💥 Java Sec

Author: j3ers3

README.md

@@ -1,4 +1,4 @@
-# ☕️ Hello Java Sec ![Stage](https://img.shields.io/badge/Release-DEV-brightgreen.svg)
+# ☕️ Hello Java Sec ![Stage](https://img.shields.io/badge/Release-DEV-brightgreen.svg) ![Build Status](https://img.shields.io/badge/Version-1.10-red.svg)
 > Java漏洞平台，结合漏洞代码和安全编码，帮助研发同学理解和减少漏洞，代码仅供参考
 
 ![](media/16304933749187.jpg)
@@ -25,6 +25,8 @@
 - [x] Log4shell
 - [x] JNDI
 - [x] Dos
+- [x] Xpath
+- [x] Jwt
 - [ ] more
 
 ![](media/16304936834843.jpg)
@@ -38,7 +40,7 @@ spring.datasource.username=root
 spring.datasource.password=1234567
 ```
 
-### Jar
+### Jar运行
 > JDK 1.8环境
 ```
 git clone https://github.com/j3ers3/Hello-Java-Sec
@@ -47,7 +49,7 @@ mvn clean package -DskipTests
 java -jar target/hello-1.0.0-SNAPSHOT.jar
 ```
 
-### Docker
+### Docker运行
 ```
 mvn clean package
 ./deploy.sh

codeql.sh

@@ -0,0 +1,2 @@
+codeql database create javasec  --language="java"  --command="mvn clean install --file pom.xml" --source-root=./Hello-Java-Sec
+codeql database analyze javasec /CodeQL/ql/java/ql/src/codeql-suites/java-security-extended.qls --format=csv --output=codeql.csv

hello.iml

@@ -46,11 +46,12 @@
     <orderEntry type="library" name="Maven: org.apache.velocity:velocity:1.7" level="project" />
     <orderEntry type="library" name="Maven: commons-collections:commons-collections:3.2.1" level="project" />
     <orderEntry type="library" name="Maven: commons-lang:commons-lang:2.4" level="project" />
-    <orderEntry type="library" name="Maven: org.mybatis.spring.boot:mybatis-spring-boot-starter:2.1.4" level="project" />
-    <orderEntry type="library" name="Maven: org.mybatis.spring.boot:mybatis-spring-boot-autoconfigure:2.1.4" level="project" />
-    <orderEntry type="library" name="Maven: org.mybatis:mybatis:3.5.6" level="project" />
-    <orderEntry type="library" name="Maven: org.mybatis:mybatis-spring:2.0.6" level="project" />
-    <orderEntry type="library" scope="RUNTIME" name="Maven: mysql:mysql-connector-java:8.0.22" level="project" />
+    <orderEntry type="library" name="Maven: org.mybatis.spring.boot:mybatis-spring-boot-starter:2.2.2" level="project" />
+    <orderEntry type="library" name="Maven: org.mybatis.spring.boot:mybatis-spring-boot-autoconfigure:2.2.2" level="project" />
+    <orderEntry type="library" name="Maven: org.mybatis:mybatis:3.5.9" level="project" />
+    <orderEntry type="library" name="Maven: org.mybatis:mybatis-spring:2.0.7" level="project" />
+    <orderEntry type="library" name="Maven: com.unboundid:unboundid-ldapsdk:4.0.14" level="project" />
+    <orderEntry type="library" scope="RUNTIME" name="Maven: mysql:mysql-connector-java:8.0.28" level="project" />
     <orderEntry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-starter-test:2.4.1" level="project" />
     <orderEntry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test:2.4.1" level="project" />
     <orderEntry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test-autoconfigure:2.4.1" level="project" />
@@ -94,7 +95,7 @@
     <orderEntry type="library" name="Maven: org.springframework:spring-webmvc:5.3.2" level="project" />
     <orderEntry type="library" name="Maven: org.springframework:spring-aop:5.3.2" level="project" />
     <orderEntry type="library" name="Maven: org.springframework:spring-expression:5.3.2" level="project" />
-    <orderEntry type="library" name="Maven: com.alibaba:fastjson:1.2.24" level="project" />
+    <orderEntry type="library" name="Maven: com.alibaba:fastjson:1.2.41" level="project" />
     <orderEntry type="library" name="Maven: com.thoughtworks.xstream:xstream:1.4.10" level="project" />
     <orderEntry type="library" name="Maven: xmlpull:xmlpull:1.1.3.1" level="project" />
     <orderEntry type="library" name="Maven: xpp3:xpp3_min:1.1.4c" level="project" />
@@ -174,7 +175,9 @@
     <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-databind:2.11.0" level="project" />
     <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-annotations:2.11.0" level="project" />
     <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-core:2.11.0" level="project" />
-    <orderEntry type="library" name="Maven: org.yaml:snakeyaml:1.17" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.commons:commons-text:1.9" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.commons:commons-lang3:3.11" level="project" />
+    <orderEntry type="library" name="Maven: org.yaml:snakeyaml:1.27" level="project" />
     <orderEntry type="library" name="Maven: org.owasp.esapi:esapi:2.2.0.0" level="project" />
     <orderEntry type="library" name="Maven: com.io7m.xom:xom:1.2.10" level="project" />
     <orderEntry type="library" name="Maven: commons-beanutils:commons-beanutils:1.9.3" level="project" />
@@ -209,5 +212,10 @@
     <orderEntry type="library" name="Maven: com.google.code.gson:gson:2.8.6" level="project" />
     <orderEntry type="library" name="Maven: com.google.re2j:re2j:1.6" level="project" />
     <orderEntry type="library" name="Maven: com.github.whvcse:easy-captcha:1.6.2" level="project" />
+    <orderEntry type="library" name="Maven: org.mindrot:jbcrypt:0.4" level="project" />
+    <orderEntry type="library" name="Maven: com.auth0:java-jwt:4.2.1" level="project" />
+    <orderEntry type="library" name="Maven: io.jsonwebtoken:jjwt:0.9.1" level="project" />
+    <orderEntry type="library" name="Maven: com.mchange:c3p0:0.9.5.2" level="project" />
+    <orderEntry type="library" name="Maven: com.mchange:mchange-commons-java:0.2.11" level="project" />
   </component>
 </module>

pom.xml

@@ -11,15 +11,17 @@
 
     <groupId>com.best</groupId>
     <artifactId>javasec</artifactId>
-    <version>1.7</version>
+    <version>1.10</version>
     <name>hello java sec</name>
     <description>Java Sec</description>
     <packaging>jar</packaging>
 
     <properties>
         <java.version>1.8</java.version>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     </properties>
 
+    <!-- 仓库搜索 https://mvnrepository.com -->
     <dependencies>
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -43,13 +45,20 @@
         <dependency>
             <groupId>org.mybatis.spring.boot</groupId>
             <artifactId>mybatis-spring-boot-starter</artifactId>
-            <version>2.1.4</version>
+            <version>2.2.2</version>
+        </dependency>
+
+        <!-- jndi ldap -->
+        <dependency>
+            <groupId>com.unboundid</groupId>
+            <artifactId>unboundid-ldapsdk</artifactId>
         </dependency>
 
         <!-- mysql驱动 -->
         <dependency>
             <groupId>mysql</groupId>
             <artifactId>mysql-connector-java</artifactId>
+            <version>8.0.28</version>
             <scope>runtime</scope>
         </dependency>
 
@@ -69,7 +78,7 @@
         <dependency>
             <groupId>com.alibaba</groupId>
             <artifactId>fastjson</artifactId>
-            <version>1.2.24</version>
+            <version>1.2.41</version>
         </dependency>
 
         <!-- xstream多个rce -->
@@ -136,6 +145,7 @@
             <artifactId>springfox-swagger2</artifactId>
             <version>2.9.2</version>
         </dependency>
+
         <dependency>
             <groupId>org.jsoup</groupId>
             <artifactId>jsoup</artifactId>
@@ -181,20 +191,17 @@
             <version>2.11.0</version>
         </dependency>
 
-        <!-- webservice -->
-        <!--
         <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-spring-boot-starter-jaxws</artifactId>
-            <version>3.2.5</version>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-text</artifactId>
+            <version>1.9</version>
         </dependency>
-        -->
 
         <!-- snakeyaml rce-->
         <dependency>
             <groupId>org.yaml</groupId>
             <artifactId>snakeyaml</artifactId>
-            <version>1.17</version>
+            <version>1.27</version>
         </dependency>
 
         <!-- 高版本会报错! -->
@@ -204,7 +211,7 @@
             <version>2.2.0.0</version>
         </dependency>
 
-        <!-- log4j 远程代码执行 2.15.0依赖已修复 -->
+        <!-- log4Shell -->
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-core</artifactId>
@@ -233,15 +240,40 @@
             <groupId>com.google.re2j</groupId>
             <artifactId>re2j</artifactId>
             <version>1.6</version>
-
         </dependency>
 
+
+        <!-- 图形验证码 -->
         <dependency>
             <groupId>com.github.whvcse</groupId>
             <artifactId>easy-captcha</artifactId>
             <version>1.6.2</version>
         </dependency>
 
+        <dependency>
+            <groupId>org.mindrot</groupId>
+            <artifactId>jbcrypt</artifactId>
+            <version>0.4</version>
+        </dependency>
+
+        <!-- JWT -->
+        <dependency>
+            <groupId>com.auth0</groupId>
+            <artifactId>java-jwt</artifactId>
+            <version>4.2.1</version>
+        </dependency>
+
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt</artifactId>
+            <version>0.9.1</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.mchange</groupId>
+            <artifactId>c3p0</artifactId>
+            <version>0.9.5.2</version>
+        </dependency>
 
     </dependencies>
 
@@ -256,22 +288,19 @@
             </plugin>
 
             <plugin>
-                <groupId>org.owasp</groupId>
-                <artifactId>dependency-check-maven</artifactId>
-                <version>6.5.3</version>
-
-                <executions>
-                    <execution>
-                        <goals>
-                            <goal>check</goal>
-                        </goals>
-                    </execution>
-                </executions>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-resources-plugin</artifactId>
+                <version>3.2.0</version>
+                <configuration>
+                    <propertiesEncoding>${project.build.sourceEncoding}</propertiesEncoding>
+                </configuration>
             </plugin>
 
             <plugin>
+                <!-- OWASP 生成物料清单SBOM，提供Dependency Track分析 -->
                 <groupId>org.cyclonedx</groupId>
                 <artifactId>cyclonedx-maven-plugin</artifactId>
+                <version>2.7.2</version>
                 <executions>
                     <execution>
                         <phase>compile</phase>
@@ -285,8 +314,8 @@
                 </configuration>
             </plugin>
 
+
         </plugins>
     </build>
 
-
 </project>

src/main/java/com/best/hello/HelloApplication.java

@@ -3,11 +3,9 @@
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 
-/* Spring Boot 启动类 */
 @SpringBootApplication
 public class HelloApplication {
 
-    /* main方法，程序执行入口 */
     public static void main(String[] args) {
         SpringApplication.run(HelloApplication.class, args);
     }

src/main/java/com/best/hello/Swagger2.java

@@ -39,7 +39,7 @@ private ApiInfo apiInfo() {
                 .title("Swagger2 RESTful API")
                 //创建人
                 .contact(new Contact("nul1", "https://www.github.com/j3ers3", "[email protected]"))
-                .version("1.1")
+                .version("1.10")
                 .description("Hello Java Sec API")
                 .build();
     }

src/main/java/com/best/hello/config/MvcConfig.java

@@ -24,12 +24,10 @@ public void addViewControllers(ViewControllerRegistry registry) {
         registry.addViewController("/index/deserialize").setViewName("deserialize");
         registry.addViewController("/index/redirect").setViewName("redirect");
         registry.addViewController("/index/actuator").setViewName("actuator");
-        registry.addViewController("/index/broken_access_control").setViewName("bac");
+        registry.addViewController("/index/idor").setViewName("idor");
         registry.addViewController("/index/upload").setViewName("upload");
-        registry.addViewController("/index/password").setViewName("password");
         registry.addViewController("/index/xstream").setViewName("xstream");
         registry.addViewController("/index/fastjson").setViewName("fastjson");
-        registry.addViewController("/index/admin").setViewName("logs");
         registry.addViewController("/index/xff").setViewName("xff");
         registry.addViewController("/index/unauth").setViewName("unauth");
         registry.addViewController("/index/jackson").setViewName("jackson");
@@ -39,6 +37,9 @@ public void addViewControllers(ViewControllerRegistry registry) {
         registry.addViewController("/index/dos").setViewName("dos");
         registry.addViewController("/index/cors").setViewName("cors");
         registry.addViewController("/index/captcha").setViewName("captcha_vul");
+        registry.addViewController("/index/swagger").setViewName("swagger");
+        registry.addViewController("/index/jwt").setViewName("jwt");
+        registry.addViewController("/index/xpath").setViewName("xpath");
 
     }
 

src/main/java/com/best/hello/controller/ComponentsVul/FastjsonVul.java

@@ -20,11 +20,6 @@
 @RequestMapping("/Fastjson")
 public class FastjsonVul {
 
-    /**
-     * 触发条件：Fastjson版本小于等于1.2.24、Java版本小于8u121(?)
-     * @poc {"@type":"java.net.Inet4Address","val":"a.8d5tv8.dnslog.cn"}
-     *
-     */
     @RequestMapping(value = "/vul", method = {RequestMethod.POST})
     public String vul(@RequestBody String content) {
 

src/main/java/com/best/hello/controller/ComponentsVul/XStreamVul.java

@@ -17,24 +17,6 @@
 @RequestMapping("/XStream")
 public class XStreamVul {
 
-    /**
-     * @poc 存在多个poc
-     * <sorted-set>
-     * <dynamic-proxy>
-     * <interface>java.lang.Comparable</interface>
-     * <handler class="java.beans.EventHandler">
-     * <target class="java.lang.ProcessBuilder">
-     * <command>
-     * <string>open</string>
-     * <string>-a</string>
-     * <string>Calculator</string>
-     * </command>
-     * </target>
-     * <action>start</action>
-     * </handler>
-     * </dynamic-proxy>
-     * </sorted-set>
-     */
     @RequestMapping("/vul")
     public String vul(@RequestBody String content) {
         XStream xs = new XStream();
@@ -81,7 +63,7 @@ public static void main(String[] args) {
                 "</map>";
 
         XStream xs = new XStream();
-        // 有效：XStream.setupDefaultSecurity(xs);
+        // XStream.setupDefaultSecurity(xs);
 
         xs.fromXML(xml_poc);
     }