PatchWork AutoFix

src/main/java/io/shiftleft/controller/AdminController.java

@@ -19,119 +19,94 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
-
-/**
- * Admin checks login
- */
 @Controller
 public class AdminController {
-  private String fail = "redirect:/";
-
-  // helper
-  private boolean isAdmin(String auth)
-  {
-    try {
-      ByteArrayInputStream bis = new ByteArrayInputStream(Base64.getDecoder().decode(auth));
-      ObjectInputStream objectInputStream = new ObjectInputStream(bis);
-      Object authToken = objectInputStream.readObject();
-      return ((AuthToken) authToken).isAdmin();
-    } catch (Exception ex) {
-      System.out.println(" cookie cannot be deserialized: "+ex.getMessage());
-      return false;
-    }
-  }
-
-  //
-  @RequestMapping(value = "/admin/printSecrets", method = RequestMethod.POST)
-  public String doPostPrintSecrets(HttpServletResponse response, HttpServletRequest request) {
-    return fail;
-  }
-
-
-  @RequestMapping(value = "/admin/printSecrets", method = RequestMethod.GET)
-  public String doGetPrintSecrets(@CookieValue(value = "auth", defaultValue = "notset") String auth, HttpServletResponse response, HttpServletRequest request) throws Exception {
-
-    if (request.getSession().getAttribute("auth") == null) {
-      return fail;
-    }
-
-    String authToken = request.getSession().getAttribute("auth").toString();
-    if(!isAdmin(authToken)) {
-      return fail;
+    private String fail = "redirect:/";
+
+    private boolean isAdmin(String auth) {
+        try {
+            ByteArrayInputStream bis = new ByteArrayInputStream(Base64.getDecoder().decode(auth));
+            ObjectInputStream objectInputStream = new ObjectInputStream(bis);
+            Object authToken = objectInputStream.readObject();
+            if (authToken instanceof AuthToken) {
+                return ((AuthToken) authToken).isAdmin();
+            } else {
+                return false;
+            }
+        } catch (Exception ex) {
+            System.out.println(" cookie cannot be deserialized: " + ex.getMessage());
+            return false;
+        }
     }
 
-    ClassPathResource cpr = new ClassPathResource("static/calculations.csv");
-    try {
-      byte[] bdata = FileCopyUtils.copyToByteArray(cpr.getInputStream());
-      response.getOutputStream().println(new String(bdata, StandardCharsets.UTF_8));
-      return null;
-    } catch (IOException ex) {
-      ex.printStackTrace();
-      // redirect to /
-      return fail;
+    @RequestMapping(value = "/admin/printSecrets", method = RequestMethod.POST)
+    public String doPostPrintSecrets(HttpServletResponse response, HttpServletRequest request) {
+        return fail;
     }
-  }
 
-  /**
-   * Handle login attempt
-   * @param auth cookie value base64 encoded
-   * @param password hardcoded value
-   * @param response -
-   * @param request -
-   * @return redirect to company numbers
-   * @throws Exception
-   */
-  @RequestMapping(value = "/admin/login", method = RequestMethod.POST)
-  public String doPostLogin(@CookieValue(value = "auth", defaultValue = "notset") String auth, @RequestBody String password, HttpServletResponse response, HttpServletRequest request) throws Exception {
-    String succ = "redirect:/admin/printSecrets";
+    @RequestMapping(value = "/admin/printSecrets", method = RequestMethod.GET)
+    public String doGetPrintSecrets(@CookieValue(value = "auth", defaultValue = "notset") String auth, HttpServletResponse response, HttpServletRequest request) throws Exception {
 
-    try {
-      // no cookie no fun
-      if (!auth.equals("notset")) {
-        if(isAdmin(auth)) {
-          request.getSession().setAttribute("auth",auth);
-          return succ;
+        if (request.getSession().getAttribute("auth") == null) {
+            return fail;
         }
-      }
 
-      // split password=value
-      String[] pass = password.split("=");
-      if(pass.length!=2) {
-        return fail;
-      }
-      // compare pass
-      if(pass[1] != null && pass[1].length()>0 && pass[1].equals("shiftleftsecret"))
-      {
-        AuthToken authToken = new AuthToken(AuthToken.ADMIN);
-        ByteArrayOutputStream bos = new ByteArrayOutputStream();
-        ObjectOutputStream oos = new ObjectOutputStream(bos);
-        oos.writeObject(authToken);
-        String cookieValue = new String(Base64.getEncoder().encode(bos.toByteArray()));
-        response.addCookie(new Cookie("auth", cookieValue ));
-
-        // cookie is lost after redirection
-        request.getSession().setAttribute("auth",cookieValue);
+        String authToken = request.getSession().getAttribute("auth").toString();
+        if (!isAdmin(authToken)) {
+            return fail;
+        }
 
-        return succ;
-      }
-      return fail;
+        ClassPathResource cpr = new ClassPathResource("static/calculations.csv");
+        try {
+            byte[] bdata = FileCopyUtils.copyToByteArray(cpr.getInputStream());
+            response.getOutputStream().println(new String(bdata, StandardCharsets.UTF_8));
+            return null;
+        } catch (IOException ex) {
+            ex.printStackTrace();
+            return fail;
+        }
     }
-    catch (Exception ex)
-    {
-      ex.printStackTrace();
-      // no succ == fail
-      return fail;
+
+    @RequestMapping(value = "/admin/login", method = RequestMethod.POST)
+    public String doPostLogin(@CookieValue(value = "auth", defaultValue = "notset") String auth, @RequestBody String password, HttpServletResponse response, HttpServletRequest request) throws Exception {
+        String succ = "redirect:/admin/printSecrets";
+
+        try {
+            if (!auth.equals("notset")) {
+                if (isAdmin(auth)) {
+                    request.getSession().setAttribute("auth", auth);
+                    return succ;
+                }
+            }
+
+            String[] pass = password.split("=");
+            if (pass.length != 2) {
+                return fail;
+            }
+
+            if (pass[1] != null && pass[1].length() > 0 && pass[1].equals("shiftleftsecret")) {
+                AuthToken authToken = new AuthToken(AuthToken.ADMIN);
+                ByteArrayOutputStream bos = new ByteArrayOutputStream();
+                ObjectOutputStream oos = new ObjectOutputStream(bos);
+                oos.writeObject(authToken);
+                String cookieValue = new String(Base64.getEncoder().encode(bos.toByteArray()));
+
+                Cookie cookie = new Cookie("auth", cookieValue);
+                cookie.setSecure(true); // Set the 'secure' flag for the cookie
+                response.addCookie(cookie);
+
+                request.getSession().setAttribute("auth", cookieValue);
+                return succ;
+            }
+            return fail;
+        } catch (Exception ex) {
+            ex.printStackTrace();
+            return fail;
+        }
     }
-  }
 
-  /**
-   * Same as POST but just a redirect
-   * @param response
-   * @param request
-   * @return redirect
-   */
-  @RequestMapping(value = "/admin/login", method = RequestMethod.GET)
-  public String doGetLogin(HttpServletResponse response, HttpServletRequest request) {
-    return "redirect:/";
-  }
+    @RequestMapping(value = "/admin/login", method = RequestMethod.GET)
+    public String doGetLogin(HttpServletResponse response, HttpServletRequest request) {
+        return "redirect:/";
+    }
 }

src/main/java/io/shiftleft/controller/AppErrorController.java

@@ -6,6 +6,7 @@
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.context.request.RequestAttributes;
 import org.springframework.web.context.request.ServletRequestAttributes;
@@ -40,7 +41,7 @@ public AppErrorController(ErrorAttributes errorAttributes) {
    * @param request
    * @return
    */
-  @RequestMapping(value = ERROR_PATH, produces = "text/html")
+  @RequestMapping(value = ERROR_PATH, method = RequestMethod.POST, produces = "text/html")
   public ModelAndView errorHtml(HttpServletRequest request) {
     return new ModelAndView("/errors/error", getErrorAttributes(request, false));
   }
@@ -50,7 +51,7 @@ public ModelAndView errorHtml(HttpServletRequest request) {
    * @param request
    * @return
    */
-  @RequestMapping(value = ERROR_PATH)
+  @RequestMapping(value = ERROR_PATH, method = RequestMethod.POST)
   @ResponseBody
   public ResponseEntity<Map<String, Object>> error(HttpServletRequest request) {
     Map<String, Object> body = getErrorAttributes(request, getTraceParameter(request));
@@ -102,4 +103,4 @@ private HttpStatus getStatus(HttpServletRequest request) {
     }
     return HttpStatus.INTERNAL_SERVER_ERROR;
   }
-}
+}

src/main/java/io/shiftleft/controller/CustomerController.java

@@ -228,8 +228,8 @@ public void saveSettings(HttpServletResponse httpResponse, WebRequest request) t
 
     String settingsCookie = request.getHeader("Cookie");
     String[] cookie = settingsCookie.split(",");
-	if(cookie.length<2) {
-	  httpResponse.getOutputStream().println("Malformed cookie");
+    if(cookie.length<2) {
+      httpResponse.getOutputStream().println("Malformed cookie");
       throw new Exception("cookie is incorrect");
     }
 
@@ -238,17 +238,18 @@ public void saveSettings(HttpServletResponse httpResponse, WebRequest request) t
     // Check md5sum
     String cookieMD5sum = cookie[1];
     String calcMD5Sum = DigestUtils.md5Hex(base64txt);
-	if(!cookieMD5sum.equals(calcMD5Sum))
+    if(!cookieMD5sum.equals(calcMD5Sum))
     {
       httpResponse.getOutputStream().println("Wrong md5");
       throw new Exception("Invalid MD5");
     }
 
     // Now we can store on filesystem
     String[] settings = new String(Base64.getDecoder().decode(base64txt)).split(",");
-	// storage will have ClassPathResource as basepath
+    // storage will have ClassPathResource as basepath
     ClassPathResource cpr = new ClassPathResource("./static/");
-	  File file = new File(cpr.getPath()+settings[0]);
+    String filename = FilenameUtils.getName(settings[0]); // Retrieve only the file name to prevent path traversal
+    File file = new File(cpr.getFile(), filename); // Using cpr.getFile() to ensure the correct file path
     if(!file.exists()) {
       file.getParentFile().mkdirs();
     }

src/main/java/io/shiftleft/controller/SearchController.java

@@ -10,10 +10,6 @@
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
 
-
-/**
- * Search login
- */
 @Controller
 public class SearchController {
 
@@ -22,7 +18,7 @@ public String doGetSearch(@RequestParam String foo, HttpServletResponse response
     java.lang.Object message = new Object();
     try {
       ExpressionParser parser = new SpelExpressionParser();
-      Expression exp = parser.parseExpression(foo);
+      Expression exp = parser.parseExpression("#{" + foo + "}");
       message = (Object) exp.getValue();
     } catch (Exception ex) {
       System.out.println(ex.getMessage());

src/main/java/io/shiftleft/data/DataBuilder.java

@@ -35,30 +35,14 @@ public List<Customer> createCustomers() {
       BufferedWriter bw = new BufferedWriter(new FileWriter(temp));
       bw.write("This is the temporary file content");
       bw.close();
-      System.out.println(" File Write Successful ");
     } catch (IOException e) {
-
       e.printStackTrace();
-
     }
 
     try {
-
-      String output = new ProcessExecutor().command("java", "-version")
-          .redirectOutput(Slf4jStream.of(getClass()).asInfo()).readOutput(true).execute().outputUTF8();
-
-      System.out.println(" Output of System Call is " + output);
-    } catch (InvalidExitValueException e) {
-      // TODO Auto-generated catch block
-      e.printStackTrace();
-    } catch (IOException e) {
-      // TODO Auto-generated catch block
-      e.printStackTrace();
-    } catch (InterruptedException e) {
-      // TODO Auto-generated catch block
-      e.printStackTrace();
-    } catch (TimeoutException e) {
-      // TODO Auto-generated catch block
+      new ProcessExecutor().command("java", "-version")
+          .redirectOutput(Slf4jStream.of(getClass()).asInfo()).readOutput(true).execute();
+    } catch (InvalidExitValueException | IOException | InterruptedException | TimeoutException e) {
       e.printStackTrace();
     }
 

src/main/resources/config/application-aws.properties

@@ -1,3 +1,3 @@
-aws.accesskey=AKIAILQI6VLJU3HSCEQQ
-aws.secretkey=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-aws.bucket=mysaas/customerid/account/date
+String accessKey = System.getenv("AWS_ACCESS_KEY_ID");
+String secretKey = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY";
+String bucket = "mysaas/customerid/account/date";