diff --git a/.github/workflows/endorlabs.yml b/.github/workflows/endorlabs.yml
new file mode 100644
index 0000000..022cec9
--- /dev/null
+++ b/.github/workflows/endorlabs.yml
@@ -0,0 +1,49 @@
+name: Endor Labs Scan
+on:
+ push:
+ branches: [ main ]
+ pull_request:
+ branches: [ main ]
+ workflow_dispatch:
+ inputs:
+ tenant_name:
+ description: "Enter your Endor Labs tenant name:"
+ required: true
+
+jobs:
+ scan:
+ permissions:
+ contents: read
+ id-token: write
+
+ runs-on: ubuntu-latest
+
+ steps:
+
+ - name: setup namespace
+ run: |
+ NAMESPACE=$(jq -r '.inputs.tenant_name' $GITHUB_EVENT_PATH)
+ echo "::add-mask::$NAMESPACE"
+ echo NAMESPACE=$NAMESPACE >> $GITHUB_ENV
+
+ - name: Checkout Repository
+ uses: actions/checkout@v3
+
+ - name: Setup Java
+ uses: actions/setup-java@v3
+ with:
+ distribution: 'microsoft'
+ java-version: '17'
+ cache: 'maven'
+
+ - name: Compile Package
+ run: mvn clean install
+
+ - name: Run endorctl
+ uses: endorlabs/github-action@v1.1.2
+ with:
+ namespace: ${{ github.event.inputs.tenant_name }}
+ enable_github_action_token: true
+ scan_summary_output_type: "table"
+ additional_args: "--as-default-branch"
+ pr: false
\ No newline at end of file
diff --git a/lib/javax.annotation.jar b/lib/javax.annotation.jar
new file mode 100644
index 0000000..52dca7f
Binary files /dev/null and b/lib/javax.annotation.jar differ
diff --git a/lib/javax.ejb.jar b/lib/javax.ejb.jar
new file mode 100644
index 0000000..4ebf5ec
Binary files /dev/null and b/lib/javax.ejb.jar differ
diff --git a/lib/javax.jms.jar b/lib/javax.jms.jar
new file mode 100644
index 0000000..d31451a
Binary files /dev/null and b/lib/javax.jms.jar differ
diff --git a/lib/javax.persistence.jar b/lib/javax.persistence.jar
new file mode 100644
index 0000000..21d80e0
Binary files /dev/null and b/lib/javax.persistence.jar differ
diff --git a/lib/javax.resource.jar b/lib/javax.resource.jar
new file mode 100644
index 0000000..696a234
Binary files /dev/null and b/lib/javax.resource.jar differ
diff --git a/lib/javax.servlet.jar b/lib/javax.servlet.jar
new file mode 100644
index 0000000..0519e4a
Binary files /dev/null and b/lib/javax.servlet.jar differ
diff --git a/lib/javax.servlet.jsp.jar b/lib/javax.servlet.jsp.jar
new file mode 100644
index 0000000..9c0631c
Binary files /dev/null and b/lib/javax.servlet.jsp.jar differ
diff --git a/lib/javax.servlet.jsp.jstl.jar b/lib/javax.servlet.jsp.jstl.jar
new file mode 100644
index 0000000..7be17cc
Binary files /dev/null and b/lib/javax.servlet.jsp.jstl.jar differ
diff --git a/lib/javax.transaction.jar b/lib/javax.transaction.jar
new file mode 100644
index 0000000..729c695
Binary files /dev/null and b/lib/javax.transaction.jar differ
diff --git a/pom.xml b/pom.xml
new file mode 100644
index 0000000..aadc181
--- /dev/null
+++ b/pom.xml
@@ -0,0 +1,189 @@
+
+
+
+ 4.0.0
+ com.endor.webapp
+ endor-java-webapp-demo
+ 4.0-SNAPSHOT
+ jar
+ endor-webapp Maven Webapp
+
+ http://www.example.com
+
+ UTF-8
+ 1.8
+ 1.8
+
+
+
+ javax.servlet
+ javax.servlet-api
+ 3.1.0
+
+
+ org.apache.commons
+ commons-text
+ 1.9
+
+
+ mysql
+ mysql-connector-java
+ 5.1.42
+
+
+ com.mchange
+ c3p0
+ 0.9.5.2
+
+
+ org.jboss.weld
+ weld-core
+ 1.1.33.Final
+
+
+ javax.enterprise
+ cdi-api
+
+
+ javax.annotation
+ jsr250-api
+
+
+ org.jboss.spec.javax.interceptor
+ jboss-interceptors-api_1.1_spec
+
+
+ org.slf4j
+ slf4j-api
+
+
+ org.javassist
+ javassist
+
+
+
+
+ org.apache.logging.log4j
+ log4j-core
+ 2.3
+ true
+ test
+
+
+ com.nqzero
+ permit-reflect
+ 0.3
+
+
+ org.jboss.arquillian.config
+ arquillian-config-spi
+ 1.7.0.Alpha12
+
+
+ org.jboss.arquillian.container
+ arquillian-container-impl-base
+ 1.7.0.Alpha12
+
+
+ org.jboss.shrinkwrap.descriptors
+ shrinkwrap-descriptors-api-base
+ 2.0.0
+
+
+ org.jboss.shrinkwrap
+ shrinkwrap-impl-base
+ 1.2.6
+
+
+ org.mockito
+ mockito-core
+ 2.28.2
+
+
+ com.google.errorprone
+ error_prone_annotations
+ 2.7.1
+
+
+ org.webjars.bowergithub.webcomponents
+ webcomponentsjs
+ 2.0.0-beta.3
+
+
+ org.webjars.bowergithub.webcomponents
+ shadycss
+ 1.9.1
+
+
+ org.semver
+ api
+ 0.9.33
+
+
+ com.google.code.findbugs
+ jsr305
+
+
+ commons-lang
+ commons-lang
+
+
+ de.tototec
+ de.tototec.cmdoption
+
+
+ org.ow2.asm
+ asm
+
+
+
+
+
+
+ endor-java-webapp-demo
+
+
+
+ maven-clean-plugin
+ 3.1.0
+
+
+
+ maven-resources-plugin
+ 3.0.2
+
+
+ maven-compiler-plugin
+ 3.8.0
+
+
+ maven-surefire-plugin
+ 2.22.1
+
+
+ maven-war-plugin
+ 3.2.2
+
+
+ maven-install-plugin
+ 2.5.2
+
+
+ maven-deploy-plugin
+ 2.8.2
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-compiler-plugin
+
+ 8
+ 8
+
+
+
+
+
diff --git a/src/main/java/com/endor/AppServlet.java b/src/main/java/com/endor/AppServlet.java
new file mode 100644
index 0000000..0e851f4
--- /dev/null
+++ b/src/main/java/com/endor/AppServlet.java
@@ -0,0 +1,170 @@
+package com.endor;
+
+import java.io.BufferedReader;
+import java.io.BufferedWriter;
+import java.io.FileReader;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.OutputStreamWriter;
+import java.io.PrintWriter;
+import java.net.URL;
+
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+
+@javax.servlet.annotation.WebServlet(name = "AppServlet", urlPatterns = "/AppServlet")
+public class AppServlet extends javax.servlet.http.HttpServlet {
+ protected void doPost(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws javax.servlet.ServletException, IOException {
+ doGet(request, response);
+ }
+
+ protected void doGet(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws javax.servlet.ServletException, IOException {
+ //response.getWriter().println("Hello world");
+ PrintWriter out = null;
+ try {
+ out = response.getWriter();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ HtmlUtil.printHtmlHeader(response);
+ HtmlUtil.startBody(response);
+ HtmlUtil.printMenu(response);
+ HtmlUtil.printCurrentTitle("SSRF", response);
+
+ String form = "";
+ out.println(form);
+
+
+ String loopback = request.getParameter("isloopback");
+ String ssrfUrl = request.getParameter("ssrf");
+ String httpsssrfUrl = request.getParameter("httpsssrf");
+
+ System.out.printf("loopback : %s\n",loopback);
+ System.out.printf("ssrfUrl : %s\n",ssrfUrl);
+ System.out.printf("httpsssrfUrl : %s\n",httpsssrfUrl);
+
+ if (loopback == null && ssrfUrl.equalsIgnoreCase("file")) {
+ BufferedReader reader = null;
+ try {
+ reader = new BufferedReader(new FileReader("/opt/ssrfinput.txt"));
+ System.out.println("ssrfinput.txt file opened successfully");
+ }
+ catch (IOException e) {
+ System.out.println("Failed to open Input file");
+ e.printStackTrace();
+ }
+ try {
+ String line = reader.readLine();
+ while (null != line) {
+ System.out.println("SSRF being called with :" + line);
+ UseUrlOpenConnection(request, response, line);
+ line = reader.readLine();
+ Thread.sleep(2000);
+ }
+ reader.close();
+ }
+ catch (Exception ex){
+ ex.getStackTrace();
+ }
+ } else if(loopback == null && ssrfUrl !=null && ssrfUrl.length() > 0) {
+ UseUrlOpenConnection(request, response, ssrfUrl);
+// String countStr = request.getParameter("loop");
+// int count = Integer.parseInt(countStr);
+// for (int i =0; i< count;i++) {
+// restCall(request, response, i);
+// }
+ } else if (loopback == null && 0 == httpsssrfUrl.toUpperCase().indexOf("HTTPS://")) {
+ System.out.println("Inside https://, calling UseUrlOpenConnectionhttps()");
+ UseUrlOpenConnectionhttps(request, response, httpsssrfUrl);
+
+ }
+
+ System.out.println("Executed URLOpen");
+
+ }
+
+ public void UseUrlOpenConnection(javax.servlet.http.HttpServletRequest request,
+ javax.servlet.http.HttpServletResponse response, String ssrfURL) throws javax.servlet.ServletException, IOException {
+ try {
+ response.getWriter().println("Inside Url.openStream");
+ String url = "https://www.oracle.com/";
+ if (ssrfURL != null && ssrfURL.length() > 0) {
+ url = ssrfURL;
+ }
+ URL oracle = new URL(url);
+
+ BufferedReader in = new BufferedReader(
+ new InputStreamReader(oracle.openStream()));
+
+ String inputLine;
+ while ((inputLine = in.readLine()) != null){
+ System.out.println(inputLine);
+ response.getWriter().print(inputLine);}
+ in.close();
+ } catch (Exception e) {
+ response.getWriter().println("Exception!!");
+ response.getWriter().print(e.getMessage());
+
+ }
+ }
+
+ public void UseUrlOpenConnectionhttps(javax.servlet.http.HttpServletRequest request,
+ javax.servlet.http.HttpServletResponse response, String ssrfURL) throws javax.servlet.ServletException, IOException {
+
+ String hostname = "www.verisign.com";
+
+
+ String hostname2 = "time.nist.gov";
+
+ String UrlToOpen = ssrfURL.replaceFirst("HTTPS://", "");
+ UrlToOpen = UrlToOpen.replaceFirst("https://", "");
+
+ try {
+ System.out.printf("Opening SSL socket for host : %s\n", UrlToOpen);
+ SSLSocketFactory factory =
+ (SSLSocketFactory)SSLSocketFactory.getDefault();
+ SSLSocket socket =
+ (SSLSocket)factory.createSocket(UrlToOpen, 443);
+
+ /*
+ * send http request
+
+ */
+ socket.startHandshake();
+
+ PrintWriter out = new PrintWriter(new BufferedWriter(new OutputStreamWriter(socket.getOutputStream())));
+
+ out.println("GET / HTTP/1.0");
+ out.println();
+ out.flush();
+
+ /*
+ * Make sure there were no surprises
+ */
+ if (out.checkError())
+ System.out.println(
+ "SSLSocketClient: java.io.PrintWriter error");
+
+ /* read response */
+ BufferedReader in = new BufferedReader(
+ new InputStreamReader(
+ socket.getInputStream()));
+
+ String inputLine;
+ while ((inputLine = in.readLine()) != null) {
+ System.out.println(inputLine);
+ response.getWriter().print(inputLine);
+ }
+ in.close();
+ out.close();
+ socket.close();
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ }
+}
\ No newline at end of file
diff --git a/src/main/java/com/endor/AsyncEchoUpgradeServlet.java b/src/main/java/com/endor/AsyncEchoUpgradeServlet.java
new file mode 100644
index 0000000..c679803
--- /dev/null
+++ b/src/main/java/com/endor/AsyncEchoUpgradeServlet.java
@@ -0,0 +1,79 @@
+package com.endor;
+
+import javax.servlet.AsyncContext;
+import javax.servlet.ReadListener;
+import javax.servlet.ServletException;
+import javax.servlet.WriteListener;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.*;
+import java.io.IOException;
+import java.util.ArrayDeque;
+import java.util.Queue;
+
+@WebServlet(urlPatterns = "/upgrade")
+public class AsyncEchoUpgradeServlet extends HttpServlet {
+ private static final long serialVersionUID = -6955518532146927509L;
+
+ @Override
+ protected void doGet(final HttpServletRequest req,
+ final HttpServletResponse resp) throws ServletException, IOException {
+ req.upgrade(Handler.class);
+ }
+
+ public static class Handler implements HttpUpgradeHandler {
+ @Override
+ public void init(final WebConnection wc) {
+ Listener listener = new Listener(wc);
+ try {
+ // we have to set the write listener before the read listener
+ // otherwise the output stream could be written to before it is
+ // in async mode
+ wc.getOutputStream().setWriteListener(listener);
+ wc.getInputStream().setReadListener(listener);
+ } catch (IOException e) {
+ throw new IllegalArgumentException(e);
+ }
+ }
+
+ @Override
+ public void destroy() {
+ }
+ }
+
+ private static class Listener implements WriteListener, ReadListener {
+ private final WebConnection connection;
+ private final Queue queue = new ArrayDeque();
+
+ private Listener(final WebConnection connection) {
+ this.connection = connection;
+ }
+
+ @Override
+ public void onDataAvailable() throws IOException {
+ byte[] data = new byte[100];
+ while (connection.getInputStream().isReady()) {
+ int read;
+ if ((read = connection.getInputStream().read(data)) != -1) {
+ queue.add(new String(data, 0, read));
+ }
+ onWritePossible();
+ }
+ }
+
+ @Override
+ public void onAllDataRead() throws IOException {
+ }
+
+ @Override
+ public void onWritePossible() throws IOException {
+ while (!queue.isEmpty() && connection.getOutputStream().isReady()) {
+ String data = queue.poll();
+ connection.getOutputStream().write(data.getBytes());
+ }
+ }
+
+ @Override
+ public void onError(final Throwable t) {
+ }
+ }
+}
diff --git a/src/main/java/com/endor/AsyncServlet.java b/src/main/java/com/endor/AsyncServlet.java
new file mode 100644
index 0000000..789dc6a
--- /dev/null
+++ b/src/main/java/com/endor/AsyncServlet.java
@@ -0,0 +1,652 @@
+package com.endor;
+
+import javax.servlet.AsyncContext;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.sql.*;
+import java.util.HashMap;
+
+@WebServlet(urlPatterns={"/asyncservlet"}, asyncSupported=true)
+public class AsyncServlet extends HttpServlet {
+ /* ... Same variables and init method as in SyncServlet ... */
+
+ protected void doPost(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws javax.servlet.ServletException, IOException {
+ doGet(request, response);
+ }
+
+
+ @Override
+ public void doGet(HttpServletRequest request,
+ HttpServletResponse response) {
+ response.setContentType("text/html;charset=UTF-8");
+ // acontext.dispatch("/booklist");
+
+ final AsyncContext acontext = request.startAsync();
+ acontext.start(new Runnable() {
+ public void run() {
+ HttpServletRequest request1 = (HttpServletRequest) acontext.getRequest();
+ HttpServletResponse response1 = (HttpServletResponse) acontext.getResponse();
+ /* ... print to the response ... */
+ try {
+ doGetAsync(request1, response1);
+ } catch (ServletException e) {
+ e.printStackTrace();
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ acontext.complete();
+ }
+ });
+ }
+
+
+ protected void doGetAsync(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+ PrintWriter out = null;
+ try {
+ out = response.getWriter();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ HtmlUtil.printHtmlHeader(response);
+ HtmlUtil.startBody(response);
+ HtmlUtil.printMenu(response);
+ HtmlUtil.openTable(response);
+ HtmlUtil.openRow(response);
+ HtmlUtil.openCol(response);
+ HtmlUtil.printCurrentTitle("SQL", response);
+
+ String form = "";
+ out.println(form);
+
+ if (createRecord(request, out)) {
+ return;
+ }
+ String first = request.getParameter("first");
+ String last = request.getParameter("name");
+ String pass = request.getParameter("password");
+
+ HashMap sqltypeMap = new HashMap() {{
+ put("storedproc", 0);
+ put("executeUpdateSQLColNames", 1);
+ put("executeQuerySQL", 2);
+ put("executeSQL", 3);
+ put("executeUpdateSQL", 4);
+ put("executeSQLColIndex", 5);
+ put("executeUpdateSQLColIndex", 6);
+ put("executeSQLAutogenkeys", 7);
+ put("executeUpdateSQLAutogenkeys", 8);
+ put("preparedStatement.execute", 9);
+ put("preparedStatement.executeQuery", 10);
+ put("preparedStatement.executeUpdate", 11);
+ put("storedproc.executeQuery", 12);
+
+
+
+ }};
+
+ String sqltypeStr = request.getParameter("sqltype");
+ int sqltype = sqltypeMap.get(sqltypeStr);
+ String retVal = "Failed!";
+
+ switch (sqltype) {
+ case 0: //storedproc
+ if (getCustomersStoredProc(1, last, pass)) {
+ retVal = "Succeeded";
+ }
+ break;
+ case 1: // executeUpdateSQLColNames
+ if (getCustomersUpdateColName(first, last, pass)) {
+ retVal = "Succeeded";
+ }
+ break;
+ case 2: //executeQuerySQL
+ if (executeQuerySQL(last, pass)) {
+ retVal = "Succeeded";
+ }
+ break;
+ case 3: //executeSQL
+ if (executeSQL(last, pass)) {
+
+ retVal = "Succeeded";
+ }
+ break;
+ case 4: //executeUpdateSQL
+ if (executeUpdateSQL(last, pass)) {
+ retVal = "Succeeded";
+ }
+ break;
+ case 5: //executeSQLColIndex
+ if (executeSQLWithColIndex("execute", first, last, pass)) {
+ retVal = "Succeeded";
+ }
+ break;
+ case 6: //executeUpdateSQLColIndex
+ if (executeSQLWithColIndex("executeUpdate", first, last, pass)) {
+ retVal = "Succeeded";
+ }
+ break;
+ case 7: //executeSQLAutogenkeys
+ if (executeSQLWithAutogenkeys("execute", first, last, pass)) {
+ retVal = "Succeeded";
+ }
+ break;
+ case 8: //executeUpdateSQLAutogenkeys
+ if (executeSQLWithAutogenkeys("executeUpdate", first, last, pass)) {
+ retVal = "Succeeded";
+ }
+ break;
+ case 9: //preparedStatement.execute
+ if (getCustomersPreparedStatement( "execute", last, pass)) {
+ retVal = "Succeeded";
+ }
+ break;
+ case 10: //preparedStatement.executeQuery
+ if (getCustomersPreparedStatement( "executeQuery", last, pass)) {
+ retVal = "Succeeded";
+ }
+ break;
+ case 11: //preparedStatement.executeUpdate
+ if (getCustomersPreparedStatement( "executeUpdate", first, last)) {
+ retVal = "Succeeded";
+ }
+ break;
+ case 12: //storedproc executeQuery
+ if (getCustomersStoredProc(2, last, pass)) {
+ retVal = "Succeeded";
+ }
+ break;
+ default:
+ System.out.println("SQL Type not found");
+ }
+ HtmlUtil.closeCol(response);
+ HtmlUtil.openCol(response);
+ if (retVal.equalsIgnoreCase("Succeeded")){
+ retVal = HttpURLConnectionExample.sendGET();
+ }
+ out.println(" SQL execution " + retVal + "
");
+ HtmlUtil.closeCol(response);
+ HtmlUtil.closeRow(response);
+ HtmlUtil.closeTable(response);
+ out.println(" ");
+ out.println("