├── .dockerignore
├── .gitignore
├── Dockerfile
├── LICENSE
├── attack_examples
├── build.gradle
├── falsePositives.xml
├── fsb-exclude.xml
├── fsb-include.xml
├── gradle
└── wrapper
│ ├── gradle-wrapper.jar
│ └── gradle-wrapper.properties
├── gradlew
├── gradlew.bat
├── src
└── main
│ ├── java
│ └── com
│ │ └── groovycoder
│ │ └── dvsba
│ │ ├── DvsbaApplication.java
│ │ ├── HomeController.java
│ │ ├── books
│ │ ├── Book.java
│ │ └── BookController.java
│ │ └── comments
│ │ └── CommentController.java
│ └── resources
│ ├── application.properties
│ └── templates
│ └── views
│ ├── comment
│ └── comment.tpl
│ ├── home.tpl
│ └── sql
│ ├── detail.tpl
│ └── home.tpl
└── zapTest.sh
/.dockerignore:
--------------------------------------------------------------------------------
1 | Dockerfile
2 | build
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | .gradle
2 | /build/
3 | build_backup/
4 | out
5 | !gradle/wrapper/gradle-wrapper.jar
6 |
7 | ### STS ###
8 | .apt_generated
9 | .classpath
10 | .factorypath
11 | .project
12 | .settings
13 | .springBeans
14 |
15 | ### IntelliJ IDEA ###
16 | .idea
17 | *.iws
18 | *.iml
19 | *.ipr
20 |
21 | ### NetBeans ###
22 | nbproject/private/
23 | build/
24 | nbbuild/
25 | dist/
26 | nbdist/
27 | .nb-gradle/
--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM openjdk:8-jdk as BUILD
2 |
3 | RUN mkdir /workspace
4 | WORKDIR /workspace
5 | COPY . .
6 |
7 | RUN ./gradlew build
8 |
9 | FROM openjdk:8-jre as APP
10 |
11 | EXPOSE 8080
12 |
13 | COPY --from=BUILD /workspace/build/libs/*.jar damn-vulnerable-spring-boot-app.jar
14 |
15 | ENTRYPOINT ["java", "-jar", "./damn-vulnerable-spring-boot-app.jar"]
16 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2017 GDATA Advanced Analytics GmbH
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/attack_examples:
--------------------------------------------------------------------------------
1 | Persistent XSS
2 | Spring rules!
3 |
4 | SQL Injection
5 | http://localhost:8080/books/detail?id=1;DROP+TABLE+books
--------------------------------------------------------------------------------
/build.gradle:
--------------------------------------------------------------------------------
1 | import com.github.spotbugs.SpotBugsTask
2 |
3 | buildscript {
4 | ext {
5 | //springBootVersion = '1.5.8.RELEASE'
6 | springBootVersion = '1.5.13.RELEASE'
7 | // springBootVersion = '1.5.19.RELEASE'
8 | }
9 | repositories {
10 | mavenCentral()
11 | }
12 | dependencies {
13 | classpath 'se.transmode.gradle:gradle-docker:1.2'
14 | classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}")
15 |
16 |
17 | }
18 | }
19 |
20 | plugins {
21 | id "groovy"
22 | id "org.owasp.dependencycheck" version "5.2.1"
23 | id "com.github.spotbugs" version "2.0.0"
24 | }
25 |
26 | spotbugs {
27 | toolVersion = '3.1.12'
28 | ignoreFailures = true
29 | }
30 |
31 | tasks.withType(SpotBugsTask) {
32 | reports {
33 | xml.enabled = false
34 | html.enabled = true
35 | }
36 | }
37 |
38 | apply plugin: 'org.springframework.boot'
39 |
40 | version = '0.0.1-SNAPSHOT'
41 | sourceCompatibility = 1.8
42 | group = 'wss'
43 |
44 | repositories {
45 | mavenCentral()
46 | }
47 |
48 | dependencies {
49 | compile('org.springframework.boot:spring-boot-starter-groovy-templates')
50 | compile('org.springframework.boot:spring-boot-starter-jdbc')
51 | compile('org.springframework.boot:spring-boot-starter-web')
52 | compile('org.codehaus.groovy:groovy-all:2.4.12')
53 |
54 | // CVE
55 | compile 'commons-collections:commons-collections:3.2'
56 |
57 | runtime('com.h2database:h2')
58 |
59 | // FP
60 | runtime 'mysql:mysql-connector-java:8.0.8-dmr'
61 |
62 | testCompile('org.springframework.boot:spring-boot-starter-test')
63 |
64 | spotbugsPlugins 'com.h3xstream.findsecbugs:findsecbugs-plugin:1.9.0'
65 | }
66 |
67 | dependencyCheck {
68 | suppressionFile = "falsePositives.xml"
69 | }
70 |
--------------------------------------------------------------------------------
/falsePositives.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/fsb-exclude.xml:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/fsb-include.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/gradle/wrapper/gradle-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kiview/damn-vulnerable-spring-boot-app/c95c4f5c3ff9304356b7a53f83f0eaa973e76a87/gradle/wrapper/gradle-wrapper.jar
--------------------------------------------------------------------------------
/gradle/wrapper/gradle-wrapper.properties:
--------------------------------------------------------------------------------
1 | #Wed Aug 16 11:27:41 CEST 2017
2 | distributionBase=GRADLE_USER_HOME
3 | distributionPath=wrapper/dists
4 | zipStoreBase=GRADLE_USER_HOME
5 | zipStorePath=wrapper/dists
6 | distributionUrl=https\://services.gradle.org/distributions/gradle-5.3.1-all.zip
7 |
--------------------------------------------------------------------------------
/gradlew:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env sh
2 |
3 | ##############################################################################
4 | ##
5 | ## Gradle start up script for UN*X
6 | ##
7 | ##############################################################################
8 |
9 | # Attempt to set APP_HOME
10 | # Resolve links: $0 may be a link
11 | PRG="$0"
12 | # Need this for relative symlinks.
13 | while [ -h "$PRG" ] ; do
14 | ls=`ls -ld "$PRG"`
15 | link=`expr "$ls" : '.*-> \(.*\)$'`
16 | if expr "$link" : '/.*' > /dev/null; then
17 | PRG="$link"
18 | else
19 | PRG=`dirname "$PRG"`"/$link"
20 | fi
21 | done
22 | SAVED="`pwd`"
23 | cd "`dirname \"$PRG\"`/" >/dev/null
24 | APP_HOME="`pwd -P`"
25 | cd "$SAVED" >/dev/null
26 |
27 | APP_NAME="Gradle"
28 | APP_BASE_NAME=`basename "$0"`
29 |
30 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
31 | DEFAULT_JVM_OPTS=""
32 |
33 | # Use the maximum available, or set MAX_FD != -1 to use that value.
34 | MAX_FD="maximum"
35 |
36 | warn ( ) {
37 | echo "$*"
38 | }
39 |
40 | die ( ) {
41 | echo
42 | echo "$*"
43 | echo
44 | exit 1
45 | }
46 |
47 | # OS specific support (must be 'true' or 'false').
48 | cygwin=false
49 | msys=false
50 | darwin=false
51 | nonstop=false
52 | case "`uname`" in
53 | CYGWIN* )
54 | cygwin=true
55 | ;;
56 | Darwin* )
57 | darwin=true
58 | ;;
59 | MINGW* )
60 | msys=true
61 | ;;
62 | NONSTOP* )
63 | nonstop=true
64 | ;;
65 | esac
66 |
67 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
68 |
69 | # Determine the Java command to use to start the JVM.
70 | if [ -n "$JAVA_HOME" ] ; then
71 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
72 | # IBM's JDK on AIX uses strange locations for the executables
73 | JAVACMD="$JAVA_HOME/jre/sh/java"
74 | else
75 | JAVACMD="$JAVA_HOME/bin/java"
76 | fi
77 | if [ ! -x "$JAVACMD" ] ; then
78 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
79 |
80 | Please set the JAVA_HOME variable in your environment to match the
81 | location of your Java installation."
82 | fi
83 | else
84 | JAVACMD="java"
85 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
86 |
87 | Please set the JAVA_HOME variable in your environment to match the
88 | location of your Java installation."
89 | fi
90 |
91 | # Increase the maximum file descriptors if we can.
92 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
93 | MAX_FD_LIMIT=`ulimit -H -n`
94 | if [ $? -eq 0 ] ; then
95 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
96 | MAX_FD="$MAX_FD_LIMIT"
97 | fi
98 | ulimit -n $MAX_FD
99 | if [ $? -ne 0 ] ; then
100 | warn "Could not set maximum file descriptor limit: $MAX_FD"
101 | fi
102 | else
103 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
104 | fi
105 | fi
106 |
107 | # For Darwin, add options to specify how the application appears in the dock
108 | if $darwin; then
109 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
110 | fi
111 |
112 | # For Cygwin, switch paths to Windows format before running java
113 | if $cygwin ; then
114 | APP_HOME=`cygpath --path --mixed "$APP_HOME"`
115 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
116 | JAVACMD=`cygpath --unix "$JAVACMD"`
117 |
118 | # We build the pattern for arguments to be converted via cygpath
119 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
120 | SEP=""
121 | for dir in $ROOTDIRSRAW ; do
122 | ROOTDIRS="$ROOTDIRS$SEP$dir"
123 | SEP="|"
124 | done
125 | OURCYGPATTERN="(^($ROOTDIRS))"
126 | # Add a user-defined pattern to the cygpath arguments
127 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then
128 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
129 | fi
130 | # Now convert the arguments - kludge to limit ourselves to /bin/sh
131 | i=0
132 | for arg in "$@" ; do
133 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
134 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option
135 |
136 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition
137 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
138 | else
139 | eval `echo args$i`="\"$arg\""
140 | fi
141 | i=$((i+1))
142 | done
143 | case $i in
144 | (0) set -- ;;
145 | (1) set -- "$args0" ;;
146 | (2) set -- "$args0" "$args1" ;;
147 | (3) set -- "$args0" "$args1" "$args2" ;;
148 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
149 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
150 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
151 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
152 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
153 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
154 | esac
155 | fi
156 |
157 | # Escape application args
158 | save ( ) {
159 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
160 | echo " "
161 | }
162 | APP_ARGS=$(save "$@")
163 |
164 | # Collect all arguments for the java command, following the shell quoting and substitution rules
165 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
166 |
167 | # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
168 | if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then
169 | cd "$(dirname "$0")"
170 | fi
171 |
172 | exec "$JAVACMD" "$@"
173 |
--------------------------------------------------------------------------------
/gradlew.bat:
--------------------------------------------------------------------------------
1 | @if "%DEBUG%" == "" @echo off
2 | @rem ##########################################################################
3 | @rem
4 | @rem Gradle startup script for Windows
5 | @rem
6 | @rem ##########################################################################
7 |
8 | @rem Set local scope for the variables with windows NT shell
9 | if "%OS%"=="Windows_NT" setlocal
10 |
11 | set DIRNAME=%~dp0
12 | if "%DIRNAME%" == "" set DIRNAME=.
13 | set APP_BASE_NAME=%~n0
14 | set APP_HOME=%DIRNAME%
15 |
16 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
17 | set DEFAULT_JVM_OPTS=
18 |
19 | @rem Find java.exe
20 | if defined JAVA_HOME goto findJavaFromJavaHome
21 |
22 | set JAVA_EXE=java.exe
23 | %JAVA_EXE% -version >NUL 2>&1
24 | if "%ERRORLEVEL%" == "0" goto init
25 |
26 | echo.
27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
28 | echo.
29 | echo Please set the JAVA_HOME variable in your environment to match the
30 | echo location of your Java installation.
31 |
32 | goto fail
33 |
34 | :findJavaFromJavaHome
35 | set JAVA_HOME=%JAVA_HOME:"=%
36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe
37 |
38 | if exist "%JAVA_EXE%" goto init
39 |
40 | echo.
41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
42 | echo.
43 | echo Please set the JAVA_HOME variable in your environment to match the
44 | echo location of your Java installation.
45 |
46 | goto fail
47 |
48 | :init
49 | @rem Get command-line arguments, handling Windows variants
50 |
51 | if not "%OS%" == "Windows_NT" goto win9xME_args
52 |
53 | :win9xME_args
54 | @rem Slurp the command line arguments.
55 | set CMD_LINE_ARGS=
56 | set _SKIP=2
57 |
58 | :win9xME_args_slurp
59 | if "x%~1" == "x" goto execute
60 |
61 | set CMD_LINE_ARGS=%*
62 |
63 | :execute
64 | @rem Setup the command line
65 |
66 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
67 |
68 | @rem Execute Gradle
69 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
70 |
71 | :end
72 | @rem End local scope for the variables with windows NT shell
73 | if "%ERRORLEVEL%"=="0" goto mainEnd
74 |
75 | :fail
76 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
77 | rem the _cmd.exe /c_ return code!
78 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
79 | exit /b 1
80 |
81 | :mainEnd
82 | if "%OS%"=="Windows_NT" endlocal
83 |
84 | :omega
85 |
--------------------------------------------------------------------------------
/src/main/java/com/groovycoder/dvsba/DvsbaApplication.java:
--------------------------------------------------------------------------------
1 | package com.groovycoder.dvsba;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | @SpringBootApplication
7 | public class DvsbaApplication {
8 |
9 | public static void main(String[] args) {
10 | SpringApplication.run(DvsbaApplication.class, args);
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/src/main/java/com/groovycoder/dvsba/HomeController.java:
--------------------------------------------------------------------------------
1 | package com.groovycoder.dvsba;
2 |
3 | import org.springframework.stereotype.Controller;
4 | import org.springframework.web.bind.annotation.GetMapping;
5 | import org.springframework.web.servlet.ModelAndView;
6 |
7 | @Controller
8 | public class HomeController {
9 |
10 | @GetMapping("/")
11 | public ModelAndView home() {
12 | return new ModelAndView("views/home");
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/src/main/java/com/groovycoder/dvsba/books/Book.java:
--------------------------------------------------------------------------------
1 | package com.groovycoder.dvsba.books;
2 |
3 | public class Book {
4 | Long id;
5 | String name;
6 | String author;
7 |
8 | public Book(Long id, String name, String author) {
9 | this.id = id;
10 | this.name = name;
11 | this.author = author;
12 | }
13 | }
14 |
--------------------------------------------------------------------------------
/src/main/java/com/groovycoder/dvsba/books/BookController.java:
--------------------------------------------------------------------------------
1 | package com.groovycoder.dvsba.books;
2 |
3 | import org.springframework.jdbc.core.JdbcTemplate;
4 | import org.springframework.jdbc.core.ResultSetExtractor;
5 | import org.springframework.stereotype.Controller;
6 | import org.springframework.web.bind.annotation.RequestMapping;
7 | import org.springframework.web.bind.annotation.RequestParam;
8 | import org.springframework.web.servlet.ModelAndView;
9 |
10 | import javax.annotation.PostConstruct;
11 | import java.util.*;
12 |
13 | @RequestMapping("/books")
14 | @Controller
15 | class BookController {
16 |
17 | private final JdbcTemplate jdbcTemplate;
18 |
19 | public BookController(JdbcTemplate jdbcTemplate) {
20 | this.jdbcTemplate = jdbcTemplate;
21 | }
22 |
23 | @RequestMapping("/")
24 | public ModelAndView home() {
25 | List books = loadBooks();
26 |
27 | Map model = new HashMap<>();
28 | model.put("books", books);
29 |
30 | return new ModelAndView("views/sql/home", model);
31 | }
32 |
33 | @RequestMapping("/detail")
34 | public ModelAndView detail(@RequestParam(value = "id") String id) {
35 | String sql = "SELECT * FROM books WHERE id=" + id;
36 | final Book[] book = new Book[1];
37 | jdbcTemplate.query(sql, (ResultSetExtractor) rs -> {
38 | if (rs.next())
39 | book[0] = new Book(rs.getLong(1), rs.getString(2), rs.getString(3));
40 |
41 | return null;
42 |
43 | });
44 |
45 | Map model = new HashMap<>();
46 | model.put("book", book[0]);
47 |
48 | return new ModelAndView("views/sql/detail", model);
49 | }
50 |
51 | @PostConstruct
52 | private void bootstrap() {
53 | initDb();
54 |
55 | List books = Arrays.asList(
56 | new Book(1L, "Moby Dick", "Herman Melville"),
57 | new Book(2L, "Unsichtbare Spuren", "Andreas Franz"),
58 | new Book(3L, "Das Paket", "Sebastian Fitzek")
59 | );
60 | saveBooks(books);
61 | }
62 |
63 | private void saveBooks(List books) {
64 | books.forEach(book ->
65 | jdbcTemplate.update("INSERT INTO books (id, `name`, author) values (?, ?, ?)",
66 | book.id, book.name, book.author)
67 | );
68 | }
69 |
70 | private List loadBooks() {
71 |
72 | return jdbcTemplate.query("SELECT * FROM books", rs -> {
73 | List books = new LinkedList<>();
74 |
75 | while (rs.next()) {
76 | books.add(new Book(rs.getLong(1), rs.getString(2), rs.getString(3)));
77 | }
78 |
79 | return books;
80 | });
81 |
82 | }
83 |
84 | private void initDb() {
85 | jdbcTemplate.execute("CREATE TABLE books (id NUMBER, name VARCHAR(255), author VARCHAR(255))");
86 | }
87 |
88 | }
89 |
--------------------------------------------------------------------------------
/src/main/java/com/groovycoder/dvsba/comments/CommentController.java:
--------------------------------------------------------------------------------
1 | package com.groovycoder.dvsba.comments;
2 |
3 | import org.springframework.stereotype.Controller;
4 | import org.springframework.web.bind.annotation.GetMapping;
5 | import org.springframework.web.bind.annotation.PostMapping;
6 | import org.springframework.web.bind.annotation.RequestMapping;
7 | import org.springframework.web.bind.annotation.RequestParam;
8 | import org.springframework.web.servlet.ModelAndView;
9 |
10 | import java.util.ArrayList;
11 | import java.util.Arrays;
12 | import java.util.HashMap;
13 | import java.util.List;
14 | import java.util.Map;
15 |
16 | @Controller
17 | @RequestMapping("/comments")
18 | public class CommentController {
19 |
20 | private List comments = new ArrayList<>(Arrays.asList(
21 | "Hi super Webseite leider keine Mobile App deswegen nur einen Stern.",
22 | "Ich muss darauf hinweisen, dass eine Webseite ohne Impressum zu betreiben !!!strafbar!!! ist!!!",
23 | "Hallo, wir sinds! Wolltest du nicht die Fotos von Samstag hochladen? Grüße!"));
24 |
25 | @GetMapping(path = "/")
26 | public ModelAndView listComments() {
27 | Map model = new HashMap<>();
28 | model.put("comments", comments);
29 |
30 | return new ModelAndView(
31 | "views/comment/comment",
32 | model);
33 | }
34 |
35 | @PostMapping("/")
36 | public ModelAndView postComment(@RequestParam String input) {
37 | comments.add(input);
38 |
39 | Map model = new HashMap<>();
40 | model.put("comments", comments);
41 |
42 | return new ModelAndView(
43 | "views/comment/comment",
44 | model);
45 | }
46 |
47 | }
48 |
--------------------------------------------------------------------------------
/src/main/resources/application.properties:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kiview/damn-vulnerable-spring-boot-app/c95c4f5c3ff9304356b7a53f83f0eaa973e76a87/src/main/resources/application.properties
--------------------------------------------------------------------------------
/src/main/resources/templates/views/comment/comment.tpl:
--------------------------------------------------------------------------------
1 | yieldUnescaped ''
2 | html {
3 | head {
4 | title('Spring Boot - Groovy templates example')
5 | link(rel: 'stylesheet', href: '/css/bootstrap.min.css')
6 | }
7 | body {
8 | form(action: "/comments/", method: "POST") {
9 | input(name: "input") {
10 |
11 | }
12 | }
13 |
14 | comments.each { comment ->
15 | div {
16 | h3(style: "border-bottom: 1px solid black;") {
17 | yield "Comment by Anonymous"
18 | }
19 | div(style: "border-bottom: 1px solid black;") {
20 | yieldUnescaped comment
21 | }
22 | }
23 | }
24 | }
25 | }
--------------------------------------------------------------------------------
/src/main/resources/templates/views/home.tpl:
--------------------------------------------------------------------------------
1 | yieldUnescaped ''
2 | html {
3 | head {
4 | title('Damn Vulnerable Spring Boot App - Home')
5 | }
6 | body {
7 | h1 {
8 | yield 'Hello and Welcome to the DVSBA!'
9 | }
10 | p ("Take a look around! We have a ${$a(href:'/books/', "catalouge")} of our favourite books which you can browse. If you like it, leave a comment in the ${ $a(href: '/comments/', "comment section")}!")
11 |
12 | }
13 | }
--------------------------------------------------------------------------------
/src/main/resources/templates/views/sql/detail.tpl:
--------------------------------------------------------------------------------
1 | yieldUnescaped ''
2 | html {
3 | head {
4 | title('Damn Vulnerable Spring Boot App')
5 | }
6 | body {
7 | div(class: 'container') {
8 | a(class: 'brand',
9 | href: '/books/',
10 | 'List')
11 | br()
12 | br()
13 | p "ID: ${book.id}, Name: ${book.name}, Author: ${book.author}"
14 | }
15 | }
16 | }
--------------------------------------------------------------------------------
/src/main/resources/templates/views/sql/home.tpl:
--------------------------------------------------------------------------------
1 | yieldUnescaped ''
2 | html {
3 | head {
4 | title('Damn Vulnerable Spring Boot App')
5 | }
6 | body {
7 | div(class: 'container') {
8 | form(method: "GET", action: "/books/detail") {
9 | input(name: "id", placeholder: "Search for a book id!")
10 | }
11 | br
12 | table(border:1) {
13 | thead {
14 | tr {
15 | td 'ID'
16 | td 'Name'
17 | td 'Author'
18 | }
19 | }
20 | tbody {
21 | books.each { book ->
22 | tr {
23 | td {
24 | a(href: "/books/detail?id=${book.id}", "${book.id}")
25 | }
26 | td {
27 | a(href: "/books/detail?id=${book.id}", "${book.name}")
28 | }
29 | td {
30 | a(href: "/books/detail?id=${book.id}", "${book.author}")
31 | }
32 | }
33 | }
34 | }
35 | }
36 | }
37 | }
38 | }
--------------------------------------------------------------------------------
/zapTest.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | docker run -ti --rm -v /var/run/docker.sock:/var/run/docker.sock -e "IMAGE=dvsba:latest" -e "PORT=80" -e "WAIT_LOG_MESSAGE=(?s).*Started DamnVulnerableSpringBootAppApplication.*" testcontainers-zap:latest
--------------------------------------------------------------------------------