec 4, 2024

Uh oh!

github-actions bot commented Dec 4, 2024

Uh oh!

github-actions bot commented Dec 4, 2024

Overview

Vulnerable example

Remediation

Uh oh!

github-actions bot commented Dec 4, 2024

Overview

Vulnerable example

Remediation

Uh oh!

github-actions bot commented Dec 4, 2024

Overview

Vulnerable example

Remediation

Uh oh!

github-actions bot commented Dec 4, 2024

Overview

Vulnerable example

Remediation

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Update README.md #1

Update README.md #1

Uh oh!

Conversation

davidka91 commented Dec 4, 2024

Uh oh!

github-actions bot commented Dec 4, 2024

Uh oh!

github-actions bot commented Dec 4, 2024

🎯 Static Application Security Testing (SAST) Vulnerability

Overview

Vulnerable example

Remediation

Uh oh!

github-actions bot commented Dec 4, 2024

🎯 Static Application Security Testing (SAST) Vulnerability

Overview

Vulnerable example

Remediation

Uh oh!

github-actions bot commented Dec 4, 2024

🎯 Static Application Security Testing (SAST) Vulnerability

Overview

Vulnerable example

Remediation

Uh oh!

github-actions bot commented Dec 4, 2024

🎯 Static Application Security Testing (SAST) Vulnerability

Overview

Vulnerable example

Remediation

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants