diff --git a/.gitignore b/.gitignore
index b23edcf..6029da8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,4 +2,5 @@ node_modules/
.env
npm-debug.log
yarn-error.log
-test.md
\ No newline at end of file
+test.md
+backend/target
diff --git a/README.md b/README.md
index 525c0c2..5ec3fd2 100644
--- a/README.md
+++ b/README.md
@@ -17,18 +17,19 @@ The CVEs covered under SCAGoat are primarily critical and high severity, which h
In addition, there is one compromised package, that lacks a CVE, but is malicious by nature and cannot be detected with traditional SCA scanners.
-
| CVE | Package Name | Link |
|----------------------------|-----------------|-------|
| CVE-2023-42282 | IP | [https://nvd.nist.gov/vuln/detail/CVE-2023-42282](https://nvd.nist.gov/vuln/detail/CVE-2023-42282) |
| CVE-2017-1000427 | Marked | [https://nvd.nist.gov/vuln/detail/CVE-2017-1000427](https://nvd.nist.gov/vuln/detail/CVE-2017-1000427) |
| CVE-2017-16114 | Marked | [https://github.com/markedjs/marked/issues/926](https://github.com/markedjs/marked/issues/926) |
| CVE-2021-44228 | log4j | [https://nvd.nist.gov/vuln/detail/CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)|
-| CVE-2020-9547 | Jackson-Binding | [https://nvd.nist.gov/vuln/detail/CVE-2020-9547](https://nvd.nist.gov/vuln/detail/CVE-2020-9547)|
+| CVE-2020-9547 | jackson-databind | [https://nvd.nist.gov/vuln/detail/CVE-2020-9547](https://nvd.nist.gov/vuln/detail/CVE-2020-9547)|
| CVE-2021-33623 | trim-newlines | [https://nvd.nist.gov/vuln/detail/CVE-2021-33623](https://nvd.nist.gov/vuln/detail/CVE-2021-33623)|
+| CVE-2020-13935 | spring-websocket | [https://nvd.nist.gov/vuln/detail/CVE-2020-13935](https://nvd.nist.gov/vuln/detail/CVE-2020-13935)|
| Malicious Package (No CVE) | xz-java | [https://central.sonatype.com/artifact/io.github.xz-java/xz-java](https://central.sonatype.com/artifact/io.github.xz-java/xz-java)|
+
## Steps to run SCAGoat
Step 1. Clone the application
```bash
diff --git a/backend/pom.xml b/backend/pom.xml
index 2b9a3c6..62a4c97 100644
--- a/backend/pom.xml
+++ b/backend/pom.xml
@@ -35,6 +35,10 @@
org.springframework.boot
spring-boot-starter-data-rest
+
+ org.springframework.boot
+ spring-boot-starter-websocket
+
diff --git a/backend/src/main/java/com/acme/foo/ChatMessageHandler.java b/backend/src/main/java/com/acme/foo/ChatMessageHandler.java
new file mode 100644
index 0000000..0546097
--- /dev/null
+++ b/backend/src/main/java/com/acme/foo/ChatMessageHandler.java
@@ -0,0 +1,37 @@
+package com.acme.foo;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.springframework.web.socket.CloseStatus;
+import org.springframework.web.socket.WebSocketMessage;
+import org.springframework.web.socket.WebSocketSession;
+import org.springframework.web.socket.handler.TextWebSocketHandler;
+
+public class ChatMessageHandler extends TextWebSocketHandler {
+
+ List webSocketSessions = Collections.synchronizedList(new ArrayList<>());
+
+ @Override
+ public void afterConnectionEstablished(WebSocketSession session) throws Exception {
+ System.out.println("Connection established");
+ super.afterConnectionEstablished(session);
+ webSocketSessions.add(session);
+ }
+
+ @Override
+ public void afterConnectionClosed(WebSocketSession session, CloseStatus status) throws Exception {
+ super.afterConnectionClosed(session, status);
+ webSocketSessions.remove(session);
+ }
+
+ @Override
+ public void handleMessage(WebSocketSession session, WebSocketMessage> message) throws Exception {
+ System.out.println("Received " + message);
+ super.handleMessage(session, message);
+ for (WebSocketSession webSocketSession : webSocketSessions) {
+ webSocketSession.sendMessage(message);
+ }
+ }
+}
\ No newline at end of file
diff --git a/backend/src/main/java/com/acme/foo/MainController.java b/backend/src/main/java/com/acme/foo/MainController.java
index c3f1abc..2875a17 100755
--- a/backend/src/main/java/com/acme/foo/MainController.java
+++ b/backend/src/main/java/com/acme/foo/MainController.java
@@ -8,6 +8,9 @@
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
+import org.springframework.web.socket.config.annotation.EnableWebSocket;
+import org.springframework.web.socket.config.annotation.WebSocketConfigurer;
+import org.springframework.web.socket.config.annotation.WebSocketHandlerRegistry;
import com.fasterxml.jackson.databind.ObjectMapper;
@@ -16,7 +19,13 @@
@EnableAutoConfiguration
@SpringBootApplication
@EnableCaching
-public class MainController extends SpringBootServletInitializer {
+@EnableWebSocket
+public class MainController extends SpringBootServletInitializer implements WebSocketConfigurer {
+
+ @Override
+ public void registerWebSocketHandlers(WebSocketHandlerRegistry webSocketHandlerRegistry) {
+ webSocketHandlerRegistry.addHandler(new ChatMessageHandler(), "/chat-websocket").setAllowedOrigins("*");
+ }
public static void main(String[] args) {
SpringApplication.run(MainController.class, args);
diff --git a/backend/target/classes/com/acme/foo/MainController.class b/backend/target/classes/com/acme/foo/MainController.class
deleted file mode 100644
index fea4b93..0000000
Binary files a/backend/target/classes/com/acme/foo/MainController.class and /dev/null differ
diff --git a/backend/target/classes/com/acme/foo/Person.class b/backend/target/classes/com/acme/foo/Person.class
deleted file mode 100644
index 2bff689..0000000
Binary files a/backend/target/classes/com/acme/foo/Person.class and /dev/null differ
diff --git a/backend/target/classes/com/acme/foo/PersonApi.class b/backend/target/classes/com/acme/foo/PersonApi.class
deleted file mode 100644
index 2052602..0000000
Binary files a/backend/target/classes/com/acme/foo/PersonApi.class and /dev/null differ
diff --git a/backend/target/maven-archiver/pom.properties b/backend/target/maven-archiver/pom.properties
deleted file mode 100644
index a8f6b12..0000000
--- a/backend/target/maven-archiver/pom.properties
+++ /dev/null
@@ -1,3 +0,0 @@
-artifactId=springboot-app
-groupId=com.acme.foo
-version=0.0.1-SNAPSHOT
diff --git a/backend/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst b/backend/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst
deleted file mode 100644
index eb49581..0000000
--- a/backend/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst
+++ /dev/null
@@ -1,3 +0,0 @@
-com\acme\foo\MainController.class
-com\acme\foo\Person.class
-com\acme\foo\PersonApi.class
diff --git a/backend/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst b/backend/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst
deleted file mode 100644
index 263cc5d..0000000
--- a/backend/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst
+++ /dev/null
@@ -1,3 +0,0 @@
-C:\Users\blurr\Damn-vulnerable-sca\backend\src\main\java\com\acme\foo\PersonApi.java
-C:\Users\blurr\Damn-vulnerable-sca\backend\src\main\java\com\acme\foo\Person.java
-C:\Users\blurr\Damn-vulnerable-sca\backend\src\main\java\com\acme\foo\MainController.java
diff --git a/backend/target/maven-status/maven-compiler-plugin/testCompile/default-testCompile/createdFiles.lst b/backend/target/maven-status/maven-compiler-plugin/testCompile/default-testCompile/createdFiles.lst
deleted file mode 100644
index a9c4b6f..0000000
--- a/backend/target/maven-status/maven-compiler-plugin/testCompile/default-testCompile/createdFiles.lst
+++ /dev/null
@@ -1,4 +0,0 @@
-com\acme\backdoor\Backdoor.class
-com\acme\backdoor\BackdoorTest.class
-com\acme\jndi\LDAPRefServer$OperationInterceptor.class
-com\acme\jndi\LDAPRefServer.class
diff --git a/backend/target/maven-status/maven-compiler-plugin/testCompile/default-testCompile/inputFiles.lst b/backend/target/maven-status/maven-compiler-plugin/testCompile/default-testCompile/inputFiles.lst
deleted file mode 100644
index 89d3d2d..0000000
--- a/backend/target/maven-status/maven-compiler-plugin/testCompile/default-testCompile/inputFiles.lst
+++ /dev/null
@@ -1,3 +0,0 @@
-C:\Users\blurr\Damn-vulnerable-sca\backend\src\test\java\com\acme\backdoor\BackdoorTest.java
-C:\Users\blurr\Damn-vulnerable-sca\backend\src\test\java\com\acme\backdoor\Backdoor.java
-C:\Users\blurr\Damn-vulnerable-sca\backend\src\test\java\com\acme\jndi\LDAPRefServer.java
diff --git a/backend/target/springboot-app-0.0.1-SNAPSHOT.jar b/backend/target/springboot-app-0.0.1-SNAPSHOT.jar
deleted file mode 100644
index 29fb149..0000000
Binary files a/backend/target/springboot-app-0.0.1-SNAPSHOT.jar and /dev/null differ
diff --git a/backend/target/springboot-app-0.0.1-SNAPSHOT.jar.original b/backend/target/springboot-app-0.0.1-SNAPSHOT.jar.original
deleted file mode 100644
index 612c64c..0000000
Binary files a/backend/target/springboot-app-0.0.1-SNAPSHOT.jar.original and /dev/null differ
diff --git a/backend/target/surefire-reports/TEST-com.acme.backdoor.BackdoorTest.xml b/backend/target/surefire-reports/TEST-com.acme.backdoor.BackdoorTest.xml
deleted file mode 100644
index 250e1dd..0000000
--- a/backend/target/surefire-reports/TEST-com.acme.backdoor.BackdoorTest.xml
+++ /dev/null
@@ -1,60 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/backend/target/surefire-reports/com.acme.backdoor.BackdoorTest.txt b/backend/target/surefire-reports/com.acme.backdoor.BackdoorTest.txt
deleted file mode 100644
index 604ac84..0000000
--- a/backend/target/surefire-reports/com.acme.backdoor.BackdoorTest.txt
+++ /dev/null
@@ -1,4 +0,0 @@
--------------------------------------------------------------------------------
-Test set: com.acme.backdoor.BackdoorTest
--------------------------------------------------------------------------------
-Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.121 s - in com.acme.backdoor.BackdoorTest
diff --git a/backend/target/test-classes/com/acme/backdoor/Backdoor.class b/backend/target/test-classes/com/acme/backdoor/Backdoor.class
deleted file mode 100644
index cb874d8..0000000
Binary files a/backend/target/test-classes/com/acme/backdoor/Backdoor.class and /dev/null differ
diff --git a/backend/target/test-classes/com/acme/backdoor/BackdoorTest.class b/backend/target/test-classes/com/acme/backdoor/BackdoorTest.class
deleted file mode 100644
index 6d3d2df..0000000
Binary files a/backend/target/test-classes/com/acme/backdoor/BackdoorTest.class and /dev/null differ
diff --git a/backend/target/test-classes/com/acme/jndi/LDAPRefServer$OperationInterceptor.class b/backend/target/test-classes/com/acme/jndi/LDAPRefServer$OperationInterceptor.class
deleted file mode 100644
index 09e843a..0000000
Binary files a/backend/target/test-classes/com/acme/jndi/LDAPRefServer$OperationInterceptor.class and /dev/null differ
diff --git a/backend/target/test-classes/com/acme/jndi/LDAPRefServer.class b/backend/target/test-classes/com/acme/jndi/LDAPRefServer.class
deleted file mode 100644
index d07d84b..0000000
Binary files a/backend/target/test-classes/com/acme/jndi/LDAPRefServer.class and /dev/null differ
diff --git a/index.js b/index.js
index badf6e2..a91debf 100644
--- a/index.js
+++ b/index.js
@@ -31,6 +31,9 @@ app.get('/', function (req, res) {
app.get('/markdown', function (req, res) {
res.sendFile(__dirname + '/templates/markdown.html');
});
+app.get('/chat-ui', function (req, res) {
+ res.sendFile(__dirname + '/templates/chat-ui.html');
+});
app.get('/trimnewlines', function (req, res) {
res.send(`
diff --git a/templates/chat-ui.html b/templates/chat-ui.html
new file mode 100644
index 0000000..a7a11cf
--- /dev/null
+++ b/templates/chat-ui.html
@@ -0,0 +1,51 @@
+
+
+
+
+
+
+ Document
+
+
+
+
+
+
+
+
+