Skip to content

Testing SAST Results and PR Decoration #95

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
cx-israel-ogunsakin wants to merge 10 commits into
base: master
Choose a base branch
from
Open

Testing SAST Results and PR Decoration #95

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
30f1977
mobb fix commit: 4ef4a4a4-9dbb-4e69-9c8c-106f471ec59c
Sep 25, 2023
865df90
Merge pull request #1 from Issyrae/Mobb-fix-35e36
cx-israel-ogunsakin Sep 25, 2023
5b17bad
mobb fix commit: 5940036f-9698-452a-bd11-c6601539063f
Sep 25, 2023
3f34b2d
mobb fix commit: 70a93748-f9d6-468f-818d-d8f975abda8a
Sep 25, 2023
ce6e5d0
mobb fix commit: 829d3d83-0ef4-4143-9f4c-2f2bf647fd85
Sep 25, 2023
09c2016
mobb fix commit: 0ad67e17-7c37-4db6-932b-0cf698bd014f
Sep 25, 2023
5cb9b19
mobb fix commit: b03a5c42-1cbd-4d94-90db-76fd6dc4a2b2
Sep 25, 2023
6406b0f
mobb fix commit: a608f6dd-b53c-40be-8cba-4cdcd1bfa609
Sep 25, 2023
903cd44
Merge pull request #8 from Issyrae/Mobb-fix-be846
cx-israel-ogunsakin Sep 25, 2023
3d7504c
Vulnerability fix (powered by Mobb Autofixer) (#9)
cx-israel-ogunsakin Sep 25, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@

package org.cysecurity.cspf.jvl.controller;

import java.sql.PreparedStatement;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
Expand Down Expand Up @@ -48,8 +49,9 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re
if(con!=null && !con.isClosed())
{
ResultSet rs=null;
Statement stmt = con.createStatement();
rs=stmt.executeQuery("select * from users where email='"+email+"'");
PreparedStatement stmt = con.prepareStatement("select * from users where email=?");
stmt.setString(1, email);
rs=stmt.executeQuery();
if (rs.next())
{
json.put("available", "1");
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/cysecurity/cspf/jvl/controller/Install.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ protected boolean setup(String i) throws IOException
{
//User Table creation
stmt.executeUpdate("Create table users(ID int NOT NULL AUTO_INCREMENT, username varchar(30),email varchar(60), password varchar(60), about varchar(50),privilege varchar(20),avatar TEXT,secretquestion int,secret varchar(30),primary key (id))");
stmt.executeUpdate("INSERT into users(username, password, email,About,avatar, privilege,secretquestion,secret) values ('"+adminuser+"','"+adminpass+"','admin@localhost','I am the admin of this application','default.jpg','admin',1,'rocky')");
stmt.executeUpdate("INSERT into users(username, password, email,About,avatar, privilege,secretquestion,secret) values ("+stmt.enquoteLiteral(String.valueOf(adminuser))+",'"+adminpass+"','admin@localhost','I am the admin of this application','default.jpg','admin',1,'rocky')");
stmt.executeUpdate("INSERT into users(username, password, email,About,avatar, privilege,secretquestion,secret) values ('victim','victim','victim@localhost','I am the victim of this application','default.jpg','user',1,'max')");
stmt.executeUpdate("INSERT into users(username, password, email,About,avatar, privilege,secretquestion,secret) values ('attacker','attacker','attacker@localhost','I am the attacker of this application','default.jpg','user',1,'bella')");
stmt.executeUpdate("INSERT into users(username, password, email,About,avatar, privilege,secretquestion,secret) values ('NEO','trinity','neo@matrix','I am the NEO','default.jpg','user',1,'sentinel')");
Expand Down
7 changes: 5 additions & 2 deletions src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Statement;
import javax.servlet.ServletException;
Expand Down Expand Up @@ -48,8 +49,10 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re
if(con!=null && !con.isClosed())
{
ResultSet rs=null;
Statement stmt = con.createStatement();
rs=stmt.executeQuery("select * from users where username='"+user+"' and password='"+pass+"'");
PreparedStatement pstmt = con.prepareStatement("select * from users where username=? and password=?");
pstmt.setString(1, user);
pstmt.setString(2, pass);
rs=pstmt.executeQuery();
if(rs != null && rs.next()){
HttpSession session=request.getSession();
session.setAttribute("isLoggedIn", "1");
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/cysecurity/cspf/jvl/controller/Register.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re
{

Statement stmt = con.createStatement();
stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"','"+pass+"','"+email+"','"+about+"','default.jpg','user',1,'"+secret+"')");
stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"','"+pass+"',"+stmt.enquoteLiteral(String.valueOf(email))+",'"+about+"','default.jpg','user',1,'"+secret+"')");
stmt.executeUpdate("INSERT into UserMessages(recipient, sender, subject, msg) values ('"+user+"','admin','Hi','Hi<br/> This is admin of this page. <br/> Welcome to Our Forum')");

response.sendRedirect("index.jsp");
Expand Down
8 changes: 5 additions & 3 deletions src/main/webapp/ForgotPassword.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@

<%@page import="org.cysecurity.cspf.jvl.model.DBConnect"%>
<%@page import="java.sql.Statement"%>
<%@page import="java.sql.PreparedStatement"%>
<%@page import="java.sql.ResultSet"%>
<%@page import="java.sql.Connection"%>
<%@ include file="header.jsp" %>
Expand Down Expand Up @@ -38,8 +38,10 @@ if(request.getParameter("secret")!=null)
{
Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
ResultSet rs=null;
Statement stmt = con.createStatement();
rs=stmt.executeQuery("select * from users where username='"+request.getParameter("username").trim()+"' and secret='"+request.getParameter("secret")+"'");
PreparedStatement pstmt = con.prepareStatement("select * from users where username=? and secret=?");
pstmt.setString(1, request.getParameter("username").trim());
pstmt.setString(2, request.getParameter("secret"));
rs=pstmt.executeQuery();
if(rs != null && rs.next()){
out.print("Hello "+rs.getString("username")+", <b class='success'> Your Password is: "+rs.getString("password"));
}
Expand Down
6 changes: 4 additions & 2 deletions src/main/webapp/admin/adminlogin.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,10 @@ if(request.getParameter("Login")!=null)
if(con!=null && !con.isClosed())
{
ResultSet rs=null;
Statement stmt = con.createStatement();
rs=stmt.executeQuery("select * from users where username='"+user+"' and password='"+pass+"' and privilege='admin'");
PreparedStatement pstmt = con.prepareStatement("select * from users where username=? and password=? and privilege='admin'");
pstmt.setString(1, user);
pstmt.setString(2, pass);
rs=pstmt.executeQuery();
if(rs != null && rs.next()){
session.setAttribute("isLoggedIn", "1");
session.setAttribute("userid", rs.getString("id"));
Expand Down
13 changes: 9 additions & 4 deletions src/main/webapp/changeCardDetails.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,9 @@ if(session.getAttribute("isLoggedIn")!=null)
<tr><td>Expiry Date:</td><td><input type="text" name="expirydate" value=""/> </td></tr>
<tr><td/><td><input type="submit" name="action" value="add"/></td></tr>
</table>
</form>
<br/>
<input type="hidden" name="csrf_token" value="<%=session.getAttribute("csrf_token")%>"/>
</form>
<br/>
<%
Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));

Expand All @@ -39,8 +40,12 @@ if(session.getAttribute("isLoggedIn")!=null)
String expirydate=request.getParameter("expirydate");
if(!cardno.equals("") && !cvv.equals("") && !expirydate.equals(""))
{
Statement stmt = con.createStatement();
stmt.executeUpdate("INSERT into cards(id,cardno, cvv,expirydate) values ('"+id+"','"+cardno+"','"+cvv+"','"+expirydate+"')");
PreparedStatement pstmt = con.prepareStatement("INSERT into cards(id,cardno, cvv,expirydate) values (?,?,?,?)");
pstmt.setString(1, id);
pstmt.setString(2, cardno);
pstmt.setString(3, cvv);
pstmt.setString(4, expirydate);
pstmt.executeUpdate();
out.print("<b style='color:green'> * Card details added *</b>");
}
else
Expand Down
56 changes: 26 additions & 30 deletions src/main/webapp/vulnerability/Messages.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,33 +1,29 @@
<%@page import="java.sql.ResultSet"%>
<%@page import="java.sql.Statement"%>
<%@page import="java.sql.PreparedStatement"%>
<%@page import="java.sql.Connection"%>
<%@ include file="/header.jsp" %>
<%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%>
<%
if(session.getAttribute("isLoggedIn")!=null)
{
Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
if(con!=null && !con.isClosed())
{
Statement stmt = con.createStatement();
ResultSet rs =null;
rs=stmt.executeQuery("select * from UserMessages where recipient='"+session.getAttribute("user")+"'");
out.print("</br></br>Message: </br>");
out.println("<ol>");
while (rs.next())
{
out.print("<li><a href='DisplayMessage.jsp?msgid="+rs.getString("msgid")+" '>"+rs.getString("subject")+"</a></li>");

}
out.println("</ol>");
}
out.print("<br/><br/><a href='"+path+"/myprofile.jsp?id="+session.getAttribute("userid")+"'>Return to Profile Page &gt;&gt;</a>");

}
else
{
out.print("<span style='color:red'>* Please login to send message</span>");
}
%>

<%@ include file="/footer.jsp" %>
<%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%>
<%
if(session.getAttribute("isLoggedIn")!=null) {
Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
if(con!=null && !con.isClosed()) {
String query = "select * from UserMessages where recipient=?";
PreparedStatement pstmt = con.prepareStatement(query);
pstmt.setString(1, session.getAttribute("user").toString());
ResultSet rs = pstmt.executeQuery();
out.print("</br></br>Message: </br>");
out.println("<ol>");
while (rs.next()) {
out.print("<li><a href='DisplayMessage.jsp?msgid="+rs.getString("msgid")+" '>");
out.print(rs.getString("subject"));
out.print("</a></li>");
}
out.println("</ol>");
}
out.print("<br/><br/><a href='"+path+"/myprofile.jsp?id="+session.getAttribute("userid")+"'>Return to Profile Page &gt;&gt;</a>");
}
else {
out.print("<span style='color:red'>* Please login to send message</span>");
}
%>
<%@ include file="/footer.jsp" %>
78 changes: 32 additions & 46 deletions src/main/webapp/vulnerability/csrf/changepassword.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,62 +1,48 @@
<%@ include file="/header.jsp" %>
<%@page import="java.sql.Connection"%>
<%@page import="java.sql.Statement"%>
<%@page import="java.sql.SQLException"%>

<%@page import="java.sql.ResultSetMetaData"%>
<%@page import="java.sql.ResultSet"%>
<%@ page import="java.util.*,java.io.*"%>
<%@ page import="java.sql.Connection, java.sql.PreparedStatement, java.sql.SQLException"%>
<%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%>


<%
if(session.getAttribute("isLoggedIn")!=null)
{
String id=session.getAttribute("userid").toString();
%>
if(session.getAttribute("isLoggedIn") != null) {
String id = session.getAttribute("userid").toString();
%>
Enter the New Password: <br/><br/>
<table>
<form action="changepassword.jsp" method="POST">
<tr><td>New Password:</td><td><input type="text" name="password" value=""/></td></tr>
<tr><td>Confirm Password: </td><td><input type="text" name="confirmpassword" value=""/></td></tr>
<tr><td></td><td><input type="submit" name="change" value="Change"/></td></tr>

</form>
<form action="changepassword.jsp" method="POST">
<tr><td>New Password:</td><td><input type="text" name="password" value=""/></td></tr>
<tr><td>Confirm Password: </td><td><input type="text" name="confirmpassword" value=""/></td></tr>
<tr><td></td><td><input type="submit" name="change" value="Change"/></td></tr>
</form>
</table>
<br/>
<%
Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));

String action=request.getParameter("change");
if(action!=null)
{
String pass=request.getParameter("password");
String confirmPass=request.getParameter("confirmpassword");
if(pass!=null && confirmPass!=null && !pass.equals("") )
{
if(pass.equals(confirmPass) )
{
Statement stmt = con.createStatement();
stmt.executeUpdate("Update users set password='"+pass+"' where id="+id);
out.print("<b class='success'>Password Changed</b>");
out.print("<br/><br/><b><a href='changepassword.jsp'>Return to the Previous page </a></b>");
<br/>
<%
Connection con = new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
String action = request.getParameter("change");
if(action != null) {
String pass = request.getParameter("password");
String confirmPass = request.getParameter("confirmpassword");
if(pass != null && confirmPass != null && !pass.equals("")) {
if(pass.equals(confirmPass)) {
PreparedStatement pstmt = con.prepareStatement("Update users set password=? where id=?");
pstmt.setString(1, pass);
pstmt.setString(2, id);
pstmt.executeUpdate();
out.print("<b class='success'>Password Changed</b>");
out.print("<br/><br/><b><a href='changepassword.jsp'>Return to the Previous page </a></b>");
}
else
{
out.print("Passwords didn't match");
else {
out.print("Passwords didn't match");
}

}
else
{
else {
out.print("Password can't be empty");
}
}
}

%>

<!-- CSRF -->
}
%>

<!-- CSRF -->
<!-- Insecure Direct Object Reference 2 -->

<%@ include file="/footer.jsp" %>
<%@ include file="/footer.jsp" %>
11 changes: 7 additions & 4 deletions src/main/webapp/vulnerability/forum.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
--%>

<%@page import="java.sql.Connection"%>
<%@page import="java.sql.Statement"%>
<%@page import="java.sql.PreparedStatement"%>
<%@page import="java.sql.SQLException"%>

<%@page import="java.sql.ResultSetMetaData"%>
Expand All @@ -29,7 +29,7 @@
<form action="forum.jsp" method="POST">
Title : <input type="text" name="title" value="" size="50"/><br/>
Message: <br/><textarea name="content" rows="2" cols="50"></textarea>
<input type="hidden" name="user" value="<% if(session.getAttribute("user")!=null){out.print(session.getAttribute("user"));} else { out.print("Anonymous"); } %>" size="50"/><br/>
<input type="hidden" name="user" value="<% if(session.getAttribute(\"user\")!=null){out.print(session.getAttribute(\"user\"));} else { out.print("Anonymous"); } %>" size="50"/><br/>
<input type="submit" value="Post" name="post"/>
</form>

Expand All @@ -43,9 +43,12 @@
String title=request.getParameter("title");
if(con!=null && !con.isClosed())
{
Statement stmt = con.createStatement();
PreparedStatement pstmt = con.prepareStatement("INSERT into posts(content,title,user) values (?,?,?)");
pstmt.setString(1, content);
pstmt.setString(2, title);
pstmt.setString(3, user);
//Posting Content
stmt.executeUpdate("INSERT into posts(content,title,user) values ('"+content+"','"+title+"','"+user+"')");
pstmt.executeUpdate();
out.print("Successfully posted");
}
}
Expand Down
8 changes: 5 additions & 3 deletions src/main/webapp/vulnerability/idor/change-email.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<%@ include file="/header.jsp" %>
<%@page import="java.sql.Connection"%>
<%@page import="java.sql.Statement"%>
<%@page import="java.sql.PreparedStatement"%>
<%@page import="java.sql.SQLException"%>

<%@page import="java.sql.ResultSetMetaData"%>
Expand Down Expand Up @@ -28,8 +28,10 @@ if(session.getAttribute("isLoggedIn")!=null)
String id=request.getParameter("id");
if(email!=null && !email.equals("") && id!=null)
{
Statement stmt = con.createStatement();
stmt.executeUpdate("Update users set email='"+email+"' where id="+id);
PreparedStatement pstmt = con.prepareStatement("Update users set email=? where id=?");
pstmt.setString(1, email);
pstmt.setString(2, id);
pstmt.executeUpdate();
out.print("<b class='success'>email Changed</b>");
}

Expand Down