From 90947e403b2045c0c9a2fa4db50f804b96379a4b Mon Sep 17 00:00:00 2001 From: unknown Date: Thu, 12 Oct 2023 22:45:09 +0300 Subject: [PATCH 01/20] feature/stop-addon-vulnerability adding checkbox --- .../fileupload/ui/FileUploadOptionsPanel.java | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java b/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java index 7224663..6814049 100644 --- a/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java +++ b/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java @@ -1,5 +1,5 @@ /** - * Copyright 2021 SasanLabs + * Copyright 2023 SasanLabs * *

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file * except in compliance with the License. You may obtain a copy of the License at @@ -21,6 +21,7 @@ import java.awt.event.ActionListener; import javax.swing.BoxLayout; import javax.swing.JButton; +import javax.swing.JCheckBox; import javax.swing.JLabel; import javax.swing.JPanel; import javax.swing.JScrollPane; @@ -52,6 +53,8 @@ public class FileUploadOptionsPanel extends AbstractParamPanel { private JTextField parseResponseStartIdentifier; private JTextField parseResponseEndIdentifier; + private JCheckBox sendRequestsAfterFindingVulnerability; + public FileUploadOptionsPanel() { super(); this.setName(FileUploadI18n.getMessage("fileupload.settings.title")); @@ -72,9 +75,16 @@ public FileUploadOptionsPanel() { private void init(JPanel settingsPanel) { settingsPanel.add(uriLocatorConfiguration()); + settingsPanel.add(buildSendRequestsAfterFindingVulnerabilityCheckbox()); footerPanel.add(getResetButton()); } + private JCheckBox buildSendRequestsAfterFindingVulnerabilityCheckbox() { + sendRequestsAfterFindingVulnerability = + new JCheckBox("Continue Sending Requests After Vulnerability Reported"); + return sendRequestsAfterFindingVulnerability; + } + private JButton getResetButton() { JButton resetButton = new JButton(); resetButton.setText(FileUploadI18n.getMessage("fileupload.settings.button.reset")); From bb6893b795ddf6ddc148712459af31e0f8a00711 Mon Sep 17 00:00:00 2001 From: unknown Date: Thu, 12 Oct 2023 22:47:31 +0300 Subject: [PATCH 02/20] feature/stop-addon-vulnerability logic to reset checkbox --- .../org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java b/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java index 6814049..6605dc8 100644 --- a/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java +++ b/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java @@ -82,6 +82,7 @@ private void init(JPanel settingsPanel) { private JCheckBox buildSendRequestsAfterFindingVulnerabilityCheckbox() { sendRequestsAfterFindingVulnerability = new JCheckBox("Continue Sending Requests After Vulnerability Reported"); + sendRequestsAfterFindingVulnerability.setSelected(false); return sendRequestsAfterFindingVulnerability; } @@ -235,6 +236,7 @@ private void resetOptionsPanel() { dynamicLocationConfigurationURIRegex.setText(""); parseResponseStartIdentifier.setText(""); parseResponseEndIdentifier.setText(""); + sendRequestsAfterFindingVulnerability.setSelected(false); } @Override From 9b15ceda4bee5db924b280efaa7f72b6dbfeffe1 Mon Sep 17 00:00:00 2001 From: unknown Date: Fri, 13 Oct 2023 10:29:04 +0300 Subject: [PATCH 03/20] feature/stop-addon-vulnerability logic to add flag to configuration --- .../configuration/FileUploadConfiguration.java | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/sasanlabs/fileupload/configuration/FileUploadConfiguration.java b/src/main/java/org/sasanlabs/fileupload/configuration/FileUploadConfiguration.java index e62b3e6..6086c5e 100644 --- a/src/main/java/org/sasanlabs/fileupload/configuration/FileUploadConfiguration.java +++ b/src/main/java/org/sasanlabs/fileupload/configuration/FileUploadConfiguration.java @@ -1,5 +1,5 @@ /** - * Copyright 2021 SasanLabs + * Copyright 2023 SasanLabs * *

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file * except in compliance with the License. You may obtain a copy of the License at @@ -39,12 +39,16 @@ public class FileUploadConfiguration extends VersionedAbstractParam { PARAM_BASE_KEY + ".parseresponse.startidentifier"; private static final String PARAM_PARSE_RESPONSE_CONFIGURATION_END_IDENTIFIER = PARAM_BASE_KEY + ".parseresponse.endidentifier"; + private static final String PARAM_SEND_REQUESTS_AFTER_FINDING_VULNERABILITY_IDENTIFIER = + PARAM_BASE_KEY + ".sendrequests"; private String staticLocationURIRegex; private String dynamicLocationURIRegex; private String parseResponseStartIdentifier; private String parseResponseEndIdentifier; + private Boolean sendRequestsAfterFindingVulnerability; + private static volatile FileUploadConfiguration fileUploadConfiguration; private FileUploadConfiguration() {} @@ -105,6 +109,14 @@ public void setParseResponseEndIdentifier(String parseResponseEndIdentifier) { parseResponseEndIdentifier); } + public void setSendRequestsAfterFindingVulnerability(boolean shouldSendRequestsAfterFindingVulnerability) { + sendRequestsAfterFindingVulnerability = shouldSendRequestsAfterFindingVulnerability; + this.getConfig() + .setProperty( + PARAM_SEND_REQUESTS_AFTER_FINDING_VULNERABILITY_IDENTIFIER, + shouldSendRequestsAfterFindingVulnerability); + } + @Override protected String getConfigVersionKey() { return CONFIG_VERSION_KEY; @@ -125,6 +137,8 @@ protected void parseImpl() { getConfig().getString(PARAM_PARSE_RESPONSE_CONFIGURATION_START_IDENTIFIER)); this.setParseResponseEndIdentifier( getConfig().getString(PARAM_PARSE_RESPONSE_CONFIGURATION_END_IDENTIFIER)); + this.setSendRequestsAfterFindingVulnerability( + getConfig().getBoolean(PARAM_SEND_REQUESTS_AFTER_FINDING_VULNERABILITY_IDENTIFIER)); } @Override From ef0ff6c5e001027d478489f2141665ffbca279be Mon Sep 17 00:00:00 2001 From: unknown Date: Fri, 13 Oct 2023 10:30:03 +0300 Subject: [PATCH 04/20] feature/stop-addon-vulnerability logic to save new flag --- .../org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java b/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java index 6605dc8..8af1c82 100644 --- a/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java +++ b/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java @@ -298,5 +298,7 @@ public void saveParam(Object optionParams) throws Exception { this.parseResponseStartIdentifier.getText()); fileUploadConfiguration.setParseResponseEndIdentifier( this.parseResponseEndIdentifier.getText()); + fileUploadConfiguration.setSendRequestsAfterFindingVulnerability( + this.sendRequestsAfterFindingVulnerability.isSelected()); } } From b9d150030c49d2daca6e77a04eb62f1120cda885 Mon Sep 17 00:00:00 2001 From: unknown Date: Fri, 13 Oct 2023 10:31:36 +0300 Subject: [PATCH 05/20] feature/stop-addon-vulnerability removing throws Exception as it is redundant --- .../org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java b/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java index 8af1c82..4cd82b4 100644 --- a/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java +++ b/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java @@ -287,7 +287,7 @@ public String getHelpIndex() { } @Override - public void saveParam(Object optionParams) throws Exception { + public void saveParam(Object optionParams) { FileUploadConfiguration fileUploadConfiguration = ((OptionsParam) optionParams).getParamSet(FileUploadConfiguration.class); fileUploadConfiguration.setStaticLocationURIRegex( From be23292d41ad83ff8112a5a89d577f321047fca2 Mon Sep 17 00:00:00 2001 From: unknown Date: Fri, 13 Oct 2023 22:14:30 +0300 Subject: [PATCH 06/20] feature/stop-addon-vulnerability adding getter method for flag --- .../fileupload/configuration/FileUploadConfiguration.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/main/java/org/sasanlabs/fileupload/configuration/FileUploadConfiguration.java b/src/main/java/org/sasanlabs/fileupload/configuration/FileUploadConfiguration.java index 6086c5e..bbb1e7a 100644 --- a/src/main/java/org/sasanlabs/fileupload/configuration/FileUploadConfiguration.java +++ b/src/main/java/org/sasanlabs/fileupload/configuration/FileUploadConfiguration.java @@ -109,6 +109,10 @@ public void setParseResponseEndIdentifier(String parseResponseEndIdentifier) { parseResponseEndIdentifier); } + public Boolean getSendRequestsAfterFindingVulnerability() { + return sendRequestsAfterFindingVulnerability; + } + public void setSendRequestsAfterFindingVulnerability(boolean shouldSendRequestsAfterFindingVulnerability) { sendRequestsAfterFindingVulnerability = shouldSendRequestsAfterFindingVulnerability; this.getConfig() From e63e489cc00d89705cc7edc49a30a68e20e974a7 Mon Sep 17 00:00:00 2001 From: unknown Date: Fri, 13 Oct 2023 22:15:25 +0300 Subject: [PATCH 07/20] feature/stop-addon-vulnerability getting flag from configuration and only stopping if it is disabled --- .../fileupload/attacks/FileUploadAttackExecutor.java | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/sasanlabs/fileupload/attacks/FileUploadAttackExecutor.java b/src/main/java/org/sasanlabs/fileupload/attacks/FileUploadAttackExecutor.java index c8816d8..fed5a2c 100644 --- a/src/main/java/org/sasanlabs/fileupload/attacks/FileUploadAttackExecutor.java +++ b/src/main/java/org/sasanlabs/fileupload/attacks/FileUploadAttackExecutor.java @@ -1,5 +1,5 @@ /** - * Copyright 2021 SasanLabs + * Copyright 2023 SasanLabs * *

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file * except in compliance with the License. You may obtain a copy of the License at @@ -29,6 +29,7 @@ import org.sasanlabs.fileupload.attacks.rce.php.SimplePHPFileUpload; import org.sasanlabs.fileupload.attacks.xss.HtmlFileUpload; import org.sasanlabs.fileupload.attacks.xss.SVGFileUpload; +import org.sasanlabs.fileupload.configuration.FileUploadConfiguration; import org.sasanlabs.fileupload.exception.FileUploadException; /** @@ -70,8 +71,13 @@ public FileUploadAttackExecutor( } public boolean executeAttack() throws FileUploadException { + Boolean shouldSendRequestsAfterFindingVulnerability = FileUploadConfiguration + .getInstance() + .getSendRequestsAfterFindingVulnerability(); + for (AttackVector attackVector : attackVectors) { - if (this.fileUploadScanRule.isStop()) { + if (!shouldSendRequestsAfterFindingVulnerability && + this.fileUploadScanRule.isStop()) { return false; } else { if (attackVector.execute(this)) { From 66219f049db2f978fd2aad2197713e1f1862923b Mon Sep 17 00:00:00 2001 From: unknown Date: Sat, 14 Oct 2023 16:22:53 +0300 Subject: [PATCH 08/20] feature/stop-addon-vulnerability reverting code --- .../fileupload/attacks/FileUploadAttackExecutor.java | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/src/main/java/org/sasanlabs/fileupload/attacks/FileUploadAttackExecutor.java b/src/main/java/org/sasanlabs/fileupload/attacks/FileUploadAttackExecutor.java index fed5a2c..896411c 100644 --- a/src/main/java/org/sasanlabs/fileupload/attacks/FileUploadAttackExecutor.java +++ b/src/main/java/org/sasanlabs/fileupload/attacks/FileUploadAttackExecutor.java @@ -29,7 +29,6 @@ import org.sasanlabs.fileupload.attacks.rce.php.SimplePHPFileUpload; import org.sasanlabs.fileupload.attacks.xss.HtmlFileUpload; import org.sasanlabs.fileupload.attacks.xss.SVGFileUpload; -import org.sasanlabs.fileupload.configuration.FileUploadConfiguration; import org.sasanlabs.fileupload.exception.FileUploadException; /** @@ -71,13 +70,8 @@ public FileUploadAttackExecutor( } public boolean executeAttack() throws FileUploadException { - Boolean shouldSendRequestsAfterFindingVulnerability = FileUploadConfiguration - .getInstance() - .getSendRequestsAfterFindingVulnerability(); - for (AttackVector attackVector : attackVectors) { - if (!shouldSendRequestsAfterFindingVulnerability && - this.fileUploadScanRule.isStop()) { + if (this.fileUploadScanRule.isStop()) { return false; } else { if (attackVector.execute(this)) { From 591c9ade264849cbcf2255ce38876f06c3b090f4 Mon Sep 17 00:00:00 2001 From: unknown Date: Sat, 14 Oct 2023 16:27:57 +0300 Subject: [PATCH 09/20] feature/stop-addon-vulnerability adding property for checkbox --- src/main/java/org/sasanlabs/fileupload/i18n/FileUploadI18n.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/org/sasanlabs/fileupload/i18n/FileUploadI18n.java b/src/main/java/org/sasanlabs/fileupload/i18n/FileUploadI18n.java index 118a423..db817f3 100644 --- a/src/main/java/org/sasanlabs/fileupload/i18n/FileUploadI18n.java +++ b/src/main/java/org/sasanlabs/fileupload/i18n/FileUploadI18n.java @@ -1,5 +1,5 @@ /** - * Copyright 2021 SasanLabs + * Copyright 2023 SasanLabs * *

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file * except in compliance with the License. You may obtain a copy of the License at From 384bbfd4433cc0d29e318b485aad66eee8818ec0 Mon Sep 17 00:00:00 2001 From: unknown Date: Sat, 14 Oct 2023 16:28:17 +0300 Subject: [PATCH 10/20] feature/stop-addon-vulnerability using localized string for checkbox --- .../org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java b/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java index 4cd82b4..fe63f2b 100644 --- a/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java +++ b/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java @@ -81,7 +81,7 @@ private void init(JPanel settingsPanel) { private JCheckBox buildSendRequestsAfterFindingVulnerabilityCheckbox() { sendRequestsAfterFindingVulnerability = - new JCheckBox("Continue Sending Requests After Vulnerability Reported"); + new JCheckBox(FileUploadI18n.getMessage("fileupload.settings.checkbox.sendrequestsaftervulnerability")); sendRequestsAfterFindingVulnerability.setSelected(false); return sendRequestsAfterFindingVulnerability; } From 664c534271973649cd77a4a2acc46dc58764d8ec Mon Sep 17 00:00:00 2001 From: unknown Date: Sun, 15 Oct 2023 19:35:12 +0300 Subject: [PATCH 11/20] feature/stop-addon-vulnerability logic to check condition if should continue sending requests --- .../fileupload/attacks/FileUploadAttackExecutor.java | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/sasanlabs/fileupload/attacks/FileUploadAttackExecutor.java b/src/main/java/org/sasanlabs/fileupload/attacks/FileUploadAttackExecutor.java index 896411c..af21290 100644 --- a/src/main/java/org/sasanlabs/fileupload/attacks/FileUploadAttackExecutor.java +++ b/src/main/java/org/sasanlabs/fileupload/attacks/FileUploadAttackExecutor.java @@ -29,6 +29,7 @@ import org.sasanlabs.fileupload.attacks.rce.php.SimplePHPFileUpload; import org.sasanlabs.fileupload.attacks.xss.HtmlFileUpload; import org.sasanlabs.fileupload.attacks.xss.SVGFileUpload; +import org.sasanlabs.fileupload.configuration.FileUploadConfiguration; import org.sasanlabs.fileupload.exception.FileUploadException; /** @@ -70,11 +71,17 @@ public FileUploadAttackExecutor( } public boolean executeAttack() throws FileUploadException { + + Boolean shouldSendRequestsAfterFindingVulnerability = FileUploadConfiguration + .getInstance() + .getSendRequestsAfterFindingVulnerability(); + for (AttackVector attackVector : attackVectors) { if (this.fileUploadScanRule.isStop()) { return false; } else { - if (attackVector.execute(this)) { + if (attackVector.execute(this) && + !shouldSendRequestsAfterFindingVulnerability) { return true; } } From ca6996bac3354110bff4d48d946f217359ae60b6 Mon Sep 17 00:00:00 2001 From: unknown Date: Sun, 15 Oct 2023 19:36:03 +0300 Subject: [PATCH 12/20] feature/stop-addon-vulnerability adding message for checkbox --- .../org/sasanlabs/fileupload/i18n/Messages.properties | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/main/resources/org/sasanlabs/fileupload/i18n/Messages.properties b/src/main/resources/org/sasanlabs/fileupload/i18n/Messages.properties index 3a52cc5..647e0ff 100755 --- a/src/main/resources/org/sasanlabs/fileupload/i18n/Messages.properties +++ b/src/main/resources/org/sasanlabs/fileupload/i18n/Messages.properties @@ -125,4 +125,6 @@ fileupload.scanner.vulnerability.htaccessFile.soln=Follow the suggestions mentio 1. https://portswigger.net/kb/issues/00500980_file-upload-functionality \ 2. https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload \ 3. https://www.youtube.com/watch?v=CmF9sEyKZNo \ -4. https://cwe.mitre.org/data/definitions/434.html \ No newline at end of file +4. https://cwe.mitre.org/data/definitions/434.html + +fileupload.settings.checkbox.sendrequestsaftervulnerability=Continue Sending Requests After Vulnerability Reported \ No newline at end of file From 24d4ca71663e4721e58c218b5f23c85d58d316d1 Mon Sep 17 00:00:00 2001 From: unknown Date: Mon, 16 Oct 2023 21:47:59 +0300 Subject: [PATCH 13/20] feature/stop-addon-vulnerability adding logic to set checkbox status on init --- .../org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java b/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java index fe63f2b..d5c11b6 100644 --- a/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java +++ b/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java @@ -251,6 +251,8 @@ public void initParam(Object optionParams) { parseResponseStartIdentifier.setText( fileUploadConfiguration.getParseResponseStartIdentifier()); parseResponseEndIdentifier.setText(fileUploadConfiguration.getParseResponseEndIdentifier()); + sendRequestsAfterFindingVulnerability.setSelected( + fileUploadConfiguration.getSendRequestsAfterFindingVulnerability()); } @Override From 775e09fa4872b079145bee89839c578239228cfc Mon Sep 17 00:00:00 2001 From: unknown Date: Mon, 16 Oct 2023 21:49:16 +0300 Subject: [PATCH 14/20] feature/stop-addon-vulnerability changing label of checkbox --- .../resources/org/sasanlabs/fileupload/i18n/Messages.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/org/sasanlabs/fileupload/i18n/Messages.properties b/src/main/resources/org/sasanlabs/fileupload/i18n/Messages.properties index 647e0ff..d2f3af9 100755 --- a/src/main/resources/org/sasanlabs/fileupload/i18n/Messages.properties +++ b/src/main/resources/org/sasanlabs/fileupload/i18n/Messages.properties @@ -127,4 +127,4 @@ fileupload.scanner.vulnerability.htaccessFile.soln=Follow the suggestions mentio 3. https://www.youtube.com/watch?v=CmF9sEyKZNo \ 4. https://cwe.mitre.org/data/definitions/434.html -fileupload.settings.checkbox.sendrequestsaftervulnerability=Continue Sending Requests After Vulnerability Reported \ No newline at end of file +fileupload.settings.checkbox.sendrequestsaftervulnerability=Keep exploiting after discovery \ No newline at end of file From cb1d817b39e1067559a14b80a75381910eb04e3a Mon Sep 17 00:00:00 2001 From: unknown Date: Mon, 16 Oct 2023 21:53:37 +0300 Subject: [PATCH 15/20] feature/stop-addon-vulnerability adding logic to set checkbox status on init --- .../org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java b/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java index d5c11b6..29ce3bd 100644 --- a/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java +++ b/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java @@ -81,7 +81,9 @@ private void init(JPanel settingsPanel) { private JCheckBox buildSendRequestsAfterFindingVulnerabilityCheckbox() { sendRequestsAfterFindingVulnerability = - new JCheckBox(FileUploadI18n.getMessage("fileupload.settings.checkbox.sendrequestsaftervulnerability")); + new JCheckBox( + FileUploadI18n.getMessage( + "fileupload.settings.checkbox.sendrequestsaftervulnerability")); sendRequestsAfterFindingVulnerability.setSelected(false); return sendRequestsAfterFindingVulnerability; } From a6dfe48dd4bf91567440670846423a06ad4304fc Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 18 Oct 2023 21:55:10 +0300 Subject: [PATCH 16/20] feature/stop-addon-vulnerability trying to left align label --- .../fileupload/ui/FileUploadOptionsPanel.java | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java b/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java index 29ce3bd..043084e 100644 --- a/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java +++ b/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java @@ -79,13 +79,17 @@ private void init(JPanel settingsPanel) { footerPanel.add(getResetButton()); } - private JCheckBox buildSendRequestsAfterFindingVulnerabilityCheckbox() { - sendRequestsAfterFindingVulnerability = - new JCheckBox( + private JLabel buildSendRequestsAfterFindingVulnerabilityCheckbox() { + JLabel label = + new JLabel( FileUploadI18n.getMessage( "fileupload.settings.checkbox.sendrequestsaftervulnerability")); - sendRequestsAfterFindingVulnerability.setSelected(false); - return sendRequestsAfterFindingVulnerability; + + sendRequestsAfterFindingVulnerability = new JCheckBox(); + + label.add(sendRequestsAfterFindingVulnerability); + + return label; } private JButton getResetButton() { From d9d7bf203032dc58b38028216a83e5d9a55700d2 Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 18 Oct 2023 21:56:14 +0300 Subject: [PATCH 17/20] feature/stop-addon-vulnerability logic to take into account flag --- .../fileupload/attacks/FileUploadAttackExecutor.java | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/main/java/org/sasanlabs/fileupload/attacks/FileUploadAttackExecutor.java b/src/main/java/org/sasanlabs/fileupload/attacks/FileUploadAttackExecutor.java index af21290..6a5bc2c 100644 --- a/src/main/java/org/sasanlabs/fileupload/attacks/FileUploadAttackExecutor.java +++ b/src/main/java/org/sasanlabs/fileupload/attacks/FileUploadAttackExecutor.java @@ -72,16 +72,14 @@ public FileUploadAttackExecutor( public boolean executeAttack() throws FileUploadException { - Boolean shouldSendRequestsAfterFindingVulnerability = FileUploadConfiguration - .getInstance() - .getSendRequestsAfterFindingVulnerability(); + Boolean shouldSendRequestsAfterFindingVulnerability = + FileUploadConfiguration.getInstance().getSendRequestsAfterFindingVulnerability(); for (AttackVector attackVector : attackVectors) { if (this.fileUploadScanRule.isStop()) { return false; } else { - if (attackVector.execute(this) && - !shouldSendRequestsAfterFindingVulnerability) { + if (attackVector.execute(this) && !shouldSendRequestsAfterFindingVulnerability) { return true; } } From 7faaea493fdb2be55b6dabfa2253b7140084a0e8 Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 18 Oct 2023 21:59:38 +0300 Subject: [PATCH 18/20] feature/stop-addon-vulnerability renaming variable --- .../sasanlabs/fileupload/ui/FileUploadOptionsPanel.java | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java b/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java index 043084e..2de1f20 100644 --- a/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java +++ b/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java @@ -80,16 +80,15 @@ private void init(JPanel settingsPanel) { } private JLabel buildSendRequestsAfterFindingVulnerabilityCheckbox() { - JLabel label = + JLabel SendRequestsAfterFindingVulnerabilityLabel = new JLabel( FileUploadI18n.getMessage( "fileupload.settings.checkbox.sendrequestsaftervulnerability")); sendRequestsAfterFindingVulnerability = new JCheckBox(); + SendRequestsAfterFindingVulnerabilityLabel.add(sendRequestsAfterFindingVulnerability); - label.add(sendRequestsAfterFindingVulnerability); - - return label; + return SendRequestsAfterFindingVulnerabilityLabel; } private JButton getResetButton() { From f1667a7f94a04e22aa91b96560a635b6da373cf2 Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 18 Oct 2023 22:32:29 +0300 Subject: [PATCH 19/20] feature/stop-addon-vulnerability creating jpanel to put label and checkbox inside --- .../fileupload/ui/FileUploadOptionsPanel.java | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java b/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java index 2de1f20..1de94a6 100644 --- a/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java +++ b/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java @@ -79,16 +79,19 @@ private void init(JPanel settingsPanel) { footerPanel.add(getResetButton()); } - private JLabel buildSendRequestsAfterFindingVulnerabilityCheckbox() { - JLabel SendRequestsAfterFindingVulnerabilityLabel = + private JPanel buildSendRequestsAfterFindingVulnerabilityCheckbox() { + JPanel sendRequestsAfterFindingVulnerabilityPanel = new JPanel(); + sendRequestsAfterFindingVulnerabilityPanel.setLayout(new FlowLayout(FlowLayout.LEFT)); + JLabel sendRequestsAfterFindingVulnerabilityLabel = new JLabel( FileUploadI18n.getMessage( "fileupload.settings.checkbox.sendrequestsaftervulnerability")); sendRequestsAfterFindingVulnerability = new JCheckBox(); - SendRequestsAfterFindingVulnerabilityLabel.add(sendRequestsAfterFindingVulnerability); + sendRequestsAfterFindingVulnerabilityLabel.add(sendRequestsAfterFindingVulnerability); + sendRequestsAfterFindingVulnerabilityPanel.add(sendRequestsAfterFindingVulnerabilityLabel); - return SendRequestsAfterFindingVulnerabilityLabel; + return sendRequestsAfterFindingVulnerabilityPanel; } private JButton getResetButton() { From d73422ff0d62c726b9e039ef847e9af117c25803 Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 18 Oct 2023 22:36:15 +0300 Subject: [PATCH 20/20] feature/stop-addon-vulnerability making checbkox left align --- .../org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java b/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java index 1de94a6..cbd3af9 100644 --- a/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java +++ b/src/main/java/org/sasanlabs/fileupload/ui/FileUploadOptionsPanel.java @@ -88,8 +88,8 @@ private JPanel buildSendRequestsAfterFindingVulnerabilityCheckbox() { "fileupload.settings.checkbox.sendrequestsaftervulnerability")); sendRequestsAfterFindingVulnerability = new JCheckBox(); - sendRequestsAfterFindingVulnerabilityLabel.add(sendRequestsAfterFindingVulnerability); sendRequestsAfterFindingVulnerabilityPanel.add(sendRequestsAfterFindingVulnerabilityLabel); + sendRequestsAfterFindingVulnerabilityPanel.add(sendRequestsAfterFindingVulnerability); return sendRequestsAfterFindingVulnerabilityPanel; }