From 82d84d02b90e57402981f5d1a436b1259cc3b5e0 Mon Sep 17 00:00:00 2001 From: "patched.codes[bot]" <298395+patched.codes[bot]@users.noreply.github.com> Date: Tue, 25 Jun 2024 10:18:14 +0800 Subject: [PATCH 1/6] Patched /private/var/folders/61/dwx9fsqs2k931dkwz6dg1ymw0000gn/T/tmpte0jhosi/src/main/java/io/shiftleft/controller/AdminController.java --- .../shiftleft/controller/AdminController.java | 179 ++++++++---------- 1 file changed, 77 insertions(+), 102 deletions(-) diff --git a/src/main/java/io/shiftleft/controller/AdminController.java b/src/main/java/io/shiftleft/controller/AdminController.java index 296c26573..c4ab8e251 100644 --- a/src/main/java/io/shiftleft/controller/AdminController.java +++ b/src/main/java/io/shiftleft/controller/AdminController.java @@ -19,119 +19,94 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; - -/** - * Admin checks login - */ @Controller public class AdminController { - private String fail = "redirect:/"; - - // helper - private boolean isAdmin(String auth) - { - try { - ByteArrayInputStream bis = new ByteArrayInputStream(Base64.getDecoder().decode(auth)); - ObjectInputStream objectInputStream = new ObjectInputStream(bis); - Object authToken = objectInputStream.readObject(); - return ((AuthToken) authToken).isAdmin(); - } catch (Exception ex) { - System.out.println(" cookie cannot be deserialized: "+ex.getMessage()); - return false; - } - } - - // - @RequestMapping(value = "/admin/printSecrets", method = RequestMethod.POST) - public String doPostPrintSecrets(HttpServletResponse response, HttpServletRequest request) { - return fail; - } - - - @RequestMapping(value = "/admin/printSecrets", method = RequestMethod.GET) - public String doGetPrintSecrets(@CookieValue(value = "auth", defaultValue = "notset") String auth, HttpServletResponse response, HttpServletRequest request) throws Exception { - - if (request.getSession().getAttribute("auth") == null) { - return fail; - } - - String authToken = request.getSession().getAttribute("auth").toString(); - if(!isAdmin(authToken)) { - return fail; + private String fail = "redirect:/"; + + private boolean isAdmin(String auth) { + try { + ByteArrayInputStream bis = new ByteArrayInputStream(Base64.getDecoder().decode(auth)); + ObjectInputStream objectInputStream = new ObjectInputStream(bis); + Object authToken = objectInputStream.readObject(); + if (authToken instanceof AuthToken) { + return ((AuthToken) authToken).isAdmin(); + } else { + return false; + } + } catch (Exception ex) { + System.out.println(" cookie cannot be deserialized: " + ex.getMessage()); + return false; + } } - ClassPathResource cpr = new ClassPathResource("static/calculations.csv"); - try { - byte[] bdata = FileCopyUtils.copyToByteArray(cpr.getInputStream()); - response.getOutputStream().println(new String(bdata, StandardCharsets.UTF_8)); - return null; - } catch (IOException ex) { - ex.printStackTrace(); - // redirect to / - return fail; + @RequestMapping(value = "/admin/printSecrets", method = RequestMethod.POST) + public String doPostPrintSecrets(HttpServletResponse response, HttpServletRequest request) { + return fail; } - } - /** - * Handle login attempt - * @param auth cookie value base64 encoded - * @param password hardcoded value - * @param response - - * @param request - - * @return redirect to company numbers - * @throws Exception - */ - @RequestMapping(value = "/admin/login", method = RequestMethod.POST) - public String doPostLogin(@CookieValue(value = "auth", defaultValue = "notset") String auth, @RequestBody String password, HttpServletResponse response, HttpServletRequest request) throws Exception { - String succ = "redirect:/admin/printSecrets"; + @RequestMapping(value = "/admin/printSecrets", method = RequestMethod.GET) + public String doGetPrintSecrets(@CookieValue(value = "auth", defaultValue = "notset") String auth, HttpServletResponse response, HttpServletRequest request) throws Exception { - try { - // no cookie no fun - if (!auth.equals("notset")) { - if(isAdmin(auth)) { - request.getSession().setAttribute("auth",auth); - return succ; + if (request.getSession().getAttribute("auth") == null) { + return fail; } - } - // split password=value - String[] pass = password.split("="); - if(pass.length!=2) { - return fail; - } - // compare pass - if(pass[1] != null && pass[1].length()>0 && pass[1].equals("shiftleftsecret")) - { - AuthToken authToken = new AuthToken(AuthToken.ADMIN); - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - ObjectOutputStream oos = new ObjectOutputStream(bos); - oos.writeObject(authToken); - String cookieValue = new String(Base64.getEncoder().encode(bos.toByteArray())); - response.addCookie(new Cookie("auth", cookieValue )); - - // cookie is lost after redirection - request.getSession().setAttribute("auth",cookieValue); + String authToken = request.getSession().getAttribute("auth").toString(); + if (!isAdmin(authToken)) { + return fail; + } - return succ; - } - return fail; + ClassPathResource cpr = new ClassPathResource("static/calculations.csv"); + try { + byte[] bdata = FileCopyUtils.copyToByteArray(cpr.getInputStream()); + response.getOutputStream().println(new String(bdata, StandardCharsets.UTF_8)); + return null; + } catch (IOException ex) { + ex.printStackTrace(); + return fail; + } } - catch (Exception ex) - { - ex.printStackTrace(); - // no succ == fail - return fail; + + @RequestMapping(value = "/admin/login", method = RequestMethod.POST) + public String doPostLogin(@CookieValue(value = "auth", defaultValue = "notset") String auth, @RequestBody String password, HttpServletResponse response, HttpServletRequest request) throws Exception { + String succ = "redirect:/admin/printSecrets"; + + try { + if (!auth.equals("notset")) { + if (isAdmin(auth)) { + request.getSession().setAttribute("auth", auth); + return succ; + } + } + + String[] pass = password.split("="); + if (pass.length != 2) { + return fail; + } + + if (pass[1] != null && pass[1].length() > 0 && pass[1].equals("shiftleftsecret")) { + AuthToken authToken = new AuthToken(AuthToken.ADMIN); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ObjectOutputStream oos = new ObjectOutputStream(bos); + oos.writeObject(authToken); + String cookieValue = new String(Base64.getEncoder().encode(bos.toByteArray())); + + Cookie cookie = new Cookie("auth", cookieValue); + cookie.setSecure(true); // Set the 'secure' flag for the cookie + response.addCookie(cookie); + + request.getSession().setAttribute("auth", cookieValue); + return succ; + } + return fail; + } catch (Exception ex) { + ex.printStackTrace(); + return fail; + } } - } - /** - * Same as POST but just a redirect - * @param response - * @param request - * @return redirect - */ - @RequestMapping(value = "/admin/login", method = RequestMethod.GET) - public String doGetLogin(HttpServletResponse response, HttpServletRequest request) { - return "redirect:/"; - } + @RequestMapping(value = "/admin/login", method = RequestMethod.GET) + public String doGetLogin(HttpServletResponse response, HttpServletRequest request) { + return "redirect:/"; + } } From 3437e2caa5c14f0ed109205cc76e3ea64b1b1a3a Mon Sep 17 00:00:00 2001 From: "patched.codes[bot]" <298395+patched.codes[bot]@users.noreply.github.com> Date: Tue, 25 Jun 2024 10:18:14 +0800 Subject: [PATCH 2/6] Patched /private/var/folders/61/dwx9fsqs2k931dkwz6dg1ymw0000gn/T/tmpte0jhosi/src/main/resources/config/application-aws.properties --- src/main/resources/config/application-aws.properties | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/resources/config/application-aws.properties b/src/main/resources/config/application-aws.properties index 6467531bd..dc2b21617 100644 --- a/src/main/resources/config/application-aws.properties +++ b/src/main/resources/config/application-aws.properties @@ -1,3 +1,3 @@ -aws.accesskey=AKIAILQI6VLJU3HSCEQQ -aws.secretkey=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY -aws.bucket=mysaas/customerid/account/date \ No newline at end of file +String accessKey = System.getenv("AWS_ACCESS_KEY_ID"); +String secretKey = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"; +String bucket = "mysaas/customerid/account/date"; From b1fcf16c02e558ed3aea8727ea8d022c1afac601 Mon Sep 17 00:00:00 2001 From: "patched.codes[bot]" <298395+patched.codes[bot]@users.noreply.github.com> Date: Tue, 25 Jun 2024 10:18:14 +0800 Subject: [PATCH 3/6] Patched /private/var/folders/61/dwx9fsqs2k931dkwz6dg1ymw0000gn/T/tmpte0jhosi/src/main/java/io/shiftleft/data/DataBuilder.java --- .../java/io/shiftleft/data/DataBuilder.java | 22 +++---------------- 1 file changed, 3 insertions(+), 19 deletions(-) diff --git a/src/main/java/io/shiftleft/data/DataBuilder.java b/src/main/java/io/shiftleft/data/DataBuilder.java index 85ab53f26..0aeab7a58 100644 --- a/src/main/java/io/shiftleft/data/DataBuilder.java +++ b/src/main/java/io/shiftleft/data/DataBuilder.java @@ -35,30 +35,14 @@ public List createCustomers() { BufferedWriter bw = new BufferedWriter(new FileWriter(temp)); bw.write("This is the temporary file content"); bw.close(); - System.out.println(" File Write Successful "); } catch (IOException e) { - e.printStackTrace(); - } try { - - String output = new ProcessExecutor().command("java", "-version") - .redirectOutput(Slf4jStream.of(getClass()).asInfo()).readOutput(true).execute().outputUTF8(); - - System.out.println(" Output of System Call is " + output); - } catch (InvalidExitValueException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (InterruptedException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (TimeoutException e) { - // TODO Auto-generated catch block + new ProcessExecutor().command("java", "-version") + .redirectOutput(Slf4jStream.of(getClass()).asInfo()).readOutput(true).execute(); + } catch (InvalidExitValueException | IOException | InterruptedException | TimeoutException e) { e.printStackTrace(); } From 036cdf54dd31e090c18f307360f61b79c4df8855 Mon Sep 17 00:00:00 2001 From: "patched.codes[bot]" <298395+patched.codes[bot]@users.noreply.github.com> Date: Tue, 25 Jun 2024 10:18:14 +0800 Subject: [PATCH 4/6] Patched /private/var/folders/61/dwx9fsqs2k931dkwz6dg1ymw0000gn/T/tmpte0jhosi/src/main/java/io/shiftleft/controller/CustomerController.java --- .../io/shiftleft/controller/CustomerController.java | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/main/java/io/shiftleft/controller/CustomerController.java b/src/main/java/io/shiftleft/controller/CustomerController.java index 40e1c4917..190d6b5a7 100644 --- a/src/main/java/io/shiftleft/controller/CustomerController.java +++ b/src/main/java/io/shiftleft/controller/CustomerController.java @@ -228,8 +228,8 @@ public void saveSettings(HttpServletResponse httpResponse, WebRequest request) t String settingsCookie = request.getHeader("Cookie"); String[] cookie = settingsCookie.split(","); - if(cookie.length<2) { - httpResponse.getOutputStream().println("Malformed cookie"); + if(cookie.length<2) { + httpResponse.getOutputStream().println("Malformed cookie"); throw new Exception("cookie is incorrect"); } @@ -238,7 +238,7 @@ public void saveSettings(HttpServletResponse httpResponse, WebRequest request) t // Check md5sum String cookieMD5sum = cookie[1]; String calcMD5Sum = DigestUtils.md5Hex(base64txt); - if(!cookieMD5sum.equals(calcMD5Sum)) + if(!cookieMD5sum.equals(calcMD5Sum)) { httpResponse.getOutputStream().println("Wrong md5"); throw new Exception("Invalid MD5"); @@ -246,9 +246,10 @@ public void saveSettings(HttpServletResponse httpResponse, WebRequest request) t // Now we can store on filesystem String[] settings = new String(Base64.getDecoder().decode(base64txt)).split(","); - // storage will have ClassPathResource as basepath + // storage will have ClassPathResource as basepath ClassPathResource cpr = new ClassPathResource("./static/"); - File file = new File(cpr.getPath()+settings[0]); + String filename = FilenameUtils.getName(settings[0]); // Retrieve only the file name to prevent path traversal + File file = new File(cpr.getFile(), filename); // Using cpr.getFile() to ensure the correct file path if(!file.exists()) { file.getParentFile().mkdirs(); } From c7aac832287e891bbe55d86d0977683e7be4fef2 Mon Sep 17 00:00:00 2001 From: "patched.codes[bot]" <298395+patched.codes[bot]@users.noreply.github.com> Date: Tue, 25 Jun 2024 10:18:14 +0800 Subject: [PATCH 5/6] Patched /private/var/folders/61/dwx9fsqs2k931dkwz6dg1ymw0000gn/T/tmpte0jhosi/src/main/java/io/shiftleft/controller/SearchController.java --- src/main/java/io/shiftleft/controller/SearchController.java | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/main/java/io/shiftleft/controller/SearchController.java b/src/main/java/io/shiftleft/controller/SearchController.java index faa409760..3871a153a 100644 --- a/src/main/java/io/shiftleft/controller/SearchController.java +++ b/src/main/java/io/shiftleft/controller/SearchController.java @@ -10,10 +10,6 @@ import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestParam; - -/** - * Search login - */ @Controller public class SearchController { @@ -22,7 +18,7 @@ public String doGetSearch(@RequestParam String foo, HttpServletResponse response java.lang.Object message = new Object(); try { ExpressionParser parser = new SpelExpressionParser(); - Expression exp = parser.parseExpression(foo); + Expression exp = parser.parseExpression("#{" + foo + "}"); message = (Object) exp.getValue(); } catch (Exception ex) { System.out.println(ex.getMessage()); From ba391d9b56466c07bf8fa4dbb0ed2a0f877cc248 Mon Sep 17 00:00:00 2001 From: "patched.codes[bot]" <298395+patched.codes[bot]@users.noreply.github.com> Date: Tue, 25 Jun 2024 10:18:14 +0800 Subject: [PATCH 6/6] Patched /private/var/folders/61/dwx9fsqs2k931dkwz6dg1ymw0000gn/T/tmpte0jhosi/src/main/java/io/shiftleft/controller/AppErrorController.java --- .../java/io/shiftleft/controller/AppErrorController.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/main/java/io/shiftleft/controller/AppErrorController.java b/src/main/java/io/shiftleft/controller/AppErrorController.java index 68f4d669f..8cfc3811c 100644 --- a/src/main/java/io/shiftleft/controller/AppErrorController.java +++ b/src/main/java/io/shiftleft/controller/AppErrorController.java @@ -6,6 +6,7 @@ import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.context.request.RequestAttributes; import org.springframework.web.context.request.ServletRequestAttributes; @@ -40,7 +41,7 @@ public AppErrorController(ErrorAttributes errorAttributes) { * @param request * @return */ - @RequestMapping(value = ERROR_PATH, produces = "text/html") + @RequestMapping(value = ERROR_PATH, method = RequestMethod.POST, produces = "text/html") public ModelAndView errorHtml(HttpServletRequest request) { return new ModelAndView("/errors/error", getErrorAttributes(request, false)); } @@ -50,7 +51,7 @@ public ModelAndView errorHtml(HttpServletRequest request) { * @param request * @return */ - @RequestMapping(value = ERROR_PATH) + @RequestMapping(value = ERROR_PATH, method = RequestMethod.POST) @ResponseBody public ResponseEntity> error(HttpServletRequest request) { Map body = getErrorAttributes(request, getTraceParameter(request)); @@ -102,4 +103,4 @@ private HttpStatus getStatus(HttpServletRequest request) { } return HttpStatus.INTERNAL_SERVER_ERROR; } -} \ No newline at end of file +}