closes #6

Author: JoyChou93

README.md

@@ -48,7 +48,7 @@ Sort by letter.
 - [JSONP](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/jsonp/JSONP.java)
 - [PathTraversal](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/PathTraversal.java)
 - [RCE](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/Rce.java)
-- [SPEL](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/SPEL.java)
+- [SpEL](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/SpEL.java)
 - [SQL Injection](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/SQLI.java)
 - [SSRF](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/SSRF.java)
 - [SSTI](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/SSTI.java)
@@ -84,35 +84,19 @@ spring.datasource.username=root
 spring.datasource.password=woshishujukumima
 ```
 
-- Tomcat
 - IDEA
+- Tomcat
 - JAR
 
-### Tomcat
 
-- Exclude tomcat in pom.xml.
-
-    ```xml
-    <dependency>
-        <groupId>org.springframework.boot</groupId>
-        <artifactId>spring-boot-starter-web</artifactId>
-        <exclusions>
-            <exclusion>
-                <groupId>org.springframework.boot</groupId>
-                <artifactId>spring-boot-starter-tomcat</artifactId>
-            </exclusion>
-        </exclusions>
-    </dependency>
-    ```
+### IDEA
 
-- Build war package by `mvn clean package`.
-- Copy war package to tomcat webapps directory.
-- Start tomcat application.
+Click `run` button.
 
 Example:
 
 ```
-http://localhost:8080/java-sec-code-1.0.0/rce/exec?cmd=whoami
+http://localhost:8080/rce/exec?cmd=whoami
 ```
 
 return:
@@ -121,14 +105,17 @@ return:
 Viarus
 ```
 
-### IDEA
+### Tomcat
 
-Click `run` button.
+
+- Build war package by `mvn clean package`.
+- Copy war package to tomcat webapps directory.
+- Start tomcat application.
 
 Example:
 
 ```
-http://localhost:8080/rce/exec?cmd=whoami
+http://localhost:8080/java-sec-code-1.0.0/rce/exec?cmd=whoami
 ```
 
 return:
@@ -137,6 +124,7 @@ return:
 Viarus
 ```
 
+
 ### JAR
 
 Change `war` to `jar` in `pom.xml`.
@@ -154,6 +142,7 @@ Build package and run.
 mvn clean package -DskipTests 
 java -jar target/java-sec-code-1.0.0.jar
 ```
+
 ## Contributors
 
 Core developers : [JoyChou](https://github.com/JoyChou93).

README_zh.md

@@ -10,25 +10,6 @@
 
 每个漏洞类型代码默认存在安全漏洞（除非本身不存在漏洞），相关修复代码在注释里。具体可查看每个漏洞代码和注释。
 
-## 认证
-
-### 登录
-
-[http://localhost:8080/login](http://localhost:8080/login)
-
-如果未登录，访问任何页面都会重定向到login页面。用户名和密码如下。
-
-```
-admin/admin123
-joychou/joychou123
-```
-### 登出
-
-[http://localhost:8080/logout](http://localhost:8080/logout)
-
-### 记住我
-
-Tomcat默认JSESSION会话有效时间为30分钟，所以30分钟不操作会话将过期。为了解决这一问题，引入rememberMe功能，默认过期时间为2周。
 
 ## 漏洞代码
 
@@ -44,7 +25,7 @@ Tomcat默认JSESSION会话有效时间为30分钟，所以30分钟不操作会
 - [JSONP](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/jsonp/JSONP.java)
 - [PathTraversal](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/PathTraversal.java)
 - [RCE](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/Rce.java)
-- [SPEL](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/SPEL.java)
+- [SpEL](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/SpEL.java)
 - [SQL Injection](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/SQLI.java)
 - [SSRF](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/SSRF.java)
 - [SSTI](https://github.com/JoyChou93/java-sec-code/blob/master/src/main/java/org/joychou/controller/SSTI.java)
@@ -81,17 +62,20 @@ spring.datasource.username=root
 spring.datasource.password=woshishujukumima
 ```
 
-### Tomcat
+- IDEA
+- Tomcat
+- JAR
 
-1. 生成war包 `mvn clean package`。
-2. 将target目录的war包，cp到Tomcat的webapps目录。
-3. 重启Tomcat应用。
 
 
+### IDEA
+
+直接点击run按钮即可运行。
+
 例子：
 
 ```
-http://localhost:8080/java-sec-code-1.0.0/rce/exec?cmd=whoami
+http://localhost:8080/rce/exec?cmd=whoami
 ```
 
 返回：
@@ -100,14 +84,17 @@ http://localhost:8080/java-sec-code-1.0.0/rce/exec?cmd=whoami
 Viarus
 ```
 
-### IDEA
+### Tomcat
+
+1. 生成war包 `mvn clean package`。
+2. 将target目录的war包，cp到Tomcat的webapps目录。
+3. 重启Tomcat应用。
 
-直接点击run按钮即可运行。
 
 例子：
 
 ```
-http://localhost:8080/rce/exec?cmd=whoami
+http://localhost:8080/java-sec-code-1.0.0/rce/exec?cmd=whoami
 ```
 
 返回：
@@ -117,7 +104,6 @@ Viarus
 ```
 
 
-
 ### JAR包
 
 
@@ -137,6 +123,27 @@ mvn clean package -DskipTests
 java -jar 打包后的jar包路径
 ```
 
+## 认证
+
+### 登录
+
+[http://localhost:8080/login](http://localhost:8080/login)
+
+如果未登录，访问任何页面都会重定向到login页面。用户名和密码如下。
+
+```
+admin/admin123
+joychou/joychou123
+```
+### 登出
+
+[http://localhost:8080/logout](http://localhost:8080/logout)
+
+### 记住我
+
+Tomcat默认JSESSION会话有效时间为30分钟，所以30分钟不操作会话将过期。为了解决这一问题，引入rememberMe功能，默认过期时间为2周。
+
+
 ## 贡献者
 
 核心开发者： [JoyChou](https://github.com/JoyChou93).其他开发者：[lightless](https://github.com/lightless233),  [Anemone95](https://github.com/Anemone95)。欢迎各位提交PR。

src/main/java/org/joychou/config/WebConfig.java

@@ -0,0 +1,55 @@
+package org.joychou.config;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+
+/**
+ * Solve can't get value in filter by @Value when not using embed tomcat.
+ *
+ * @author JoyChou @2019-07-24
+ */
+@Component
+public class WebConfig {
+
+    private static Boolean referSecEnabled = false;
+    private static String[] callbacks;
+    private static String[] referWhitelist;
+    private static String[] referUris;
+
+    @Value("${joychou.security.referer.enabled}")
+    public void setReferSecEnabled(Boolean referSecEnabled){
+        WebConfig.referSecEnabled = referSecEnabled;
+    }
+    public static Boolean getReferSecEnabled(){
+        return referSecEnabled;
+    }
+
+
+    @Value("${joychou.security.jsonp.callback}")
+    public void setCallbacks(String[] callbacks){
+        WebConfig.callbacks = callbacks;
+    }
+    public static String[] getCallbacks(){
+        return callbacks;
+    }
+
+
+    @Value("${joychou.security.referer.hostwhitelist}")
+    public void setReferWhitelist(String[] referWhitelist){
+        WebConfig.referWhitelist = referWhitelist;
+    }
+    public static String[] getReferWhitelist(){
+        return referWhitelist;
+    }
+
+
+    @Value("${joychou.security.referer.uri}")
+    public void setReferUris(String[] referUris)
+    {
+        WebConfig.referUris = referUris;
+    }
+    public static String[] getReferUris(){
+        return referUris;
+    }
+}

src/main/java/org/joychou/controller/Index.java

@@ -2,6 +2,7 @@
 
 
 import com.alibaba.fastjson.JSON;
+import org.apache.catalina.util.ServerInfo;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -26,6 +27,7 @@ public static String appInfo(HttpServletRequest request) {
         String username = request.getUserPrincipal().getName();
         Map<String, String> m = new HashMap<>();
 
+        m.put("tomcat_version", ServerInfo.getServerInfo());
         m.put("username", username);
         m.put("login", "success");
         m.put("app_name", "java security code");

src/main/java/org/joychou/security/HttpFilter.java

@@ -8,9 +8,9 @@
 import java.io.IOException;
 
 import org.apache.commons.lang.StringUtils;
+import org.joychou.config.WebConfig;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.util.AntPathMatcher;
 import org.springframework.util.PathMatcher;
 
@@ -25,18 +25,6 @@
 @WebFilter(filterName = "referFilter", urlPatterns = "/*")
 public class HttpFilter implements Filter {
 
-    @Value("${joychou.security.referer.enabled}")
-    private Boolean referSecEnabled = false;
-
-    @Value("${joychou.security.jsonp.callback}")
-    private String[] callbacks;
-
-    @Value("${joychou.security.referer.hostwhitelist}")
-    private String[] referWhitelist;
-
-    @Value("${joychou.security.referer.uri}")
-    private String[] referUris;
-
     @Override
     public void init(FilterConfig filterConfig) throws ServletException {
 
@@ -54,20 +42,20 @@ public void doFilter(ServletRequest req, ServletResponse res, FilterChain filter
         String refer = request.getHeader("referer");
         PathMatcher matcher = new AntPathMatcher();
         boolean isMatch = false;
-        for (String uri: referUris) {
+        for (String uri: WebConfig.getReferUris()) {
             if ( matcher.match (uri, request.getRequestURI()) ) {
                 isMatch = true;
                 break;
             }
         }
 
         if (isMatch) {
-            if (referSecEnabled) {
+            if (WebConfig.getReferSecEnabled()) {
                 // Check referer for all GET requests with callback parameters.
-                for (String callback: callbacks) {
+                for (String callback: WebConfig.getCallbacks()) {
                     if (request.getMethod().equals("GET") && StringUtils.isNotBlank(request.getParameter(callback)) ){
                         // If the check of referer fails, a 403 forbidden error page will be returned.
-                        if (!SecurityUtil.checkURLbyEndsWith(refer, referWhitelist)){
+                        if (!SecurityUtil.checkURLbyEndsWith(refer, WebConfig.getReferWhitelist())){
                             logger.info("[-] URL: " + request.getRequestURL() + "?" + request.getQueryString() + "\t" + "Referer: " + refer);
                             response.sendRedirect("https://test.joychou.org/error3.html");
                             return;

src/main/resources/templates/index.html

@@ -6,7 +6,7 @@
 </head>
 <body>
     <p>Hello <span th:text="${user}"></span>.</p>
-    <p>Welcome to login java-sec-code application.</p>
+    <p>Welcome to login java-sec-code application. <a th:href="@{/appInfo}">Application Infomation</a></p>
     <a th:href="@{/logout}">logout</a>
 </body>
 </html>