Skip to content

Commit

Permalink
Merge pull request #12 from harekrishnarai/CVE-2020-13935
Browse files Browse the repository at this point in the history
  • Loading branch information
harekrishnarai authored Aug 3, 2024
2 parents ab6dd7d + 05905c4 commit 7f96e84
Show file tree
Hide file tree
Showing 23 changed files with 110 additions and 84 deletions.
3 changes: 2 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,5 @@ node_modules/
.env
npm-debug.log
yarn-error.log
test.md
test.md
backend/target
5 changes: 3 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,18 +17,19 @@ The CVEs covered under SCAGoat are primarily critical and high severity, which h

In addition, there is one compromised package, that lacks a CVE, but is malicious by nature and cannot be detected with traditional SCA scanners.


| CVE | Package Name | Link |
|----------------------------|-----------------|-------|
| CVE-2023-42282 | IP | [https://nvd.nist.gov/vuln/detail/CVE-2023-42282](https://nvd.nist.gov/vuln/detail/CVE-2023-42282) |
| CVE-2017-1000427 | Marked | [https://nvd.nist.gov/vuln/detail/CVE-2017-1000427](https://nvd.nist.gov/vuln/detail/CVE-2017-1000427) |
| CVE-2017-16114 | Marked | [https://github.com/markedjs/marked/issues/926](https://github.com/markedjs/marked/issues/926) |
| CVE-2021-44228 | log4j | [https://nvd.nist.gov/vuln/detail/CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)|
| CVE-2020-9547 | Jackson-Binding | [https://nvd.nist.gov/vuln/detail/CVE-2020-9547](https://nvd.nist.gov/vuln/detail/CVE-2020-9547)|
| CVE-2020-9547 | jackson-databind | [https://nvd.nist.gov/vuln/detail/CVE-2020-9547](https://nvd.nist.gov/vuln/detail/CVE-2020-9547)|
| CVE-2021-33623 | trim-newlines | [https://nvd.nist.gov/vuln/detail/CVE-2021-33623](https://nvd.nist.gov/vuln/detail/CVE-2021-33623)|
| CVE-2020-13935 | spring-websocket | [https://nvd.nist.gov/vuln/detail/CVE-2020-13935](https://nvd.nist.gov/vuln/detail/CVE-2020-13935)|
| Malicious Package (No CVE) | xz-java | [https://central.sonatype.com/artifact/io.github.xz-java/xz-java](https://central.sonatype.com/artifact/io.github.xz-java/xz-java)|



## Steps to run SCAGoat
Step 1. Clone the application
```bash
Expand Down
4 changes: 4 additions & 0 deletions backend/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,10 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-rest</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-websocket</artifactId>
</dependency>

<!-- For LDAP reference server (which does not work) -->
<dependency>
Expand Down
37 changes: 37 additions & 0 deletions backend/src/main/java/com/acme/foo/ChatMessageHandler.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
package com.acme.foo;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;

import org.springframework.web.socket.CloseStatus;
import org.springframework.web.socket.WebSocketMessage;
import org.springframework.web.socket.WebSocketSession;
import org.springframework.web.socket.handler.TextWebSocketHandler;

public class ChatMessageHandler extends TextWebSocketHandler {

List<WebSocketSession> webSocketSessions = Collections.synchronizedList(new ArrayList<>());

@Override
public void afterConnectionEstablished(WebSocketSession session) throws Exception {
System.out.println("Connection established");
super.afterConnectionEstablished(session);
webSocketSessions.add(session);
}

@Override
public void afterConnectionClosed(WebSocketSession session, CloseStatus status) throws Exception {
super.afterConnectionClosed(session, status);
webSocketSessions.remove(session);
}

@Override
public void handleMessage(WebSocketSession session, WebSocketMessage<?> message) throws Exception {
System.out.println("Received " + message);
super.handleMessage(session, message);
for (WebSocketSession webSocketSession : webSocketSessions) {
webSocketSession.sendMessage(message);
}
}
}
11 changes: 10 additions & 1 deletion backend/src/main/java/com/acme/foo/MainController.java
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.socket.config.annotation.EnableWebSocket;
import org.springframework.web.socket.config.annotation.WebSocketConfigurer;
import org.springframework.web.socket.config.annotation.WebSocketHandlerRegistry;

import com.fasterxml.jackson.databind.ObjectMapper;

Expand All @@ -16,7 +19,13 @@
@EnableAutoConfiguration
@SpringBootApplication
@EnableCaching
public class MainController extends SpringBootServletInitializer {
@EnableWebSocket
public class MainController extends SpringBootServletInitializer implements WebSocketConfigurer {

@Override
public void registerWebSocketHandlers(WebSocketHandlerRegistry webSocketHandlerRegistry) {
webSocketHandlerRegistry.addHandler(new ChatMessageHandler(), "/chat-websocket").setAllowedOrigins("*");
}

public static void main(String[] args) {
SpringApplication.run(MainController.class, args);
Expand Down
Binary file not shown.
Binary file removed backend/target/classes/com/acme/foo/Person.class
Binary file not shown.
Binary file removed backend/target/classes/com/acme/foo/PersonApi.class
Binary file not shown.
3 changes: 0 additions & 3 deletions backend/target/maven-archiver/pom.properties

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

Binary file removed backend/target/springboot-app-0.0.1-SNAPSHOT.jar
Binary file not shown.
Binary file not shown.

This file was deleted.

This file was deleted.

Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
3 changes: 3 additions & 0 deletions index.js
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,9 @@ app.get('/', function (req, res) {
app.get('/markdown', function (req, res) {
res.sendFile(__dirname + '/templates/markdown.html');
});
app.get('/chat-ui', function (req, res) {
res.sendFile(__dirname + '/templates/chat-ui.html');
});

app.get('/trimnewlines', function (req, res) {
res.send(`
Expand Down
51 changes: 51 additions & 0 deletions templates/chat-ui.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport"
content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Document</title>
<script type="application/javascript">
let ws;

function connect() {
ws = new WebSocket("ws://localhost:8080/chat-websocket");
ws.onmessage = function (e) {
printMessage(e.data);
}
ws.onerror = function (e) {
printMessage(e);
}
document.getElementById("connectButton").disabled = true;
document.getElementById("connectButton").value = "Connected";
document.getElementById("name").disabled = true;
}

function printMessage(data) {
let messages = document.getElementById("messages");
let messageData = JSON.parse(data);
let newMessage = document.createElement("div");
newMessage.innerHTML = messageData.name + " : " + messageData.message;
messages.appendChild(newMessage);
}

function sendToGroupChat() {
let messageText = document.getElementById("message").value;
document.getElementById("message").value="";
let name = document.getElementById("name").value;
let messageObject = {
name: name,
message: messageText
}
ws.send(JSON.stringify(messageObject))
}
</script>
</head>
<body>
<input type="text" id="name"><input id="connectButton" type="button" value="Connect" onclick="connect()">
<div id="messages"></div>
<input type="text" id="message">
<input type="button" value="send" onclick="sendToGroupChat()">
</body>
</html>

0 comments on commit 7f96e84

Please sign in to comment.