From d42a9e542c7602fb1475247ec9becd427779c18a Mon Sep 17 00:00:00 2001 From: "patched.codes[bot]" <298395+patched.codes[bot]@users.noreply.github.com> Date: Tue, 28 May 2024 16:49:24 +0800 Subject: [PATCH 1/4] Patched src/main/java/io/shiftleft/tarpit/FileUploader.java --- src/main/java/io/shiftleft/tarpit/FileUploader.java | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/main/java/io/shiftleft/tarpit/FileUploader.java b/src/main/java/io/shiftleft/tarpit/FileUploader.java index 9a7abcf..ea12402 100644 --- a/src/main/java/io/shiftleft/tarpit/FileUploader.java +++ b/src/main/java/io/shiftleft/tarpit/FileUploader.java @@ -14,6 +14,8 @@ import javax.servlet.http.HttpServletResponse; import javax.servlet.http.Part; +import org.apache.commons.io.FilenameUtils; + import io.shiftleft.tarpit.util.Unzipper; /** @@ -44,8 +46,8 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) Part filePart = request.getPart("zipFile"); InputStream input = filePart.getInputStream(); - - File targetFile = new File(productSourceFolder + filePart.getSubmittedFileName()); + String safeFileName = FilenameUtils.getName(filePart.getSubmittedFileName()); + File targetFile = new File(productSourceFolder + safeFileName); targetFile.createNewFile(); OutputStream out = new FileOutputStream(targetFile); @@ -66,4 +68,4 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) doGet(request, response); } -} \ No newline at end of file +} From 22491d383ce206ecb70eb2bdfc29e93b02719e4b Mon Sep 17 00:00:00 2001 From: "patched.codes[bot]" <298395+patched.codes[bot]@users.noreply.github.com> Date: Tue, 28 May 2024 16:49:24 +0800 Subject: [PATCH 2/4] Patched src/main/java/io/shiftleft/tarpit/OrderStatus.java --- src/main/java/io/shiftleft/tarpit/OrderStatus.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/main/java/io/shiftleft/tarpit/OrderStatus.java b/src/main/java/io/shiftleft/tarpit/OrderStatus.java index b749e54..8ec2318 100644 --- a/src/main/java/io/shiftleft/tarpit/OrderStatus.java +++ b/src/main/java/io/shiftleft/tarpit/OrderStatus.java @@ -52,8 +52,9 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) getConnection(); - String sql = "SELECT * FROM ORDER WHERE ORDERID = '" + orderId; + String sql = "SELECT * FROM ORDER WHERE ORDERID = ?"; preparedStatement = connection.prepareStatement(sql); + preparedStatement.setString(1, orderId); resultSet = preparedStatement.executeQuery(); @@ -111,3 +112,4 @@ private void getConnection() throws ClassNotFoundException, SQLException { } } + From cdb6d1ac4567410abeb855215b3d721fb225d409 Mon Sep 17 00:00:00 2001 From: "patched.codes[bot]" <298395+patched.codes[bot]@users.noreply.github.com> Date: Tue, 28 May 2024 16:49:24 +0800 Subject: [PATCH 3/4] Patched src/main/java/io/shiftleft/tarpit/ServletTarPit.java --- .../io/shiftleft/tarpit/ServletTarPit.java | 23 +++++++++++-------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/src/main/java/io/shiftleft/tarpit/ServletTarPit.java b/src/main/java/io/shiftleft/tarpit/ServletTarPit.java index 8d7f310..88de5c8 100644 --- a/src/main/java/io/shiftleft/tarpit/ServletTarPit.java +++ b/src/main/java/io/shiftleft/tarpit/ServletTarPit.java @@ -38,8 +38,8 @@ public class ServletTarPit extends HttpServlet { protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - String ACCESS_KEY_ID = "AKIA2E0A8F3B244C9986"; - String SECRET_KEY = "7CE556A3BC234CC1FF9E8A5C324C0BB70AA21B6D"; + String ACCESS_KEY_ID = System.getenv("ACCESS_KEY_ID"); + String SECRET_KEY = System.getenv("SECRET_KEY"); String txns_dir = System.getProperty("transactions_folder","/rolling/transactions"); @@ -60,20 +60,21 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) ScriptEngineManager manager = new ScriptEngineManager(); ScriptEngine engine = manager.getEngineByName("JavaScript"); - engine.eval(request.getParameter("module")); + // engine.eval(request.getParameter("module")); /* FLAW: Insecure cryptographic algorithm (DES) CWE: 327 Use of Broken or Risky Cryptographic Algorithm */ - Cipher des = Cipher.getInstance("DES"); - SecretKey key = KeyGenerator.getInstance("DES").generateKey(); - des.init(Cipher.ENCRYPT_MODE, key); + Cipher aes = Cipher.getInstance("AES"); + SecretKey key = KeyGenerator.getInstance("AES").generateKey(); + aes.init(Cipher.ENCRYPT_MODE, key); getConnection(); - String sql = - "SELECT * FROM USER WHERE LOGIN = '" + login + "' AND PASSWORD = '" + password + "'"; + String sql = "SELECT * FROM USER WHERE LOGIN = ? AND PASSWORD = ?"; preparedStatement = connection.prepareStatement(sql); + preparedStatement.setString(1, login); + preparedStatement.setString(2, password); resultSet = preparedStatement.executeQuery(); @@ -91,11 +92,13 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) resultSet.getString("zipCode")); String creditInfo = resultSet.getString("userCreditCardInfo"); - byte[] cc_enc_str = des.doFinal(creditInfo.getBytes()); + byte[] cc_enc_str = aes.doFinal(creditInfo.getBytes()); Cookie cookie = new Cookie("login", login); cookie.setMaxAge(864000); cookie.setPath("/"); + cookie.setHttpOnly(true); + cookie.setSecure(true); response.addCookie(cookie); request.setAttribute("user", user.toString()); @@ -127,4 +130,4 @@ private void getConnection() throws ClassNotFoundException, SQLException { connection = DriverManager.getConnection("jdbc:mysql://localhost/DBPROD", "admin", "1234"); } -} \ No newline at end of file +} From 441c80dcd566d1466431dfe499b9481f35808d67 Mon Sep 17 00:00:00 2001 From: "patched.codes[bot]" <298395+patched.codes[bot]@users.noreply.github.com> Date: Tue, 28 May 2024 16:49:24 +0800 Subject: [PATCH 4/4] Patched src/main/java/io/shiftleft/tarpit/OrderProcessor.java --- src/main/java/io/shiftleft/tarpit/OrderProcessor.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/main/java/io/shiftleft/tarpit/OrderProcessor.java b/src/main/java/io/shiftleft/tarpit/OrderProcessor.java index 969a10f..713ae1f 100644 --- a/src/main/java/io/shiftleft/tarpit/OrderProcessor.java +++ b/src/main/java/io/shiftleft/tarpit/OrderProcessor.java @@ -79,7 +79,8 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) try { // read from file, convert it to user class Order order = deserializer.readValue(request.getReader(), Order.class); - out.println(order); + response.setContentType("application/json"); + out.println(serializer.writeValueAsString(order)); } catch (JsonGenerationException e) { e.printStackTrace(); } catch (JsonMappingException e) { @@ -96,3 +97,4 @@ private void getConnection() throws ClassNotFoundException, SQLException { } } +