JoyChou93 · matteobaccan · May 13, 2021 · May 13, 2021
diff --git a/src/main/java/org/joychou/controller/FileUpload.java b/src/main/java/org/joychou/controller/FileUpload.java
@@ -182,9 +182,9 @@ private File convert(MultipartFile multiFile) throws Exception {
         if (!ret) {
             return null;
         }
-        FileOutputStream fos = new FileOutputStream(convFile);
-        fos.write(multiFile.getBytes());
-        fos.close();
+        try(FileOutputStream fos = new FileOutputStream(convFile)){
+            fos.write(multiFile.getBytes());
+        }
         return convFile;
     }
 

diff --git a/src/main/java/org/joychou/controller/Jsonp.java b/src/main/java/org/joychou/controller/Jsonp.java
@@ -19,7 +19,6 @@
 import org.joychou.util.WebUtils;
 
 import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 import java.security.Principal;
 
 

diff --git a/src/main/java/org/joychou/controller/SQLI.java b/src/main/java/org/joychou/controller/SQLI.java
@@ -54,27 +54,28 @@ public String jdbc_sqli_vul(@RequestParam("username") String username) {
 
         try {
             Class.forName(driver);
-            Connection con = DriverManager.getConnection(url, user, password);
-
-            if (!con.isClosed())
-                System.out.println("Connect to database successfully.");
-
-            // sqli vuln code
-            Statement statement = con.createStatement();
-            String sql = "select * from users where username = '" + username + "'";
-            logger.info(sql);
-            ResultSet rs = statement.executeQuery(sql);
-
-            while (rs.next()) {
-                String res_name = rs.getString("username");
-                String res_pwd = rs.getString("password");
-                String info = String.format("%s: %s\n", res_name, res_pwd);
-                result.append(info);
-                logger.info(info);
+            try (Connection con = DriverManager.getConnection(url, user, password)) {
+
+                if (!con.isClosed()) {
+                    System.out.println("Connect to database successfully.");
+                }
+
+                // sqli vuln code
+                try (Statement statement = con.createStatement()) {
+                    String sql = "select * from users where username = '" + username + "'";
+                    logger.info(sql);
+                    try (ResultSet rs = statement.executeQuery(sql)) {
+
+                        while (rs.next()) {
+                            String res_name = rs.getString("username");
+                            String res_pwd = rs.getString("password");
+                            String info = String.format("%s: %s\n", res_name, res_pwd);
+                            result.append(info);
+                            logger.info(info);
+                        }
+                    }
+                }
             }
-            rs.close();
-            con.close();
-
 
         } catch (ClassNotFoundException e) {
             logger.error("Sorry,can`t find the Driver!");
@@ -97,30 +98,29 @@ public String jdbc_sqli_sec(@RequestParam("username") String username) {
         StringBuilder result = new StringBuilder();
         try {
             Class.forName(driver);
-            Connection con = DriverManager.getConnection(url, user, password);
-
-            if (!con.isClosed())
-                System.out.println("Connecting to Database successfully.");
-
-            // fix code
-            String sql = "select * from users where username = ?";
-            PreparedStatement st = con.prepareStatement(sql);
-            st.setString(1, username);
-
-            logger.info(st.toString());  // sql after prepare statement
-            ResultSet rs = st.executeQuery();
-
-            while (rs.next()) {
-                String res_name = rs.getString("username");
-                String res_pwd = rs.getString("password");
-                String info = String.format("%s: %s\n", res_name, res_pwd);
-                result.append(info);
-                logger.info(info);
+            try (Connection con = DriverManager.getConnection(url, user, password)) {
+
+                if (!con.isClosed()) {
+                    System.out.println("Connecting to Database successfully.");
+                }
+
+                // fix code
+                String sql = "select * from users where username = ?";
+                try (PreparedStatement st = con.prepareStatement(sql)) {
+                    st.setString(1, username);
+                    logger.info(st.toString());  // sql after prepare statement
+                    try (ResultSet rs = st.executeQuery()) {
+                        while (rs.next()) {
+                            String res_name = rs.getString("username");
+                            String res_pwd = rs.getString("password");
+                            String info = String.format("%s: %s\n", res_name, res_pwd);
+                            result.append(info);
+                            logger.info(info);
+                        }
+                    }
+                }
             }
 
-            rs.close();
-            con.close();
-
         } catch (ClassNotFoundException e) {
             logger.error("Sorry, can`t find the Driver!");
             e.printStackTrace();

diff --git a/src/main/java/org/joychou/controller/SpEL.java b/src/main/java/org/joychou/controller/SpEL.java
@@ -3,7 +3,6 @@
 import org.springframework.expression.ExpressionParser;
 import org.springframework.expression.spel.standard.SpelExpressionParser;
 import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
 

diff --git a/src/main/java/org/joychou/controller/Test.java b/src/main/java/org/joychou/controller/Test.java
@@ -1,8 +1,6 @@
 package org.joychou.controller;
 
-import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;
 
 import javax.servlet.http.Cookie;

diff --git a/src/main/java/org/joychou/controller/othervulns/xlsxStreamerXXE.java b/src/main/java/org/joychou/controller/othervulns/xlsxStreamerXXE.java
@@ -1,7 +1,6 @@
 package org.joychou.controller.othervulns;
 
 import com.monitorjbl.xlsx.StreamingReader;
-import org.apache.poi.ss.usermodel.Workbook;
 
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.GetMapping;

diff --git a/src/main/java/org/joychou/security/AntObjectInputStream.java b/src/main/java/org/joychou/security/AntObjectInputStream.java
@@ -56,20 +56,18 @@ public static void main(String args[]) throws Exception{
 
         // 创建一个包含对象进行反序列化信息的/tmp/object数据文件
         FileOutputStream fos = new FileOutputStream("/tmp/object");
-        ObjectOutputStream os = new ObjectOutputStream(fos);
-
-        // writeObject()方法将myObj对象写入/tmp/object文件
-        os.writeObject(myObj);
-        os.close();
+        try(ObjectOutputStream os = new ObjectOutputStream(fos)){
+            // writeObject()方法将myObj对象写入/tmp/object文件
+            os.writeObject(myObj);
+        }
 
         // 从文件中反序列化obj对象
         FileInputStream fis = new FileInputStream("/tmp/object");
-        AntObjectInputStream ois = new AntObjectInputStream(fis);  // AntObjectInputStream class
-
-        //恢复对象即反序列化
-        MyObject objectFromDisk = (MyObject)ois.readObject();
-        System.out.println(objectFromDisk.name);
-        ois.close();
+        try(AntObjectInputStream ois = new AntObjectInputStream(fis)){  // AntObjectInputStream class
+            //恢复对象即反序列化
+            MyObject objectFromDisk = (MyObject)ois.readObject();
+            System.out.println(objectFromDisk.name);
+        }
     }
 
     static class  MyObject implements Serializable {

diff --git a/src/main/java/org/joychou/security/ssrf/SocketHookFactory.java b/src/main/java/org/joychou/security/ssrf/SocketHookFactory.java
@@ -39,8 +39,7 @@ static void initSocket() {
             return;
         }
 
-        Socket socket = new Socket();
-        try {
+        try (Socket socket = new Socket()) {
             // get impl field in Socket class
             Field implField = Socket.class.getDeclaredField("impl");
             implField.setAccessible(true);
@@ -52,12 +51,8 @@ static void initSocket() {
 
         } catch (NoSuchFieldException | IllegalAccessException | NoSuchMethodException e) {
             throw new SSRFException("SocketHookFactory init failed!");
-        }
-
-        try {
-            socket.close();
         } catch (IOException ignored) {
-
+            // Ignored
         }
     }
 

diff --git a/src/main/java/org/joychou/util/HttpUtils.java b/src/main/java/org/joychou/util/HttpUtils.java
@@ -5,7 +5,6 @@
 import org.apache.commons.httpclient.methods.GetMethod;
 import org.apache.commons.io.IOUtils;
 import org.apache.http.HttpResponse;
-import org.apache.http.client.config.RequestConfig;
 import org.apache.http.client.fluent.Request;
 import org.apache.http.client.methods.HttpGet;
 import org.apache.http.impl.client.CloseableHttpClient;
@@ -74,11 +73,11 @@ public static String httpClient(String url) {
             // set redirect enable false
             // httpGet.setConfig(RequestConfig.custom().setRedirectsEnabled(false).build());
             HttpResponse httpResponse = client.execute(httpGet); // send request
-            BufferedReader rd = new BufferedReader(new InputStreamReader(httpResponse.getEntity().getContent()));
-
-            String line;
-            while ((line = rd.readLine()) != null) {
-                result.append(line);
+            try(BufferedReader rd = new BufferedReader(new InputStreamReader(httpResponse.getEntity().getContent()))){
+                String line;
+                while ((line = rd.readLine()) != null) {
+                    result.append(line);
+                }
             }
 
             return result.toString();