diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..d93a40e --- /dev/null +++ b/Dockerfile @@ -0,0 +1,8 @@ +FROM maven:3.8-jdk-8 as builder +COPY . /usr/src/easybuggy/ +WORKDIR /usr/src/easybuggy/ +RUN mvn -B package + +FROM openjdk:8-slim +COPY --from=builder /usr/src/easybuggy/target/easybuggy.jar / +CMD ["java", "-XX:MaxMetaspaceSize=128m", "-Xloggc:logs/gc_%p_%t.log", "-Xmx256m", "-XX:MaxDirectMemorySize=90m", "-XX:+UseSerialGC", "-XX:+PrintHeapAtGC", "-XX:+PrintGCDetails", "-XX:+PrintGCDateStamps", "-XX:+UseGCLogFileRotation", "-XX:NumberOfGCLogFiles=5", "-XX:GCLogFileSize=10M", "-XX:GCTimeLimit=15", "-XX:GCHeapFreeLimit=50", "-XX:+HeapDumpOnOutOfMemoryError", "-XX:HeapDumpPath=logs/", "-XX:ErrorFile=logs/hs_err_pid%p.log", "-agentlib:jdwp=transport=dt_socket,server=y,address=9009,suspend=n", "-Dderby.stream.error.file=logs/derby.log", "-Dderby.infolog.append=true", "-Dderby.language.logStatementText=true", "-Dderby.locks.deadlockTrace=true", "-Dderby.locks.monitor=true", "-Dderby.storage.rowLocking=true", "-Dcom.sun.management.jmxremote", "-Dcom.sun.management.jmxremote.port=7900", "-Dcom.sun.management.jmxremote.ssl=false", "-Dcom.sun.management.jmxremote.authenticate=false", "-ea", "-jar", "easybuggy.jar"] diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..1910e2a --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,21 @@ +pipeline { + agent any + tools { + maven 'Maven_3_5_2' + } + stages{ + stage('CompileandRunSonarAnalysis') { + steps { + sh 'mvn clean verify sonar:sonar -Dsonar.projectKey=asgbuggywebapp -Dsonar.organization=asgbuggywebapp -Dsonar.host.url=https://sonarcloud.io -Dsonar.login=932558e169d66a8f1d1adf470b908a46156f5844' + } + } + + stage('RunSCAAnalysisUsingSnyk') { + steps { + withCredentials([string(credentialsId: 'SNYK_TOKEN', variable: 'SNYK_TOKEN')]) { + sh 'mvn snyk:test -fn' + } + } + } + } +} \ No newline at end of file diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..d645695 --- /dev/null +++ b/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md new file mode 100644 index 0000000..93d6997 --- /dev/null +++ b/README.md @@ -0,0 +1,138 @@ +[![Build Status](https://travis-ci.org/k-tamura/easybuggy.svg?branch=master)](https://travis-ci.org/k-tamura/easybuggy) +[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) +[![GitHub release](https://img.shields.io/github/release/k-tamura/easybuggy.svg)](https://github.com/k-tamura/easybuggy/releases/latest) + +EasyBuggy Vulnerable Web App Modified by A Security Guru :baby_symbol: += + +EasyBuggy is a broken web application in order to understand behavior of bugs and vulnerabilities, for example, [memory leak, deadlock, JVM crash, SQL injection and so on](https://github.com/k-tamura/easybuggy#clock4-easybuggy-can-reproduce). + +![logo](https://raw.githubusercontent.com/wiki/k-tamura/easybuggy/images/mov_eb.gif) + +:clock4: Quick Start +- + + $ mvn clean install + +( or ``` java -jar easybuggy.jar ``` or deploy ROOT.war on your servlet container with [the JVM options](https://github.com/k-tamura/easybuggy/blob/master/pom.xml#L204). ) + +Access to + + http://localhost:8080 + +:clock4: Quick Start(Docker) +- + + $ docker build . -t easybuggy:local # Build container image + $ docker run -p 8080:8080 easybuggy:local # Start easybuggy + +Access to + + http://localhost:8080 + +### To stop: + + Use CTRL+C ( or access to: http://localhost:8080/exit ) + +:clock4: For more detail +- + +See [the wiki page](https://github.com/k-tamura/easybuggy/wiki). + +:clock4: Demo +- + +This demo shows: Start up -> Infinite Loop -> LDAP Injection -> UnsatisfiedLinkError -> BufferOverflowException -> Deadlock -> Memory Leak -> JVM Crash (Shut down) + +![demo](https://github.com/k-tamura/easybuggy/blob/master/demo_eb.gif) + +:clock4: EasyBuggy can reproduce: +- + +* Troubles + + * Memory Leak (Java heap space) + * Memory Leak (PermGen space) + * Memory Leak (C heap space) + * Deadlock (Java) + * Deadlock (SQL) + * Endless Waiting Process + * Infinite Loop + * Redirect Loop + * Forward Loop + * JVM Crash + * Network Socket Leak + * Database Connection Leak + * File Descriptor Leak + * Thread Leak + * Mojibake + * Integer Overflow + * Round Off Error + * Truncation Error + * Loss of Trailing Digits + +* Vulnerabilities + + * XSS (Cross-Site Scripting) + * SQL Injection + * LDAP Injection + * Code Injection + * OS Command Injection (OGNL Expression Injection) + * Mail Header Injection + * Null Byte Injection + * Extension Unrestricted File Upload + * Size Unrestricted File Upload + * Open Redirect + * Brute-force Attack + * Session Fixation Attacks + * Verbose Login Error Messages + * Dangerous File Inclusion + * Directory Traversal + * Unintended File Disclosure + * CSRF (Cross-Site Request Forgery) + * XEE (XML Entity Expansion) + * XXE (XML eXternal Entity) + * Clickjacking + +* Performance Degradation + + * Slow Regular Expression Parsing + * Delay of creating string due to +(plus) operator + * Delay due to unnecessary object creation + +* Errors + + * AssertionError + * ExceptionInInitializerError + * FactoryConfigurationError + * GenericSignatureFormatError + * NoClassDefFoundError + * OutOfMemoryError (Java heap space) + * OutOfMemoryError (Requested array size exceeds VM limit) + * OutOfMemoryError (unable to create new native thread) + * OutOfMemoryError (GC overhead limit exceeded) + * OutOfMemoryError (PermGen space) + * OutOfMemoryError (Direct buffer memory) + * StackOverflowError + * TransformerFactoryConfigurationError + * UnsatisfiedLinkError + +:clock4: EasyBuggy clones: +- +* [EasyBuggy Boot](https://github.com/k-tamura/easybuggy4sb) + + EasyBuggy clone build on Spring Boot + + ![logo](https://raw.githubusercontent.com/wiki/k-tamura/easybuggy/images/mov_ebsb.gif) + +* [EasyBuggy Bootlin](https://github.com/k-tamura/easybuggy4kt) + + EasyBuggy clone build on Spring Boot and written in Kotlin + + ![logo](https://raw.githubusercontent.com/wiki/k-tamura/easybuggy/images/mov_ebkt.gif) + +* [EasyBuggy Django](https://github.com/k-tamura/easybuggy4django) + + EasyBuggy clone build on Django 2 and written in Python + +  ![logo](https://github.com/k-tamura/easybuggy4django/blob/master/static/easybuggy.png) diff --git a/catalina.policy b/catalina.policy new file mode 100644 index 0000000..7eb7086 --- /dev/null +++ b/catalina.policy @@ -0,0 +1,34 @@ +grant { + permission java.io.FilePermission "<>", "write, read, execute, delete"; + permission java.io.SerializablePermission "*" ; + permission java.lang.management.ManagementPermission "monitor"; + permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.comet"; + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.websocket"; + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el"; + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime"; + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime.*"; + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat"; + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket"; + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket.server"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect"; + permission java.lang.RuntimePermission "accessDeclaredMembers"; + permission java.lang.RuntimePermission "createClassLoader"; + permission java.lang.RuntimePermission "exitVM"; + permission java.lang.RuntimePermission "getClassLoader"; + permission java.lang.RuntimePermission "setContextClassLoader"; + permission java.lang.RuntimePermission "setFactory"; + permission java.lang.RuntimePermission "shutdownHooks"; + permission java.net.NetPermission "*"; + permission java.net.PropertyPermission "*", "read, write"; + permission java.net.SocketPermission "*", "accept, listen, connect, resolve"; + permission java.security.SecurityPermission "*"; + permission java.util.PropertyPermission "*", "read, write"; + permission javax.management.MBeanPermission "*", "*"; + permission javax.management.MBeanServerPermission "createMBeanServer"; + permission javax.management.MBeanServerPermission "findMBeanServer"; + permission javax.management.MBeanTrustPermission "register"; + permission javax.security.auth.AuthPermission "*"; + permission ognl.OgnlInvokePermission "*"; +}; diff --git a/pom.xml b/pom.xml new file mode 100644 index 0000000..69f8a02 --- /dev/null +++ b/pom.xml @@ -0,0 +1,351 @@ + + + + 4.0.0 + org.t246osslab.easybuggy + easybuggy + 1-SNAPSHOT + war + + + UTF-8 + 8080 + + -XX:MaxPermSize=128m + -Xloggc:logs/gc.log + -XX:+PrintHeapAtGC + -XX:+PrintGCDetails + -XX:+PrintGCDateStamps + -XX:+UseGCLogFileRotation + -XX:NumberOfGCLogFiles=5 + -XX:GCLogFileSize=10M + + + + + JDK8-Switch + + 1.8 + + + -XX:MaxMetaspaceSize=128m + -Xloggc:logs/gc_%p_%t.log + + + + JDK11-Switch + + 11 + + + -XX:MaxMetaspaceSize=128m + -Xlog:gc*:logs/gc_%p_%t.log:time,level,tags:filecount=5,filesize=10M + + -Dummy=Dummy + -Dummy=Dummy + -Dummy=Dummy + -Dummy=Dummy + -Dummy=Dummy + -Dummy=Dummy + + + + + + + javax.servlet + javax.servlet-api + 3.0.1 + provided + + + javax.servlet.jsp + jsp-api + 2.2 + provided + + + javax.servlet + jstl + 1.2 + + + org.apache.derby + derby + 10.8.3.0 + + + javassist + javassist + 3.12.1.GA + + + org.openjdk.jol + jol-core + 0.6 + + + mysql + mysql-connector-java + 5.1.25 + + + org.slf4j + slf4j-api + 1.5.0 + + + org.slf4j + slf4j-log4j12 + 1.5.0 + + + org.apache.directory.server + apacheds-all + 1.5.5 + + + org.apache.directory.shared + shared-ldap + + + + + org.owasp.esapi + esapi + 2.1.0.1 + + + ognl + ognl + 3.0.17 + + + com.sun.mail + javax.mail + 1.5.1 + + + + + + + org.apache.maven.plugins + maven-compiler-plugin + 2.3.2 + + 1.8 + 1.8 + + + + org.apache.maven.plugins + maven-enforcer-plugin + 1.1.1 + + + enforce-java + + enforce + + + + + [3.0.0,) + + + [1.6,) + [ERROR] OLD JDK [${java.version}] in use. + EasyBuggy requires JDK 1.6 or later + + + + + + + + org.owasp + dependency-check-maven + 6.1.6 + + ALL + + + + + + org.apache.maven.plugins + maven-antrun-plugin + + + create-empty-directory-and-english-properties + process-classes + + run + + + + + + + + + + + + + + maven-war-plugin + 3.3.1 + + false + ROOT + + + + org.apache.tomcat.maven + tomcat7-maven-plugin + 2.1 + + + tomcat-run + + exec-war-only + + package + + / + true + easybuggy.jar + + + + + + org.codehaus.mojo + exec-maven-plugin + 1.2 + + + startup-uber-start + install + + exec + + + test + java + + ${jvm.args.perm.size} + ${jvm.args.gc.log.path} + -Xmx256m + -XX:MaxDirectMemorySize=90m + -XX:+UseSerialGC + ${jvm.args.print.heap.at.gc} + ${jvm.args.print.gc.details} + ${jvm.args.print.gc.date.stamps} + ${jvm.args.gc.log.file.rotation} + ${jvm.args.number.of.gc.log.files} + ${jvm.args.gc.log.file.size} + -XX:GCTimeLimit=15 + -XX:GCHeapFreeLimit=50 + -XX:+HeapDumpOnOutOfMemoryError + -XX:HeapDumpPath=logs/ + -XX:ErrorFile=logs/hs_err_pid%p.log + + + + + + + + + + + -agentlib:jdwp=transport=dt_socket,server=y,address=9009,suspend=n + -Dderby.stream.error.file=logs/derby.log + -Dderby.infolog.append=true + -Dderby.language.logStatementText=true + -Dderby.locks.deadlockTrace=true + -Dderby.locks.monitor=true + -Dderby.storage.rowLocking=true + -Dcom.sun.management.jmxremote + -Dcom.sun.management.jmxremote.port=7900 + -Dcom.sun.management.jmxremote.ssl=false + -Dcom.sun.management.jmxremote.authenticate=false + + + -ea + -jar + target/easybuggy.jar + -httpPort=${easybuggy-port} + + + + + + + + io.snyk + snyk-maven-plugin + 2.0.0 + false + + asecurityguru + + + + + + + + + org.eclipse.m2e + lifecycle-mapping + 1.0.0 + + + + + + + org.apache.maven.plugins + + + maven-antrun-plugin + + [1.3,) + + run + + + + + + + + + + + diff --git a/src/main/java/org/t246osslab/easybuggy/core/dao/DBClient.java b/src/main/java/org/t246osslab/easybuggy/core/dao/DBClient.java new file mode 100644 index 0000000..19e2a9f --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/core/dao/DBClient.java @@ -0,0 +1,92 @@ +package org.t246osslab.easybuggy.core.dao; + +import java.sql.Connection; +import java.sql.DriverManager; +import java.sql.SQLException; +import java.sql.Statement; + +import org.apache.commons.lang.RandomStringUtils; +import org.apache.commons.lang.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.t246osslab.easybuggy.core.utils.ApplicationUtils; +import org.t246osslab.easybuggy.core.utils.Closer; + +/** + * Database client to provide database connections. + */ +public final class DBClient { + + private static final Logger log = LoggerFactory.getLogger(DBClient.class); + + static { + Statement stmt = null; + Connection conn= null; + try { + conn = getConnection(); + stmt = conn.createStatement(); + + // create a user table and insert sample users + createUsersTable(stmt); + + } catch (SQLException e) { + log.error("SQLException occurs: ", e); + } finally { + Closer.close(stmt); + Closer.close(conn); + } + } + + // squid:S1118: Utility classes should not have public constructors + private DBClient() { + throw new IllegalAccessError("This class should not be instantiated."); + } + + /** + * Returns a database connection to connect a database. + * + * @return A database connection + */ + public static Connection getConnection() throws SQLException { + final String dbDriver = ApplicationUtils.getDatabaseDriver(); + final String dbUrl = ApplicationUtils.getDatabaseURL(); + if (!StringUtils.isBlank(dbDriver)) { + try { + Class.forName(dbDriver); + } catch (ClassNotFoundException e) { + log.error("ClassNotFoundException occurs: ", e); + } + } + return DriverManager.getConnection(dbUrl); + } + + private static void createUsersTable(Statement stmt) throws SQLException { + try { + stmt.executeUpdate("drop table users"); + } catch (SQLException e) { + // ignore exception if existing the table + log.debug("SQLException occurs: ", e); + } + // create users table + stmt.executeUpdate("create table users (id varchar(10) primary key, name varchar(30), password varchar(30), " + + "secret varchar(100), ispublic varchar(5), phone varchar(20), mail varchar(100))"); + + // insert private (invisible) user records + stmt.executeUpdate("insert into users values ('admin','admin','password','" + RandomStringUtils.randomNumeric(10) + "','false', '', '')"); + stmt.executeUpdate("insert into users values ('admin02','admin02','pas2w0rd','" + RandomStringUtils.randomNumeric(10) + "','false', '', '')"); + stmt.executeUpdate("insert into users values ('admin03','admin03','pa33word','" + RandomStringUtils.randomNumeric(10) + "','false', '', '')"); + stmt.executeUpdate("insert into users values ('admin04','admin04','pathwood','" + RandomStringUtils.randomNumeric(10) + "','false', '', '')"); + + // insert public (test) user records + stmt.executeUpdate("insert into users values ('user00','Mark','password','" + RandomStringUtils.randomNumeric(10) + "','true', '', '')"); + stmt.executeUpdate("insert into users values ('user01','David','pa32w0rd','" + RandomStringUtils.randomNumeric(10) + "','true', '', '')"); + stmt.executeUpdate("insert into users values ('user02','Peter','pa23word','" + RandomStringUtils.randomNumeric(10) + "','true', '', '')"); + stmt.executeUpdate("insert into users values ('user03','James','patwired','" + RandomStringUtils.randomNumeric(10) + "','true', '', '')"); + stmt.executeUpdate("insert into users values ('user04','Benjamin','password','" + RandomStringUtils.randomNumeric(10) + "','true', '', '')"); + stmt.executeUpdate("insert into users values ('user05','Eric','pas2w0rd','" + RandomStringUtils.randomNumeric(10) + "','true', '', '')"); + stmt.executeUpdate("insert into users values ('user06','Sharon','pa3world','" + RandomStringUtils.randomNumeric(10) + "','true', '', '')"); + stmt.executeUpdate("insert into users values ('user07','Pamela','pathwood','" + RandomStringUtils.randomNumeric(10) + "','true', '', '')"); + stmt.executeUpdate("insert into users values ('user08','Jacqueline','password','" + RandomStringUtils.randomNumeric(10) + "','true', '', '')"); + stmt.executeUpdate("insert into users values ('user09','Michelle','pas2w0rd','" + RandomStringUtils.randomNumeric(10) + "','true', '', '')"); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/core/dao/EmbeddedADS.java b/src/main/java/org/t246osslab/easybuggy/core/dao/EmbeddedADS.java new file mode 100644 index 0000000..d4e8c3b --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/core/dao/EmbeddedADS.java @@ -0,0 +1,129 @@ +package org.t246osslab.easybuggy.core.dao; + +import org.apache.commons.lang.RandomStringUtils; +import org.apache.directory.server.constants.ServerDNConstants; +import org.apache.directory.server.core.CoreSession; +import org.apache.directory.server.core.DefaultDirectoryService; +import org.apache.directory.server.core.DirectoryService; +import org.apache.directory.server.core.entry.ServerEntry; +import org.apache.directory.server.core.partition.Partition; +import org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmPartition; +import org.apache.directory.shared.ldap.name.LdapDN; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * Embedded Apache Directory Server. + */ +public final class EmbeddedADS { + + private static final String ROOT_PARTITION_NAME = "t246osslab"; + + private static final String ROOT_DN = "dc=t246osslab,dc=org"; + + private static final String PEOPLE_CONTAINER_DN = "ou=people," + ROOT_DN; + + private static final Logger log = LoggerFactory.getLogger(EmbeddedADS.class); + + /** The directory service */ + private static DirectoryService service; + + /* + * Create an instance of EmbeddedADS and initialize it. + */ + static { + try { + service = new DefaultDirectoryService(); + + // Disable the ChangeLog system + service.getChangeLog().setEnabled(false); + service.setDenormalizeOpAttrsEnabled(true); + + // Add system partition + Partition systemPartition; + systemPartition = addPartition("system", ServerDNConstants.SYSTEM_DN); + service.setSystemPartition(systemPartition); + + // Add root partition + Partition t246osslabPartition = addPartition(ROOT_PARTITION_NAME, ROOT_DN); + + // Start up the service + service.startup(); + + // Add the root entry if it does not exist + addRootEntry(t246osslabPartition); + + // Add the people entries + LdapDN peopleDn = new LdapDN(PEOPLE_CONTAINER_DN); + if (!service.getAdminSession().exists(peopleDn)) { + ServerEntry e = service.newEntry(peopleDn); + e.add("objectClass", "organizationalUnit"); + e.add("ou", "people"); + service.getAdminSession().add(e); + } + + // Add sample users + addUser("admin", "password", RandomStringUtils.randomNumeric(10)); + addUser("admin2", "pas2w0rd", RandomStringUtils.randomNumeric(10)); + addUser("admin3", "pa33word", RandomStringUtils.randomNumeric(10)); + addUser("admin4", "pathwood", RandomStringUtils.randomNumeric(10)); + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + } + + private static void addRootEntry(Partition t246osslabPartition) throws Exception { + try { + service.getAdminSession().lookup(t246osslabPartition.getSuffixDn()); + } catch (Exception e) { + log.debug("Exception occurs: ", e); + LdapDN dnBar = new LdapDN(ROOT_DN); + ServerEntry entryBar = service.newEntry(dnBar); + entryBar.add("objectClass", "dcObject", "organization"); + entryBar.add("o", ROOT_PARTITION_NAME); + entryBar.add("dc", ROOT_PARTITION_NAME); + service.getAdminSession().add(entryBar); + } + } + + // squid:S1118: Utility classes should not have public constructors + private EmbeddedADS() { + throw new IllegalAccessError("This class should not be instantiated."); + } + + /** + * Returns the admin session to connect Embedded Apache Directory Server. + * + * @return The admin session + */ + public static CoreSession getAdminSession() throws Exception{ + return service.getAdminSession(); + } + + // Add a partition to the server + private static Partition addPartition(String partitionId, String partitionDn) throws Exception { + // Create a new partition named + Partition partition = new JdbmPartition(); + partition.setId(partitionId); + partition.setSuffix(partitionDn); + service.addPartition(partition); + return partition; + } + + // Add a user to the server + private static void addUser(String username, String passwd, String secretNumber) throws Exception { + LdapDN dn = new LdapDN("uid=" + username + "," + PEOPLE_CONTAINER_DN); + if (!service.getAdminSession().exists(dn)) { + ServerEntry e = service.newEntry(dn); + e.add("objectClass", "person", "inetOrgPerson"); + e.add("uid", username); + e.add("displayName", username); + e.add("userPassword", passwd.getBytes()); + e.add("employeeNumber", secretNumber); + e.add("sn", "Not use"); + e.add("cn", "Not use"); + e.add("givenName", username); + service.getAdminSession().add(e); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/core/filters/AuthenticationFilter.java b/src/main/java/org/t246osslab/easybuggy/core/filters/AuthenticationFilter.java new file mode 100644 index 0000000..6b357dc --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/core/filters/AuthenticationFilter.java @@ -0,0 +1,80 @@ +package org.t246osslab.easybuggy.core.filters; + +import java.io.IOException; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.annotation.WebFilter; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +/** + * Servlet Filter for authentication + */ +@WebFilter(urlPatterns = { "/*" }) +public class AuthenticationFilter implements Filter { + + /** + * Intercept unauthenticated requests for specific URLs and redirect to login page. + * + * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) + */ + @Override + public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, + ServletException { + + HttpServletRequest request = (HttpServletRequest) req; + HttpServletResponse response = (HttpServletResponse) res; + String target = request.getRequestURI(); + + if (target.startsWith("/admins") || "/uid/serverinfo.jsp".equals(target)) { + /* Login (authentication) is needed to access admin pages (under /admins). */ + + String loginType = request.getParameter("logintype"); + String queryString = request.getQueryString(); + if (queryString == null) { + queryString = ""; + } else { + /* Remove "logintype" parameter from query string. + (* "logintype" specifies a login servlet) */ + queryString = queryString.replace("logintype=" + loginType + "&", ""); + queryString = queryString.replace("&logintype=" + loginType, ""); + queryString = queryString.replace("logintype=" + loginType, ""); + if (queryString.length() > 0) { + queryString = "?" + queryString; + } + } + HttpSession session = request.getSession(false); + if (session == null || session.getAttribute("authNMsg") == null + || !"authenticated".equals(session.getAttribute("authNMsg"))) { + /* Not authenticated yet */ + session = request.getSession(true); + session.setAttribute("target", target); + if (loginType == null) { + response.sendRedirect(response.encodeRedirectURL("/login" + queryString)); + } else if ("sessionfixation".equals(loginType)) { + response.sendRedirect(response.encodeRedirectURL("/" + loginType + "/login" + queryString)); + } else { + response.sendRedirect("/" + loginType + "/login" + queryString); + } + return; + } + } + chain.doFilter(req, res); + } + + @Override + public void destroy() { + // Do nothing + } + + @Override + public void init(FilterConfig arg0) throws ServletException { + // Do nothing + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/core/filters/EncodingFilter.java b/src/main/java/org/t246osslab/easybuggy/core/filters/EncodingFilter.java new file mode 100644 index 0000000..2644861 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/core/filters/EncodingFilter.java @@ -0,0 +1,47 @@ +package org.t246osslab.easybuggy.core.filters; + +import java.io.IOException; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.annotation.WebFilter; +import javax.servlet.http.HttpServletRequest; + +/** + * Servlet Filter for encoding + */ +@WebFilter(urlPatterns = { "/*" }) +public class EncodingFilter implements Filter { + + /** + * Set the encoding to use for requests. + * "Shift_JIS" is intentionally set to the request to /mojibake. + * + * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) + */ + @Override + public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) + throws IOException, ServletException { + HttpServletRequest request = (HttpServletRequest) req; + if (!"/mojibake".equals(request.getRequestURI())) { + /* Set the default character encoding and content type to UTF-8 (except under /mojibake) */ + req.setCharacterEncoding("UTF-8"); + res.setContentType("text/html; charset=UTF-8"); + } + chain.doFilter(req, res); + } + + @Override + public void destroy() { + // Do nothing + } + + @Override + public void init(FilterConfig arg0) throws ServletException { + // Do nothing + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/core/filters/SecurityFilter.java b/src/main/java/org/t246osslab/easybuggy/core/filters/SecurityFilter.java new file mode 100644 index 0000000..7aae575 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/core/filters/SecurityFilter.java @@ -0,0 +1,56 @@ +package org.t246osslab.easybuggy.core.filters; + +import java.io.IOException; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.annotation.WebFilter; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * Servlet Filter for security + */ +@WebFilter(urlPatterns = { "/*" }) +public class SecurityFilter implements Filter { + + /** + * Prevent several security vulnerabilities. + * + * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) + */ + @Override + public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, + ServletException { + HttpServletRequest request = (HttpServletRequest) req; + HttpServletResponse response = (HttpServletResponse) res; + String target = request.getRequestURI(); + + /* Prevent clickjacking if target is not /admins/clickjacking ... */ + if (!target.startsWith("/admins/clickjacking")) { + response.addHeader("X-FRAME-OPTIONS", "DENY"); + } + /* Prevent Content-Type sniffing */ + response.addHeader("X-Content-Type-Options", "nosniff"); + + /* Prevent XSS if target is not /xss ... */ + if (!target.startsWith("/xss")) { + response.addHeader("X-XSS-Protection", "1; mode=block"); + } + chain.doFilter(req, res); + } + + @Override + public void destroy() { + // Do nothing + } + + @Override + public void init(FilterConfig arg0) throws ServletException { + // Do nothing + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/core/listeners/InitializationListener.java b/src/main/java/org/t246osslab/easybuggy/core/listeners/InitializationListener.java new file mode 100644 index 0000000..2ea28af --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/core/listeners/InitializationListener.java @@ -0,0 +1,46 @@ +package org.t246osslab.easybuggy.core.listeners; + +import java.io.OutputStream; +import java.io.PrintStream; + +import javax.servlet.ServletContextEvent; +import javax.servlet.ServletContextListener; +import javax.servlet.annotation.WebListener; + +import org.owasp.esapi.ESAPI; +import org.t246osslab.easybuggy.core.utils.Closer; + +@WebListener +public class InitializationListener implements ServletContextListener { + public void contextInitialized(ServletContextEvent event) { + + /* + * Suppress noisy messages output by the ESAPI library. For more detail: + * https://stackoverflow.com/questions/45857064/how-to-suppress-messages-output-by-esapi-library + */ + PrintStream printStream = null; + OutputStream outputStream = null; + PrintStream original = System.out; + try { + outputStream = new OutputStream() { + public void write(int b) { + // Do nothing + } + }; + printStream = new PrintStream(outputStream); + System.setOut(printStream); + System.setErr(printStream); + ESAPI.encoder(); + } catch (Exception e) { + // Do nothing + } finally { + System.setOut(original); + Closer.close(printStream, outputStream); + } + } + + @Override + public void contextDestroyed(ServletContextEvent sce) { + // Do nothing + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/core/model/User.java b/src/main/java/org/t246osslab/easybuggy/core/model/User.java new file mode 100644 index 0000000..71a32b5 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/core/model/User.java @@ -0,0 +1,88 @@ +package org.t246osslab.easybuggy.core.model; + +import java.io.Serializable; +import java.util.Date; + +public class User implements Serializable{ + + private static final long serialVersionUID = 1L; + private String userId = null; + private String name = null; + private String password = null; + private String secret = null; + private String phone = null; + private String mail = null; + private int loginFailedCount = 0; + private Date lastLoginFailedTime = null; + + @Override + public String toString() { + return "User [userId=" + userId + ", name=" + name + ", password=" + password + ", secret=" + secret + + ", phone=" + phone + ", mail=" + mail + ", loginFailedCount=" + loginFailedCount + + ", lastLoginFailedTime=" + lastLoginFailedTime + "]"; + } + + public String getUserId() { + return userId; + } + + public void setUserId(String userId) { + this.userId = userId; + } + + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + public String getPassword() { + return password; + } + + public void setPassword(String password) { + this.password = password; + } + + public String getSecret() { + return secret; + } + + public void setSecret(String secret) { + this.secret = secret; + } + + public String getPhone() { + return phone; + } + + public void setPhone(String phone) { + this.phone = phone; + } + + public String getMail() { + return mail; + } + + public void setMail(String mail) { + this.mail = mail; + } + + public int getLoginFailedCount() { + return loginFailedCount; + } + + public void setLoginFailedCount(int loginFailedCount) { + this.loginFailedCount = loginFailedCount; + } + + public Date getLastLoginFailedTime() { + return lastLoginFailedTime; + } + + public void setLastLoginFailedTime(Date lastLoginFailedTime) { + this.lastLoginFailedTime = lastLoginFailedTime; + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java b/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java new file mode 100644 index 0000000..507ff97 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/core/servlets/AbstractServlet.java @@ -0,0 +1,191 @@ +package org.t246osslab.easybuggy.core.servlets; + +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.owasp.esapi.ESAPI; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.t246osslab.easybuggy.core.utils.Closer; + +import java.io.PrintWriter; +import java.text.MessageFormat; +import java.util.Locale; +import java.util.ResourceBundle; + +@SuppressWarnings("serial") +public abstract class AbstractServlet extends HttpServlet { + + protected Logger log = LoggerFactory.getLogger(this.getClass()); + + /** + * Send an HTTP response to the client. + * + * @param req HTTP servlet request. + * @param res HTTP servlet response. + * @param htmlTitle Title of HTML page. + * @param htmlBody Body of HTML page. + */ + protected void responseToClient(HttpServletRequest req, HttpServletResponse res, String htmlTitle, String htmlBody) { + PrintWriter writer = null; + HttpSession session = req.getSession(); + String userid = (String) session.getAttribute("userid"); + Locale locale = req.getLocale(); + try { + writer = res.getWriter(); + writer.write(""); + writer.write(""); + if (htmlTitle != null) { + writer.write("" + htmlTitle + ""); + } + writer.write(""); + writer.write(""); + writer.write(""); + writer.write(""); + writer.write(""); + writer.write(""); + writer.write(""); + + writer.write(""); + writer.write(""); + writer.write(""); + writer.write(""); + if (userid != null && req.getServletPath().startsWith("/admins")) { + writer.write(""); + } else { + writer.write(""); + } + writer.write(""); + writer.write("
"); + writer.write("

"); + writer.write(" "); + if (htmlTitle != null) { + writer.write(htmlTitle); + } + writer.write("

"); + writer.write("		"); + writer.write(getMsg("label.login.user.id", locale) + ": " + userid); + writer.write("
"); + writer.write("" + getMsg("label.logout", locale) + ""); + writer.write("		"); + writer.write("" + getMsg("label.go.to.main", locale) + ""); + writer.write("
"); + writer.write("
"); + writer.write(htmlBody); + writer.write(""); + writer.write(""); + + } catch (Exception e) { + log.error("Exception occurs: ", e); + } finally { + Closer.close(writer); + } + } + + /** + * Return a message for a given property key. + * + * @return A message for a given property key + */ + protected String getMsg(String propertyKey, Locale locale) { + return getMsg(propertyKey, null, locale); + } + + /** + * Return an information message for a given property key. + * + * @return An information message for a given property key + */ + protected String getInfoMsg(String propertyKey, Locale locale) { + return getInfoMsg(propertyKey, null, locale); + } + + /** + * Return an error message for a given property key. + * + * @return An error message for a given property key + */ + protected String getErrMsg(String propertyKey, Locale locale) { + return getErrMsg(propertyKey, null, locale); + } + + /** + * Return a message for a given property key, replaced with placeholders. + * + * @return A message for a given property key, replaced with placeholders + */ + protected String getMsg(String propertyKey, Object[] placeholders, Locale locale) { + String propertyValue = null; + try { + propertyValue = ResourceBundle.getBundle("messages", locale).getString(propertyKey); + if (placeholders != null) { + propertyValue = MessageFormat.format(propertyValue, placeholders); + } + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + return propertyValue; + } + + /** + * Return an information message for a given property key, replaced with placeholders. + * + * @return An information message for a given property key, replaced with placeholders + */ + protected String getInfoMsg(String propertyKey, Object[] placeholders, Locale locale) { + return "
  " + + getMsg(propertyKey, placeholders, locale) + "
"; + } + + /** + * Return an error message for a given property key, replaced with placeholders. + * + * @return An error message for a given property key, replaced with placeholders + */ + protected String getErrMsg(String propertyKey, Object[] placeholders, Locale locale) { + return "
  " + + getMsg(propertyKey, placeholders, locale) + "
"; + } + + /** + * Encode data for use in HTML using HTML entity encoding + * Note that this method just call ESAPI.encoder().encodeForHTML(String). + * + * @param input the text to encode for HTML + * @return input encoded for HTML + */ + protected String encodeForHTML(String input) { + return ESAPI.encoder().encodeForHTML(input); + } + + /** + * Encode data for use in LDAP queries. + * Note that this method just call ESAPI.encoder().encodeForLDAP((String). + * + * @param input the text to encode for LDAP + * @return input encoded for use in LDAP + */ + protected String encodeForLDAP(String input) { + return ESAPI.encoder().encodeForLDAP(input); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/core/servlets/AdminsMainServlet.java b/src/main/java/org/t246osslab/easybuggy/core/servlets/AdminsMainServlet.java new file mode 100644 index 0000000..861da08 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/core/servlets/AdminsMainServlet.java @@ -0,0 +1,30 @@ +package org.t246osslab.easybuggy.core.servlets; + +import java.io.IOException; +import java.util.Locale; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/admins/main" }) +public class AdminsMainServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + Locale locale = req.getLocale(); + StringBuilder bodyHtml = new StringBuilder(); + bodyHtml.append(getMsg("msg.admin.page.top", locale)); + bodyHtml.append("

"); + responseToClient(req, res, getMsg("title.adminmain.page", locale), bodyHtml.toString()); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/core/servlets/DefaultLoginServlet.java b/src/main/java/org/t246osslab/easybuggy/core/servlets/DefaultLoginServlet.java new file mode 100644 index 0000000..eefa23e --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/core/servlets/DefaultLoginServlet.java @@ -0,0 +1,177 @@ +package org.t246osslab.easybuggy.core.servlets; + +import java.io.IOException; +import java.util.Date; +import java.util.Enumeration; +import java.util.Locale; +import java.util.concurrent.ConcurrentHashMap; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.StringUtils; +import org.apache.directory.server.core.filtering.EntryFilteringCursor; +import org.apache.directory.shared.ldap.filter.ExprNode; +import org.apache.directory.shared.ldap.filter.FilterParser; +import org.apache.directory.shared.ldap.filter.SearchScope; +import org.apache.directory.shared.ldap.message.AliasDerefMode; +import org.apache.directory.shared.ldap.name.LdapDN; +import org.t246osslab.easybuggy.core.dao.EmbeddedADS; +import org.t246osslab.easybuggy.core.model.User; +import org.t246osslab.easybuggy.core.utils.ApplicationUtils; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/login" }) +public class DefaultLoginServlet extends AbstractServlet { + + /* User's login history using in-memory account locking */ + private static ConcurrentHashMap userLoginHistory = new ConcurrentHashMap(); + + @Override + public void doGet(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException { + + Locale locale = req.getLocale(); + StringBuilder bodyHtml = new StringBuilder(); + + bodyHtml.append("

" + getMsg("msg.need.admin.privilege", locale) + "

"); + bodyHtml.append("
"); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append("
" + getMsg("label.user.id", locale) + " : 
" + getMsg("label.password", locale) + " : 
"); + String queryString = req.getQueryString(); + if (queryString != null) { + bodyHtml.append(""); + } + Enumeration paramNames = req.getParameterNames(); + while (paramNames.hasMoreElements()) { + String paramName = (String) paramNames.nextElement(); + String[] paramValues = req.getParameterValues(paramName); + for (String paramValue : paramValues) { + bodyHtml.append(""); + } + } + + HttpSession session = req.getSession(true); + String authNMsg = (String) session.getAttribute("authNMsg"); + if (authNMsg != null && !"authenticated".equals(authNMsg)) { + bodyHtml.append(authNMsg); + session.setAttribute("authNMsg", null); + } + if (req.getAttribute("login.page.note") != null) { + bodyHtml.append(getInfoMsg((String) req.getAttribute("login.page.note"), locale)); + } + bodyHtml.append("
"); + responseToClient(req, res, getMsg("title.login.page", locale), bodyHtml.toString()); + } + + @Override + public void doPost(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException { + Locale locale = req.getLocale(); + String userid = StringUtils.trim(req.getParameter("userid")); + String password = StringUtils.trim(req.getParameter("password")); + + HttpSession session = req.getSession(true); + if (isAccountLocked(userid)) { + session.setAttribute("authNMsg", getErrMsg("msg.authentication.fail", locale)); + } else if (authUser(userid, password)) { + /* Reset account lock count */ + resetAccountLock(userid); + + session.setAttribute("authNMsg", "authenticated"); + session.setAttribute("userid", userid); + + String target = (String) session.getAttribute("target"); + if (target == null) { + res.sendRedirect("/admins/main"); + } else { + session.removeAttribute("target"); + res.sendRedirect(target); + } + return; + } else { + /* account lock count +1 */ + session.setAttribute("authNMsg", getErrMsg("msg.authentication.fail", locale)); + } + incrementLoginFailedCount(userid); + doGet(req, res); + } + + protected void incrementLoginFailedCount(String userid) { + User admin = getUser(userid); + admin.setLoginFailedCount(admin.getLoginFailedCount() + 1); + admin.setLastLoginFailedTime(new Date()); + } + + protected void resetAccountLock(String userid) { + User admin = getUser(userid); + admin.setLoginFailedCount(0); + admin.setLastLoginFailedTime(null); + } + + protected boolean isAccountLocked(String userid) { + User admin = userLoginHistory.get(userid); + return (admin != null + && admin.getLoginFailedCount() >= ApplicationUtils.getAccountLockCount() + && (new Date().getTime() - admin.getLastLoginFailedTime().getTime() < ApplicationUtils + .getAccountLockTime())); + } + + protected boolean authUser(String uid, String password) { + + if (uid == null || password == null) { + return false; + } + ExprNode filter; + EntryFilteringCursor cursor = null; + try { + filter = FilterParser.parse("(&(uid=" + encodeForLDAP(uid.trim()) + + ")(userPassword=" + encodeForLDAP(password.trim()) + "))"); + cursor = EmbeddedADS.getAdminSession().search(new LdapDN("ou=people,dc=t246osslab,dc=org"), + SearchScope.SUBTREE, filter, AliasDerefMode.NEVER_DEREF_ALIASES, null); + if (cursor.available()) { + return true; + } + } catch (Exception e) { + log.error("Exception occurs: ", e); + } finally { + if (cursor != null) { + try { + cursor.close(); + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + } + } + return false; + } + + private User getUser(String userid) { + User admin = userLoginHistory.get(userid); + if (admin == null) { + User newAdmin = new User(); + newAdmin.setUserId(userid); + admin = userLoginHistory.putIfAbsent(userid, newAdmin); + if (admin == null) { + admin = newAdmin; + } + } + return admin; + } + +} diff --git a/src/main/java/org/t246osslab/easybuggy/core/servlets/DefaultLogoutServlet.java b/src/main/java/org/t246osslab/easybuggy/core/servlets/DefaultLogoutServlet.java new file mode 100644 index 0000000..5e98ff1 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/core/servlets/DefaultLogoutServlet.java @@ -0,0 +1,22 @@ +package org.t246osslab.easybuggy.core.servlets; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/logout" }) +public class DefaultLogoutServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + HttpSession session = req.getSession(true); + session.invalidate(); + res.sendRedirect("/"); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/core/servlets/ExitServlet.java b/src/main/java/org/t246osslab/easybuggy/core/servlets/ExitServlet.java new file mode 100644 index 0000000..b1e0885 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/core/servlets/ExitServlet.java @@ -0,0 +1,20 @@ +package org.t246osslab.easybuggy.core.servlets; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/exit" }) +public class ExitServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + log.info("EasyBuggy is successfully shut down by a /exit request."); + System.exit(0); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/core/servlets/PingServlet.java b/src/main/java/org/t246osslab/easybuggy/core/servlets/PingServlet.java new file mode 100644 index 0000000..c58066e --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/core/servlets/PingServlet.java @@ -0,0 +1,31 @@ +package org.t246osslab.easybuggy.core.servlets; + +import java.io.IOException; +import java.io.PrintWriter; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.utils.Closer; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/ping" }) +public class PingServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + PrintWriter writer = null; + try { + res.setContentType("text/plain"); + writer = res.getWriter(); + writer.write("It works!"); + } catch (Exception e) { + log.error("Exception occurs: ", e); + } finally { + Closer.close(writer); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/core/servlets/TestServlet.java b/src/main/java/org/t246osslab/easybuggy/core/servlets/TestServlet.java new file mode 100644 index 0000000..311d085 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/core/servlets/TestServlet.java @@ -0,0 +1,19 @@ +package org.t246osslab.easybuggy.core.servlets; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/test" }) +public class TestServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + responseToClient(req, res, "Test", "Test!!"); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/core/utils/ApplicationUtils.java b/src/main/java/org/t246osslab/easybuggy/core/utils/ApplicationUtils.java new file mode 100644 index 0000000..1b71e61 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/core/utils/ApplicationUtils.java @@ -0,0 +1,202 @@ +package org.t246osslab.easybuggy.core.utils; + +import java.util.MissingResourceException; +import java.util.ResourceBundle; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * Utility class to provide application properties. + */ +public final class ApplicationUtils { + + private static final Logger log = LoggerFactory.getLogger(ApplicationUtils.class); + + // default database url: derby in-memory + private static String databaseURL = "jdbc:derby:memory:demo;create=true"; + + // default database url: org.apache.derby.jdbc.EmbeddedDriver + private static String databaseDriver = "org.apache.derby.jdbc.EmbeddedDriver"; + + // default account lock time: 3600000 (1 hour) + private static long accountLockTime = 3600000; + + // default account lock limit count: 10 + private static int accountLockCount = 10; + + // default SMTP host: null + private static String smtpHost = null; + + // default SMTP port: null + private static String smtpPort = null; + + // default SMTP auth: false + private static String smtpAuth = "false"; + + // default SMTP starttls enable: false + private static String smtpStarttlsEnable = "false"; + + // default SMTP user: null + private static String smtpUser = null; + + // default SMTP password: null + private static String smtpPass = null; + + // default administrator's mail address: null + private static String adminAddress = null; + + static { + try { + ResourceBundle bundle = ResourceBundle.getBundle("application"); + databaseURL = getProperty(bundle, "database.url", databaseURL); + databaseDriver = getProperty(bundle, "database.driver", databaseDriver); + accountLockTime = getProperty(bundle, "account.lock.time", accountLockTime); + accountLockCount = getProperty(bundle, "account.lock.count", accountLockCount); + smtpHost = getProperty(bundle, "mail.smtp.host", smtpHost); + smtpPort = getProperty(bundle, "mail.smtp.port", smtpPort); + smtpAuth = getProperty(bundle, "mail.smtp.auth", smtpAuth); + smtpStarttlsEnable = getProperty(bundle, "mail.smtp.starttls.enable", smtpStarttlsEnable); + smtpUser = getProperty(bundle, "mail.user", smtpUser); + smtpPass = getProperty(bundle, "mail.password", smtpPass); + adminAddress = getProperty(bundle, "mail.admin.address", adminAddress); + } catch (MissingResourceException e) { + log.error("MissingResourceException occurs: ", e); + } + } + + // squid:S1118: Utility classes should not have public constructors + private ApplicationUtils() { + throw new IllegalAccessError("Utility class"); + } + + /** + * Return a Database URL of EasyBuggy. + * + * @return Database URL of EasyBuggy + */ + public static String getDatabaseURL() { + return databaseURL; + } + + /** + * Return a Database driver of EasyBuggy. + * + * @return Database driver of EasyBuggy + */ + public static String getDatabaseDriver() { + return databaseDriver; + } + + /** + * Return the account lock time. + * + * @return Account lock time + */ + public static long getAccountLockTime() { + return accountLockTime; + } + + /** + * Return the account lock count. + * + * @return Account lock count + */ + public static int getAccountLockCount() { + return accountLockCount; + } + + /** + * Return the SMTP host. + * + * @return SMTP host + */ + public static String getSmtpHost() { + return smtpHost; + } + + /** + * Return the SMTP port. + * + * @return SMTP port + */ + public static String getSmtpPort() { + return smtpPort; + } + + /** + * Return the SMTP auth. + * + * @return SMTP auth + */ + public static String getSmtpAuth() { + return smtpAuth; + } + + /** + * Return the SMTP start TLS enable. + * + * @return SMTP start TLS enable + */ + public static String getSmtpStarttlsEnable() { + return smtpStarttlsEnable; + } + + /** + * Return the SMTP user. + * + * @return SMTP user + */ + public static String getSmtpUser() { + return smtpUser; + } + + /** + * Return the SMTP password. + * + * @return SMTP password + */ + public static String getSmtpPass() { + return smtpPass; + } + + /** + * Return the Administrator's mail address + * + * @return Administrator's mail address + */ + public static String getAdminAddress() { + return adminAddress; + } + + private static String getProperty(ResourceBundle bundle, String key, String defaultValue) { + try { + return getProperty(bundle, key); + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + return defaultValue; + } + + private static int getProperty(ResourceBundle bundle, String key, int defaultValue) { + try { + return Integer.parseInt(getProperty(bundle, key)); + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + return defaultValue; + } + + private static long getProperty(ResourceBundle bundle, String key, long defaultValue) { + try { + return Long.parseLong(getProperty(bundle, key)); + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + return defaultValue; + } + + private static String getProperty(ResourceBundle bundle, String key) { + return System.getProperty(key) != null ? System.getProperty(key) : bundle.getString(key); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/core/utils/Closer.java b/src/main/java/org/t246osslab/easybuggy/core/utils/Closer.java new file mode 100644 index 0000000..5e16eb1 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/core/utils/Closer.java @@ -0,0 +1,110 @@ +package org.t246osslab.easybuggy.core.utils; + +import java.io.Closeable; +import java.io.IOException; +import java.sql.Connection; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Statement; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * Utility class to safely close all Closeable objects. + */ +public final class Closer { + + private static final Logger log = LoggerFactory.getLogger(Closer.class); + + // squid:S1118: Utility classes should not have public constructors + private Closer() { + throw new IllegalAccessError("Utility class"); + } + + /** + * Close a Connection object. + * + * @param conn Connection object. + */ + public static void close(Connection conn) { + if (conn != null) { + try { + conn.close(); + } catch (SQLException e) { + log.error("IOException occurs: ", e); + } + } + } + + /** + * Close a Statement object. + * + * @param stmt Statement object. + */ + public static void close(Statement stmt) { + if (stmt != null) { + try { + stmt.close(); + } catch (SQLException e) { + log.error("IOException occurs: ", e); + } + } + } + + /** + * Close a ResultSet object. + * + * @param rs ResultSet object. + */ + public static void close(ResultSet rs) { + if (rs != null) { + try { + rs.close(); + } catch (SQLException e) { + log.error("IOException occurs: ", e); + } + } + } + + /** + * Close all Closeable objects. + * + * @param closeables Closeable objects. + */ + public static void close(Closeable... closeables) { + if (closeables != null) { + for (Closeable closeable : closeables) { + try { + if (closeable != null) { + closeable.close(); + } + } catch (IOException e) { + log.error("IOException occurs: ", e); + } + } + } + } + +// for jdk 7 or later +// /** +// * Close all Closeable objects. +// * +// * @param closeables Closeable objects. +// */ +// public static void close(AutoCloseable... closeables) { +// if (closeables != null) { +// for (AutoCloseable closeable : closeables) { +// try { +// if(closeable != null){ +// closeable.close(); +// } +// } catch (IOException e) { +// log.error("IOException occurs: ", e); +// } catch (Exception e) { +// log.error("Exception occurs: ", e); +// } +// } +// } +// } +} diff --git a/src/main/java/org/t246osslab/easybuggy/core/utils/DeleteClassWhileMavenBuild.java b/src/main/java/org/t246osslab/easybuggy/core/utils/DeleteClassWhileMavenBuild.java new file mode 100644 index 0000000..e51427d --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/core/utils/DeleteClassWhileMavenBuild.java @@ -0,0 +1,5 @@ +package org.t246osslab.easybuggy.core.utils; + +public class DeleteClassWhileMavenBuild { + // this class is removed during Maven build processing +} diff --git a/src/main/java/org/t246osslab/easybuggy/core/utils/EmailUtils.java b/src/main/java/org/t246osslab/easybuggy/core/utils/EmailUtils.java new file mode 100644 index 0000000..5bfc315 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/core/utils/EmailUtils.java @@ -0,0 +1,125 @@ +package org.t246osslab.easybuggy.core.utils; + +import java.io.File; +import java.io.IOException; +import java.util.Date; +import java.util.List; +import java.util.Properties; + +import javax.mail.Authenticator; +import javax.mail.Message; +import javax.mail.MessagingException; +import javax.mail.Multipart; +import javax.mail.PasswordAuthentication; +import javax.mail.Session; +import javax.mail.Transport; +import javax.mail.internet.AddressException; +import javax.mail.internet.InternetAddress; +import javax.mail.internet.MimeBodyPart; +import javax.mail.internet.MimeMessage; +import javax.mail.internet.MimeMultipart; + +import org.apache.commons.lang.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * A utility class for sending e-mail message with attachment. + * + */ +public class EmailUtils { + + private static final Logger log = LoggerFactory.getLogger(EmailUtils.class); + + // squid:S1118: Utility classes should not have public constructors + private EmailUtils() { + throw new IllegalAccessError("Utility class"); + } + + /** + * Sends an e-mail message from a SMTP host with a list of attached files. + * + * @param subject Mail subject + * @param message Mail content + * @param attachedFiles Attached files + */ + public static void sendEmailWithAttachment(String subject, String message, List attachedFiles) + throws MessagingException { + // sets SMTP server properties + Properties properties = new Properties(); + properties.put("mail.smtp.host", ApplicationUtils.getSmtpHost()); + properties.put("mail.smtp.port", ApplicationUtils.getSmtpPort()); + properties.put("mail.smtp.auth", ApplicationUtils.getSmtpAuth()); + properties.put("mail.smtp.starttls.enable", ApplicationUtils.getSmtpStarttlsEnable()); + properties.put("mail.user", ApplicationUtils.getSmtpUser()); + properties.put("mail.password", ApplicationUtils.getSmtpPass()); + + // creates a new session with an authenticator + Authenticator auth = null; + if (!StringUtils.isBlank(ApplicationUtils.getSmtpUser()) && !StringUtils.isBlank(ApplicationUtils.getSmtpPass())) { + auth = new Authenticator() { + @Override + public PasswordAuthentication getPasswordAuthentication() { + return new PasswordAuthentication(ApplicationUtils.getSmtpUser(), ApplicationUtils.getSmtpPass()); + } + }; + } + Session session = Session.getInstance(properties, auth); + + // creates a new e-mail message + Message msg = new MimeMessage(session); + if (!StringUtils.isBlank(ApplicationUtils.getSmtpUser())){ + msg.setFrom(new InternetAddress(ApplicationUtils.getSmtpUser())); + } + InternetAddress[] toAddresses = { new InternetAddress(ApplicationUtils.getAdminAddress()) }; + msg.setRecipients(Message.RecipientType.TO, toAddresses); + ((MimeMessage)msg).setSubject(subject,"UTF-8"); + msg.setSentDate(new Date()); + msg.setHeader("Content-Transfer-Encoding", "7bit"); + + // creates message part + MimeBodyPart messageBodyPart = new MimeBodyPart(); + messageBodyPart.setContent(message, "text/html;charset=UTF-8"); + + // creates multi-part + Multipart multipart = new MimeMultipart(); + multipart.addBodyPart(messageBodyPart); + + // adds attachments + if (attachedFiles != null && !attachedFiles.isEmpty()) { + for (File aFile : attachedFiles) { + MimeBodyPart attachPart = new MimeBodyPart(); + try { + attachPart.attachFile(aFile); + } catch (IOException e) { + log.error("IOException occurs: ", e); + } + multipart.addBodyPart(attachPart); + } + } + + // sets the multi-part as e-mail's content + msg.setContent(multipart); + + // sends the e-mail + Transport.send(msg); + } + + + /** + * Validate the given string as E-mail address. + * + * @param mailAddress Mail address + */ + public static boolean isValidEmailAddress(String mailAddress) { + boolean result = true; + try { + InternetAddress emailAddr = new InternetAddress(mailAddress); + emailAddr.validate(); + } catch (AddressException e) { + log.debug("Mail address is invalid: " + mailAddress, e); + result = false; + } + return result; + } +} \ No newline at end of file diff --git a/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java b/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java new file mode 100644 index 0000000..df75692 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java @@ -0,0 +1,64 @@ +package org.t246osslab.easybuggy.core.utils; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import javax.servlet.http.Part; +import java.io.*; + +/** + * Utility class to handle multi part files. + */ +public final class MultiPartFileUtils { + + private static final Logger log = LoggerFactory.getLogger(MultiPartFileUtils.class); + + // squid:S1118: Utility classes should not have public constructors + private MultiPartFileUtils() { + throw new IllegalAccessError("Utility class"); + } + + /** + * Write uploaded file to the given path. + * + * @param part A part or form item that was received within a multipart/form-data POST request. + * @param savePath Path to save an uploaded file. + * @param fileName The uploaded file name. + */ + public static boolean writeFile(Part part, String savePath, String fileName) throws IOException { + boolean isConverted = false; + OutputStream out = null; + InputStream in = null; + try { + out = new FileOutputStream(savePath + File.separator + fileName); + in = part.getInputStream(); + int read; + final byte[] bytes = new byte[1024]; + while ((read = in.read(bytes)) != -1) { + out.write(bytes, 0, read); + } + } catch (FileNotFoundException e) { + // Ignore because file already exists (converted and Windows locked the file) + log.debug("Exception occurs: ", e); + isConverted = true; + } finally { + Closer.close(out, in); + } + return isConverted; + } + + + /** + * Retrieves file name of a upload part from its HTTP header + * + * @param part A part or form item that was received within a multipart/form-data POST request. + */ + public static String getFileName(final Part part) { + for (String content : part.getHeader("content-disposition").split(";")) { + if (content.trim().startsWith("filename")) { + return content.substring(content.indexOf('=') + 1).trim().replace("\"", ""); + } + } + return null; + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/errors/AssertionErrorServlet.java b/src/main/java/org/t246osslab/easybuggy/errors/AssertionErrorServlet.java new file mode 100644 index 0000000..a13ab18 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/errors/AssertionErrorServlet.java @@ -0,0 +1,21 @@ +package org.t246osslab.easybuggy.errors; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/asserr" }) +public class AssertionErrorServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + assert 1 >= 2 : "Invalid!"; + } +} + diff --git a/src/main/java/org/t246osslab/easybuggy/errors/ExceptionInInitializerErrorServlet.java b/src/main/java/org/t246osslab/easybuggy/errors/ExceptionInInitializerErrorServlet.java new file mode 100644 index 0000000..e276f6d --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/errors/ExceptionInInitializerErrorServlet.java @@ -0,0 +1,38 @@ +package org.t246osslab.easybuggy.errors; + +import java.io.IOException; +import java.lang.reflect.Constructor; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.slf4j.LoggerFactory; +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/eie" }) +public class ExceptionInInitializerErrorServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + try { + Class cl = Class.forName("org.t246osslab.easybuggy.errors.InitializerErrorThrower"); + Constructor cunstructor = cl.getConstructor(); + cunstructor.newInstance(new Object[] { null }); + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + } +} + +class InitializerErrorThrower { + static { + LoggerFactory.getLogger(InitializerErrorThrower.class).debug("clinit" + 1 / 0); + } + + private InitializerErrorThrower(){ + // this constructor is added to suppress sonar advice + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/errors/FactoryConfigurationErrorServlet.java b/src/main/java/org/t246osslab/easybuggy/errors/FactoryConfigurationErrorServlet.java new file mode 100644 index 0000000..cecb95d --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/errors/FactoryConfigurationErrorServlet.java @@ -0,0 +1,22 @@ +package org.t246osslab.easybuggy.errors; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.parsers.SAXParserFactory; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/fce" }) +public class FactoryConfigurationErrorServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + System.setProperty("javax.xml.parsers.SAXParserFactory", "non-exist-factory"); + SAXParserFactory.newInstance(); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/errors/NoClassDefFoundErrorServlet.java b/src/main/java/org/t246osslab/easybuggy/errors/NoClassDefFoundErrorServlet.java new file mode 100644 index 0000000..ea8e0da --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/errors/NoClassDefFoundErrorServlet.java @@ -0,0 +1,21 @@ +package org.t246osslab.easybuggy.errors; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; +import org.t246osslab.easybuggy.core.utils.DeleteClassWhileMavenBuild; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/ncdfe" }) +public class NoClassDefFoundErrorServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + new DeleteClassWhileMavenBuild(); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/errors/OutOfMemoryErrorServlet.java b/src/main/java/org/t246osslab/easybuggy/errors/OutOfMemoryErrorServlet.java new file mode 100644 index 0000000..9d12664 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/errors/OutOfMemoryErrorServlet.java @@ -0,0 +1,23 @@ +package org.t246osslab.easybuggy.errors; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/oome" }) +public class OutOfMemoryErrorServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + StringBuilder sb = new StringBuilder(); + while (true) { + sb.append("OutOfMemoryError!"); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/errors/OutOfMemoryErrorServlet2.java b/src/main/java/org/t246osslab/easybuggy/errors/OutOfMemoryErrorServlet2.java new file mode 100644 index 0000000..a9dda74 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/errors/OutOfMemoryErrorServlet2.java @@ -0,0 +1,20 @@ +package org.t246osslab.easybuggy.errors; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/oome2" }) +public class OutOfMemoryErrorServlet2 extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + req.setAttribute("oome2", new byte[Integer.MAX_VALUE]); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/errors/OutOfMemoryErrorServlet3.java b/src/main/java/org/t246osslab/easybuggy/errors/OutOfMemoryErrorServlet3.java new file mode 100644 index 0000000..7ac7971 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/errors/OutOfMemoryErrorServlet3.java @@ -0,0 +1,32 @@ +package org.t246osslab.easybuggy.errors; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/oome3" }) +public class OutOfMemoryErrorServlet3 extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + while (true) { + new Thread() { + @Override + public void run() { + try { + Thread.sleep(10000); + } catch (InterruptedException e) { + log.error("Exception occurs: ", e); + } + } + }.start(); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/errors/OutOfMemoryErrorServlet4.java b/src/main/java/org/t246osslab/easybuggy/errors/OutOfMemoryErrorServlet4.java new file mode 100644 index 0000000..ea09509 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/errors/OutOfMemoryErrorServlet4.java @@ -0,0 +1,27 @@ +package org.t246osslab.easybuggy.errors; + +import java.io.IOException; +import java.util.Properties; +import java.util.Random; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/oome4" }) +public class OutOfMemoryErrorServlet4 extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + Properties properties = System.getProperties(); + Random r = new Random(); + while (true) { + properties.put(r.nextInt(), "value"); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/errors/OutOfMemoryErrorServlet5.java b/src/main/java/org/t246osslab/easybuggy/errors/OutOfMemoryErrorServlet5.java new file mode 100644 index 0000000..adfa90b --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/errors/OutOfMemoryErrorServlet5.java @@ -0,0 +1,30 @@ +package org.t246osslab.easybuggy.errors; + +import java.io.IOException; + +import javassist.ClassPool; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/oome5" }) +public class OutOfMemoryErrorServlet5 extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + try { + for (int i = 0; i < 1000000; i++) { + ClassPool pool = ClassPool.getDefault(); + pool.makeClass("org.t246osslab.easybuggy.Generated" + i).toClass(); + } + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/errors/OutOfMemoryErrorServlet6.java b/src/main/java/org/t246osslab/easybuggy/errors/OutOfMemoryErrorServlet6.java new file mode 100644 index 0000000..4a27784 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/errors/OutOfMemoryErrorServlet6.java @@ -0,0 +1,21 @@ +package org.t246osslab.easybuggy.errors; + +import java.io.IOException; +import java.nio.ByteBuffer; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/oome6" }) +public class OutOfMemoryErrorServlet6 extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + req.setAttribute("oome6", ByteBuffer.allocateDirect(99999999)); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/errors/StackOverflowErrorServlet.java b/src/main/java/org/t246osslab/easybuggy/errors/StackOverflowErrorServlet.java new file mode 100644 index 0000000..1dd60ec --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/errors/StackOverflowErrorServlet.java @@ -0,0 +1,27 @@ +package org.t246osslab.easybuggy.errors; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@WebServlet(urlPatterns = { "/sofe" }) +@SuppressWarnings("serial") +public class StackOverflowErrorServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + new S().toString(); + } + + public class S { + @Override + public String toString() { + return "" + this; + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/errors/TransformerFactoryConfigurationErrorServlet.java b/src/main/java/org/t246osslab/easybuggy/errors/TransformerFactoryConfigurationErrorServlet.java new file mode 100644 index 0000000..05d3872 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/errors/TransformerFactoryConfigurationErrorServlet.java @@ -0,0 +1,23 @@ +package org.t246osslab.easybuggy.errors; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.transform.TransformerFactory; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/tfce" }) +public class TransformerFactoryConfigurationErrorServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + System.setProperty("javax.xml.transform.TransformerFactory", "a"); + TransformerFactory.newInstance(); + } +} + diff --git a/src/main/java/org/t246osslab/easybuggy/errors/UnsatisfiedLinkErrorServlet.java b/src/main/java/org/t246osslab/easybuggy/errors/UnsatisfiedLinkErrorServlet.java new file mode 100644 index 0000000..950531b --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/errors/UnsatisfiedLinkErrorServlet.java @@ -0,0 +1,27 @@ +package org.t246osslab.easybuggy.errors; + +import java.io.IOException; +import java.net.NetworkInterface; +import java.net.SocketException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +/** + * This servlet causes a JNI error. + */ +@WebServlet(urlPatterns = { "/jnicall" }) +@SuppressWarnings("serial") +public class UnsatisfiedLinkErrorServlet extends AbstractServlet { + + private static native NetworkInterface getByName0(String name) throws SocketException; + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + getByName0(""); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/ArithmeticExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/ArithmeticExceptionServlet.java new file mode 100644 index 0000000..c64107a --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/ArithmeticExceptionServlet.java @@ -0,0 +1,20 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/ae" }) +public class ArithmeticExceptionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + res.addIntHeader("ae", 1 / 0); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/ArrayIndexOutOfBoundsExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/ArrayIndexOutOfBoundsExceptionServlet.java new file mode 100644 index 0000000..1d45d44 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/ArrayIndexOutOfBoundsExceptionServlet.java @@ -0,0 +1,20 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/aioobe" }) +public class ArrayIndexOutOfBoundsExceptionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + req.setAttribute("aioobe", (new int[] { 1 })[1]); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/ArrayStoreExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/ArrayStoreExceptionServlet.java new file mode 100644 index 0000000..485794c --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/ArrayStoreExceptionServlet.java @@ -0,0 +1,21 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/ase" }) +public class ArrayStoreExceptionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + Object[] objects = new String[1]; + objects[0] = Integer.valueOf(1); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/BufferOverflowExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/BufferOverflowExceptionServlet.java new file mode 100644 index 0000000..165c819 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/BufferOverflowExceptionServlet.java @@ -0,0 +1,41 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.io.File; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.io.RandomAccessFile; +import java.nio.MappedByteBuffer; +import java.nio.channels.FileChannel; +import java.nio.channels.FileChannel.MapMode; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; +import org.t246osslab.easybuggy.core.utils.Closer; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = {"/boe"}) +public class BufferOverflowExceptionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + RandomAccessFile raf = null; + try { + File f = new File("test.txt"); + raf = new RandomAccessFile(f, "rw"); + FileChannel ch = raf.getChannel(); + MappedByteBuffer buf = ch.map(MapMode.READ_WRITE, 0, f.length()); + final byte[] src = new byte[10]; + buf.put(src); + } catch (FileNotFoundException e) { + log.error("FileNotFoundException occurs: ", e); + } catch (IOException e) { + log.error("IOException occurs: ", e); + } finally { + Closer.close(raf); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/BufferUnderflowExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/BufferUnderflowExceptionServlet.java new file mode 100644 index 0000000..88602a2 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/BufferUnderflowExceptionServlet.java @@ -0,0 +1,21 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.io.IOException; +import java.nio.ByteBuffer; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/bue" }) +public class BufferUnderflowExceptionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + ByteBuffer.wrap(new byte[]{1}).getDouble(); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/CannotRedoExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/CannotRedoExceptionServlet.java new file mode 100644 index 0000000..4d912fb --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/CannotRedoExceptionServlet.java @@ -0,0 +1,21 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.swing.undo.UndoManager; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/cre" }) +public class CannotRedoExceptionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + new UndoManager().redo(); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/CannotUndoExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/CannotUndoExceptionServlet.java new file mode 100644 index 0000000..84a9ad7 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/CannotUndoExceptionServlet.java @@ -0,0 +1,21 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.swing.undo.UndoManager; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/cue" }) +public class CannotUndoExceptionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + new UndoManager().undo(); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/ClassCastExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/ClassCastExceptionServlet.java new file mode 100644 index 0000000..69195a0 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/ClassCastExceptionServlet.java @@ -0,0 +1,21 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/cce" }) +public class ClassCastExceptionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + req.setAttribute("param1", "value1"); + req.setAttribute("param2", (String[]) req.getAttribute("param1")); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/ConcurrentModificationExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/ConcurrentModificationExceptionServlet.java new file mode 100644 index 0000000..ab427fe --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/ConcurrentModificationExceptionServlet.java @@ -0,0 +1,33 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/cme" }) +public class ConcurrentModificationExceptionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + List list = new ArrayList(); + list.add("1"); + list.add("2"); + + Iterator iter = list.iterator(); + while (iter.hasNext()) { + String s = iter.next(); + if ("2".equals(s)) { + list.remove(s); + } + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/EmptyStackExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/EmptyStackExceptionServlet.java new file mode 100644 index 0000000..85a25f0 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/EmptyStackExceptionServlet.java @@ -0,0 +1,25 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.io.IOException; +import java.util.Stack; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/ese" }) +public class EmptyStackExceptionServlet extends AbstractServlet { + + @Override + protected void service(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + Stack stack = new Stack(); + String tmp; + while (null != (tmp = stack.pop())) { + log.debug("Stack.pop(): " + tmp); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/IllegalArgumentExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/IllegalArgumentExceptionServlet.java new file mode 100644 index 0000000..a948fa6 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/IllegalArgumentExceptionServlet.java @@ -0,0 +1,21 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.io.IOException; +import java.util.ArrayList; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/iae" }) +public class IllegalArgumentExceptionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + req.setAttribute("iae", new ArrayList(-1)); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/IllegalMonitorStateExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/IllegalMonitorStateExceptionServlet.java new file mode 100644 index 0000000..fae9fb5 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/IllegalMonitorStateExceptionServlet.java @@ -0,0 +1,26 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/imse" }) +public class IllegalMonitorStateExceptionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + Thread thread = new Thread(); + thread.start(); + try { + thread.wait(); + } catch (InterruptedException e) { + log.error("InterruptedException occurs: ", e); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/IllegalPathStateExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/IllegalPathStateExceptionServlet.java new file mode 100644 index 0000000..2eb483d --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/IllegalPathStateExceptionServlet.java @@ -0,0 +1,22 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.awt.geom.GeneralPath; +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/ipse" }) +public class IllegalPathStateExceptionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + GeneralPath subPath = new GeneralPath(GeneralPath.WIND_EVEN_ODD, 100); + subPath.closePath(); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/IllegalStateExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/IllegalStateExceptionServlet.java new file mode 100644 index 0000000..38ca315 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/IllegalStateExceptionServlet.java @@ -0,0 +1,27 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Iterator; +import java.util.List; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/iase" }) +public class IllegalStateExceptionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + List alphabet = new ArrayList(Arrays.asList("a", "b, c")); + for (final Iterator itr = alphabet.iterator(); itr.hasNext();) { + itr.remove(); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/IllegalThreadStateExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/IllegalThreadStateExceptionServlet.java new file mode 100644 index 0000000..3a4cdd6 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/IllegalThreadStateExceptionServlet.java @@ -0,0 +1,22 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/itse" }) +public class IllegalThreadStateExceptionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + Runtime rt = Runtime.getRuntime(); + Process proc = rt.exec("javac"); + proc.exitValue(); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/ImagingOpExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/ImagingOpExceptionServlet.java new file mode 100644 index 0000000..3d2dff4 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/ImagingOpExceptionServlet.java @@ -0,0 +1,26 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.awt.geom.AffineTransform; +import java.awt.image.AffineTransformOp; +import java.awt.image.BufferedImage; +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/imoe" }) +public class ImagingOpExceptionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + BufferedImage img = new BufferedImage(1, 40000, BufferedImage.TYPE_INT_RGB); + AffineTransformOp flipAtop = new AffineTransformOp(AffineTransform.getScaleInstance(1, 1), + AffineTransformOp.TYPE_NEAREST_NEIGHBOR); + flipAtop.filter(img, null); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/IndexOutOfBoundsExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/IndexOutOfBoundsExceptionServlet.java new file mode 100644 index 0000000..2b3fc5d --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/IndexOutOfBoundsExceptionServlet.java @@ -0,0 +1,21 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.io.IOException; +import java.util.ArrayList; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/ioobe" }) +public class IndexOutOfBoundsExceptionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + new ArrayList().get(1); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/InputMismatchExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/InputMismatchExceptionServlet.java new file mode 100644 index 0000000..e4ec616 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/InputMismatchExceptionServlet.java @@ -0,0 +1,29 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.io.IOException; +import java.util.Scanner; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/ime" }) +public class InputMismatchExceptionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + Scanner scanner = null; + try { + scanner = new Scanner("a"); + scanner.nextInt(); + } finally { + if (scanner != null) { + scanner.close(); + } + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/MalformedParameterizedTypeExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/MalformedParameterizedTypeExceptionServlet.java new file mode 100644 index 0000000..ae70ca1 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/MalformedParameterizedTypeExceptionServlet.java @@ -0,0 +1,24 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.io.IOException; +import java.lang.reflect.Type; +import java.util.List; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +import sun.reflect.generics.reflectiveObjects.ParameterizedTypeImpl; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/mpte" }) +public class MalformedParameterizedTypeExceptionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + ParameterizedTypeImpl.make(List.class, new Type[]{}, null); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/MissingResourceExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/MissingResourceExceptionServlet.java new file mode 100644 index 0000000..9868512 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/MissingResourceExceptionServlet.java @@ -0,0 +1,21 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.io.IOException; +import java.util.ResourceBundle; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/mre" }) +public class MissingResourceExceptionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + ResourceBundle.getBundle(""); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/NegativeArraySizeExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/NegativeArraySizeExceptionServlet.java new file mode 100644 index 0000000..783964a --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/NegativeArraySizeExceptionServlet.java @@ -0,0 +1,20 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/nase" }) +public class NegativeArraySizeExceptionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + req.setAttribute("nase", new int[-1]); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/NoSuchElementExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/NoSuchElementExceptionServlet.java new file mode 100644 index 0000000..21cfed5 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/NoSuchElementExceptionServlet.java @@ -0,0 +1,21 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.io.IOException; +import java.util.ArrayList; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/nsee" }) +public class NoSuchElementExceptionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + new ArrayList().iterator().next(); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/NullPointerExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/NullPointerExceptionServlet.java new file mode 100644 index 0000000..ffd1937 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/NullPointerExceptionServlet.java @@ -0,0 +1,20 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/npe" }) +public class NullPointerExceptionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + req.setAttribute("npe", Integer.decode(null)); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/NumberFormatExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/NumberFormatExceptionServlet.java new file mode 100644 index 0000000..7ce3f45 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/NumberFormatExceptionServlet.java @@ -0,0 +1,20 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/nfe" }) +public class NumberFormatExceptionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + req.setAttribute("nfe", Integer.valueOf("")); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/SecurityExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/SecurityExceptionServlet.java new file mode 100644 index 0000000..051fb2c --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/SecurityExceptionServlet.java @@ -0,0 +1,20 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/se" }) +public class SecurityExceptionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + new SecurityManager().checkPermission(new RuntimePermission("exitVM"), null); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/UnsupportedCharsetExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/UnsupportedCharsetExceptionServlet.java new file mode 100644 index 0000000..8e1a08b --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/UnsupportedCharsetExceptionServlet.java @@ -0,0 +1,21 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.io.IOException; +import java.nio.charset.Charset; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/uce" }) +public class UnsupportedCharsetExceptionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + req.setAttribute("uce", new String("str".getBytes(Charset.defaultCharset()), Charset.forName("test"))); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/exceptions/UnsupportedOperationExceptionServlet.java b/src/main/java/org/t246osslab/easybuggy/exceptions/UnsupportedOperationExceptionServlet.java new file mode 100644 index 0000000..1797ebc --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/exceptions/UnsupportedOperationExceptionServlet.java @@ -0,0 +1,30 @@ +package org.t246osslab.easybuggy.exceptions; + +import java.io.IOException; +import java.util.Arrays; +import java.util.Iterator; +import java.util.List; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/uoe" }) +public class UnsupportedOperationExceptionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + List alphabet = Arrays.asList("a", "b", "c"); + Iterator i = alphabet.iterator(); + while(i.hasNext()){ + String name = i.next(); + if(!"a".equals(name)){ + i.remove(); + } + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/performance/CreatingUnnecessaryObjectsServlet.java b/src/main/java/org/t246osslab/easybuggy/performance/CreatingUnnecessaryObjectsServlet.java new file mode 100644 index 0000000..e4ca285 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/performance/CreatingUnnecessaryObjectsServlet.java @@ -0,0 +1,91 @@ +package org.t246osslab.easybuggy.performance; + +import java.io.IOException; +import java.util.Locale; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.math.NumberUtils; +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/createobjects" }) +public class CreatingUnnecessaryObjectsServlet extends AbstractServlet { + + @Override + protected void service(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + Locale locale = req.getLocale(); + String strNumber = req.getParameter("number"); + int number = NumberUtils.toInt(strNumber, -1); + StringBuilder bodyHtml = new StringBuilder(); + bodyHtml.append("
"); + bodyHtml.append(getMsg("msg.calc.sym.natural.numbers", locale)); + bodyHtml.append("

n = "); + if (number > 0) { + bodyHtml.append(""); + } else { + bodyHtml.append(""); + } + bodyHtml.append("

"); + if (number > 0) { + switch (number) { + case 1: + break; + case 2: + bodyHtml.append("1 + 2 = "); + break; + case 3: + bodyHtml.append("1 + 2 + 3 = "); + break; + case 4: + bodyHtml.append("1 + 2 + 3 + 4 = "); + break; + case 5: + bodyHtml.append("1 + 2 + 3 + 4 + 5 = "); + break; + default: + bodyHtml.append("1 + 2 + 3 + ... + " + number + " = "); + bodyHtml.append("\\(\\begin{eqnarray}\\sum_{ k = 1 }^{ " + number + " } k\\end{eqnarray}\\) = "); + } + } else { + bodyHtml.append("1 + 2 + 3 + ... + n = "); + bodyHtml.append("\\(\\begin{eqnarray}\\sum_{ k = 1 }^{ n } k\\end{eqnarray}\\) = "); + } + if (number >= 1) { + long start = System.nanoTime(); + bodyHtml.append(calcSum1(number)); + log.info("{} ms", (System.nanoTime() - start) / 1000000f); + } + bodyHtml.append("

"); + bodyHtml.append(""); + bodyHtml.append("

"); + bodyHtml.append(getInfoMsg("msg.note.createobjects", locale)); + bodyHtml.append("
"); + + responseToClient(req, res, getMsg("title.createobjects.page", locale), bodyHtml.toString()); + } + + private Long calcSum1(int number) { + Long sum = 0L; + for (long i = 1; i <= number; i++) { + sum += i; + } + return sum; + } +/* + private long calcSum2(int number) { + long sum = 0L; + for (int i = 1; i <= number; i++) { + sum += i; + } + return sum; + } + + private long calcSum3(int number) { + return (long) number * (number + 1) / 2; + } +*/ +} diff --git a/src/main/java/org/t246osslab/easybuggy/performance/SlowRegularExpressionServlet.java b/src/main/java/org/t246osslab/easybuggy/performance/SlowRegularExpressionServlet.java new file mode 100644 index 0000000..bff753a --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/performance/SlowRegularExpressionServlet.java @@ -0,0 +1,65 @@ +package org.t246osslab.easybuggy.performance; + +import java.io.IOException; +import java.util.Date; +import java.util.Locale; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringUtils; +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/slowre" }) +public class SlowRegularExpressionServlet extends AbstractServlet { + + @Override + protected void service(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + try { + String word = req.getParameter("word"); + Locale locale = req.getLocale(); + + StringBuilder bodyHtml = new StringBuilder(); + + bodyHtml.append("
"); + bodyHtml.append(getMsg("description.test.regular.expression", locale)); + bodyHtml.append("

"); + bodyHtml.append(""); + bodyHtml.append("

"); + bodyHtml.append(getMsg("label.string", locale) + ": "); + bodyHtml.append(""); + bodyHtml.append("

"); + bodyHtml.append(""); + bodyHtml.append("

"); + + if (!StringUtils.isBlank(word)) { + log.info("Start Date: {}", new Date()); + Pattern compile = Pattern.compile("^([a-z0-9]+[-]{0,1}){1,100}$"); + Matcher matcher = compile.matcher(word); + boolean matches = matcher.matches(); + log.info("End Date: {}", new Date()); + if (matches) { + bodyHtml.append(getMsg("msg.match.regular.expression", locale)); + } else { + bodyHtml.append(getMsg("msg.not.match.regular.expression", locale)); + } + } else { + bodyHtml.append(getMsg("msg.enter.string", locale)); + } + bodyHtml.append("

"); + bodyHtml.append(getInfoMsg("msg.note.slowregex", locale)); + bodyHtml.append("
"); + + responseToClient(req, res, getMsg("title.slowregex.page", locale), bodyHtml.toString()); + + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/performance/StringPlusOperationServlet.java b/src/main/java/org/t246osslab/easybuggy/performance/StringPlusOperationServlet.java new file mode 100644 index 0000000..31e4fc5 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/performance/StringPlusOperationServlet.java @@ -0,0 +1,107 @@ +package org.t246osslab.easybuggy.performance; + +import java.io.IOException; +import java.util.Arrays; +import java.util.Date; +import java.util.Locale; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.math.NumberUtils; +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/strplusopr" }) +public class StringPlusOperationServlet extends AbstractServlet { + + private static final int MAX_LENGTH = 1000000; + private static final String[] ALL_NUMBERS = { "1", "2", "3", "4", "5", "6", "7", "8", "9", "0" }; + private static final String[] ALL_UPPER_CHARACTERS = { "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", + "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z" }; + private static final String[] ALL_LOWER_CHARACTERS = { "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", + "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z" }; + private static final String[] ALL_SIGNS = { "!", "#", "$", "%", "&", "(", ")", "*", "+", ",", "-", ".", "/", ":", + ";", "<", "=", ">", "?", "@", "[", "]", "^", "_", "{", "|", "}" }; + + @Override + protected void service(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + try { + String strLength = req.getParameter("length"); + int length = NumberUtils.toInt(strLength, 0); + String[] characters = req.getParameterValues("characters"); + Locale locale = req.getLocale(); + + StringBuilder bodyHtml = new StringBuilder(); + bodyHtml.append("
"); + bodyHtml.append(getMsg("description.random.string.generator", locale)); + bodyHtml.append("

"); + bodyHtml.append(getMsg("label.character.count", locale) + ": "); + bodyHtml.append("
"); + if (length > 0) { + bodyHtml.append(""); + } else { + bodyHtml.append(""); + } + bodyHtml.append("

"); + bodyHtml.append("

" + getMsg("label.available.characters", locale) + "

"); + + appendCheckBox(characters, locale, bodyHtml, ALL_NUMBERS, "label.numbers"); + appendCheckBox(characters, locale, bodyHtml, ALL_UPPER_CHARACTERS, "label.uppercase.characters"); + appendCheckBox(characters, locale, bodyHtml, ALL_LOWER_CHARACTERS, "label.lowercase.characters"); + appendCheckBox(characters, locale, bodyHtml, ALL_SIGNS, "label.signs"); + + bodyHtml.append(""); + bodyHtml.append("

"); + + if (length > 0) { + // StringBuilder builder = new StringBuilder(); + String s = ""; + if (characters != null) { + java.util.Random rand = new java.util.Random(); + log.info("Start Date: {}", new Date()); + for (int i = 0; i < length && i < MAX_LENGTH; i++) { + s = s + characters[rand.nextInt(characters.length)]; + // builder.append(characters[rand.nextInt(characters.length)]); + } + log.info("End Date: {}", new Date()); + } + bodyHtml.append(getMsg("label.execution.result", locale)); + bodyHtml.append("

"); + // bodyHtml.append(encodeForHTML(builder.toString())); + bodyHtml.append(encodeForHTML(s)); + } else { + bodyHtml.append(getMsg("msg.enter.positive.number", locale)); + } + bodyHtml.append("

"); + bodyHtml.append(getInfoMsg("msg.note.strplusopr", locale)); + bodyHtml.append("
"); + responseToClient(req, res, getMsg("title.strplusopr.page", locale), bodyHtml.toString()); + + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + } + + private void appendCheckBox(String[] characters, Locale locale, StringBuilder bodyHtml, String[] allCharacters, + String label) { + bodyHtml.append("

" + getMsg(label, locale) + "

"); + bodyHtml.append("

"); + for (String allCharacter : allCharacters) { + bodyHtml.append(""); + } else { + bodyHtml.append("\">"); + } + bodyHtml.append(allCharacter); + bodyHtml.append(" "); + } + bodyHtml.append("

"); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/DBConnectionLeakServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/DBConnectionLeakServlet.java new file mode 100644 index 0000000..fa21e5b --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/troubles/DBConnectionLeakServlet.java @@ -0,0 +1,93 @@ +package org.t246osslab.easybuggy.troubles; + +import java.io.IOException; +import java.sql.Connection; +import java.sql.ResultSet; +import java.sql.Statement; +import java.util.Locale; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringUtils; +import org.t246osslab.easybuggy.core.dao.DBClient; +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; +import org.t246osslab.easybuggy.core.utils.ApplicationUtils; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/dbconnectionleak" }) +public class DBConnectionLeakServlet extends AbstractServlet { + + @Override + protected void service(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + Locale locale = req.getLocale(); + StringBuilder bodyHtml = new StringBuilder(); + try { + final String dbUrl = ApplicationUtils.getDatabaseURL(); + final String dbDriver = ApplicationUtils.getDatabaseDriver(); + + if (!StringUtils.isBlank(dbDriver)) { + loadDbDriver(dbDriver); + } + bodyHtml.append(selectUsers(locale)); + if (StringUtils.isBlank(dbUrl) || dbUrl.startsWith("jdbc:derby:memory:")) { + bodyHtml.append(getInfoMsg("msg.note.not.use.ext.db", locale)); + } else { + bodyHtml.append(getInfoMsg("msg.note.db.connection.leak.occur", locale)); + } + + } catch (Exception e) { + log.error("Exception occurs: ", e); + bodyHtml.append(getErrMsg("msg.unknown.exception.occur", new String[]{e.getMessage()}, locale)); + bodyHtml.append(e.getLocalizedMessage()); + } finally { + responseToClient(req, res, getMsg("title.dbconnectionleak.page", locale), bodyHtml.toString()); + } + } + + private void loadDbDriver(final String dbDriver) { + try { + Class.forName(dbDriver); + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + } + + private String selectUsers(Locale locale) { + + Connection conn = null; + Statement stmt = null; + ResultSet rs = null; + String result = getErrMsg("msg.error.user.not.exist", locale); + try { + conn = DBClient.getConnection(); + stmt = conn.createStatement(); + rs = stmt.executeQuery("select id, name, phone, mail from users where ispublic = 'true'"); + StringBuilder sb = new StringBuilder(); + while (rs.next()) { + sb.append("" + rs.getString("id") + "" + rs.getString("name") + "" + + rs.getString("phone") + "" + rs.getString("mail") + ""); + } + if (sb.length() > 0) { + result = "" + sb.toString() + "
" + + getMsg("label.user.id", locale) + "" + + getMsg("label.name", locale) + "" + + getMsg("label.phone", locale) + "" + + getMsg("label.mail", locale) + "
"; + } + } catch (Exception e) { + result = getErrMsg("msg.db.access.error.occur", locale); + log.error("Exception occurs: ", e); + /* A DB connection leaks because the following lines are commented out. + } finally { + Closer.close(rs); + Closer.close(stmt); + Closer.close(conn); + */ + } + return result; + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/DeadlockServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/DeadlockServlet.java new file mode 100644 index 0000000..a1d03ee --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/troubles/DeadlockServlet.java @@ -0,0 +1,94 @@ +package org.t246osslab.easybuggy.troubles; + +import java.io.IOException; +import java.lang.management.ManagementFactory; +import java.lang.management.ThreadInfo; +import java.lang.management.ThreadMXBean; +import java.util.Locale; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/deadlock" }) +public class DeadlockServlet extends AbstractServlet { + + private final Object lock1 = new Object(); + private final Object lock2 = new Object(); + private boolean switchFlag = true; + + @Override + protected void service(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + Locale locale = req.getLocale(); + StringBuilder bodyHtml = new StringBuilder(); + try { + if (req.getSession().getAttribute("dlpinit") == null) { + req.getSession().setAttribute("dlpinit", "true"); + } else { + todoRemove(); + } + + ThreadMXBean bean = ManagementFactory.getThreadMXBean(); + long[] threadIds = bean.findDeadlockedThreads(); + if (threadIds != null) { + bodyHtml.append(getMsg("msg.dead.lock.detected", locale)); + bodyHtml.append("

"); + bodyHtml.append(""); + ThreadInfo[] infos = bean.getThreadInfo(threadIds); + for (ThreadInfo info : infos) { + bodyHtml.append(""); + } + bodyHtml.append("
" + info.toString() + "
"); + } else { + bodyHtml.append(getMsg("msg.dead.lock.not.occur", locale)); + bodyHtml.append("

"); + } + bodyHtml.append(getInfoMsg("msg.note.deadlock", locale)); + } catch (Exception e) { + log.error("Exception occurs: ", e); + bodyHtml.append(getErrMsg("msg.unknown.exception.occur", new String[] { e.getMessage() }, locale)); + } finally { + responseToClient(req, res, getMsg("title.deadlock.page", locale), bodyHtml.toString()); + } + } + + private void todoRemove() { + switchFlag = !switchFlag; + if (switchFlag) { + lock12(); + } else { + lock21(); + } + } + + private void lock12() { + synchronized (lock1) { + sleep(); + synchronized (lock2) { + sleep(); + } + } + } + + private void lock21() { + synchronized (lock2) { + sleep(); + synchronized (lock1) { + sleep(); + } + } + } + + private void sleep() { + try { + Thread.sleep(1000); + } catch (InterruptedException e) { + log.error("Exception occurs: ", e); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/DeadlockServlet2.java b/src/main/java/org/t246osslab/easybuggy/troubles/DeadlockServlet2.java new file mode 100644 index 0000000..99fabef --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/troubles/DeadlockServlet2.java @@ -0,0 +1,196 @@ +package org.t246osslab.easybuggy.troubles; + +import java.io.IOException; +import java.sql.Connection; +import java.sql.PreparedStatement; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.SQLTransactionRollbackException; +import java.sql.Statement; +import java.util.ArrayList; +import java.util.Locale; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.dao.DBClient; +import org.t246osslab.easybuggy.core.model.User; +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; +import org.t246osslab.easybuggy.core.utils.Closer; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/deadlock2" }) +public class DeadlockServlet2 extends AbstractServlet { + + @Override + protected void service(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + Locale locale = req.getLocale(); + StringBuilder bodyHtml = new StringBuilder(); + String updateResult = ""; + ArrayList users; + try { + String order = getOrder(req); + if ("POST".equals(req.getMethod())) { + users = new ArrayList(); + for (int j = 0;; j++) { + String uid = req.getParameter("uid_" + (j + 1)); + if (uid == null) { + break; + } + User user = new User(); + user.setUserId(uid); + user.setName(req.getParameter(uid + "_name")); + user.setPhone(req.getParameter(uid + "_phone")); + user.setMail(req.getParameter(uid + "_mail")); + users.add(user); + } + updateResult = updateUsers(users, locale); + } else { + users = selectUsers(order); + } + createHTMLUserTable(locale, bodyHtml, users, order, updateResult); + + } catch (Exception e) { + log.error("Exception occurs: ", e); + bodyHtml.append( + getErrMsg("msg.unknown.exception.occur", new String[] { e.getMessage() }, locale)); + bodyHtml.append(e.getLocalizedMessage()); + } finally { + responseToClient(req, res, getMsg("title.xxe.page", locale), bodyHtml.toString()); + } + } + + private String getOrder(HttpServletRequest req) { + String order = req.getParameter("order"); + if ("asc".equals(order)) { + order = "desc"; + } else { + order = "asc"; + } + return order; + } + + private void createHTMLUserTable(Locale locale, StringBuilder bodyHtml, ArrayList users, String order, + String updateResult) { + + bodyHtml.append("
"); + bodyHtml.append(getMsg("msg.update.users", locale)); + bodyHtml.append("

"); + bodyHtml.append(""); + bodyHtml.append("

"); + bodyHtml.append( + ""); + int rownum = 1; + for (User user : users) { + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + rownum++; + } + bodyHtml.append("
"); + bodyHtml.append("" + getMsg("label.user.id", locale)); + if ("desc".equals(order)) { + bodyHtml.append(" "); + } else { + bodyHtml.append(" "); + } + bodyHtml.append(""); + bodyHtml.append(getMsg("label.name", locale) + ""); + bodyHtml.append(getMsg("label.phone", locale) + ""); + bodyHtml.append(getMsg("label.mail", locale) + "
" + user.getUserId() + "
"); + bodyHtml.append(updateResult); + bodyHtml.append(getInfoMsg("msg.note.deadlock2", locale)); + bodyHtml.append("
"); + } + + private ArrayList selectUsers(String order) { + + Statement stmt = null; + Connection conn = null; + ResultSet rs = null; + ArrayList users = new ArrayList(); + try { + conn = DBClient.getConnection(); + conn.setAutoCommit(true); + + stmt = conn.createStatement(); + rs = stmt.executeQuery("select * from users where ispublic = 'true' order by id " + ("desc".equals(order) ? "desc" : "asc")); + while (rs.next()) { + User user = new User(); + user.setUserId(rs.getString("id")); + user.setName(rs.getString("name")); + user.setPhone(rs.getString("phone")); + user.setMail(rs.getString("mail")); + users.add(user); + } + } catch (SQLException e) { + log.error("SQLException occurs: ", e); + } catch (Exception e) { + log.error("Exception occurs: ", e); + } finally { + Closer.close(rs); + Closer.close(stmt); + Closer.close(conn); + } + return users; + } + + private String updateUsers(ArrayList users, Locale locale) { + + PreparedStatement stmt = null; + Connection conn = null; + int executeUpdate = 0; + String resultMessage; + try { + conn = DBClient.getConnection(); + conn.setAutoCommit(false); + stmt = conn.prepareStatement("Update users set name = ?, phone = ?, mail = ? where id = ?"); + for (User user : users) { + stmt.setString(1, user.getName()); + stmt.setString(2, user.getPhone()); + stmt.setString(3, user.getMail()); + stmt.setString(4, user.getUserId()); + executeUpdate = executeUpdate + stmt.executeUpdate(); + log.info(user.getUserId() +" is updated."); + Thread.sleep(500); + } + conn.commit(); + resultMessage = getMsg("msg.update.records", new Object[] { executeUpdate }, locale) + "

"; + + } catch (SQLTransactionRollbackException e) { + resultMessage = getErrMsg("msg.deadlock.occurs", locale); + log.error("SQLTransactionRollbackException occurs: ", e); + rollbak(conn); + } catch (SQLException e) { + resultMessage = getErrMsg("msg.unknown.exception.occur", new String[] { e.getMessage() }, locale); + log.error("SQLException occurs: ", e); + rollbak(conn); + } catch (Exception e) { + resultMessage = getErrMsg("msg.unknown.exception.occur", new String[] { e.getMessage() }, locale); + log.error("Exception occurs: ", e); + rollbak(conn); + } finally { + Closer.close(stmt); + Closer.close(conn); + } + return resultMessage; + } + + private void rollbak(Connection conn) { + if (conn != null) { + try { + conn.rollback(); + } catch (SQLException e1) { + log.error("SQLException occurs: ", e1); + } + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/EndlessWaitingServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/EndlessWaitingServlet.java new file mode 100644 index 0000000..b449995 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/troubles/EndlessWaitingServlet.java @@ -0,0 +1,140 @@ +package org.t246osslab.easybuggy.troubles; + +import java.io.BufferedReader; +import java.io.BufferedWriter; +import java.io.File; +import java.io.FileWriter; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.util.Locale; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.math.NumberUtils; +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; +import org.t246osslab.easybuggy.core.utils.Closer; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/endlesswaiting" }) +public class EndlessWaitingServlet extends AbstractServlet { + + private static final int MAX_COUNT = 100000; + + @Override + protected void service(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + try { + String strCount = req.getParameter("count"); + int count = NumberUtils.toInt(strCount, 0); + Locale locale = req.getLocale(); + + StringBuilder bodyHtml = new StringBuilder(); + bodyHtml.append("
"); + bodyHtml.append(getMsg("description.endless.waiting", locale)); + bodyHtml.append("

"); + bodyHtml.append(getMsg("label.character.count", locale) + ": "); + bodyHtml.append(""); + bodyHtml.append("

"); + bodyHtml.append(""); + bodyHtml.append("

"); + + if (count > 0) { + /* create a batch file in the temp directory */ + File batFile = createBatchFile(count, req.getServletContext().getAttribute("javax.servlet.context.tempdir").toString()); + + if (batFile == null) { + bodyHtml.append(getMsg("msg.cant.create.batch", locale)); + } else { + /* execte the batch */ + ProcessBuilder pb = new ProcessBuilder(batFile.getAbsolutePath()); + Process process = pb.start(); + process.waitFor(); + bodyHtml.append(getMsg("msg.executed.batch", locale) + batFile.getAbsolutePath()); + bodyHtml.append("

"); + bodyHtml.append(getMsg("label.execution.result", locale)); + bodyHtml.append("

"); + bodyHtml.append(printInputStream(process.getInputStream())); + bodyHtml.append(printInputStream(process.getErrorStream())); + } + } else { + bodyHtml.append(getMsg("msg.enter.positive.number", locale)); + bodyHtml.append("
"); + } + bodyHtml.append("
"); + bodyHtml.append(getInfoMsg("msg.note.endlesswaiting", locale)); + bodyHtml.append("
"); + responseToClient(req, res, getMsg("title.endlesswaiting.page", locale), bodyHtml.toString()); + + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + } + + private File createBatchFile(int count, String tmpdir) throws IOException { + BufferedWriter buffwriter = null; + FileWriter fileWriter = null; + File batFile = null; + try { + String osName = System.getProperty("os.name").toLowerCase(); + String batFileName; + String firstLine; + if (osName.toLowerCase().startsWith("windows")) { + batFileName = "test.bat"; + firstLine = "@echo off"; + } else { + batFileName = "test.sh"; + firstLine = "#!/bin/sh"; + } + + batFile = new File(tmpdir, batFileName); + if (!batFile.setExecutable(true)) { + log.debug("batFile.setExecutable(true) returns false."); + } + fileWriter = new FileWriter(batFile); + buffwriter = new BufferedWriter(fileWriter); + buffwriter.write(firstLine); + buffwriter.newLine(); + + for (int i = 0; i < count && i < MAX_COUNT; i++) { + if (i % 100 == 0) { + buffwriter.newLine(); + buffwriter.write("echo "); + } + buffwriter.write(String.valueOf(i % 10)); + } + buffwriter.close(); + fileWriter.close(); + if (!osName.toLowerCase().startsWith("windows")) { + Runtime runtime = Runtime.getRuntime(); + runtime.exec("chmod 777 " + batFile.getAbsolutePath()); + } + } catch (Exception e) { + log.error("Exception occurs: ", e); + } finally { + Closer.close(fileWriter, buffwriter); + } + return batFile; + } + + private String printInputStream(InputStream is) throws IOException { + StringBuilder sb = new StringBuilder(); + BufferedReader br = new BufferedReader(new InputStreamReader(is)); + try { + while (true) { + String line = br.readLine(); + if (line == null) { + break; + } + sb.append(line + "
"); + } + } finally { + Closer.close(br); + Closer.close(is); + } + return sb.toString(); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/FileDescriptorLeakServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/FileDescriptorLeakServlet.java new file mode 100644 index 0000000..0ba49a7 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/troubles/FileDescriptorLeakServlet.java @@ -0,0 +1,69 @@ +package org.t246osslab.easybuggy.troubles; + +import java.io.BufferedReader; +import java.io.File; +import java.io.FileOutputStream; +import java.io.FileReader; +import java.io.IOException; +import java.io.OutputStreamWriter; +import java.util.Date; +import java.util.Locale; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/filedescriptorleak" }) +public class FileDescriptorLeakServlet extends AbstractServlet { + + private static final int MAX_DISPLAY_COUNT = 15; + private long count = 0; + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + Locale locale = req.getLocale(); + StringBuilder bodyHtml = new StringBuilder(); + try { + File file = new File(req.getServletContext().getAttribute("javax.servlet.context.tempdir").toString(),"test.txt"); + FileOutputStream fos = new FileOutputStream(file, true); + OutputStreamWriter osw = new OutputStreamWriter(fos); + osw.write(""); + osw.write("" + new Date().toString() + ""); + osw.write("" + req.getRemoteAddr() + ""); + osw.write("" + req.getRequestedSessionId() + ""); + osw.write("" + System.getProperty("line.separator")); + osw.flush(); + count++; + + BufferedReader br = new BufferedReader(new FileReader(file)); + bodyHtml.append("

" + getMsg("description.access.history", req.getLocale()) + "

"); + bodyHtml.append( + ""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + int headerLength = bodyHtml.length(); + String line; + long currentLineNum = 0; + while ((line = br.readLine()) != null) { + if (count - currentLineNum <= MAX_DISPLAY_COUNT) { + bodyHtml.insert(headerLength, line); + } + currentLineNum++; + } + bodyHtml.append("
" + getMsg("label.access.time", locale) + "" + getMsg("label.ip.address", locale) + "" + getMsg("label.session.id", locale) + "
"); + } catch (Exception e) { + log.error("Exception occurs: ", e); + bodyHtml.append(getErrMsg("msg.unknown.exception.occur", new String[] { e.getMessage() }, locale)); + bodyHtml.append(e.getLocalizedMessage()); + } finally { + bodyHtml.append(getInfoMsg("msg.note.filedescriptorleak", req.getLocale())); + responseToClient(req, res, getMsg("title.filedescriptorleak.page", locale), bodyHtml.toString()); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/ForwardLoopServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/ForwardLoopServlet.java new file mode 100644 index 0000000..248e116 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/troubles/ForwardLoopServlet.java @@ -0,0 +1,22 @@ +package org.t246osslab.easybuggy.troubles; + +import java.io.IOException; + +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/forwardloop" }) +public class ForwardLoopServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + RequestDispatcher dispatch = req.getRequestDispatcher( "/forwardloop"); + dispatch.forward(req, res); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/InfiniteLoopServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/InfiniteLoopServlet.java new file mode 100644 index 0000000..38ddd4d --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/troubles/InfiniteLoopServlet.java @@ -0,0 +1,24 @@ +package org.t246osslab.easybuggy.troubles; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/infiniteloop" }) +public class InfiniteLoopServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + while (true) { + String contextPath = req.getContextPath(); + int contentLength = req.getContentLength(); + log.debug("contextPath: {}, contentLength: {}", contextPath, contentLength); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/IntegerOverflowServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/IntegerOverflowServlet.java new file mode 100644 index 0000000..718934b --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/troubles/IntegerOverflowServlet.java @@ -0,0 +1,74 @@ +package org.t246osslab.easybuggy.troubles; + +import java.io.IOException; +import java.math.BigDecimal; +import java.util.Locale; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.math.NumberUtils; +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/iof" }) +public class IntegerOverflowServlet extends AbstractServlet { + + @Override + protected void service(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + BigDecimal thickness = null; + BigDecimal thicknessM = null; + BigDecimal thicknessKm = null; + String strTimes = req.getParameter("times"); + int times = NumberUtils.toInt(strTimes, -1); + try { + Locale locale = req.getLocale(); + if (strTimes != null) { + long multipleNumber = 1; + if (times >= 0) { + for (int i = 0; i < times; i++) { + multipleNumber = multipleNumber * 2; + } + thickness = new BigDecimal(multipleNumber).divide(new BigDecimal(10)); // mm + thicknessM = thickness.divide(new BigDecimal(1000)); // m + thicknessKm = thicknessM.divide(new BigDecimal(1000)); // km + } + } + + StringBuilder bodyHtml = new StringBuilder(); + bodyHtml.append("
"); + bodyHtml.append(getMsg("msg.question.reach.the.moon", locale)); + bodyHtml.append("

"); + if (times >= 0) { + bodyHtml.append( + ""); + } else { + bodyHtml.append(""); + } + bodyHtml.append("  "); + bodyHtml.append(getMsg("label.times", locale) + " : "); + if (times >= 0) { + bodyHtml.append(thickness + " mm"); + if (thicknessM != null && thicknessKm != null) { + bodyHtml.append(thicknessM.intValue() >= 1 && thicknessKm.intValue() < 1 ? " = " + thicknessM + " m" : ""); + bodyHtml.append(thicknessKm.intValue() >= 1 ? " = " + thicknessKm + " km" : ""); + } + if (times == 42) { + bodyHtml.append(" : " + getMsg("msg.answer.is.correct", locale)); + } + } + bodyHtml.append("

"); + bodyHtml.append(""); + bodyHtml.append("

"); + bodyHtml.append(getInfoMsg("msg.note.intoverflow", locale)); + bodyHtml.append("
"); + + responseToClient(req, res, getMsg("title.intoverflow.page", locale), bodyHtml.toString()); + + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/JVMCrashByEAVServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/JVMCrashByEAVServlet.java new file mode 100644 index 0000000..0d8fe2f --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/troubles/JVMCrashByEAVServlet.java @@ -0,0 +1,34 @@ +package org.t246osslab.easybuggy.troubles; + +import java.io.IOException; +import java.lang.reflect.Field; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +import sun.misc.Unsafe; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/jvmcrasheav" }) +public class JVMCrashByEAVServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + try { + getUnsafe().getByte(0); + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + } + + private static Unsafe getUnsafe() throws NoSuchFieldException, IllegalAccessException { + Field singleoneInstanceField = Unsafe.class.getDeclaredField("theUnsafe"); + singleoneInstanceField.setAccessible(true); + return (Unsafe) singleoneInstanceField.get(null); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/LossOfTrailingDigitsServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/LossOfTrailingDigitsServlet.java new file mode 100644 index 0000000..c937aca --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/troubles/LossOfTrailingDigitsServlet.java @@ -0,0 +1,53 @@ +package org.t246osslab.easybuggy.troubles; + +import java.io.IOException; +import java.util.Locale; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.math.NumberUtils; +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/lotd" }) +public class LossOfTrailingDigitsServlet extends AbstractServlet { + + @Override + protected void service(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + boolean isValid = true; + Locale locale = req.getLocale(); + String strNumber = req.getParameter("number"); + double number = NumberUtils.toDouble(strNumber, Double.NaN); + try { + if (Double.isNaN(number) || number <= -1 || 1 <= number) { + isValid = false; + } + + StringBuilder bodyHtml = new StringBuilder(); + bodyHtml.append("
"); + bodyHtml.append(getMsg("msg.enter.decimal.value", locale)); + bodyHtml.append("

"); + if (!Double.isNaN(number) && isValid) { + bodyHtml.append(""); + } else { + bodyHtml.append(""); + } + bodyHtml.append(" + 1 = "); + if (!Double.isNaN(number) && isValid) { + bodyHtml.append(String.valueOf(number + 1)); + } + bodyHtml.append("

"); + bodyHtml.append(""); + bodyHtml.append("

"); + bodyHtml.append(getInfoMsg("msg.note.lossoftrailingdigits", locale)); + bodyHtml.append("
"); + responseToClient(req, res, getMsg("title.lossoftrailingdigits.page", locale), bodyHtml.toString()); + + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/MemoryLeakServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/MemoryLeakServlet.java new file mode 100644 index 0000000..5e3c3d2 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/troubles/MemoryLeakServlet.java @@ -0,0 +1,75 @@ +package org.t246osslab.easybuggy.troubles; + +import java.io.IOException; +import java.lang.management.ManagementFactory; +import java.lang.management.MemoryPoolMXBean; +import java.lang.management.MemoryType; +import java.lang.management.MemoryUsage; +import java.util.HashMap; +import java.util.List; +import java.util.Locale; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/memoryleak" }) +public class MemoryLeakServlet extends AbstractServlet { + + private HashMap cache = new HashMap(); + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + StringBuilder bodyHtml = new StringBuilder(); + Locale locale = req.getLocale(); + try { + toDoRemove(); + + List memoryPoolMXBeans = ManagementFactory.getMemoryPoolMXBeans(); + for (MemoryPoolMXBean memoryPoolMXBean : memoryPoolMXBeans) { + if (MemoryType.HEAP.equals(memoryPoolMXBean.getType())) { + bodyHtml.append("

" + memoryPoolMXBean.getName() + "

"); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + writeUsageRow(bodyHtml, memoryPoolMXBean.getUsage(), getMsg("label.memory.usage", locale)); + writeUsageRow(bodyHtml, memoryPoolMXBean.getPeakUsage(), getMsg("label.memory.peak.usage", locale)); + writeUsageRow(bodyHtml, memoryPoolMXBean.getCollectionUsage(), getMsg("label.memory.collection.usage", locale)); + bodyHtml.append("
" + getMsg("label.memory.init", locale) + "" + getMsg("label.memory.used", locale) + "" + getMsg("label.memory.committed", locale) + "" + getMsg("label.memory.max", locale) + "
"); + } + } + bodyHtml.append(getInfoMsg("msg.note.memoryleak", req.getLocale())); + + } catch (Exception e) { + log.error("Exception occurs: ", e); + bodyHtml.append(getErrMsg("msg.unknown.exception.occur", new String[] { e.getMessage() }, locale)); + } finally { + responseToClient(req, res, getMsg("title.memoryleak.page", locale), bodyHtml.toString()); + } + } + + private void writeUsageRow(StringBuilder bodyHtml, MemoryUsage usage, String usageName) { + if (usage != null) { + bodyHtml.append("" + usageName + ""); + bodyHtml.append("" + usage.getInit() + ""); + bodyHtml.append("" + usage.getUsed() + ""); + bodyHtml.append("" + usage.getCommitted() + ""); + bodyHtml.append("" + (usage.getMax() == -1 ? "[undefined]" : usage.getMax()) + ""); + } + } + + private void toDoRemove() { + StringBuilder sb = new StringBuilder(); + for (int i = 0; i < 100000; i++) { + sb.append("Memory leak occurs!"); + } + cache.put(String.valueOf(sb.hashCode()), sb.toString()); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/MemoryLeakServlet2.java b/src/main/java/org/t246osslab/easybuggy/troubles/MemoryLeakServlet2.java new file mode 100644 index 0000000..ffb892d --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/troubles/MemoryLeakServlet2.java @@ -0,0 +1,79 @@ +package org.t246osslab.easybuggy.troubles; + +import java.io.IOException; +import java.lang.management.ManagementFactory; +import java.lang.management.MemoryPoolMXBean; +import java.lang.management.MemoryType; +import java.lang.management.MemoryUsage; +import java.util.List; +import java.util.Locale; + +import javassist.CannotCompileException; +import javassist.ClassPool; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/memoryleak2" }) +public class MemoryLeakServlet2 extends AbstractServlet { + + private int i = 0; + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + StringBuilder bodyHtml = new StringBuilder(); + Locale locale = req.getLocale(); + try { + toDoRemove(); + + List memoryPoolMXBeans = ManagementFactory.getMemoryPoolMXBeans(); + for (MemoryPoolMXBean memoryPoolMXBean : memoryPoolMXBeans) { + if (MemoryType.NON_HEAP.equals(memoryPoolMXBean.getType())) { + bodyHtml.append("

" + memoryPoolMXBean.getName() + "

"); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + writeUsageRow(bodyHtml, memoryPoolMXBean.getUsage(), getMsg("label.memory.usage", locale)); + writeUsageRow(bodyHtml, memoryPoolMXBean.getPeakUsage(), getMsg("label.memory.peak.usage", locale)); + writeUsageRow(bodyHtml, memoryPoolMXBean.getCollectionUsage(), getMsg("label.memory.collection.usage", locale)); + bodyHtml.append("
" + getMsg("label.memory.init", locale) + "" + getMsg("label.memory.used", locale) + "" + getMsg("label.memory.committed", locale) + "" + getMsg("label.memory.max", locale) + "
"); + } + } + String permName = (System.getProperty("java.version").startsWith("1.6") || System.getProperty("java.version").startsWith("1.7")) + ? getMsg("label.permgen.space", locale) : getMsg("label.metaspace",locale); + bodyHtml.append(getInfoMsg("msg.permgen.space.leak.occur", new String[] { permName }, req.getLocale())); + + } catch (Exception e) { + log.error("Exception occurs: ", e); + bodyHtml.append(getErrMsg("msg.unknown.exception.occur", new String[] { e.getMessage() }, locale)); + } finally { + responseToClient(req, res, getMsg("title.memoryleak2.page", locale), bodyHtml.toString()); + } + } + + private void writeUsageRow(StringBuilder bodyHtml, MemoryUsage usage, String usageName) { + if (usage != null) { + bodyHtml.append("" + usageName + ""); + bodyHtml.append("" + usage.getInit() + ""); + bodyHtml.append("" + usage.getUsed() + ""); + bodyHtml.append("" + usage.getCommitted() + ""); + bodyHtml.append("" + (usage.getMax() == -1 ? "[undefined]" : usage.getMax()) + ""); + } + } + + private void toDoRemove() throws CannotCompileException { + int j = i + 1000; + ClassPool pool = ClassPool.getDefault(); + for (; i < j; i++) { + pool.makeClass("org.t246osslab.easybuggy.core.model.TestClass" + i).toClass(); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/MemoryLeakServlet3.java b/src/main/java/org/t246osslab/easybuggy/troubles/MemoryLeakServlet3.java new file mode 100644 index 0000000..b6db379 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/troubles/MemoryLeakServlet3.java @@ -0,0 +1,55 @@ +package org.t246osslab.easybuggy.troubles; + +import java.io.IOException; +import java.util.Locale; +import java.util.TimeZone; +import java.util.zip.Deflater; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/memoryleak3" }) +public class MemoryLeakServlet3 extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + StringBuilder bodyHtml = new StringBuilder(); + Locale locale = req.getLocale(); + TimeZone tz = TimeZone.getDefault(); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append("
" + getMsg("label.timezone.id", req.getLocale()) + "" + tz.getID() + "
" + getMsg("label.timezone.name", req.getLocale()) + "" + tz.getDisplayName() + "
" + getMsg("label.timezone.offset", req.getLocale()) + "" + tz.getRawOffset() + "
"); + try { + toDoRemove(); + + bodyHtml.append(getInfoMsg("msg.note.memoryleak3", req.getLocale())); + + } catch (Exception e) { + log.error("Exception occurs: ", e); + bodyHtml.append(getErrMsg("msg.unknown.exception.occur", new String[] { e.getMessage() }, locale)); + } finally { + responseToClient(req, res, getMsg("title.memoryleak3.page", locale), bodyHtml.toString()); + } + } + + private void toDoRemove() { + String inputString = "inputString"; + byte[] input = inputString.getBytes(); + byte[] output = new byte[100]; + for (int i = 0; i < 1000; i++) { + Deflater compresser = new Deflater(); + compresser.setInput(input); + compresser.deflate(output); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/MojibakeServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/MojibakeServlet.java new file mode 100644 index 0000000..dd463bc --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/troubles/MojibakeServlet.java @@ -0,0 +1,56 @@ +package org.t246osslab.easybuggy.troubles; + +import java.io.IOException; +import java.util.Locale; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.WordUtils; +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +// EncodingFilter excludes /mojibake. +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/mojibake" }) +public class MojibakeServlet extends AbstractServlet { + + @Override + protected void service(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + req.setCharacterEncoding("Shift_JIS"); + res.setContentType("text/html; charset=UTF-8"); + try { + String string = req.getParameter("string"); + Locale locale = req.getLocale(); + + StringBuilder bodyHtml = new StringBuilder(); + + bodyHtml.append("
"); + bodyHtml.append(getMsg("description.capitalize.string", locale)); + bodyHtml.append("

"); + bodyHtml.append(getMsg("label.string", locale) + ": "); + bodyHtml.append(""); + bodyHtml.append("

"); + bodyHtml.append(""); + bodyHtml.append("

"); + + if (string != null && !"".equals(string)) { + // Capitalize the given string + String capitalizeName = WordUtils.capitalize(string); + bodyHtml.append(getMsg("label.capitalized.string", locale) + " : " + encodeForHTML(capitalizeName)); + } else { + bodyHtml.append(getMsg("msg.enter.string", locale)); + } + bodyHtml.append("

"); + bodyHtml.append(getInfoMsg("msg.note.mojibake", locale)); + bodyHtml.append("
"); + + responseToClient(req, res, getMsg("title.mojibake.page", locale), bodyHtml.toString()); + + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java new file mode 100644 index 0000000..3a0c29e --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java @@ -0,0 +1,57 @@ +package org.t246osslab.easybuggy.troubles; + +import java.io.IOException; +import java.net.HttpURLConnection; +import java.net.URL; +import java.util.Locale; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/netsocketleak" }) +public class NetworkSocketLeakServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + HttpURLConnection connection; + URL url; + StringBuilder bodyHtml = new StringBuilder(); + Locale locale = req.getLocale(); + try { + String pingURL = req.getParameter("pingurl"); + if (pingURL == null) { + pingURL = req.getScheme() + "://" + req.getServerName() + ":" + req.getServerPort() + "/ping"; + } + url = new URL(pingURL); + + long start = System.currentTimeMillis(); + connection = (HttpURLConnection) url.openConnection(); + connection.setRequestMethod("GET"); + int responseCode = connection.getResponseCode(); + long end = System.currentTimeMillis(); + + bodyHtml.append("

"+getMsg("description.response.time", req.getLocale())+"

"); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append("
" + getMsg("label.ping.url", locale) + "" + pingURL + "
" + getMsg("label.response.code", req.getLocale()) + "" + responseCode + "
" + getMsg("label.response.time", locale) + "" + (end - start) + "
"); + + bodyHtml.append(getInfoMsg("msg.note.netsocketleak", req.getLocale())); + } catch (Exception e) { + log.error("Exception occurs: ", e); + bodyHtml.append(getErrMsg("msg.unknown.exception.occur", new String[] { e.getMessage() }, locale)); + } finally { + responseToClient(req, res, getMsg("title.netsocketleak.page", locale), bodyHtml.toString()); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/RedirectLoopServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/RedirectLoopServlet.java new file mode 100644 index 0000000..fe67265 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/troubles/RedirectLoopServlet.java @@ -0,0 +1,20 @@ +package org.t246osslab.easybuggy.troubles; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/redirectloop" }) +public class RedirectLoopServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + res.sendRedirect("/redirectloop"); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/RoundOffErrorServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/RoundOffErrorServlet.java new file mode 100644 index 0000000..3509413 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/troubles/RoundOffErrorServlet.java @@ -0,0 +1,49 @@ +package org.t246osslab.easybuggy.troubles; + +import java.io.IOException; +import java.util.Locale; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.math.NumberUtils; +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/roe" }) +public class RoundOffErrorServlet extends AbstractServlet { + + @Override + protected void service(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + try { + Locale locale = req.getLocale(); + String strNumber = req.getParameter("number"); + int number = NumberUtils.toInt(strNumber, -1); + + StringBuilder bodyHtml = new StringBuilder(); + bodyHtml.append("
"); + bodyHtml.append(getMsg("msg.enter.positive.number", locale)); + bodyHtml.append("

"); + if (1 <= number && number <= 9) { + bodyHtml.append(""); + } else { + bodyHtml.append(""); + } + bodyHtml.append(" - 0.9 = "); + if (1 <= number && number <= 9) { + bodyHtml.append(String.valueOf(number - 0.9)); + } + bodyHtml.append("

"); + bodyHtml.append(""); + bodyHtml.append("

"); + bodyHtml.append(getInfoMsg("msg.note.roundofferror", locale)); + bodyHtml.append("
"); + responseToClient(req, res, getMsg("title.roundofferror.page", locale), bodyHtml.toString()); + + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/ThreadLeakServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/ThreadLeakServlet.java new file mode 100644 index 0000000..44538f8 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/troubles/ThreadLeakServlet.java @@ -0,0 +1,61 @@ +package org.t246osslab.easybuggy.troubles; + +import java.io.IOException; +import java.lang.management.ManagementFactory; +import java.lang.management.ThreadMXBean; +import java.util.Locale; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/threadleak" }) +public class ThreadLeakServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + StringBuilder bodyHtml = new StringBuilder(); + Locale locale = req.getLocale(); + try { + ThreadCountLoggingThread sub = new ThreadCountLoggingThread(); + sub.start(); + + ThreadMXBean bean = ManagementFactory.getThreadMXBean(); + bodyHtml.append(getMsg("label.current.thread.count", locale) + ": "); + bodyHtml.append(bean.getAllThreadIds().length); + bodyHtml.append("

"); + + bodyHtml.append(getInfoMsg("msg.note.threadleak", req.getLocale())); + } catch (Exception e) { + log.error("Exception occurs: ", e); + bodyHtml.append(getErrMsg("msg.unknown.exception.occur", new String[] { e.getMessage() }, + locale)); + } finally { + responseToClient(req, res, getMsg("title.threadleak.page", locale), bodyHtml.toString()); + } + } +} + +class ThreadCountLoggingThread extends Thread { + + private static final Logger log = LoggerFactory.getLogger(ThreadCountLoggingThread.class); + + @Override + public void run() { + while (true) { + try { + Thread.sleep(100000); + ThreadMXBean bean = ManagementFactory.getThreadMXBean(); + log.info("Current thread count: " + bean.getAllThreadIds().length); + } catch (InterruptedException e) { + // ignore + } + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/TruncationErrorServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/TruncationErrorServlet.java new file mode 100644 index 0000000..29f9f17 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/troubles/TruncationErrorServlet.java @@ -0,0 +1,50 @@ +package org.t246osslab.easybuggy.troubles; + +import java.io.IOException; +import java.util.Locale; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.math.NumberUtils; +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/te" }) +public class TruncationErrorServlet extends AbstractServlet { + + @Override + protected void service(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + Locale locale = req.getLocale(); + String strNumber = req.getParameter("number"); + double number = NumberUtils.toDouble(strNumber, -1); + try { + StringBuilder bodyHtml = new StringBuilder(); + bodyHtml.append("
"); + bodyHtml.append(getMsg("msg.enter.positive.number", locale)); + bodyHtml.append("

"); + bodyHtml.append("10.0 " + getMsg("label.obelus", locale) + " "); + if (0 < number && number < 10) { + bodyHtml.append( + ""); + } else { + bodyHtml.append(""); + } + bodyHtml.append(" = "); + if (0 < number && number < 10) { + bodyHtml.append(String.valueOf(10.0 / number)); + } + bodyHtml.append("

"); + bodyHtml.append(""); + bodyHtml.append("

"); + bodyHtml.append(getInfoMsg("msg.note.truncationerror", locale)); + bodyHtml.append("
"); + responseToClient(req, res, getMsg("title.truncationerror.page", locale), bodyHtml.toString()); + + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/BruteForceServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/BruteForceServlet.java new file mode 100644 index 0000000..a89f260 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/BruteForceServlet.java @@ -0,0 +1,47 @@ +package org.t246osslab.easybuggy.vulnerabilities; + +import java.io.IOException; +import java.util.Locale; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.t246osslab.easybuggy.core.servlets.DefaultLoginServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/bruteforce/login" }) +public class BruteForceServlet extends DefaultLoginServlet { + + @Override + public void doGet(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException { + req.setAttribute("login.page.note", "msg.note.brute.force"); + super.doGet(req, res); + } + + @Override + public void doPost(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException { + Locale locale = req.getLocale(); + String userid = req.getParameter("userid"); + String password = req.getParameter("password"); + + HttpSession session = req.getSession(true); + if (authUser(userid, password)) { + session.setAttribute("authNMsg", "authenticated"); + session.setAttribute("userid", userid); + + String target = (String) session.getAttribute("target"); + if (target == null) { + res.sendRedirect("/admins/main"); + } else { + session.removeAttribute("target"); + res.sendRedirect(target); + } + } else { + session.setAttribute("authNMsg", getErrMsg("msg.authentication.fail", locale)); + doGet(req, res); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CSRFServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CSRFServlet.java new file mode 100644 index 0000000..f0ed8ba --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CSRFServlet.java @@ -0,0 +1,90 @@ +package org.t246osslab.easybuggy.vulnerabilities; + +import java.io.IOException; +import java.util.Locale; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.StringUtils; +import org.apache.directory.shared.ldap.entry.ModificationOperation; +import org.apache.directory.shared.ldap.entry.client.ClientModification; +import org.apache.directory.shared.ldap.entry.client.DefaultClientAttribute; +import org.apache.directory.shared.ldap.message.ModifyRequestImpl; +import org.apache.directory.shared.ldap.name.LdapDN; +import org.t246osslab.easybuggy.core.dao.EmbeddedADS; +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/admins/csrf" }) +public class CSRFServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + Locale locale = req.getLocale(); + + StringBuilder bodyHtml = new StringBuilder(); + bodyHtml.append("
"); + bodyHtml.append(getMsg("msg.enter.passwd", locale)); + bodyHtml.append("

"); + bodyHtml.append(getMsg("label.password", locale) + ": "); + bodyHtml.append(""); + bodyHtml.append("

"); + bodyHtml.append(""); + bodyHtml.append("

"); + String errorMessage = (String) req.getAttribute("errorMessage"); + if (errorMessage != null) { + bodyHtml.append(errorMessage); + } + bodyHtml.append(getInfoMsg("msg.note.csrf", locale)); + bodyHtml.append("
"); + responseToClient(req, res, getMsg("title.csrf.page", locale), bodyHtml.toString()); + } + + @Override + protected void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + Locale locale = req.getLocale(); + HttpSession session = req.getSession(); + if (session == null) { + res.sendRedirect("/"); + return; + } + String userid = (String) session.getAttribute("userid"); + String password = StringUtils.trim(req.getParameter("password")); + if (!StringUtils.isBlank(userid) && !StringUtils.isBlank(password) && password.length() >= 8) { + try { + DefaultClientAttribute entryAttribute = new DefaultClientAttribute("userPassword", encodeForLDAP(password.trim())); + ClientModification clientModification = new ClientModification(); + clientModification.setAttribute(entryAttribute); + clientModification.setOperation(ModificationOperation.REPLACE_ATTRIBUTE); + ModifyRequestImpl modifyRequest = new ModifyRequestImpl(1); + modifyRequest.setName(new LdapDN("uid=" + encodeForLDAP(userid.trim()) + ",ou=people,dc=t246osslab,dc=org")); + modifyRequest.addModification(clientModification); + EmbeddedADS.getAdminSession().modify(modifyRequest); + + StringBuilder bodyHtml = new StringBuilder(); + bodyHtml.append("
"); + bodyHtml.append(getMsg("msg.passwd.changed", locale)); + bodyHtml.append("

"); + bodyHtml.append("" + getMsg("label.goto.admin.page", locale) + ""); + bodyHtml.append("
"); + responseToClient(req, res, getMsg("title.csrf.page", locale), bodyHtml.toString()); + } catch (Exception e) { + log.error("Exception occurs: ", e); + req.setAttribute("errorMessage", getErrMsg("msg.passwd.change.failed", locale)); + doGet(req, res); + } + } else { + if (StringUtils.isBlank(password) || password.length() < 8) { + req.setAttribute("errorMessage", getErrMsg("msg.passwd.is.too.short", locale)); + } else { + req.setAttribute("errorMessage", getErrMsg("msg.unknown.exception.occur", + new String[] { "userid: " + userid }, locale)); + } + doGet(req, res); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/ClickJackingServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/ClickJackingServlet.java new file mode 100644 index 0000000..bf839d5 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/ClickJackingServlet.java @@ -0,0 +1,90 @@ +package org.t246osslab.easybuggy.vulnerabilities; + +import java.io.IOException; +import java.util.Locale; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.StringUtils; +import org.apache.directory.shared.ldap.entry.ModificationOperation; +import org.apache.directory.shared.ldap.entry.client.ClientModification; +import org.apache.directory.shared.ldap.entry.client.DefaultClientAttribute; +import org.apache.directory.shared.ldap.message.ModifyRequestImpl; +import org.apache.directory.shared.ldap.name.LdapDN; +import org.t246osslab.easybuggy.core.dao.EmbeddedADS; +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; +import org.t246osslab.easybuggy.core.utils.EmailUtils; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/admins/clickjacking" }) +public class ClickJackingServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + Locale locale = req.getLocale(); + + StringBuilder bodyHtml = new StringBuilder(); + bodyHtml.append("
"); + bodyHtml.append(getMsg("msg.enter.mail", locale)); + bodyHtml.append("

"); + bodyHtml.append(getMsg("label.mail", locale) + ": "); + bodyHtml.append(""); + bodyHtml.append("

"); + bodyHtml.append(""); + bodyHtml.append("

"); + String errorMessage = (String) req.getAttribute("errorMessage"); + if (errorMessage != null) { + bodyHtml.append(errorMessage); + } + bodyHtml.append(getInfoMsg("msg.note.clickjacking", locale)); + bodyHtml.append("
"); + responseToClient(req, res, getMsg("title.clickjacking.page", locale), bodyHtml.toString()); + } + + @Override + protected void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + Locale locale = req.getLocale(); + HttpSession session = req.getSession(); + if (session == null) { + res.sendRedirect("/"); + return; + } + String userid = (String) session.getAttribute("userid"); + if (userid == null) { + res.sendRedirect("/"); + return; + } + String mail = StringUtils.trim(req.getParameter("mail")); + if (!StringUtils.isBlank(mail) && EmailUtils.isValidEmailAddress(mail)) { + try { + DefaultClientAttribute entryAttribute = new DefaultClientAttribute("mail", encodeForLDAP(mail.trim())); + ClientModification clientModification = new ClientModification(); + clientModification.setAttribute(entryAttribute); + clientModification.setOperation(ModificationOperation.REPLACE_ATTRIBUTE); + ModifyRequestImpl modifyRequest = new ModifyRequestImpl(1); + modifyRequest.setName(new LdapDN("uid=" + encodeForLDAP(userid.trim()) + ",ou=people,dc=t246osslab,dc=org")); + modifyRequest.addModification(clientModification); + EmbeddedADS.getAdminSession().modify(modifyRequest); + + StringBuilder bodyHtml = new StringBuilder(); + bodyHtml.append("
"); + bodyHtml.append(getMsg("msg.mail.changed", locale)); + bodyHtml.append("

"); + bodyHtml.append("" + getMsg("label.goto.admin.page", locale) + ""); + bodyHtml.append("
"); + responseToClient(req, res, getMsg("title.clickjacking.page", locale), bodyHtml.toString()); + } catch (Exception e) { + log.error("Exception occurs: ", e); + req.setAttribute("errorMessage", getErrMsg("msg.mail.change.failed", locale)); + doGet(req, res); + } + } else { + req.setAttribute("errorMessage", getErrMsg("msg.mail.format.is.invalid", locale)); + doGet(req, res); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java new file mode 100644 index 0000000..be8c33b --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java @@ -0,0 +1,75 @@ +package org.t246osslab.easybuggy.vulnerabilities; + +import java.io.IOException; +import java.util.Locale; + +import javax.script.ScriptEngine; +import javax.script.ScriptEngineManager; +import javax.script.ScriptException; +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringUtils; +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/codeijc" }) +public class CodeInjectionServlet extends AbstractServlet { + + @Override + protected void service(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + try { + String jsonString = req.getParameter("jsonString"); + Locale locale = req.getLocale(); + + StringBuilder bodyHtml = new StringBuilder(); + + bodyHtml.append("
"); + bodyHtml.append(getMsg("description.parse.json", locale)); + bodyHtml.append("

"); + bodyHtml.append(getMsg("label.json.string", locale) + ": "); + bodyHtml.append(""); + bodyHtml.append("

"); + bodyHtml.append(""); + bodyHtml.append("

"); + + if (!StringUtils.isBlank(jsonString)) { + jsonString = jsonString.replaceAll(" ", ""); + jsonString = jsonString.replaceAll("\r\n", ""); + jsonString = jsonString.replaceAll("\n", ""); + parseJson(jsonString, locale, bodyHtml); + } else { + bodyHtml.append(getMsg("msg.enter.json.string", locale)); + bodyHtml.append("

"); + } + bodyHtml.append(getInfoMsg("msg.note.codeinjection", locale)); + bodyHtml.append("
"); + + responseToClient(req, res, getMsg("title.codeinjection.page", locale), bodyHtml.toString()); + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + } + + private void parseJson(String jsonString, Locale locale, StringBuilder bodyHtml) { + try { + ScriptEngineManager manager = new ScriptEngineManager(); + ScriptEngine scriptEngine = manager.getEngineByName("JavaScript"); + scriptEngine.eval("JSON.parse('" + jsonString + "')"); + bodyHtml.append(getMsg("msg.valid.json", locale)); + bodyHtml.append("

"); + } catch (ScriptException e) { + bodyHtml.append(getErrMsg("msg.invalid.json", new String[] { encodeForHTML(e.getMessage()) }, locale)); + } catch (Exception e) { + log.error("Exception occurs: ", e); + bodyHtml.append(getErrMsg("msg.invalid.json", new String[] { encodeForHTML(e.getMessage()) }, locale)); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/LDAPInjectionServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/LDAPInjectionServlet.java new file mode 100644 index 0000000..b268e51 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/LDAPInjectionServlet.java @@ -0,0 +1,59 @@ +package org.t246osslab.easybuggy.vulnerabilities; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringUtils; +import org.apache.directory.server.core.filtering.EntryFilteringCursor; +import org.apache.directory.shared.ldap.filter.ExprNode; +import org.apache.directory.shared.ldap.filter.FilterParser; +import org.apache.directory.shared.ldap.filter.SearchScope; +import org.apache.directory.shared.ldap.message.AliasDerefMode; +import org.apache.directory.shared.ldap.name.LdapDN; +import org.t246osslab.easybuggy.core.dao.EmbeddedADS; +import org.t246osslab.easybuggy.core.servlets.DefaultLoginServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/ldapijc/login" }) +public class LDAPInjectionServlet extends DefaultLoginServlet { + + @Override + public void doGet(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException { + req.setAttribute("login.page.note", "msg.note.ldap.injection"); + super.doGet(req, res); + } + + @Override + protected boolean authUser(String uid, String password) { + + if (StringUtils.isBlank(uid) || uid.length() < 5 || StringUtils.isBlank(password) || password.length() < 8) { + return false; + } + + ExprNode filter; + EntryFilteringCursor cursor = null; + try { + filter = FilterParser.parse("(&(uid=" + uid.trim() + ")(userPassword=" + password.trim() + "))"); + cursor = EmbeddedADS.getAdminSession().search(new LdapDN("ou=people,dc=t246osslab,dc=org"), + SearchScope.SUBTREE, filter, AliasDerefMode.NEVER_DEREF_ALIASES, null); + if (cursor.available()) { + return true; + } + } catch (Exception e) { + log.error("Exception occurs: ", e); + } finally { + if (cursor != null) { + try { + cursor.close(); + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + } + } + return false; + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java new file mode 100644 index 0000000..7f79f4b --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java @@ -0,0 +1,171 @@ +package org.t246osslab.easybuggy.vulnerabilities; + +import java.io.File; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; +import java.util.Locale; + +import javax.servlet.ServletException; +import javax.servlet.annotation.MultipartConfig; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.Part; + +import org.apache.commons.lang.StringUtils; +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; +import org.t246osslab.easybuggy.core.utils.Closer; +import org.t246osslab.easybuggy.core.utils.EmailUtils; +import org.t246osslab.easybuggy.core.utils.MultiPartFileUtils; + +/** + * A servlet that takes message details from user and send it as a new mail through an SMTP server. + * The mail may contain a attachment which is the file uploaded from client. + */ +@SuppressWarnings("serial") +@WebServlet("/mailheaderijct") +@MultipartConfig(fileSizeThreshold = 1024 * 1024 * 2, // 2MB + maxFileSize = 1024 * 1024 * 10, // 10MB + maxRequestSize = 1024 * 1024 * 50) // 50MB +public class MailHeaderInjectionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + Locale locale = req.getLocale(); + StringBuilder bodyHtml = new StringBuilder(); + bodyHtml.append(getMsg("description.send.mail", locale)); + bodyHtml.append("

"); + bodyHtml.append("
"); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append(""); + bodyHtml.append("
" + getMsg("label.your.name", locale) + ": 



" + getMsg("label.your.mail", locale) + ": 



" + getMsg("label.subject", locale) + ": 



" + getMsg("label.content", locale) + ": 

" + getMsg("label.attach.file", locale) + ": 


"); + bodyHtml.append("
"); + if (req.getAttribute("message") != null) { + bodyHtml.append(req.getAttribute("message") + "

"); + req.setAttribute("message", null); + } + bodyHtml.append(getInfoMsg("msg.note.mailheaderinjection", locale)); + bodyHtml.append("
"); + responseToClient(req, res, getMsg("title.mailheaderinjection.page", locale), bodyHtml.toString()); + } + + @Override + protected void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + String resultMessage = ""; + Locale locale = req.getLocale(); + List uploadedFiles = saveUploadedFiles(req); + + String name = req.getParameter("name"); + String mail = req.getParameter("mail"); + String subject = req.getParameter("subject"); + String content = req.getParameter("content"); + if (StringUtils.isBlank(subject) || StringUtils.isBlank(content)) { + resultMessage = getMsg("msg.mail.is.empty", locale); + req.setAttribute("message", resultMessage); + doGet(req, res); + return; + } + StringBuilder sb = new StringBuilder(); + sb.append(getMsg("label.name", locale)).append(": ").append(name).append("
"); + sb.append(getMsg("label.mail", locale)).append(": ").append(mail).append("
").append("
"); + sb.append(getMsg("label.content", locale)).append(": ").append(content).append("
"); + try { + EmailUtils.sendEmailWithAttachment(subject, sb.toString(), uploadedFiles); + resultMessage = getMsg("msg.sent.mail", locale); + } catch (Exception e) { + log.error("Exception occurs: ", e); + resultMessage = getErrMsg("msg.unknown.exception.occur", new String[]{e.getMessage()}, locale); + } finally { + deleteUploadFiles(uploadedFiles); + req.setAttribute("message", resultMessage); + doGet(req, res); + } + } + + /** + * Saves files uploaded from the client and return a list of these files which will be attached + * to the mail message. + */ + private List saveUploadedFiles(HttpServletRequest request) + throws IOException, ServletException { + List listFiles = new ArrayList(); + try { + byte[] buffer = new byte[4096]; + int bytesRead; + Collection multiparts = request.getParts(); + if (!multiparts.isEmpty()) { + for (Part part : request.getParts()) { + // creates a file to be saved + String fileName = MultiPartFileUtils.getFileName(part); + if (StringUtils.isBlank(fileName)) { + // not attachment part, continue + continue; + } + + File saveFile = new File(fileName); + log.debug("Uploaded file is saved on: " + saveFile.getAbsolutePath()); + FileOutputStream outputStream = null; + InputStream inputStream = null; + try { + outputStream = new FileOutputStream(saveFile); + // saves uploaded file + inputStream = part.getInputStream(); + while ((bytesRead = inputStream.read(buffer)) != -1) { + outputStream.write(buffer, 0, bytesRead); + } + } catch (Exception e) { + log.error("Exception occurs: ", e); + } finally { + Closer.close(outputStream); + Closer.close(inputStream); + } + listFiles.add(saveFile); + } + } + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + return listFiles; + } + + /** + * Deletes all uploaded files, should be called after the e-mail was sent. + */ + private void deleteUploadFiles(List listFiles) { + if (listFiles != null && !listFiles.isEmpty()) { + for (File aFile : listFiles) { + if (!aFile.delete()) { + log.debug("Cannot remove file: " + aFile); + } + } + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java new file mode 100644 index 0000000..addb93c --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java @@ -0,0 +1,73 @@ +package org.t246osslab.easybuggy.vulnerabilities; + +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.util.Locale; + +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.ServletOutputStream; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringUtils; +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; +import org.t246osslab.easybuggy.core.utils.Closer; + +@SuppressWarnings("serial") +@WebServlet("/nullbyteijct") +public class NullByteInjectionServlet extends AbstractServlet { + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + ServletOutputStream os = null; + InputStream fis = null; + Locale locale = req.getLocale(); + StringBuilder bodyHtml = new StringBuilder(); + bodyHtml.append("

" + getMsg("msg.download.file", locale) + "

"); + bodyHtml.append(""); + bodyHtml.append("

" + getInfoMsg("msg.note.nullbyteinjection", locale) + "

"); + try { + String fileName = req.getParameter("fileName"); + if (StringUtils.isBlank(fileName)) { + responseToClient(req, res, getMsg("title.nullbyteinjection.page", locale), bodyHtml.toString()); + return; + } else { + fileName = fileName + ".pdf"; + } + + // Get absolute path of the web application + String appPath = getServletContext().getRealPath(""); + + File file = new File(appPath + File.separator + "pdf" + File.separator + fileName); + if (!file.exists()) { + responseToClient(req, res, getMsg("title.nullbyteinjection.page", locale), bodyHtml.toString()); + return; + } + log.debug("File location on server::" + file.getAbsolutePath()); + ServletContext ctx = getServletContext(); + fis = new FileInputStream(file); + String mimeType = ctx.getMimeType(file.getAbsolutePath()); + res.setContentType(mimeType != null ? mimeType : "application/octet-stream"); + res.setContentLength((int) file.length()); + res.setHeader("Content-Disposition", "attachment; filename=\"" + fileName + "\""); + + os = res.getOutputStream(); + byte[] bufferData = new byte[1024]; + int read; + while ((read = fis.read(bufferData)) != -1) { + os.write(bufferData, 0, read); + } + os.flush(); + + } catch (Exception e) { + log.error("Exception occurs: ", e); + } finally { + Closer.close(os, fis); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java new file mode 100644 index 0000000..6d5069b --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java @@ -0,0 +1,72 @@ +package org.t246osslab.easybuggy.vulnerabilities; + +import java.io.IOException; +import java.util.Locale; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import ognl.Ognl; +import ognl.OgnlContext; +import ognl.OgnlException; + +import org.apache.commons.lang.StringUtils; +import org.apache.commons.lang.math.NumberUtils; +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/ognleijc" }) +public class OGNLExpressionInjectionServlet extends AbstractServlet { + + @Override + protected void service(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + Locale locale = req.getLocale(); + StringBuilder bodyHtml = new StringBuilder(); + Object value = null; + String errMessage = ""; + OgnlContext ctx = new OgnlContext(); + String expression = req.getParameter("expression"); + if (!StringUtils.isBlank(expression)) { + try { + Object expr = Ognl.parseExpression(expression.replaceAll("Math\\.", "@Math@")); + value = Ognl.getValue(expr, ctx); + } catch (OgnlException e) { + if (e.getReason() != null) { + errMessage = e.getReason().getMessage(); + } + log.debug("OgnlException occurs: ", e); + } catch (Exception e) { + log.debug("Exception occurs: ", e); + } catch (Error e) { + log.debug("Error occurs: ", e); + } + } + + bodyHtml.append("
"); + bodyHtml.append(getMsg("msg.enter.math.expression", locale)); + bodyHtml.append("

"); + if (expression == null) { + bodyHtml.append(""); + } else { + bodyHtml.append(""); + } + bodyHtml.append(" = "); + if (value != null && NumberUtils.isNumber(value.toString())) { + bodyHtml.append(value); + } + bodyHtml.append("

"); + bodyHtml.append(""); + bodyHtml.append("

"); + if (value == null && expression != null) { + bodyHtml.append(getErrMsg("msg.invalid.expression", new String[] { errMessage }, locale)); + } + bodyHtml.append(getInfoMsg("msg.note.commandinjection", locale)); + bodyHtml.append("
"); + + responseToClient(req, res, getMsg("title.commandinjection.page", locale), bodyHtml.toString()); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OpenRedirectServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OpenRedirectServlet.java new file mode 100644 index 0000000..f23c6f7 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OpenRedirectServlet.java @@ -0,0 +1,67 @@ +package org.t246osslab.easybuggy.vulnerabilities; + +import java.io.IOException; +import java.util.Locale; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.t246osslab.easybuggy.core.servlets.DefaultLoginServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/openredirect/login" }) +public class OpenRedirectServlet extends DefaultLoginServlet { + + @Override + public void doGet(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException { + req.setAttribute("login.page.note", "msg.note.open.redirect"); + super.doGet(req, res); + } + + @Override + public void doPost(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException { + Locale locale = req.getLocale(); + String userid = req.getParameter("userid"); + String password = req.getParameter("password"); + String loginQueryString = req.getParameter("loginquerystring"); + if (loginQueryString == null) { + loginQueryString = ""; + } else { + loginQueryString = "?" + loginQueryString; + } + + HttpSession session = req.getSession(true); + if (isAccountLocked(userid)) { + session.setAttribute("authNMsg", getErrMsg("msg.authentication.fail", locale)); + res.sendRedirect("/openredirect/login" + loginQueryString); + } else if (authUser(userid, password)) { + /* Reset account lock count */ + resetAccountLock(userid); + + session.setAttribute("authNMsg", "authenticated"); + session.setAttribute("userid", userid); + + String gotoUrl = req.getParameter("goto"); + if (gotoUrl != null) { + res.sendRedirect(gotoUrl); + } else { + String target = (String) session.getAttribute("target"); + if (target == null) { + res.sendRedirect("/admins/main"); + } else { + session.removeAttribute("target"); + res.sendRedirect(target); + } + } + } else { + /* account lock count +1 */ + incrementLoginFailedCount(userid); + + session.setAttribute("authNMsg", getErrMsg("msg.authentication.fail", locale)); + res.sendRedirect("/openredirect/login" + loginQueryString); + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java new file mode 100644 index 0000000..1a0f987 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java @@ -0,0 +1,89 @@ +package org.t246osslab.easybuggy.vulnerabilities; + +import java.io.IOException; +import java.sql.Connection; +import java.sql.ResultSet; +import java.sql.Statement; +import java.util.Locale; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringUtils; +import org.t246osslab.easybuggy.core.dao.DBClient; +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; +import org.t246osslab.easybuggy.core.utils.Closer; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/sqlijc" }) +public class SQLInjectionServlet extends AbstractServlet { + + @Override + protected void service(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + try { + String name = StringUtils.trim(req.getParameter("name")); + String password = StringUtils.trim(req.getParameter("password")); + Locale locale = req.getLocale(); + StringBuilder bodyHtml = new StringBuilder(); + + bodyHtml.append("
"); + bodyHtml.append(getMsg("msg.enter.name.and.passwd", locale)); + bodyHtml.append("

"); + bodyHtml.append(getMsg("label.name", locale) + ": "); + bodyHtml.append(""); + bodyHtml.append("  "); + bodyHtml.append(getMsg("label.password", locale) + ": "); + bodyHtml.append(""); + bodyHtml.append("

"); + bodyHtml.append(""); + bodyHtml.append("

"); + + if (!StringUtils.isBlank(name) && !StringUtils.isBlank(password) && password.length() >= 8) { + bodyHtml.append(selectUsers(name, password, req)); + } else { + bodyHtml.append(getMsg("msg.warn.enter.name.and.passwd", locale)); + bodyHtml.append("

"); + } + bodyHtml.append(getInfoMsg("msg.note.sqlijc", locale)); + bodyHtml.append("
"); + + responseToClient(req, res, getMsg("title.sqlijc.page", locale), bodyHtml.toString()); + + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + } + + private String selectUsers(String name, String password, HttpServletRequest req) { + + Connection conn = null; + Statement stmt = null; + ResultSet rs = null; + String result = getErrMsg("msg.error.user.not.exist", req.getLocale()); + try { + conn = DBClient.getConnection(); + stmt = conn.createStatement(); + rs = stmt.executeQuery("SELECT name, secret FROM users WHERE ispublic = 'true' AND name='" + name + + "' AND password='" + password + "'"); + StringBuilder sb = new StringBuilder(); + while (rs.next()) { + sb.append("" + rs.getString("name") + "" + rs.getString("secret") + ""); + } + if (sb.length() > 0) { + result = "" + sb.toString() + "
" + + getMsg("label.name", req.getLocale()) + "" + + getMsg("label.secret", req.getLocale()) + "
"; + } + } catch (Exception e) { + log.error("Exception occurs: ", e); + } finally { + Closer.close(rs); + Closer.close(stmt); + Closer.close(conn); + } + return result; + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SessionFixationServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SessionFixationServlet.java new file mode 100644 index 0000000..a0941e2 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SessionFixationServlet.java @@ -0,0 +1,21 @@ +package org.t246osslab.easybuggy.vulnerabilities; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.t246osslab.easybuggy.core.servlets.DefaultLoginServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/sessionfixation/login" }) +public class SessionFixationServlet extends DefaultLoginServlet { + + @Override + public void doGet(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException { + req.setAttribute("login.page.note", "msg.note.session.fixation"); + super.doGet(req, res); + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java new file mode 100644 index 0000000..034531a --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java @@ -0,0 +1,143 @@ +package org.t246osslab.easybuggy.vulnerabilities; + +import java.awt.image.BufferedImage; +import java.io.File; +import java.io.IOException; +import java.util.Locale; + +import javax.imageio.ImageIO; +import javax.servlet.ServletException; +import javax.servlet.annotation.MultipartConfig; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.Part; + +import org.apache.commons.lang.StringUtils; +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; +import org.t246osslab.easybuggy.core.utils.MultiPartFileUtils; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/ureupload" }) +// 2MB, 10MB, 50MB +@MultipartConfig(fileSizeThreshold = 1024 * 1024 * 2, maxFileSize = 1024 * 1024 * 10, maxRequestSize = 1024 * 1024 * 50) +public class UnrestrictedExtensionUploadServlet extends AbstractServlet { + + // Name of the directory where uploaded files is saved + private static final String SAVE_DIR = "uploadFiles"; + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + Locale locale = req.getLocale(); + + StringBuilder bodyHtml = new StringBuilder(); + bodyHtml.append("
"); + bodyHtml.append(getMsg("msg.convert.grayscale", locale)); + bodyHtml.append("

"); + bodyHtml.append("
"); + bodyHtml.append(getMsg("msg.select.upload.file", locale)); + bodyHtml.append("

"); + bodyHtml.append(""); + bodyHtml.append("

"); + if (req.getAttribute("errorMessage") != null) { + bodyHtml.append(req.getAttribute("errorMessage")); + } + bodyHtml.append(getInfoMsg("msg.note.unrestrictedextupload", locale)); + bodyHtml.append("
"); + responseToClient(req, res, getMsg("title.unrestrictedextupload.page", locale), bodyHtml.toString()); + } + + @Override + protected void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + Locale locale = req.getLocale(); + + // Get absolute path of the web application + String appPath = req.getServletContext().getRealPath(""); + + // Create a directory to save the uploaded file if it does not exists + String savePath = appPath + File.separator + SAVE_DIR; + File fileSaveDir = new File(savePath); + if (!fileSaveDir.exists()) { + fileSaveDir.mkdir(); + } + + // Save the file + Part filePart; + try { + filePart = req.getPart("file"); + } catch (Exception e) { + req.setAttribute("errorMessage", getErrMsg("msg.max.file.size.exceed", locale)); + doGet(req, res); + return; + } + try { + String fileName = MultiPartFileUtils.getFileName(filePart); + if (StringUtils.isBlank(fileName)) { + doGet(req, res); + return; + } + boolean isConverted = MultiPartFileUtils.writeFile(filePart, savePath, fileName); + + if (!isConverted) { + isConverted = convert2GrayScale(new File(savePath + File.separator + fileName).getAbsolutePath()); + } + + StringBuilder bodyHtml = new StringBuilder(); + if (isConverted) { + bodyHtml.append(getMsg("msg.convert.grayscale.complete", locale)); + bodyHtml.append("

"); + bodyHtml.append(""); + bodyHtml.append("

"); + } else { + bodyHtml.append(getErrMsg("msg.convert.grayscale.fail", locale)); + } + bodyHtml.append(""); + responseToClient(req, res, getMsg("title.unrestrictedextupload.page", locale), bodyHtml.toString()); + + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + } + + // Convert color image into gray scale image. + private boolean convert2GrayScale(String fileName) throws IOException { + boolean isConverted = false; + try { + // Convert the file into gray scale image. + BufferedImage image = ImageIO.read(new File(fileName)); + if (image == null) { + log.warn("Cannot read upload file as image file, file name: " + fileName); + return false; + } + + // convert to gray scale + for (int y = 0; y < image.getHeight(); y++) { + for (int x = 0; x < image.getWidth(); x++) { + int p = image.getRGB(x, y); + int a = (p >> 24) & 0xff; + int r = (p >> 16) & 0xff; + int g = (p >> 8) & 0xff; + int b = p & 0xff; + + // calculate average + int avg = (r + g + b) / 3; + + // replace RGB value with avg + p = (a << 24) | (avg << 16) | (avg << 8) | avg; + + image.setRGB(x, y, p); + } + } + // Output the image + ImageIO.write(image, "png", new File(fileName)); + isConverted = true; + } catch (Exception e) { + // Log and ignore the exception + log.warn("Exception occurs: ", e); + } + return isConverted; + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java new file mode 100644 index 0000000..80067f9 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java @@ -0,0 +1,135 @@ +package org.t246osslab.easybuggy.vulnerabilities; + +import java.awt.image.BufferedImage; +import java.awt.image.WritableRaster; +import java.io.File; +import java.io.IOException; +import java.util.Arrays; +import java.util.Locale; + +import javax.imageio.ImageIO; +import javax.servlet.ServletException; +import javax.servlet.annotation.MultipartConfig; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.Part; + +import org.apache.commons.io.FilenameUtils; +import org.apache.commons.lang.StringUtils; +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; +import org.t246osslab.easybuggy.core.utils.MultiPartFileUtils; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/ursupload" }) +@MultipartConfig +public class UnrestrictedSizeUploadServlet extends AbstractServlet { + + // Name of the directory where uploaded files is saved + private static final String SAVE_DIR = "uploadFiles"; + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + Locale locale = req.getLocale(); + + StringBuilder bodyHtml = new StringBuilder(); + bodyHtml.append("
"); + bodyHtml.append(getMsg("msg.reverse.color", locale)); + bodyHtml.append("

"); + bodyHtml.append("
"); + bodyHtml.append(getMsg("msg.select.upload.file", locale)); + bodyHtml.append("

"); + bodyHtml.append(""); + bodyHtml.append("

"); + if (req.getAttribute("errorMessage") != null) { + bodyHtml.append(req.getAttribute("errorMessage")); + } + bodyHtml.append(getInfoMsg("msg.note.unrestrictedsizeupload", locale)); + bodyHtml.append("
"); + responseToClient(req, res, getMsg("title.unrestrictedsizeupload.page", locale), bodyHtml.toString()); + } + + @Override + protected void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + Locale locale = req.getLocale(); + + // Get absolute path of the web application + String appPath = req.getServletContext().getRealPath(""); + + // Create a directory to save the uploaded file if it does not exists + String savePath = appPath + File.separator + SAVE_DIR; + File fileSaveDir = new File(savePath); + if (!fileSaveDir.exists()) { + fileSaveDir.mkdir(); + } + + try { + // Save the file + final Part filePart = req.getPart("file"); + String fileName = MultiPartFileUtils.getFileName(filePart); + if (StringUtils.isBlank(fileName)) { + doGet(req, res); + return; + } else if (!isImageFile(fileName)) { + req.setAttribute("errorMessage", getErrMsg("msg.not.image.file", locale)); + doGet(req, res); + return; + } + boolean isConverted = MultiPartFileUtils.writeFile(filePart, savePath, fileName); + + // Reverse the color of the upload image + if (!isConverted) { + isConverted = reverseColor(new File(savePath + File.separator + fileName).getAbsolutePath()); + } + + StringBuilder bodyHtml = new StringBuilder(); + if (isConverted) { + bodyHtml.append(getMsg("msg.reverse.color.complete", locale)); + bodyHtml.append("

"); + bodyHtml.append(""); + bodyHtml.append("

"); + } else { + bodyHtml.append(getErrMsg("msg.reverse.color.fail", locale)); + } + bodyHtml.append(""); + responseToClient(req, res, getMsg("title.unrestrictedsizeupload.page", locale), bodyHtml.toString()); + + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + } + + private boolean isImageFile(String fileName) { + return Arrays.asList("png", "gif", "jpg", "jpeg", "tif", "tiff", "bmp").contains( + FilenameUtils.getExtension(fileName)); + } + + // Reverse the color of the image file + private boolean reverseColor(String fileName) throws IOException { + boolean isConverted = false; + try { + BufferedImage image = ImageIO.read(new File(fileName)); + WritableRaster raster = image.getRaster(); + int[] pixelBuffer = new int[raster.getNumDataElements()]; + for (int y = 0; y < raster.getHeight(); y++) { + for (int x = 0; x < raster.getWidth(); x++) { + raster.getPixel(x, y, pixelBuffer); + pixelBuffer[0] = ~pixelBuffer[0]; + pixelBuffer[1] = ~pixelBuffer[1]; + pixelBuffer[2] = ~pixelBuffer[2]; + raster.setPixel(x, y, pixelBuffer); + } + } + // Output the image + ImageIO.write(image, "png", new File(fileName)); + isConverted = true; + } catch (Exception e) { + // Log and ignore the exception + log.warn("Exception occurs: ", e); + } + return isConverted; + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/VerboseErrorMessageServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/VerboseErrorMessageServlet.java new file mode 100644 index 0000000..d5beb63 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/VerboseErrorMessageServlet.java @@ -0,0 +1,93 @@ +package org.t246osslab.easybuggy.vulnerabilities; + +import java.io.IOException; +import java.util.Locale; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.directory.server.core.filtering.EntryFilteringCursor; +import org.apache.directory.shared.ldap.filter.ExprNode; +import org.apache.directory.shared.ldap.filter.FilterParser; +import org.apache.directory.shared.ldap.filter.SearchScope; +import org.apache.directory.shared.ldap.message.AliasDerefMode; +import org.apache.directory.shared.ldap.name.LdapDN; +import org.t246osslab.easybuggy.core.dao.EmbeddedADS; +import org.t246osslab.easybuggy.core.servlets.DefaultLoginServlet; +import org.t246osslab.easybuggy.core.utils.ApplicationUtils; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/verbosemsg/login" }) +public class VerboseErrorMessageServlet extends DefaultLoginServlet { + + @Override + public void doGet(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException { + req.setAttribute("login.page.note", "msg.note.verbose.errror.message"); + super.doGet(req, res); + } + + @Override + public void doPost(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException { + Locale locale = req.getLocale(); + String userid = req.getParameter("userid"); + String password = req.getParameter("password"); + + HttpSession session = req.getSession(true); + if (isAccountLocked(userid)) { + session.setAttribute("authNMsg", getErrMsg("msg.account.locked", + new String[]{String.valueOf(ApplicationUtils.getAccountLockCount())}, locale)); + } else if (!isExistUser(userid)) { + session.setAttribute("authNMsg", getErrMsg("msg.user.not.exist", locale)); + } else if (!password.matches("[0-9a-z]{8}")) { + session.setAttribute("authNMsg", getErrMsg("msg.low.alphnum8", locale)); + } else if (authUser(userid, password)) { + /* Reset account lock count */ + resetAccountLock(userid); + + session.setAttribute("authNMsg", "authenticated"); + session.setAttribute("userid", userid); + + String target = (String) session.getAttribute("target"); + if (target == null) { + res.sendRedirect("/admins/main"); + } else { + session.removeAttribute("target"); + res.sendRedirect(target); + } + return; + } else { + session.setAttribute("authNMsg", getErrMsg("msg.password.not.match", locale)); + } + /* account lock count +1 */ + incrementLoginFailedCount(userid); + doGet(req, res); + } + + private boolean isExistUser(String username) { + + ExprNode filter; + EntryFilteringCursor cursor = null; + try { + filter = FilterParser.parse("(uid=" + encodeForLDAP(username.trim()) + ")"); + cursor = EmbeddedADS.getAdminSession().search(new LdapDN("ou=people,dc=t246osslab,dc=org"), + SearchScope.SUBTREE, filter, AliasDerefMode.NEVER_DEREF_ALIASES, null); + if (cursor.available()) { + return true; + } + } catch (Exception e) { + log.error("Exception occurs: ", e); + } finally { + if (cursor != null) { + try { + cursor.close(); + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + } + } + return false; + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java new file mode 100644 index 0000000..1b18953 --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java @@ -0,0 +1,340 @@ +package org.t246osslab.easybuggy.vulnerabilities; + +import java.io.File; +import java.io.IOException; +import java.sql.Connection; +import java.sql.PreparedStatement; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.util.Locale; + +import javax.servlet.ServletException; +import javax.servlet.annotation.MultipartConfig; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.Part; +import javax.xml.XMLConstants; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.parsers.SAXParser; +import javax.xml.parsers.SAXParserFactory; + +import org.apache.commons.lang.RandomStringUtils; +import org.apache.commons.lang.StringUtils; +import org.t246osslab.easybuggy.core.dao.DBClient; +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; +import org.t246osslab.easybuggy.core.utils.Closer; +import org.t246osslab.easybuggy.core.utils.MultiPartFileUtils; +import org.xml.sax.Attributes; +import org.xml.sax.SAXException; +import org.xml.sax.helpers.DefaultHandler; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/xee", "/xxe" }) +// 2MB, 10MB, 50MB +@MultipartConfig(fileSizeThreshold = 1024 * 1024 * 2, maxFileSize = 1024 * 1024 * 10, maxRequestSize = 1024 * 1024 * 50) +public class XEEandXXEServlet extends AbstractServlet { + + // Name of the directory where uploaded files is saved + private static final String SAVE_DIR = "uploadFiles"; + + private static final String TAB = "    "; + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + Locale locale = req.getLocale(); + + StringBuilder bodyHtml = new StringBuilder(); + if ("/xee".equals(req.getServletPath())) { + bodyHtml.append("
"); + bodyHtml.append(getMsg("msg.add.users.by.xml", locale)); + } else { + bodyHtml.append(""); + bodyHtml.append(getMsg("msg.update.users.by.xml", locale)); + } + bodyHtml.append("

"); + bodyHtml.append("
");
+        bodyHtml.append(encodeForHTML("") + "
");
+        bodyHtml.append(encodeForHTML("") + "
");
+        bodyHtml.append(TAB);
+        bodyHtml.append(encodeForHTML(""));
+        bodyHtml.append("
");
+        bodyHtml.append(TAB);
+        bodyHtml.append(encodeForHTML(""));
+        bodyHtml.append("
");
+        bodyHtml.append(encodeForHTML(""));
+        bodyHtml.append("
"); + bodyHtml.append("
"); + bodyHtml.append("
"); + bodyHtml.append(getMsg("msg.select.upload.file", locale)); + bodyHtml.append("

"); + bodyHtml.append(""); + bodyHtml.append("

"); + if (req.getAttribute("errorMessage") != null) { + bodyHtml.append(req.getAttribute("errorMessage")); + } + if ("/xee".equals(req.getServletPath())) { + bodyHtml.append(getInfoMsg("msg.note.xee", locale)); + bodyHtml.append("
");
+            bodyHtml.append(encodeForHTML("") + "
");
+            bodyHtml.append(encodeForHTML("");
+            bodyHtml.append(encodeForHTML("") + "
");
+            bodyHtml.append(encodeForHTML("") + "
");
+            bodyHtml.append(encodeForHTML("") + "
");
+            bodyHtml.append(encodeForHTML("") + "
");
+            bodyHtml.append(encodeForHTML("") + "
");
+            bodyHtml.append(encodeForHTML("") + "
");
+            bodyHtml.append(encodeForHTML("") + "
");
+            bodyHtml.append(encodeForHTML("]>") + "
");
+            bodyHtml.append(encodeForHTML("")+ "
");
+            bodyHtml.append(TAB + encodeForHTML("") + "
");
+            bodyHtml.append(TAB + encodeForHTML("") + "
");
+            bodyHtml.append(TAB + encodeForHTML("") + "
");
+            bodyHtml.append(TAB + TAB + encodeForHTML("") + "
");
+            bodyHtml.append(TAB + TAB + TAB + encodeForHTML("&x100;") + "
");
+            bodyHtml.append(TAB + TAB + encodeForHTML("") + "
");
+            bodyHtml.append(TAB + encodeForHTML("") + "
");
+            bodyHtml.append(encodeForHTML("") + "
");
+            bodyHtml.append("
"); + bodyHtml.append("
"); + responseToClient(req, res, getMsg("title.xee.page", locale), bodyHtml.toString()); + } else { + bodyHtml.append(getInfoMsg("msg.note.xxe.step1", locale)); + bodyHtml.append("
");
+            bodyHtml.append(encodeForHTML("") + "
");
+            bodyHtml.append(encodeForHTML("\">") + "
");
+            bodyHtml.append(encodeForHTML("%p2;"));
+            bodyHtml.append("
"); + bodyHtml.append("
"); + bodyHtml.append(getInfoMsg("msg.note.xxe.step2", locale)); + bodyHtml.append("
");
+            bodyHtml.append(encodeForHTML("") + "
");
+            bodyHtml.append(encodeForHTML("") + "
");
+            bodyHtml.append(encodeForHTML(""));
+            bodyHtml.append("
"); + bodyHtml.append(""); + responseToClient(req, res, getMsg("title.xxe.page", locale), bodyHtml.toString()); + } + } + + @Override + protected void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + Locale locale = req.getLocale(); + + // Get absolute path of the web application + String appPath = req.getServletContext().getRealPath(""); + + // Create a directory to save the uploaded file if it does not exists + String savePath = appPath + File.separator + SAVE_DIR; + File fileSaveDir = new File(savePath); + if (!fileSaveDir.exists()) { + fileSaveDir.mkdir(); + } + + // Save the file + Part filePart = null; + try { + filePart = req.getPart("file"); + } catch (Exception e) { + req.setAttribute("errorMessage", getMsg("msg.max.file.size.exceed", locale)); + doGet(req, res); + return; + } + try { + String fileName = MultiPartFileUtils.getFileName(filePart); + if (StringUtils.isBlank(fileName)) { + doGet(req, res); + return; + } else if (!fileName.endsWith(".xml")) { + req.setAttribute("errorMessage", getErrMsg("msg.not.xml.file", locale)); + doGet(req, res); + return; + } + MultiPartFileUtils.writeFile(filePart, savePath, fileName); + + CustomHandler customHandler = new CustomHandler(); + customHandler.setLocale(locale); + boolean isRegistered = parseXML(req, savePath, fileName, customHandler); + + StringBuilder bodyHtml = new StringBuilder(); + if (isRegistered && customHandler.isRegistered()) { + if ("/xee".equals(req.getServletPath())) { + bodyHtml.append(getMsg("msg.batch.registration.complete", locale)); + } else { + bodyHtml.append(getMsg("msg.batch.update.complete", locale)); + } + bodyHtml.append("

"); + } else { + if ("/xee".equals(req.getServletPath())) { + bodyHtml.append(getErrMsg("msg.batch.registration.fail", locale)); + } else { + bodyHtml.append(getErrMsg("msg.batch.update.fail", locale)); + } + } + bodyHtml.append(customHandler.getResult()); + bodyHtml.append(""); + if ("/xee".equals(req.getServletPath())) { + responseToClient(req, res, getMsg("title.xee.page", locale), bodyHtml.toString()); + } else { + responseToClient(req, res, getMsg("title.xxe.page", locale), bodyHtml.toString()); + } + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + } + + private boolean parseXML(HttpServletRequest req, String savePath, String fileName, + CustomHandler customHandler) { + boolean isRegistered = false; + SAXParser parser; + try { + File file = new File(savePath + File.separator + fileName); + SAXParserFactory spf = SAXParserFactory.newInstance(); + if ("/xee".equals(req.getServletPath())) { + customHandler.setInsert(); + spf.setFeature("http://xml.org/sax/features/external-general-entities", false); + spf.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); + } else { + spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + } + parser = spf.newSAXParser(); + parser.parse(file, customHandler); + isRegistered = true; + } catch (ParserConfigurationException e) { + log.error("ParserConfigurationException occurs: ", e); + } catch (SAXException e) { + log.error("SAXException occurs: ", e); + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + return isRegistered; + } + + public class CustomHandler extends DefaultHandler { + private StringBuilder result = new StringBuilder(); + private boolean isRegistered = false; + private boolean isUsersExist = false; + private boolean isInsert = false; + private Locale locale = null; + + @Override + public void startElement(String uri, String localName, String qName, Attributes attributes) + throws SAXException { + if ("users".equals(qName)) { + isUsersExist = true; + result.append(""); + result.append(""); + result.append(""); + result.append(""); + result.append(""); + result.append(""); + result.append(""); + result.append(""); + } else if (isUsersExist && "user".equals(qName)) { + String executeResult = upsertUser(attributes, locale); + result.append(""); + result.append(""); + if (executeResult == null) { + result.append(""); + result.append(""); + result.append(""); + result.append(""); + } else { + result.append(""); + } + result.append(""); + isRegistered = true; + } + } + + @Override + public void endElement(String uri, String localName, String qName) throws SAXException { + if ("users".equals(qName)) { + result.append("
" + getMsg("label.user.id", locale) + "" + getMsg("label.name", locale) + "" + getMsg("label.password", locale) + "" + getMsg("label.phone", locale) + "" + getMsg("label.mail", locale) + "
" + encodeForHTML(attributes.getValue("uid")) + "" + encodeForHTML(attributes.getValue("name")) + "" + encodeForHTML(attributes.getValue("password")) + "" + encodeForHTML(attributes.getValue("phone")) + "" + encodeForHTML(attributes.getValue("mail")) + "" + executeResult + "
"); + } + } + + void setInsert() { + this.isInsert = true; + } + + void setLocale(Locale locale) { + this.locale = locale; + } + + String getResult() { + return result.toString(); + } + + boolean isRegistered() { + return isRegistered; + } + + String upsertUser(Attributes attributes, Locale locale) { + + PreparedStatement stmt = null; + PreparedStatement stmt2 = null; + ResultSet rs = null; + Connection conn = null; + String resultMessage = null; + try { + + conn = DBClient.getConnection(); + conn.setAutoCommit(true); + + stmt = conn.prepareStatement("select * from users where id = ?"); + stmt.setString(1, attributes.getValue("uid")); + rs = stmt.executeQuery(); + if (rs.next()) { + if (isInsert) { + return getMsg("msg.user.already.exist", locale); + } + } else { + if (!isInsert) { + return getMsg("msg.user.not.exist", locale); + } + } + if (isInsert) { + stmt2 = conn.prepareStatement("insert into users values (?, ?, ?, ?, ?, ?, ?)"); + stmt2.setString(1, attributes.getValue("uid")); + stmt2.setString(2, attributes.getValue("name")); + stmt2.setString(3, attributes.getValue("password")); + stmt2.setString(4, RandomStringUtils.randomNumeric(10)); + stmt2.setString(5, "true"); + stmt2.setString(6, attributes.getValue("phone")); + stmt2.setString(7, attributes.getValue("mail")); + if (stmt2.executeUpdate() != 1) { + resultMessage = getMsg("msg.user.already.exist", locale); + } + } else { + stmt2 = conn.prepareStatement("update users set name = ?, password = ?, phone = ?, mail = ? where id = ?"); + stmt2.setString(1, attributes.getValue("name")); + stmt2.setString(2, attributes.getValue("password")); + stmt2.setString(3, attributes.getValue("phone")); + stmt2.setString(4, attributes.getValue("mail")); + stmt2.setString(5, attributes.getValue("uid")); + if (stmt2.executeUpdate() != 1) { + resultMessage = getMsg("msg.user.not.exist", locale); + } + } + } catch (SQLException e) { + resultMessage = getMsg("msg.unknown.exception.occur", new String[] { e.getMessage() }, locale); + log.error("SQLException occurs: ", e); + } catch (Exception e) { + resultMessage = getMsg("msg.unknown.exception.occur", new String[] { e.getMessage() }, locale); + log.error("Exception occurs: ", e); + } finally { + Closer.close(rs); + Closer.close(stmt); + Closer.close(stmt2); + Closer.close(conn); + } + return resultMessage; + } + } +} diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XSSServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XSSServlet.java new file mode 100644 index 0000000..8ca3acf --- /dev/null +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XSSServlet.java @@ -0,0 +1,54 @@ +package org.t246osslab.easybuggy.vulnerabilities; + +import java.io.IOException; +import java.util.Locale; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringUtils; +import org.t246osslab.easybuggy.core.servlets.AbstractServlet; + +@SuppressWarnings("serial") +@WebServlet(urlPatterns = { "/xss" }) +public class XSSServlet extends AbstractServlet { + + @Override + protected void service(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + + try { + String string = req.getParameter("string"); + Locale locale = req.getLocale(); + + StringBuilder bodyHtml = new StringBuilder(); + + bodyHtml.append("
"); + bodyHtml.append(getMsg("description.reverse.string", locale)); + bodyHtml.append("

"); + bodyHtml.append(getMsg("label.string", locale) + ": "); + bodyHtml.append(""); + bodyHtml.append("

"); + bodyHtml.append(""); + bodyHtml.append("

"); + + if (!StringUtils.isBlank(string)) { + // Reverse the given string + String reversedName = StringUtils.reverse(string); + bodyHtml.append(getMsg("label.reversed.string", locale) + " : " + + reversedName); + } else { + bodyHtml.append(getMsg("msg.enter.string", locale)); + } + bodyHtml.append("

"); + bodyHtml.append(getInfoMsg("msg.note.xss", locale)); + bodyHtml.append("
"); + + responseToClient(req, res, getMsg("title.xss.page", locale), bodyHtml.toString()); + + } catch (Exception e) { + log.error("Exception occurs: ", e); + } + } +} diff --git a/src/main/resources/ESAPI.properties b/src/main/resources/ESAPI.properties new file mode 100644 index 0000000..6d665d9 --- /dev/null +++ b/src/main/resources/ESAPI.properties @@ -0,0 +1,41 @@ +ESAPI.printProperties=true +LogLevel=ERROR + +# ESAPI is designed to be easily extensible. You can use the reference implementation +# or implement your own providers to take advantage of your enterprise's security +# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like: +# +# String ciphertext = +# ESAPI.encryptor().encrypt("Secret message"); // Deprecated in 2.0 +# CipherText cipherText = +# ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred +# +# Below you can specify the classname for the provider that you wish to use in your +# application. The only requirement is that it implement the appropriate ESAPI interface. +# This allows you to switch security implementations in the future without rewriting the +# entire application. +# +ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder + +#=========================================================================== +# ESAPI Encoder +# +# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks. +# Failure to canonicalize input is a very common mistake when implementing validation schemes. +# Canonicalization is automatic when using the ESAPI Validator, but you can also use the +# following code to canonicalize data. +# +# ESAPI.Encoder().canonicalize( "%22hello world"" ); +# +# Multiple encoding is when a single encoding format is applied multiple times. Allowing +# multiple encoding is strongly discouraged. +Encoder.AllowMultipleEncoding=false + +# Mixed encoding is when multiple different encoding formats are applied, or when +# multiple formats are nested. Allowing multiple encoding is strongly discouraged. +Encoder.AllowMixedEncoding=false + +# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs +# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or +# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important. +Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties new file mode 100644 index 0000000..39b4022 --- /dev/null +++ b/src/main/resources/application.properties @@ -0,0 +1,21 @@ +### RDBMS +# In-memory database URL (derby) +database.url=jdbc:derby:memory:demo;create=true +database.driver=org.apache.derby.jdbc.EmbeddedDriver + +# Local MySQL server +#database.url=jdbc:mysql://localhost:3306/easybuggy?user=easybuggy&password=password +#database.driver=com.mysql.jdbc.Driver + +### Account Lockout feature +account.lock.time=3600000 +account.lock.count=5 + +### Send Mail feature +mail.smtp.host=localhost +mail.smtp.port=25 +mail.smtp.auth=false +mail.smtp.starttls.enable=false +mail.user= +mail.password= +mail.admin.address=root@localhost diff --git a/src/main/resources/indexpage_en.properties b/src/main/resources/indexpage_en.properties new file mode 100644 index 0000000..89009df --- /dev/null +++ b/src/main/resources/indexpage_en.properties @@ -0,0 +1,100 @@ +description.all =   Warning: Several links cause severe memory leaks or increase CPU usage rate. They can make your computer unstable.
The results may change depending on JRE type / version, JVM option, OS, hardware (memory, CPU) or etc. +description.errors = OutOfMemoryError, StackOverflowError, NoClassDefFoundError, and so on: +description.performance.issue = Issues for performance +description.section.exceptions = Exceptions, extending from java.lang.RuntimeException: +description.troubles = Memory leak, infinite loop, deadlock, and so on: +description.vulnerabilities = XSS, SQL Injection, LDAP injection, and so on: + +function.description.brute.force = This login page is vulnerable for brute-force attack because it does not have an account lock mechanism. +function.description.clickjacking = There is a clickjacking vulnerability in the change mail address page. +function.description.code.injection = There is a code injection vulnerability in this page. +function.description.csrf = There is a CSRF vulnerability in the change password page. +function.description.dangerous.file.inclusion = An external dangerous file can be included in this page. +function.description.database.connection.leak = Database connection leak occurs every time you load the page. +function.description.dead.lock = Deadlock (Java) can occur. +function.description.dead.lock2 = Deadlock (SQL) can occur. +function.description.ei.error = ExceptionInInitializerError is thrown at first, and NoClassDefFoundError is thrown from the second if you click this link. +function.description.endless.waiting.process = Endless waiting process can occur. +function.description.file.descriptor.leak = File descriptor leak occurs every time you load this page. +function.description.forward.loop = Forward loop occurs if you click this link. +function.description.infinite.loop = Infinite loop occurs if you click this link. +function.description.int.overflow = Integer overflow can occur. +function.description.jvm.crash.eav = JVM crashes if you click this link. +function.description.ldap.injection = There is an LDAP injection vulnerability in this page. +function.description.loss.of.trailing.digits = Loss of trailing digits can occur. +function.description.mail.header.injection = There is a mail header injection vulnerability in this page. +function.description.memory.leak = Memory leak occurs in Java heap space every time you load this page. +function.description.memory.leak2 = Memory leak occurs in {0} every time you load this page. +function.description.memory.leak3 = Memory leak occurs in C heap space every time you load this page. +function.description.mojibake = Mojibake can occur. +function.description.network.socket.leak = Network socket leak occurs every time you load this page. +function.description.null.byte.injection = There is a null byte injection vulnerability in this page. +function.description.open.redirect = There is an open redirect vulnerability in this login page. +function.description.os.command.injection = There is an OS command injection vulnerability in this page. +function.description.path.traversal = There is a path traversal vulnerability in this page. +function.description.redirect.loop = Redirect loop occurs if you click this link. +function.description.round.off.error = Round off error can occur. +function.description.session.fixation = This login page is vulnerable for session fixation attack. +function.description.slow.regular.expression = It takes time to parse a regular expression. +function.description.slow.string.plus.operation = It takes time to append strings. +function.description.slow.unnecessary.object.creation = It takes time to respond due to unnecessary object creation. +function.description.sql.injection = There is an SQL injection vulnerability in this page. +function.description.thread.leak = Thread leak occurs every time you load this page. +function.description.throwable = {0} is thrown if you click this link. +function.description.truncation.error = Truncation error can occur. +function.description.unintended.file.disclosure = There is an unintended file disclosure vulnerability in this page. +function.description.unrestricted.ext.upload = This page is vulnerable for attacks such as code injection because there are no limitation for uploading file extension. +function.description.unrestricted.size.upload = This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. +function.description.verbose.error.message = It is easy to guess an account who can logs in because authentication error messages on this page are too detailed. +function.description.xee = There is an XEE vulnerability in this page. +function.description.xss = There is a cross site scripting vulnerability in this page. +function.description.xxe = There is an XXE vulnerability in this page. +function.name.brute.force = Login page that allows brute-force attacks +function.name.clickjacking = Clickjacking +function.name.code.injection = Code Injection +function.name.csrf = CSRF (Cross-site Request Forgery) +function.name.dangerous.file.inclusion = Dangerous File Inclusion +function.name.database.connection.leak = Database Connection Leak +function.name.dead.lock = Deadlock (Java) +function.name.dead.lock2 = Deadlock (SQL) +function.name.ei.error = ExceptionInInitializerError / NoClassDefFoundError +function.name.endless.waiting.process = Endless Waiting Process +function.name.file.descriptor.leak = File Descriptor Leak +function.name.forward.loop = Forward Loop +function.name.infinite.loop = Infinite Loop +function.name.int.overflow = Integer Overflow +function.name.jvm.crash.eav = JVM Crash +function.name.ldap.injection = LDAP Injection +function.name.loss.of.trailing.digits = Loss of Trailing Digits +function.name.mail.header.injection = Mail Header Injection +function.name.memory.leak = Memory Leak (Java heap space) +function.name.memory.leak2 = Memory Leak ({0}) +function.name.memory.leak3 = Memory Leak (C heap space) +function.name.mojibake = Mojibake +function.name.network.socket.leak = Network Socket Leak +function.name.null.byte.injection = Null Byte Injection +function.name.open.redirect = Login page that allows Open Redirect +function.name.os.command.injection = OS Command Injection +function.name.path.traversal = Path Traversal +function.name.redirect.loop = Redirect Loop +function.name.round.off.error = Round Off Error +function.name.session.fixation = Login page that allows session fixation attacks +function.name.slow.regular.expression = Delay due to regular expression parse +function.name.slow.string.plus.operation = Delay of creating string due to +(plus) operator +function.name.slow.unnecessary.object.creation = Delay due to unnecessary object creation +function.name.sql.injection = SQL Injection +function.name.thread.leak = Thread Leak +function.name.truncation.error = Truncation Error +function.name.unintended.file.disclosure = Unintended File Disclosure +function.name.unrestricted.ext.upload = Extension Unrestricted File Upload +function.name.unrestricted.size.upload = Size Unrestricted File Upload +function.name.verbose.error.message = Verbose Authentication Error Messages +function.name.xee = XEE (XML Entity Expansion) +function.name.xss = XSS (Cross Site Scripting) +function.name.xxe = XXE (XML External Entity) + +section.errors = Errors +section.exceptions = Unchecked Exception +section.performance.issue = Performance Issue +section.troubles = Troubles +section.vulnerabilities = Vulnerabilities diff --git a/src/main/resources/indexpage_ja.properties b/src/main/resources/indexpage_ja.properties new file mode 100644 index 0000000..9cc4bfc --- /dev/null +++ b/src/main/resources/indexpage_ja.properties @@ -0,0 +1,100 @@ +description.all =  \u8B66\u544A\uFF1A\u4E00\u90E8\u306E\u30EA\u30F3\u30AF\u306F\u91CD\u5927\u306A\u30E1\u30E2\u30EA\u30EA\u30FC\u30AF\u3084CPU\u4F7F\u7528\u7387\u306E\u4E0A\u6607\u3092\u5F15\u304D\u8D77\u3053\u3057\u307E\u3059\u3002\u3053\u308C\u306B\u3088\u308A\u30B3\u30F3\u30D4\u30E5\u30FC\u30BF\u306E\u52D5\u4F5C\u304C\u4E0D\u5B89\u5B9A\u306B\u306A\u308B\u53EF\u80FD\u6027\u304C\u3042\u308A\u307E\u3059\u3002
\u7D50\u679C\u306FJRE\u306E\u7A2E\u985E/\u30D0\u30FC\u30B8\u30E7\u30F3\u3001JVM\u30AA\u30D7\u30B7\u30E7\u30F3\u3001OS\u3001\u30CF\u30FC\u30C9\u30A6\u30A7\u30A2\uFF08\u30E1\u30E2\u30EA\u3084CPU\uFF09\u306A\u3069\u306B\u3088\u3063\u3066\u5909\u308F\u308B\u3053\u3068\u304C\u3042\u308A\u307E\u3059\u3002 +description.errors = OutOfMemoryError\u3001StackOverflowError\u3001NoClassDefFoundError\u306A\u3069 +description.performance.issue = \u6027\u80FD\u306B\u95A2\u3059\u308B\u554F\u984C +description.section.exceptions = java.lang.RuntimeException\u304B\u3089\u7D99\u627F\u3057\u305F\u4F8B\u5916 +description.troubles = \u30E1\u30E2\u30EA\u30EA\u30FC\u30AF\u3001\u7121\u9650\u30EB\u30FC\u30D7\u3001\u30C7\u30C3\u30C9\u30ED\u30C3\u30AF\u306A\u3069 +description.vulnerabilities = XSS\u3001SQL\u30A4\u30F3\u30B8\u30A7\u30AF\u30B7\u30E7\u30F3\u3001LDAP\u30A4\u30F3\u30B8\u30A7\u30AF\u30B7\u30E7\u30F3\u306A\u3069 + +function.description.brute.force = \u3053\u306E\u30ED\u30B0\u30A4\u30F3\u30DA\u30FC\u30B8\u306B\u306F\u30A2\u30AB\u30A6\u30F3\u30C8\u30ED\u30C3\u30AF\u304C\u7121\u3044\u305F\u3081\u3001\u30D6\u30EB\u30FC\u30C8\u30D5\u30A9\u30FC\u30B9\u653B\u6483\u306B\u5BFE\u3057\u3066\u306E\u8106\u5F31\u3067\u3059\u3002 +function.description.clickjacking = \u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u5909\u66F4\u30DA\u30FC\u30B8\u306B\u306F\u30AF\u30EA\u30C3\u30AF\u30B8\u30E3\u30C3\u30AD\u30F3\u30B0\u306E\u8106\u5F31\u6027\u304C\u3042\u308A\u307E\u3059\u3002 +function.description.code.injection = \u3053\u306E\u30DA\u30FC\u30B8\u306B\u306F\u30B3\u30FC\u30C9\u30A4\u30F3\u30B8\u30A7\u30AF\u30B7\u30E7\u30F3\u306E\u8106\u5F31\u6027\u304C\u3042\u308A\u307E\u3059\u3002 +function.description.csrf = \u30D1\u30B9\u30EF\u30FC\u30C9\u5909\u66F4\u30DA\u30FC\u30B8\u306B\u306FCSRF\u306E\u8106\u5F31\u6027\u304C\u3042\u308A\u307E\u3059\u3002 +function.description.dangerous.file.inclusion = \u3053\u306E\u30DA\u30FC\u30B8\u3067\u306F\u5916\u90E8\u306E\u5371\u967A\u306A\u30D5\u30A1\u30A4\u30EB\u3092\u30A4\u30F3\u30AF\u30EB\u30FC\u30C9\u53EF\u80FD\u3067\u3059\u3002 +function.description.database.connection.leak = \u3053\u306E\u30DA\u30FC\u30B8\u3092\u30ED\u30FC\u30C9\u3059\u308B\u305F\u3073\u306B\u3001\u30C7\u30FC\u30BF\u30D9\u30FC\u30B9\u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u30EA\u30FC\u30AF\u304C\u767A\u751F\u3057\u307E\u3059\u3002 +function.description.dead.lock = \u30C7\u30C3\u30C9\u30ED\u30C3\u30AF(Java)\u3092\u767A\u751F\u3055\u305B\u308B\u3053\u3068\u304C\u3067\u304D\u307E\u3059\u3002 +function.description.dead.lock2 = \u30C7\u30C3\u30C9\u30ED\u30C3\u30AF(SQL)\u3092\u767A\u751F\u3055\u305B\u308B\u3053\u3068\u304C\u3067\u304D\u307E\u3059\u3002 +function.description.ei.error = \u3053\u306E\u30EA\u30F3\u30AF\u3092\u30AF\u30EA\u30C3\u30AF\u3059\u308B\u3068\u3001\u521D\u56DE\u306FExceptionInInitializerError\u304C\u3001\u305D\u306E\u5F8C\u306FNoClassDefFoundError\u304C\u30B9\u30ED\u30FC\u3055\u308C\u307E\u3059\u3002 +function.description.endless.waiting.process = \u5B8C\u4E86\u3057\u306A\u3044\u30D7\u30ED\u30BB\u30B9\u306E\u5F85\u6A5F\u3092\u767A\u751F\u3055\u305B\u308B\u3053\u3068\u304C\u3067\u304D\u307E\u3059\u3002 +function.description.file.descriptor.leak = \u3053\u306E\u30DA\u30FC\u30B8\u3092\u30ED\u30FC\u30C9\u3059\u308B\u305F\u3073\u306B\u3001\u30D5\u30A1\u30A4\u30EB\u30C7\u30A3\u30B9\u30AF\u30EA\u30D7\u30BF\u30EA\u30FC\u30AF\u304C\u767A\u751F\u3057\u307E\u3059\u3002 +function.description.forward.loop = \u3053\u306E\u30EA\u30F3\u30AF\u3092\u30AF\u30EA\u30C3\u30AF\u3059\u308B\u3068\u3001\u30D5\u30A9\u30EF\u30FC\u30C9\u30EB\u30FC\u30D7\u304C\u767A\u751F\u3057\u307E\u3059\u3002 +function.description.infinite.loop = \u3053\u306E\u30EA\u30F3\u30AF\u3092\u30AF\u30EA\u30C3\u30AF\u3059\u308B\u3068\u3001\u7121\u9650\u30EB\u30FC\u30D7\u304C\u767A\u751F\u3057\u307E\u3059\u3002 +function.description.int.overflow = \u6574\u6570\u30AA\u30FC\u30D0\u30FC\u30D5\u30ED\u30FC\u3092\u767A\u751F\u3055\u305B\u308B\u3053\u3068\u304C\u3067\u304D\u307E\u3059\u3002 +function.description.jvm.crash.eav = \u3053\u306E\u30EA\u30F3\u30AF\u3092\u30AF\u30EA\u30C3\u30AF\u3059\u308B\u3068JVM\u304C\u30AF\u30E9\u30C3\u30B7\u30E5\u3057\u307E\u3059\u3002 +function.description.ldap.injection = \u3053\u306E\u30DA\u30FC\u30B8\u306B\u306FLDAP\u30A4\u30F3\u30B8\u30A7\u30AF\u30B7\u30E7\u30F3\u306E\u8106\u5F31\u6027\u304C\u3042\u308A\u307E\u3059\u3002 +function.description.loss.of.trailing.digits = \u60C5\u5831\u843D\u3061\u3092\u767A\u751F\u3055\u305B\u308B\u3053\u3068\u304C\u3067\u304D\u307E\u3059\u3002 +function.description.mail.header.injection = \u3053\u306E\u30DA\u30FC\u30B8\u306B\u306F\u30E1\u30FC\u30EB\u30D8\u30C3\u30C0\u30FC\u30A4\u30F3\u30B8\u30A7\u30AF\u30B7\u30E7\u30F3\u306E\u8106\u5F31\u6027\u304C\u3042\u308A\u307E\u3059\u3002 +function.description.memory.leak = \u3053\u306E\u30DA\u30FC\u30B8\u3092\u30ED\u30FC\u30C9\u3059\u308B\u305F\u3073\u306B\u3001Java\u30D2\u30FC\u30D7\u9818\u57DF\u306E\u30E1\u30E2\u30EA\u30EA\u30FC\u30AF\u304C\u767A\u751F\u3057\u307E\u3059\u3002 +function.description.memory.leak2 = \u3053\u306E\u30DA\u30FC\u30B8\u3092\u30ED\u30FC\u30C9\u3059\u308B\u305F\u3073\u306B\u3001{0}\u306E\u30E1\u30E2\u30EA\u30EA\u30FC\u30AF\u304C\u767A\u751F\u3057\u307E\u3059\u3002 +function.description.memory.leak3 = \u3053\u306E\u30DA\u30FC\u30B8\u3092\u30ED\u30FC\u30C9\u3059\u308B\u305F\u3073\u306B\u3001C\u30D2\u30FC\u30D7\u9818\u57DF\u306E\u30E1\u30E2\u30EA\u30EA\u30FC\u30AF\u304C\u767A\u751F\u3057\u307E\u3059\u3002 +function.description.mojibake = \u7279\u5B9A\u306E\u6587\u5B57\u5217\u3092\u5165\u529B\u3059\u308B\u3068\u3001\u6587\u5B57\u5316\u3051\u304C\u767A\u751F\u3057\u307E\u3059\u3002 +function.description.network.socket.leak = \u3053\u306E\u30DA\u30FC\u30B8\u3092\u30ED\u30FC\u30C9\u3059\u308B\u305F\u3073\u306B\u3001\u30CD\u30C3\u30C8\u30EF\u30FC\u30AF\u30BD\u30B1\u30C3\u30C8\u30EA\u30FC\u30AF\u304C\u767A\u751F\u3057\u307E\u3059\u3002 +function.description.null.byte.injection = \u3053\u306E\u30DA\u30FC\u30B8\u306B\u306FNull\u30D0\u30A4\u30C8\u30A4\u30F3\u30B8\u30A7\u30AF\u30B7\u30E7\u30F3\u306E\u8106\u5F31\u6027\u304C\u3042\u308A\u307E\u3059\u3002 +function.description.open.redirect = \u3053\u306E\u30ED\u30B0\u30A4\u30F3\u30DA\u30FC\u30B8\u306B\u306F\u30AA\u30FC\u30D7\u30F3\u30EA\u30C0\u30A4\u30EC\u30AF\u30C8\u306E\u8106\u5F31\u6027\u304C\u3042\u308A\u307E\u3059\u3002 +function.description.os.command.injection = \u3053\u306E\u30DA\u30FC\u30B8\u306B\u306FOS\u30B3\u30DE\u30F3\u30C9\u30A4\u30F3\u30B8\u30A7\u30AF\u30B7\u30E7\u30F3\u306E\u8106\u5F31\u6027\u304C\u3042\u308A\u307E\u3059\u3002 +function.description.path.traversal = \u3053\u306E\u30DA\u30FC\u30B8\u306B\u306F\u30D1\u30B9\u30C8\u30E9\u30D0\u30FC\u30B5\u30EB\u306E\u8106\u5F31\u6027\u304C\u3042\u308A\u307E\u3059\u3002 +function.description.redirect.loop = \u3053\u306E\u30EA\u30F3\u30AF\u3092\u30AF\u30EA\u30C3\u30AF\u3059\u308B\u3068\u3001\u30EA\u30C0\u30A4\u30EC\u30AF\u30C8\u30EB\u30FC\u30D7\u304C\u767A\u751F\u3057\u307E\u3059\u3002 +function.description.round.off.error = \u4E38\u3081\u8AA4\u5DEE\u3092\u767A\u751F\u3055\u305B\u308B\u3053\u3068\u304C\u3067\u304D\u307E\u3059\u3002 +function.description.session.fixation = \u3053\u306E\u30ED\u30B0\u30A4\u30F3\u30DA\u30FC\u30B8\u306B\u306F\u30BB\u30C3\u30B7\u30E7\u30F3\u56FA\u5B9A\u653B\u6483\u306E\u8106\u5F31\u6027\u304C\u3042\u308A\u307E\u3059\u3002 +function.description.slow.regular.expression = \u7279\u5B9A\u306E\u6587\u5B57\u5217\u3092\u5165\u529B\u3059\u308B\u3068\u3001\u6B63\u898F\u8868\u73FE\u306E\u89E3\u6790\u306B\u6642\u9593\u304C\u304B\u304B\u308A\u307E\u3059\u3002 +function.description.slow.string.plus.operation = \u5927\u304D\u306A\u6587\u5B57\u6570\u3092\u5165\u529B\u3059\u308B\u3068\u3001\u6587\u5B57\u5217\u9023\u7D50\u306B\u6642\u9593\u304C\u304B\u304B\u308A\u307E\u3059\u3002 +function.description.slow.unnecessary.object.creation = \u5927\u304D\u306A\u6570\u5024\u3092\u5165\u529B\u3059\u308B\u3068\u3001\u4E0D\u5FC5\u8981\u306A\u30AA\u30D6\u30B8\u30A7\u30AF\u30C8\u751F\u6210\u306B\u3088\u308A\u3001\u5FDC\u7B54\u6642\u306B\u6642\u9593\u304C\u304B\u304B\u308A\u307E\u3059\u3002 +function.description.sql.injection = \u3053\u306E\u30DA\u30FC\u30B8\u306B\u306FSQL\u30A4\u30F3\u30B8\u30A7\u30AF\u30B7\u30E7\u30F3\u306E\u8106\u5F31\u6027\u304C\u3042\u308A\u307E\u3059\u3002 +function.description.thread.leak = \u3053\u306E\u30DA\u30FC\u30B8\u3092\u30ED\u30FC\u30C9\u3059\u308B\u305F\u3073\u306B\u3001\u30B9\u30EC\u30C3\u30C9\u30EA\u30FC\u30AF\u304C\u767A\u751F\u3057\u307E\u3059\u3002 +function.description.throwable = \u3053\u306E\u30EA\u30F3\u30AF\u3092\u30AF\u30EA\u30C3\u30AF\u3059\u308B\u3068\u3001{0}\u304C\u30B9\u30ED\u30FC\u3055\u308C\u307E\u3059\u3002 +function.description.truncation.error = \u6253\u3061\u5207\u308A\u8AA4\u5DEE\u3092\u767A\u751F\u3055\u305B\u308B\u3053\u3068\u304C\u3067\u304D\u307E\u3059\u3002 +function.description.unintended.file.disclosure = \u3053\u306E\u30DA\u30FC\u30B8\u306B\u306F\u610F\u56F3\u3057\u306A\u3044\u30D5\u30A1\u30A4\u30EB\u516C\u958B\u306E\u8106\u5F31\u6027\u304C\u3042\u308A\u307E\u3059\u3002 +function.description.unrestricted.ext.upload = \u3053\u306E\u30DA\u30FC\u30B8\u306B\u306F\u30D5\u30A1\u30A4\u30EB\u30A2\u30C3\u30D7\u30ED\u30FC\u30C9\u306E\u62E1\u5F35\u5B50\u5236\u9650\u304C\u7121\u3044\u305F\u3081\u3001\u30B3\u30FC\u30C9\u30A4\u30F3\u30B8\u30A7\u30AF\u30B7\u30E7\u30F3\u306A\u3069\u306B\u5BFE\u3057\u3066\u8106\u5F31\u3067\u3059\u3002 +function.description.unrestricted.size.upload = \u3053\u306E\u30DA\u30FC\u30B8\u306B\u306F\u30D5\u30A1\u30A4\u30EB\u30A2\u30C3\u30D7\u30ED\u30FC\u30C9\u306E\u30B5\u30A4\u30BA\u5236\u9650\u304C\u7121\u3044\u305F\u3081\u3001DoS\u653B\u6483\u306A\u3069\u306B\u5BFE\u3057\u3066\u8106\u5F31\u3067\u3059\u3002 +function.description.verbose.error.message = \u3053\u306E\u30ED\u30B0\u30A4\u30F3\u30DA\u30FC\u30B8\u306E\u30A8\u30E9\u30FC\u30E1\u30C3\u30BB\u30FC\u30B8\u306F\u89AA\u5207\u904E\u304E\u308B\u305F\u3081\u3001ID\u3068\u30D1\u30B9\u30EF\u30FC\u30C9\u304C\u63A8\u6E2C\u3055\u308C\u308B\u53EF\u80FD\u6027\u304C\u9AD8\u3044\u3067\u3059\u3002 +function.description.xee = \u3053\u306E\u30DA\u30FC\u30B8\u306B\u306FXEE\u306E\u8106\u5F31\u6027\u304C\u3042\u308A\u307E\u3059\u3002 +function.description.xss = \u3053\u306E\u30DA\u30FC\u30B8\u306B\u306FXSS\u306E\u8106\u5F31\u6027\u304C\u3042\u308A\u307E\u3059\u3002 +function.description.xxe = \u3053\u306E\u30DA\u30FC\u30B8\u306B\u306FXXE\u306E\u8106\u5F31\u6027\u304C\u3042\u308A\u307E\u3059\u3002 +function.name.brute.force = \u30D6\u30EB\u30FC\u30C8\u30D5\u30A9\u30FC\u30B9\u653B\u6483\u53EF\u80FD\u306A\u30ED\u30B0\u30A4\u30F3\u753B\u9762 +function.name.clickjacking = \u30AF\u30EA\u30C3\u30AF\u30B8\u30E3\u30C3\u30AD\u30F3\u30B0 +function.name.code.injection = \u30B3\u30FC\u30C9\u30A4\u30F3\u30B8\u30A7\u30AF\u30B7\u30E7\u30F3 +function.name.csrf = CSRF (\u30AF\u30ED\u30B9\u30B5\u30A4\u30C8\u30EA\u30AF\u30A8\u30B9\u30C8\u30D5\u30A9\u30FC\u30B8\u30A7\u30EA) +function.name.dangerous.file.inclusion = \u5371\u967A\u306A\u30D5\u30A1\u30A4\u30EB\u30A4\u30F3\u30AF\u30EB\u30FC\u30C9 +function.name.database.connection.leak = \u30C7\u30FC\u30BF\u30D9\u30FC\u30B9\u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u30EA\u30FC\u30AF +function.name.dead.lock = \u30C7\u30C3\u30C9\u30ED\u30C3\u30AF (Java) +function.name.dead.lock2 = \u30C7\u30C3\u30C9\u30ED\u30C3\u30AF (SQL) +function.name.ei.error = ExceptionInInitializerError / NoClassDefFoundError +function.name.endless.waiting.process = \u5B8C\u4E86\u3057\u306A\u3044\u30D7\u30ED\u30BB\u30B9\u306E\u5F85\u6A5F +function.name.file.descriptor.leak = \u30D5\u30A1\u30A4\u30EB\u30C7\u30A3\u30B9\u30AF\u30EA\u30D7\u30BF\u30EA\u30FC\u30AF +function.name.forward.loop = \u30D5\u30A9\u30EF\u30FC\u30C9\u30EB\u30FC\u30D7 +function.name.infinite.loop = \u7121\u9650\u30EB\u30FC\u30D7 +function.name.int.overflow = \u6574\u6570\u30AA\u30FC\u30D0\u30FC\u30D5\u30ED\u30FC +function.name.jvm.crash.eav = JVM\u30AF\u30E9\u30C3\u30B7\u30E5 +function.name.ldap.injection = LDAP\u30A4\u30F3\u30B8\u30A7\u30AF\u30B7\u30E7\u30F3 +function.name.loss.of.trailing.digits = \u60C5\u5831\u843D\u3061 +function.name.mail.header.injection = \u30E1\u30FC\u30EB\u30D8\u30C3\u30C0\u30FC\u30A4\u30F3\u30B8\u30A7\u30AF\u30B7\u30E7\u30F3 +function.name.memory.leak = \u30E1\u30E2\u30EA\u30EA\u30FC\u30AF (Java\u30D2\u30FC\u30D7\u9818\u57DF) +function.name.memory.leak2 = \u30E1\u30E2\u30EA\u30EA\u30FC\u30AF ({0}) +function.name.memory.leak3 = \u30E1\u30E2\u30EA\u30EA\u30FC\u30AF (C\u30D2\u30FC\u30D7\u9818\u57DF) +function.name.mojibake = \u6587\u5B57\u5316\u3051 +function.name.network.socket.leak = \u30CD\u30C3\u30C8\u30EF\u30FC\u30AF\u30BD\u30B1\u30C3\u30C8\u30EA\u30FC\u30AF +function.name.null.byte.injection = Null\u30D0\u30A4\u30C8\u30A4\u30F3\u30B8\u30A7\u30AF\u30B7\u30E7\u30F3 +function.name.open.redirect = \u30AA\u30FC\u30D7\u30F3\u30EA\u30C0\u30A4\u30EC\u30AF\u30C8\u53EF\u80FD\u306A\u30ED\u30B0\u30A4\u30F3\u753B\u9762 +function.name.os.command.injection = OS\u30B3\u30DE\u30F3\u30C9\u30A4\u30F3\u30B8\u30A7\u30AF\u30B7\u30E7\u30F3 +function.name.path.traversal = \u30D1\u30B9\u30C8\u30E9\u30D0\u30FC\u30B5\u30EB +function.name.redirect.loop = \u30EA\u30C0\u30A4\u30EC\u30AF\u30C8\u30EB\u30FC\u30D7 +function.name.round.off.error = \u4E38\u3081\u8AA4\u5DEE +function.name.session.fixation = \u30BB\u30C3\u30B7\u30E7\u30F3\u56FA\u5B9A\u653B\u6483\u53EF\u80FD\u306A\u30ED\u30B0\u30A4\u30F3\u753B\u9762 +function.name.slow.regular.expression = \u6B63\u898F\u8868\u73FE\u89E3\u6790\u306B\u3088\u308B\u9045\u5EF6 +function.name.slow.string.plus.operation = \u30D7\u30E9\u30B9\u6F14\u7B97\u5B50\u306B\u3088\u308B\u6587\u5B57\u5217\u7D50\u5408\u306E\u9045\u5EF6 +function.name.slow.unnecessary.object.creation = \u4E0D\u5FC5\u8981\u306A\u30AA\u30D6\u30B8\u30A7\u30AF\u30C8\u751F\u6210\u306B\u3088\u308B\u9045\u5EF6 +function.name.sql.injection = SQL\u30A4\u30F3\u30B8\u30A7\u30AF\u30B7\u30E7\u30F3 +function.name.thread.leak = \u30B9\u30EC\u30C3\u30C9\u30EA\u30FC\u30AF +function.name.truncation.error = \u6253\u3061\u5207\u308A\u8AA4\u5DEE +function.name.unintended.file.disclosure = \u610F\u56F3\u3057\u306A\u3044\u30D5\u30A1\u30A4\u30EB\u516C\u958B +function.name.unrestricted.ext.upload = \u62E1\u5F35\u5B50\u5236\u9650\u306E\u7121\u3044\u30D5\u30A1\u30A4\u30EB\u30A2\u30C3\u30D7\u30ED\u30FC\u30C9 +function.name.unrestricted.size.upload = \u30B5\u30A4\u30BA\u5236\u9650\u306E\u7121\u3044\u30D5\u30A1\u30A4\u30EB\u30A2\u30C3\u30D7\u30ED\u30FC\u30C9 +function.name.verbose.error.message = \u89AA\u5207\u904E\u304E\u308B\u8A8D\u8A3C\u30A8\u30E9\u30FC\u30E1\u30C3\u30BB\u30FC\u30B8 +function.name.xee = XEE (XML\u30A8\u30F3\u30C6\u30A3\u30C6\u30A3\u62E1\u5F35) +function.name.xss = XSS (\u30AF\u30ED\u30B9\u30B5\u30A4\u30C8\u30B9\u30AF\u30EA\u30D7\u30C6\u30A3\u30F3\u30B0) +function.name.xxe = XXE (XML\u5916\u90E8\u30A8\u30F3\u30C6\u30A3\u30C6\u30A3) + +section.errors = \u30A8\u30E9\u30FC +section.exceptions = \u975E\u30C1\u30A7\u30C3\u30AF\u4F8B\u5916 +section.performance.issue = \u6027\u80FD\u554F\u984C +section.troubles = \u969C\u5BB3 +section.vulnerabilities = \u8106\u5F31\u6027 \ No newline at end of file diff --git a/src/main/resources/log4j.xml b/src/main/resources/log4j.xml new file mode 100644 index 0000000..6b8b574 --- /dev/null +++ b/src/main/resources/log4j.xml @@ -0,0 +1,29 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/src/main/resources/messages_en.properties b/src/main/resources/messages_en.properties new file mode 100644 index 0000000..27f97e4 --- /dev/null +++ b/src/main/resources/messages_en.properties @@ -0,0 +1,225 @@ +description.access.history = Access history in this page (The latest 15 records). +description.capitalize.string = When you enter a string, the capitalized string is shown. For example: capitalize string -> Capitalize String +description.design.page = You can change design of this page. Please click one of the links below and change this page to your style. +description.design.test = Please click on one of the links below. +description.endless.waiting = When you enter a character count, a batch file (including echo characters of the count) is created and executed. +description.parse.json = When you enter a JSON string, a result checked by JSON.parse() of JavaScript is shown. +description.random.string.generator = When you enter a character count, a random characters of the count is created. +description.response.time = When you add pingurl=[a URL] to query string, the response code and time from the url is shown. +description.reverse.string = When you enter a string, the reversed string is shown. +description.send.mail = You can send a mail to the site administrator. +description.test.regular.expression = Please test if an input string matches the regular expression ^([a-z0-9]+[-]{0,1}){1,100}$. + +label.access.time = Access Time +label.attach.file = Attach File +label.available.characters = Available Characters +label.browser = Browser +label.calculate = Calculate +label.capitalized.string = Capitalized String +label.character.count = Character Count +label.code = Code +label.content = Content +label.current.thread.count = Current Thread Count +label.execution.result = Execution Result: +label.go.to.main = Go to main page +label.goto.admin.page = Go to admin main page +label.history.back = Back +label.ip.address = IP Address +label.json.string = JSON String +label.key = Key +label.language = Language +label.login = Log in +label.login.user.id = Login User ID +label.logout = Log out +label.lowercase.characters = Lowercase Characters +label.mail = Mail Address +label.memory.collection.usage = Collection Usage +label.memory.committed = Committed Init Value +label.memory.init = Init Value +label.memory.max = Max Init Value +label.memory.peak.usage = Peak Memory Usage +label.memory.usage = Memory Usage +label.memory.used = Used Init Value +label.metaspace = Metaspace +label.name = Name +label.numbers = Numbers +label.obelus = / +label.password = Password +label.permgen.space = PermGen space +label.phone = Phone +label.ping.url = Ping URL +label.platform = Platform +label.response.code = Response Code +label.response.time = Response Time +label.reversed.string = Reversed String +label.secret = Secret Number +label.session.id = Session ID +label.signs = Signs +label.string = String +label.subject = Subject +label.submit = Submit +label.times = times +label.timezone.id = Time Zome ID +label.timezone.name = Time Zome Name +label.timezone.offset = Time Zome Offset +label.update = Update +label.upload = Upload +label.uppercase.characters = Uppercase Characters +label.user.agent = User Agent +label.user.id = User ID +label.value = Value +label.version = Version +label.your.mail = Your Mail Address +label.your.name = Your Name + +msg.account.locked = Your account is locked out because the number of login failures exceeds {0} times. +msg.add.users.by.xml = When you upload an XML file of the following format, users can be registered all at once. +msg.admin.page.top = Well come to admins page!! +msg.answer.is.correct = Your answer is correct! +msg.authentication.fail = Authentication failed. Please login again. +msg.batch.registration.complete = Batch registration of users has completed. +msg.batch.registration.fail = Batch registration of users fails. +msg.batch.update.complete = Batch update of users has completed. +msg.batch.update.fail = Batch update of users fails. +msg.calc.sym.natural.numbers = This page can calculate the sum of all natural numbers (1 + 2 + 3 + ... + n) less than or equal to n. +msg.cant.create.batch = Can't create a batch file. +msg.convert.grayscale = You can convert the color of an image file into gray scale. +msg.convert.grayscale.complete = Gray scale conversion of the image file has completed. +msg.convert.grayscale.fail = Gray scale conversion of the image file fails. +msg.db.access.error.occur = An error occurs when accessing database. +msg.dead.lock.detected = Deadlock is detected. +msg.dead.lock.not.occur = Deadlock has not occurred yet. +msg.deadlock.occurs = A lock could not be obtained due to a deadlock. +msg.download.file = You can download the following PDF files. +msg.enter.decimal.value = Please enter the absolute value of a decimal number less than 1. +msg.enter.json.string = Please enter JSON string. +msg.enter.mail = Please enter your mail address. +msg.enter.math.expression = Please enter a mathematical expression. You can use java.lang.Math in the expression. For example, Math.sqrt(Math.pow(2, 6)) - 5 +msg.enter.name = Please enter your name. +msg.enter.name.and.passwd = When you enter your name and password, your secret number is shown. +msg.enter.passwd = When you enter a new password and click the submit button, your password will be changed. +msg.enter.positive.number = Please enter a positive number. +msg.enter.string = Please enter a string. +msg.error.user.not.exist = User does not exist or password does not match. +msg.executed.batch = Created and executed the batch: +msg.invalid.expression = Invalid expression : {0} +msg.invalid.json = Invalid JSON : {0} +msg.low.alphnum8 = Password is 8 lowercase alphanumeric characters. +msg.mail.change.failed = Mail address change failed. +msg.mail.changed = Your mail address is successfully changed. +msg.mail.format.is.invalid = The mail address is an invalid format. +msg.mail.is.empty = Please enter subject and content. +msg.match.regular.expression = The input string matches the regular expression. +msg.max.file.size.exceed = The file size exceeds the allowable limit. +msg.need.admin.privilege = You need admin privileges to go ahead from here. Please enter your user ID and password. +msg.not.image.file = The chosen file is not an image file. +msg.not.match.regular.expression = The input string does not match the regular expression. +msg.not.xml.file = The chosen file is not an XML file. +msg.note.brute.force = You can login with admin and password. The number of login attempts is not limited on this page, so the brute force attack is possible. +msg.note.clickjacking = This page receives a request that a user does not intend and changes the user's mail address. +msg.note.clientinfo = If the directory listing feature works and you access to http://localhost:8080/uid/, then you can see the file list in the uid directory. If you login as an acount written in http://localhost:8080/uid/adminpassword.txt you can access to /uid/serverinfo.jsp. +msg.note.codeinjection = If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection. +msg.note.commandinjection = If you enter @Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server. +msg.note.createobjects = If you enter a large number, then it takes time to respond due to unnecessary object creation. +msg.note.csrf = This page receives a request that a user does not intend and changes the user's password. +msg.note.dangerous.file.inclusion = Change the query string to template=[URL where malicious JSP file is deployed], then a malicious code is executed. +msg.note.db.connection.leak.occur = DB connection leak occurs every time you load this page. +msg.note.deadlock = Deadlock occurs after continuously loading this page few times. +msg.note.deadlock2 = If you open two windows (or tabs) and sort in the ascending order of user ID and click the "update" button on one window immediately after you sort in the descending order and click the "update" button on the other, then deadlock occurs in database. +msg.note.endlesswaiting = If you enter a large number, then an endless waiting process occurs. +msg.note.filedescriptorleak = File descriptor leak occurs every time you load this page. +msg.note.intoverflow = Integer overflow occurs if you enter a number greater than or equal to 63. +msg.note.ldap.injection = You can login with admin and password. You can bypass authentication and login with *)(|(objectClass=* and password to aaaaaaa). +msg.note.lossoftrailingdigits = Loss of trailing digits occurs if you enter 0.0000000000000001. +msg.note.mailheaderinjection = If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to [subject][line break]Bcc: [a mail address], then you can send a mail to the address. +msg.note.memoryleak = Memory leak occurs in Java heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. +msg.note.memoryleak3 = Memory leak occurs in C heap space every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. +msg.note.mojibake = Mojibake occurs if you enter a multi-byte string. +msg.note.netsocketleak = Network socket leak occurs every time you load this page. +msg.note.not.use.ext.db = Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS. +msg.note.nullbyteinjection = If using Java earlier than version 1.7.0_40 and you add fileName=../WEB-INF/web.xml%00 to the query string, then you can download a file which includes the content of web.xml. +msg.note.open.redirect = You can login with admin and password. If you add goto=[an URL of a malicious site] to the query string, you can redirect to the malicious site. +msg.note.path.traversal = Change the query string to template=../WEB-INF/web.xml?, then you can see the content of web.xml in the source code of this page. +msg.note.roundofferror = Round off error occurs if you enter 1. +msg.note.session.fixation = You can login with admin and password. The URL rewriting feature works on this page in order to support clients that cannot use cookie, so the session fixation attack is possible. +msg.note.slowregex = If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then the parse processing will take several tens of seconds.
     If you enter string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then no response will be received. +msg.note.sqlijc = You can see a secret number if you enter Mark and password. You can see other users information if you enter password to ' OR '1'='1 +msg.note.strplusopr = If you enter a large number, then the processing will take several tens of seconds because the string is created by "+" (plus) operator. +msg.note.threadleak = Thread leak occurs every time you load this page. +msg.note.truncationerror = Truncation error occurs if you enter 3 or 7 or 9. +msg.note.unrestrictedextupload = If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http://localhost:8080/uploadFiles/exit.jsp, then JavaVM is forcibly finished. +msg.note.unrestrictedsizeupload = This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size. +msg.note.verbose.errror.message = You can login with admin and password. It is easy to guess an account who can logs in since authentication error messages on this page is too detailed. +msg.note.xee = If you upload the following XML file, it will waste server resources. +msg.note.xss = Session ID is shown if you enter name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< +msg.note.xxe.step1 = If you create the following DTD file on a web server that can be accessed from this server, for example, http://attacker.site/vulnerable.dtd +msg.note.xxe.step2 = and upload the following XML file, then you can display the password file (/etc/passwd) on the Linux server. +msg.passwd.change.failed = Password change failed. +msg.passwd.changed = Your password is successfully changed. +msg.passwd.is.too.short = The password must be at least 8 characters. +msg.password.not.match = The password does not match. +msg.permgen.space.leak.occur = Memory leak occurs in {0} every time you load this page. If keeping on loading this page, OutOfMemoryError is finally thrown. +msg.question.reach.the.moon = How many times would you have to fold a piece of paper (thickness 0.1mm) for it to be thick enough to reach the moon (384,400 km)? +msg.reverse.color = You can reverse the color of an image file. +msg.reverse.color.complete = The color reversal of the image file has completed. +msg.reverse.color.fail = The color reversal of the image file fails. +msg.select.upload.file = Select a file to upload. +msg.sent.mail = The mail was sent successfully. +msg.unknown.exception.occur = Unknown exception occurs : {0} +msg.update.records = Updated {0} records. +msg.update.users = You can update users information. +msg.update.users.by.xml = When you upload an XML file of the following format, users can be updated all at once. +msg.user.already.exist = The user already exists. +msg.user.not.exist = The user does not exist. +msg.valid.json = Valid JSON! +msg.warn.enter.name.and.passwd = Please enter your name and password. + +style.description.basic = Basic header and footer are used. +style.description.bootstrap = For more detail, please refer to the page: http://getbootstrap.com/ +style.description.google.mdl = For more detail, please refer to the page: https://getmdl.io/ +style.description.materialize = For more detail, please refer to the page: http://materializecss.com/ +style.description.monochro = Monochrome header and footer are used. +style.description.noframe = No header and footer are used. +style.description.nonstyle = No stylesheet is specified. +style.name.basic = Basic +style.name.bootstrap = Bootstrap +style.name.google.mdl = Google Material Design Lite +style.name.materialize = Materialize +style.name.monochro = Monochrome +style.name.noframe = No Frame +style.name.nonstyle = Non-Style + +title.adminmain.page = Main Page for Administrators +title.clickjacking.page = Change Your Mail +title.clientinfo.page = Client Information +title.codeinjection.page = Parse JSON +title.commandinjection.page = Performing Basic Numeric Operations +title.createobjects.page = Sum of natural numbers +title.csrf.page = Change Your Password +title.dbconnectionleak.page = User List +title.deadlock.page = Detect Deadlock +title.design.test.page = Design Test +title.endlesswaiting.page = Execute Batch +title.filedescriptorleak.page = Access History +title.intoverflow.page = The Distance from Earth to the Moon +title.login.page = Login Page for Administrators +title.lossoftrailingdigits.page = Decimal Addition +title.mailheaderinjection.page = Question to Administrator +title.memoryleak.page = Heap Memory Usage +title.memoryleak2.page = Non-Heap Memory Usage +title.memoryleak3.page = Display Time Zone Information +title.mojibake.page = Capitalize String +title.netsocketleak.page = Measure Response Time +title.nullbyteinjection.page = Download Guides +title.roundofferror.page = Easy Subtraction +title.serverinfo.page = Server Information +title.slowregex.page = Test Regular Expression +title.sqlijc.page = Search Your Secret Number +title.strplusopr.page = Random String Generator +title.threadleak.page = Display Current Thread Count +title.truncationerror.page = Decimal Division +title.unrestrictedextupload.page = Convert Gray Scale of Image File +title.unrestrictedsizeupload.page = Reverse Color of Image File +title.xee.page = Batch Registration of Users +title.xss.page = Reverse String +title.xxe.page = Batch Update of Users diff --git a/src/main/resources/messages_ja.properties b/src/main/resources/messages_ja.properties new file mode 100644 index 0000000..c18fa28 --- /dev/null +++ b/src/main/resources/messages_ja.properties @@ -0,0 +1,225 @@ +description.access.history = \u3053\u306E\u30DA\u30FC\u30B8\u306E\u30A2\u30AF\u30BB\u30B9\u5C65\u6B74 (\u6700\u65B0\u306E15\u4EF6) +description.capitalize.string = \u6587\u5B57\u5217\u3092\u5165\u529B\u3059\u308B\u3068\u3001\u5148\u982D\u3092\u5927\u6587\u5B57\u306B\u3057\u3066\u8868\u793A\u3057\u307E\u3059\u3002\u4F8B) capitalize string -> Capitalize String +description.design.page = \u3053\u306E\u30DA\u30FC\u30B8\u3067\u306F\u3001\u30C7\u30B6\u30A4\u30F3\u306E\u5FAE\u8ABF\u6574\u3092\u3059\u308B\u3053\u3068\u304C\u3067\u304D\u307E\u3059\u3002\u4EE5\u4E0B\u306E\u3044\u305A\u308C\u304B\u306E\u30EA\u30F3\u30AF\u3092\u30AF\u30EA\u30C3\u30AF\u3057\u3066\u3001\u3053\u306E\u30DA\u30FC\u30B8\u3092\u304A\u597D\u307F\u306E\u30B9\u30BF\u30A4\u30EB\u306B\u5909\u66F4\u3057\u3066\u4E0B\u3055\u3044\u3002 +description.design.test = \u4EE5\u4E0B\u306E\u3044\u305A\u308C\u304B\u306E\u30EA\u30F3\u30AF\u3092\u30AF\u30EA\u30C3\u30AF\u3057\u3066\u4E0B\u3055\u3044\u3002 +description.endless.waiting = \u6587\u5B57\u6570\u3092\u5165\u529B\u3059\u308B\u3068\u3001\u305D\u306E\u6587\u5B57\u6570\u5206\u306Eecho\u3092\u5B9F\u884C\u3059\u308B\u30D0\u30C3\u30C1\u3092\u4F5C\u6210\u3001\u5B9F\u884C\u3057\u307E\u3059\u3002 +description.parse.json = JSON\u6587\u5B57\u5217\u3092\u5165\u529B\u3059\u308B\u3068\u3001JavaScript\u306EJSON.parse()\u3067\u691C\u8A3C\u3057\u305F\u7D50\u679C\u304C\u8868\u793A\u3055\u308C\u307E\u3059\u3002 +description.random.string.generator = \u6587\u5B57\u6570\u3092\u5165\u529B\u3059\u308B\u3068\u3001\u305D\u306E\u6587\u5B57\u6570\u5206\u306E\u30E9\u30F3\u30C0\u30E0\u306A\u6587\u5B57\u5217\u3092\u751F\u6210\u3057\u307E\u3059\u3002 +description.response.time = \u30AF\u30A8\u30EA\u6587\u5B57\u5217\u306Bpingurl=[\u4EFB\u610FURL]\u3092\u8FFD\u52A0\u3059\u308B\u3068\u3001\u305D\u306EURL\u304B\u3089\u306E\u5FDC\u7B54\u30B3\u30FC\u30C9\u3068\u6642\u9593\u304C\u8868\u793A\u3055\u308C\u307E\u3059\u3002 +description.reverse.string = \u6587\u5B57\u5217\u3092\u5165\u529B\u3059\u308B\u3068\u3001\u6587\u5B57\u5217\u304C\u9006\u8EE2\u3057\u3066\u8868\u793A\u3055\u308C\u307E\u3059\u3002 +description.send.mail = \u30B5\u30A4\u30C8\u306E\u7BA1\u7406\u8005\u306B\u30E1\u30FC\u30EB\u3092\u9001\u4FE1\u3067\u304D\u307E\u3059\u3002 +description.test.regular.expression = \u6B63\u898F\u8868\u73FE ^([a-z0-9]+[-]{0,1}){1,100}$ \u306B\u4E00\u81F4\u3059\u308B\u6587\u5B57\u5217\u304B\u30C6\u30B9\u30C8\u3057\u3066\u4E0B\u3055\u3044\u3002 + +label.access.time = \u30A2\u30AF\u30BB\u30B9\u6642\u523B +label.attach.file = \u6DFB\u4ED8\u30D5\u30A1\u30A4\u30EB +label.available.characters = \u5229\u7528\u53EF\u80FD\u306A\u6587\u5B57 +label.browser = \u30D6\u30E9\u30A6\u30B6 +label.calculate = \u8A08\u7B97\u3059\u308B +label.capitalized.string = \u5148\u982D\u3092\u5927\u6587\u5B57\u306B\u3057\u305F\u6587\u5B57\u5217 +label.character.count = \u6587\u5B57\u6570 +label.code = \u30B3\u30FC\u30C9 +label.content = \u672C\u6587 +label.current.thread.count = \u73FE\u5728\u306E\u30B9\u30EC\u30C3\u30C9\u6570 +label.execution.result = \u5B9F\u884C\u7D50\u679C: +label.go.to.main = \u30E1\u30A4\u30F3\u30DA\u30FC\u30B8\u3078 +label.goto.admin.page = \u7BA1\u7406\u8005\u30E1\u30A4\u30F3\u30DA\u30FC\u30B8\u3078 +label.history.back = \u623B\u308B +label.ip.address = IP\u30A2\u30C9\u30EC\u30B9 +label.json.string = JSON\u6587\u5B57\u5217 +label.key = \u30AD\u30FC +label.language = \u8A00\u8A9E +label.login = \u30ED\u30B0\u30A4\u30F3 +label.login.user.id = \u30ED\u30B0\u30A4\u30F3\u30E6\u30FC\u30B6\u30FCID +label.logout = \u30ED\u30B0\u30A2\u30A6\u30C8 +label.lowercase.characters = \u534A\u89D2\u5C0F\u6587\u5B57 +label.mail = \u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9 +label.memory.collection.usage = \u30B3\u30EC\u30AF\u30B7\u30E7\u30F3\u4F7F\u7528\u91CF +label.memory.committed = \u4FDD\u8A3C\u5024 +label.memory.init = \u521D\u671F\u5024 +label.memory.max = \u6700\u5927\u5024 +label.memory.peak.usage = \u30D4\u30FC\u30AF\u30E1\u30E2\u30EA\u30FC\u4F7F\u7528\u91CF +label.memory.usage = \u30E1\u30E2\u30EA\u30FC\u4F7F\u7528\u91CF +label.memory.used = \u73FE\u5728\u5024 +label.metaspace = Metaspace +label.name = \u540D\u524D +label.numbers = \u6570\u5B57 +label.obelus = \u00F7 +label.password = \u30D1\u30B9\u30EF\u30FC\u30C9 +label.permgen.space = PermGen\u9818\u57DF +label.phone = \u96FB\u8A71\u756A\u53F7 +label.ping.url = Ping\u3059\u308BURL +label.platform = \u30D7\u30E9\u30C3\u30C8\u30D5\u30A9\u30FC\u30E0 +label.response.code = \u5FDC\u7B54\u30B3\u30FC\u30C9 +label.response.time = \u5FDC\u7B54\u6642\u9593 +label.reversed.string = \u9006\u8EE2\u3057\u305F\u6587\u5B57\u5217 +label.secret = \u6697\u8A3C\u756A\u53F7 +label.session.id = \u30BB\u30C3\u30B7\u30E7\u30F3ID +label.signs = \u8A18\u53F7 +label.string = \u6587\u5B57\u5217 +label.subject = \u4EF6\u540D +label.submit = \u9001\u4FE1 +label.times = \u56DE +label.timezone.id = \u30BF\u30A4\u30E0\u30BE\u30FC\u30F3ID +label.timezone.name = \u30BF\u30A4\u30E0\u30BE\u30FC\u30F3\u540D +label.timezone.offset = \u30BF\u30A4\u30E0\u30BE\u30FC\u30F3\u30AA\u30D5\u30BB\u30C3\u30C8 +label.update = \u66F4\u65B0 +label.upload = \u30A2\u30C3\u30D7\u30ED\u30FC\u30C9 +label.uppercase.characters = \u534A\u89D2\u5927\u6587\u5B57 +label.user.agent = \u30E6\u30FC\u30B6\u30FC\u30A8\u30FC\u30B8\u30A7\u30F3\u30C8 +label.user.id = \u30E6\u30FC\u30B6\u30FCID +label.value = \u5024 +label.version = \u30D0\u30FC\u30B8\u30E7\u30F3 +label.your.mail = \u3042\u306A\u305F\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9 +label.your.name = \u3042\u306A\u305F\u306E\u540D\u524D + +msg.account.locked = \u30ED\u30B0\u30A4\u30F3\u9023\u7D9A\u5931\u6557\u56DE\u6570\u304C{0}\u56DE\u3092\u8D85\u3048\u305F\u305F\u3081\u3001\u30A2\u30AB\u30A6\u30F3\u30C8\u304C\u30ED\u30C3\u30AF\u3055\u308C\u3066\u3044\u307E\u3059\u3002 +msg.add.users.by.xml = \u6B21\u306E\u5F62\u5F0F\u306EXML\u30D5\u30A1\u30A4\u30EB\u3092\u30A2\u30C3\u30D7\u30ED\u30FC\u30C9\u3059\u308B\u3068\u3001\u30E6\u30FC\u30B6\u30FC\u304C\u4E00\u62EC\u3067\u767B\u9332\u3067\u304D\u307E\u3059\u3002 +msg.admin.page.top = \u7BA1\u7406\u8005\u30DA\u30FC\u30B8\u3078\u3088\u3046\u3053\u305D\uFF01\uFF01 +msg.answer.is.correct = \u6B63\u89E3\u3067\u3059\u3002 +msg.authentication.fail = \u8A8D\u8A3C\u306B\u5931\u6557\u3057\u307E\u3057\u305F\u3002\u518D\u5EA6\u30ED\u30B0\u30A4\u30F3\u3057\u3066\u4E0B\u3055\u3044\u3002 +msg.batch.registration.complete = \u30E6\u30FC\u30B6\u30FC\u306E\u4E00\u62EC\u767B\u9332\u304C\u5B8C\u4E86\u3057\u307E\u3057\u305F\u3002 +msg.batch.registration.fail = \u30E6\u30FC\u30B6\u30FC\u306E\u4E00\u62EC\u767B\u9332\u304C\u5931\u6557\u3057\u307E\u3057\u305F\u3002 +msg.batch.update.complete = \u30E6\u30FC\u30B6\u30FC\u306E\u4E00\u62EC\u66F4\u65B0\u304C\u5B8C\u4E86\u3057\u307E\u3057\u305F\u3002 +msg.batch.update.fail = \u30E6\u30FC\u30B6\u30FC\u306E\u4E00\u62EC\u66F4\u65B0\u304C\u5931\u6557\u3057\u307E\u3057\u305F\u3002 +msg.calc.sym.natural.numbers = n\u4EE5\u4E0B\u306E\u81EA\u7136\u6570\u3059\u3079\u3066\u306E\u7DCF\u548C (1 + 2 + 3 + \u2026 + n) \u3092\u8A08\u7B97\u3057\u307E\u3059\u3002 +msg.cant.create.batch = \u30D0\u30C3\u30C1\u30D5\u30A1\u30A4\u30EB\u3092\u4F5C\u6210\u3067\u304D\u307E\u305B\u3093\u3067\u3057\u305F\u3002 +msg.convert.grayscale = \u753B\u50CF\u30D5\u30A1\u30A4\u30EB\u306E\u30B0\u30EC\u30FC\u30B9\u30B1\u30FC\u30EB\u5909\u63DB\u3092\u884C\u3046\u3053\u3068\u304C\u3067\u304D\u307E\u3059\u3002 +msg.convert.grayscale.complete = \u753B\u50CF\u30D5\u30A1\u30A4\u30EB\u306E\u30B0\u30EC\u30FC\u30B9\u30B1\u30FC\u30EB\u5909\u63DB\u304C\u5B8C\u4E86\u3057\u307E\u3057\u305F\u3002 +msg.convert.grayscale.fail = \u753B\u50CF\u30D5\u30A1\u30A4\u30EB\u306E\u30B0\u30EC\u30FC\u30B9\u30B1\u30FC\u30EB\u5909\u63DB\u306B\u5931\u6557\u3057\u307E\u3057\u305F\u3002 +msg.db.access.error.occur = \u30C7\u30FC\u30BF\u30D9\u30FC\u30B9\u30A2\u30AF\u30BB\u30B9\u6642\u306B\u4F55\u3089\u304B\u306E\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F\u3002 +msg.dead.lock.detected = \u30C7\u30C3\u30C9\u30ED\u30C3\u30AF\u3092\u691C\u77E5\u3057\u307E\u3057\u305F\u3002 +msg.dead.lock.not.occur = \u30C7\u30C3\u30C9\u30ED\u30C3\u30AF\u306F\u767A\u751F\u3057\u3066\u3044\u307E\u305B\u3093\u3002 +msg.deadlock.occurs = \u30C7\u30C3\u30C9\u30ED\u30C3\u30AF\u306B\u3088\u308A\u30ED\u30C3\u30AF\u3092\u53D6\u5F97\u3067\u304D\u307E\u305B\u3093\u3067\u3057\u305F\u3002 +msg.download.file = \u4EE5\u4E0B\u306EPDF\u30D5\u30A1\u30A4\u30EB\u304C\u30C0\u30A6\u30F3\u30ED\u30FC\u30C9\u3067\u304D\u307E\u3059\u3002 +msg.enter.decimal.value = \u7D76\u5BFE\u5024\u304C1\u672A\u6E80\u306E\u5C0F\u6570\u3092\u5165\u529B\u3057\u3066\u4E0B\u3055\u3044\u3002 +msg.enter.json.string = JSON\u6587\u5B57\u5217\u3092\u5165\u529B\u3057\u3066\u4E0B\u3055\u3044\u3002 +msg.enter.mail = \u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u5165\u529B\u3057\u3066\u4E0B\u3055\u3044\u3002 +msg.enter.math.expression = \u6570\u5F0F\u3092\u5165\u529B\u3057\u3066\u4E0B\u3055\u3044\u3002\u6570\u5F0F\u306B\u306Fjava.lang.Math\u3092\u4F7F\u7528\u3059\u308B\u3053\u3068\u304C\u3067\u304D\u307E\u3059\u3002\u4F8B) Math.sqrt(Math.pow(2, 6)) - 5 +msg.enter.name = \u540D\u524D\u3092\u5165\u529B\u3057\u3066\u4E0B\u3055\u3044\u3002 +msg.enter.name.and.passwd = \u540D\u524D\u3068\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3059\u308B\u3068\u3001\u6697\u8A3C\u756A\u53F7\u304C\u8868\u793A\u3055\u308C\u307E\u3059\u3002 +msg.enter.passwd = \u65B0\u3057\u3044\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3059\u308B\u3068\u3001\u30D1\u30B9\u30EF\u30FC\u30C9\u304C\u5909\u66F4\u3055\u308C\u307E\u3059\u3002 +msg.enter.positive.number = \u6B63\u306E\u6574\u6570\u3092\u5165\u529B\u3057\u3066\u4E0B\u3055\u3044\u3002 +msg.enter.string = \u6587\u5B57\u5217\u3092\u5165\u529B\u3057\u3066\u4E0B\u3055\u3044\u3002 +msg.error.user.not.exist = \u30E6\u30FC\u30B6\u30FC\u304C\u5B58\u5728\u3057\u306A\u3044\u304B\u3001\u30D1\u30B9\u30EF\u30FC\u30C9\u304C\u4E00\u81F4\u3057\u307E\u305B\u3093\u3002 +msg.executed.batch = \u30D0\u30C3\u30C1\u3092\u4F5C\u6210\u3001\u5B9F\u884C\u3057\u307E\u3057\u305F: +msg.invalid.expression = \u4E0D\u6B63\u306A\u6570\u5F0F\u3067\u3059 : {0} +msg.invalid.json = \u4E0D\u6B63\u306AJSON\u6587\u5B57\u5217\u3067\u3059 : {0} +msg.low.alphnum8 = \u30D1\u30B9\u30EF\u30FC\u30C9\u306F8\u6841\u306E\u82F1\u6570\u5B57\u3067\u3059\u3002 +msg.mail.change.failed = \u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u306E\u5909\u66F4\u306B\u5931\u6557\u3057\u307E\u3057\u305F\u3002 +msg.mail.changed = \u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u306F\u6B63\u5E38\u306B\u5909\u66F4\u3055\u308C\u307E\u3057\u305F\u3002 +msg.mail.format.is.invalid = \u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u306E\u5F62\u5F0F\u304C\u4E0D\u6B63\u3067\u3059\u3002 +msg.mail.is.empty = \u4EF6\u540D\u3068\u672C\u6587\u3092\u5165\u529B\u3057\u3066\u4E0B\u3055\u3044\u3002 +msg.match.regular.expression = \u5165\u529B\u6587\u5B57\u5217\u306F\u6B63\u898F\u8868\u73FE\u306B\u4E00\u81F4\u3057\u307E\u3057\u305F\u3002 +msg.max.file.size.exceed = \u30D5\u30A1\u30A4\u30EB\u30B5\u30A4\u30BA\u304C\u8A31\u5BB9\u9650\u5EA6\u3092\u8D85\u3048\u3066\u3044\u307E\u3059\u3002 +msg.need.admin.privilege = \u3053\u3053\u304B\u3089\u5148\u306F\u7BA1\u7406\u8005\u6A29\u9650\u304C\u5FC5\u8981\u3067\u3059\u3002\u30E6\u30FC\u30B6\u30FCID\u3068\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3057\u3066\u4E0B\u3055\u3044\u3002 +msg.not.image.file = \u753B\u50CF\u30D5\u30A1\u30A4\u30EB\u3067\u306F\u3042\u308A\u307E\u305B\u3093\u3002 +msg.not.match.regular.expression = \u5165\u529B\u6587\u5B57\u5217\u306F\u6B63\u898F\u8868\u73FE\u306B\u4E00\u81F4\u3057\u307E\u305B\u3093\u3002 +msg.not.xml.file = XML\u30D5\u30A1\u30A4\u30EB\u3067\u306F\u3042\u308A\u307E\u305B\u3093\u3002 +msg.note.brute.force = admin \u3068 password\u3092\u5165\u529B\u3059\u308B\u3068\u3001\u30ED\u30B0\u30A4\u30F3\u3067\u304D\u307E\u3059\u3002\u3053\u306E\u30DA\u30FC\u30B8\u306B\u306F\u30ED\u30B0\u30A4\u30F3\u8A66\u884C\u56DE\u6570\u306E\u5236\u9650\u304C\u7121\u3044\u305F\u3081\u3001\u30D6\u30EB\u30FC\u30C8\u30D5\u30A9\u30FC\u30B9\u653B\u6483\u304C\u53EF\u80FD\u3067\u3059\u3002 +msg.note.clickjacking = \u3053\u306E\u30DA\u30FC\u30B8\u306F\u3001\u30E6\u30FC\u30B6\u30FC\u304C\u610F\u56F3\u3057\u306A\u3044\u30EA\u30AF\u30A8\u30B9\u30C8\u3082\u53D7\u4FE1\u3057\u3066\u3001\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u5909\u66F4\u3057\u3066\u3057\u307E\u3044\u307E\u3059\u3002 +msg.note.clientinfo = \u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u30EA\u30B9\u30C6\u30A3\u30F3\u30B0\u304C\u6A5F\u80FD\u3057\u3066\u3044\u308B\u5834\u5408\u3001http://localhost:8080/uid/\u306B\u30A2\u30AF\u30BB\u30B9\u3059\u308B\u3068\u3001\u305D\u306E\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u5185\u306E\u30D5\u30A1\u30A4\u30EB\u4E00\u89A7\u304C\u8868\u793A\u3055\u308C\u307E\u3059\u3002\u3055\u3089\u306Bhttp://localhost:8080/uid/adminpassword.txt\u306B\u8A18\u8F09\u3055\u308C\u305F\u30A2\u30AB\u30A6\u30F3\u30C8\u3067\u30ED\u30B0\u30A4\u30F3\u3059\u308B\u3068\u3001http://localhost:8080/uid/serverinfo.jsp\u3078\u30A2\u30AF\u30BB\u30B9\u3059\u308B\u3053\u3068\u304C\u3067\u304D\u307E\u3059\u3002 +msg.note.codeinjection = {}');java.lang.System.exit(0);// \u3092\u5165\u529B\u3059\u308B\u3068\u3001\u30B3\u30FC\u30C9\u30A4\u30F3\u30B8\u30A7\u30AF\u30B7\u30E7\u30F3\u3067 JavaVM\u304C\u5F37\u5236\u7D42\u4E86\u3057\u307E\u3059\u3002 +msg.note.commandinjection = @Runtime@getRuntime().exec('rm -fr /your-important-dir/') \u3092\u5165\u529B\u3059\u308B\u3068\u3001\u30B5\u30FC\u30D0\u30FC\u4E0A\u306E\u91CD\u8981\u306A\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u304C\u524A\u9664\u3055\u308C\u307E\u3059\u3002 +msg.note.createobjects = \u5927\u304D\u306A\u6570\u5024\u3092\u5165\u529B\u3059\u308B\u3068\u3001\u4E0D\u5FC5\u8981\u306A\u30AA\u30D6\u30B8\u30A7\u30AF\u30C8\u751F\u6210\u306B\u3088\u308A\u3001\u5FDC\u7B54\u306B\u6642\u9593\u304C\u304B\u304B\u308A\u307E\u3059\u3002 +msg.note.csrf = \u3053\u306E\u30DA\u30FC\u30B8\u306F\u3001\u30E6\u30FC\u30B6\u30FC\u304C\u610F\u56F3\u3057\u306A\u3044\u30EA\u30AF\u30A8\u30B9\u30C8\u3082\u53D7\u4FE1\u3057\u3066\u3001\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5909\u66F4\u3057\u3066\u3057\u307E\u3044\u307E\u3059\u3002 +msg.note.dangerous.file.inclusion = \u30AF\u30A8\u30EA\u30B9\u30C8\u30EA\u30F3\u30B0\u3092 template=[\u60AA\u610F\u306E\u3042\u308BJSP\u30D5\u30A1\u30A4\u30EB\u304C\u30C7\u30D7\u30ED\u30A4\u3055\u308C\u305FURL] \u306B\u5909\u66F4\u3059\u308B\u3068\u3001\u60AA\u610F\u306E\u3042\u308B\u30B3\u30FC\u30C9\u304C\u5B9F\u884C\u3055\u308C\u307E\u3059\u3002 +msg.note.db.connection.leak.occur = \u3053\u306E\u30DA\u30FC\u30B8\u3092\u8AAD\u307F\u8FBC\u3080\u305F\u3073\u306B\u3001\u30C7\u30FC\u30BF\u30D9\u30FC\u30B9\u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u30EA\u30FC\u30AF\u304C\u767A\u751F\u3057\u307E\u3059\u3002 +msg.note.deadlock = \u3053\u306E\u30DA\u30FC\u30B8\u3092\u9023\u7D9A\u3067\u6570\u56DE\u30ED\u30FC\u30C9\u3059\u308B\u3068\u3001\u30C7\u30C3\u30C9\u30ED\u30C3\u30AF\u304C\u767A\u751F\u3057\u307E\u3059\u3002 +msg.note.deadlock2 = 2\u3064\u306E\u30A6\u30A4\u30F3\u30C9\u30A6\u307E\u305F\u306F\u30BF\u30D6\u3092\u958B\u304D\u3001\u4E00\u65B9\u3067\u30E6\u30FC\u30B6\u30FCID\u3092\u964D\u9806\u306B\u30BD\u30FC\u30C8\u3057\u3066\u300C\u66F4\u65B0\u300D\u30DC\u30BF\u30F3\u3092\u30AF\u30EA\u30C3\u30AF\u3057\u305F\u76F4\u5F8C\u306B\u3001\u3082\u3046\u4E00\u65B9\u3067\u6607\u9806\u306E\u307E\u307E\u300C\u66F4\u65B0\u300D\u30DC\u30BF\u30F3\u3092\u30AF\u30EA\u30C3\u30AF\u3059\u308B\u3068\u3001\u30C7\u30FC\u30BF\u30D9\u30FC\u30B9\u3067\u30C7\u30C3\u30C9\u30ED\u30C3\u30AF\u304C\u767A\u751F\u3057\u307E\u3059\u3002 +msg.note.endlesswaiting = \u5927\u304D\u306A\u6587\u5B57\u6570\u3092\u5165\u529B\u3059\u308B\u3068\u3001\u5B8C\u4E86\u3057\u306A\u3044\u30D7\u30ED\u30BB\u30B9\u306E\u5F85\u6A5F\u304C\u767A\u751F\u3057\u307E\u3059\u3002 +msg.note.filedescriptorleak = \u3053\u306E\u30DA\u30FC\u30B8\u3092\u8AAD\u307F\u8FBC\u3080\u305F\u3073\u306B\u3001\u30D5\u30A1\u30A4\u30EB\u30C7\u30A3\u30B9\u30AF\u30EA\u30D7\u30BF\u30EA\u30FC\u30AF\u304C\u767A\u751F\u3057\u307E\u3059\u3002 +msg.note.intoverflow = 63\u4EE5\u4E0A\u306E\u6570\u3092\u5165\u529B\u3059\u308B\u3068\u3001\u6574\u6570\u30AA\u30FC\u30D0\u30FC\u30D5\u30ED\u30FC\u304C\u767A\u751F\u3057\u307E\u3059\u3002 +msg.note.ldap.injection = admin \u3068 password\u3092\u5165\u529B\u3059\u308B\u3068\u3001\u30ED\u30B0\u30A4\u30F3\u3067\u304D\u307E\u3059\u3002*)(|(objectClass=*\u3001aaaaaaa) \u3092\u5165\u529B\u3059\u308B\u3068\u3001\u8A8D\u8A3C\u3092\u8FC2\u56DE\u3057\u3066\u30ED\u30B0\u30A4\u30F3\u3067\u304D\u307E\u3059\u3002 +msg.note.lossoftrailingdigits = 0.0000000000000001\u3092\u5165\u529B\u3059\u308B\u3068\u3001\u60C5\u5831\u6B20\u843D\u304C\u767A\u751F\u3057\u307E\u3059\u3002 +msg.note.mailheaderinjection = \u30D6\u30E9\u30A6\u30B6\u306E\u958B\u767A\u8005\u30E2\u30FC\u30C9\u3067\u4EF6\u540D\u306Einput\u30BF\u30B0\u3092textarea\u30BF\u30B0\u306B\u5909\u66F4\u3057\u3001\u300C[\u4EFB\u610F\u4EF6\u540D][\u6539\u884C]Bcc: [\u4EFB\u610F\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9]\u300D\u3092\u5165\u529B\u3057\u3066\u9001\u4FE1\u3059\u308B\u3068\u3001[\u4EFB\u610F\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9]\u306B\u30E1\u30FC\u30EB\u3092\u9001\u4FE1\u3067\u304D\u307E\u3059\u3002 +msg.note.memoryleak = \u3053\u306E\u30DA\u30FC\u30B8\u3092\u8AAD\u307F\u8FBC\u3080\u305F\u3073\u306B\u3001Java\u30D2\u30FC\u30D7\u9818\u57DF\u306E\u30E1\u30E2\u30EA\u30EA\u30FC\u30AF\u304C\u767A\u751F\u3057\u307E\u3059\u3002\u753B\u9762\u3092\u30ED\u30FC\u30C9\u3057\u7D9A\u3051\u308B\u3068\u3001\u6700\u7D42\u7684\u306BOutOfMemoryError\u304C\u30B9\u30ED\u30FC\u3055\u308C\u307E\u3059\u3002 +msg.note.memoryleak3 = \u3053\u306E\u30DA\u30FC\u30B8\u3092\u8AAD\u307F\u8FBC\u3080\u305F\u3073\u306B\u3001C\u30D2\u30FC\u30D7\u9818\u57DF\u306E\u30E1\u30E2\u30EA\u30EA\u30FC\u30AF\u304C\u767A\u751F\u3057\u307E\u3059\u3002\u753B\u9762\u3092\u30ED\u30FC\u30C9\u3057\u7D9A\u3051\u308B\u3068\u3001\u6700\u7D42\u7684\u306BOutOfMemoryError\u304C\u30B9\u30ED\u30FC\u3055\u308C\u307E\u3059\u3002 +msg.note.mojibake = \u6587\u5B57\u5217\u306B\u65E5\u672C\u8A9E\u3092\u5165\u529B\u3059\u308B\u3068\u3001\u6587\u5B57\u5316\u3051\u304C\u767A\u751F\u3057\u307E\u3059\u3002 +msg.note.netsocketleak = \u3053\u306E\u30DA\u30FC\u30B8\u3092\u8AAD\u307F\u8FBC\u3080\u305F\u3073\u306B\u3001\u30CD\u30C3\u30C8\u30EF\u30FC\u30AF\u30BD\u30B1\u30C3\u30C8\u30EA\u30FC\u30AF\u304C\u767A\u751F\u3057\u307E\u3059\u3002 +msg.note.not.use.ext.db = \u30C7\u30FC\u30BF\u30D9\u30FC\u30B9\u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u30EA\u30FC\u30AF\u306F\u3001MySQL\u306A\u3069\u306E\u5916\u90E8RDBMS\u3092\u4F7F\u7528\u3059\u308B\u5834\u5408\u306B\u306E\u307F\u767A\u751F\u3057\u307E\u3059\u3002\u5916\u90E8RDBMS\u3092\u4F7F\u7528\u3059\u308B\u5834\u5408\u306F\u3001application.properties\u3092\u7DE8\u96C6\u3057\u3066\u4E0B\u3055\u3044\u3002 +msg.note.nullbyteinjection = \u30D0\u30FC\u30B8\u30E7\u30F31.7.0_40\u3088\u308A\u524D\u306EJava\u3092\u4F7F\u7528\u3057\u3066\u3044\u308B\u5834\u5408\u3001\u30AF\u30A8\u30EA\u30B9\u30C8\u30EA\u30F3\u30B0\u306B fileName=../WEB-INF/web.xml%00 \u3092\u4ED8\u52A0\u3059\u308B\u3068\u3001web.xml\u306E\u5185\u5BB9\u3092\u542B\u3080\u30D5\u30A1\u30A4\u30EB\u304C\u30C0\u30A6\u30F3\u30ED\u30FC\u30C9\u3067\u304D\u307E\u3059\u3002 +msg.note.open.redirect = admin \u3068 password\u3092\u5165\u529B\u3059\u308B\u3068\u3001\u30ED\u30B0\u30A4\u30F3\u3067\u304D\u307E\u3059\u3002\u30AF\u30A8\u30EA\u30B9\u30C8\u30EA\u30F3\u30B0\u306B goto=[\u60AA\u610F\u306E\u3042\u308B\u30B5\u30A4\u30C8\u306EURL] \u3092\u4ED8\u52A0\u3059\u308B\u3068\u3001\u30C1\u30A7\u30C3\u30AF\u305B\u305A\u306B\u60AA\u610F\u306E\u3042\u308B\u30B5\u30A4\u30C8\u306EURL\u306B\u30EA\u30C0\u30A4\u30EC\u30AF\u30C8\u3057\u307E\u3059\u3002 +msg.note.path.traversal = \u30AF\u30A8\u30EA\u30B9\u30C8\u30EA\u30F3\u30B0\u3092 template=../WEB-INF/web.xml? \u306B\u5909\u66F4\u3059\u308B\u3068\u3001\u3053\u306E\u30DA\u30FC\u30B8\u306E\u30BD\u30FC\u30B9\u30B3\u30FC\u30C9\u306Bweb.xml\u306E\u5185\u5BB9\u304C\u8868\u793A\u3055\u308C\u307E\u3059\u3002 +msg.note.roundofferror = 1\u3092\u5165\u529B\u3059\u308B\u3068\u3001\u4E38\u3081\u8AA4\u5DEE\u304C\u767A\u751F\u3057\u307E\u3059\u3002 +msg.note.session.fixation = admin \u3068 password\u3092\u5165\u529B\u3059\u308B\u3068\u3001\u30ED\u30B0\u30A4\u30F3\u3067\u304D\u307E\u3059\u3002\u3053\u306E\u30DA\u30FC\u30B8\u3067\u306FCookie\u3092\u6271\u3048\u306A\u3044\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u3092\u30B5\u30DD\u30FC\u30C8\u3059\u308B\u76EE\u7684\u3067URL\u30EA\u30E9\u30A4\u30C8\u304C\u6A5F\u80FD\u3057\u307E\u3059\u3002\u305D\u308C\u306B\u3088\u308A\u3001\u30BB\u30C3\u30B7\u30E7\u30F3\u56FA\u5B9A\u653B\u6483\u304C\u53EF\u80FD\u3068\u306A\u3063\u3066\u3044\u307E\u3059\u3002 +msg.note.slowregex = \u6587\u5B57\u5217\u306B aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042 \u3092\u5165\u529B\u3059\u308B\u3068\u3001\u69CB\u6587\u89E3\u6790\u306B\u6570\u5341\u79D2\u304B\u308A\u307E\u3059\u3002
     \u6587\u5B57\u5217\u306B aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042 \u3092\u5165\u529B\u3059\u308B\u3068\u3001\u5FDC\u7B54\u304C\u8FD4\u3089\u306A\u304F\u306A\u308A\u307E\u3059\u3002 +msg.note.sqlijc = Mark \u3068 password\u3092\u5165\u529B\u3059\u308B\u3068\u3001\u6697\u8A3C\u756A\u53F7\u304C\u8868\u793A\u3055\u308C\u307E\u3059\u3002\u30D1\u30B9\u30EF\u30FC\u30C9\u306B ' OR '1'='1 \u3092\u5165\u529B\u3059\u308B\u3068\u3001\u4ED6\u306E\u30E6\u30FC\u30B6\u30FC\u306E\u60C5\u5831\u304C\u8868\u793A\u3067\u304D\u307E\u3059\u3002 +msg.note.strplusopr = +(\u30D7\u30E9\u30B9)\u6F14\u7B97\u5B50\u3067\u6587\u5B57\u5217\u3092\u9023\u7D50\u3057\u3066\u3044\u308B\u305F\u3081\u3001\u5927\u304D\u306A\u6587\u5B57\u6570\u3092\u5165\u529B\u3059\u308B\u3068\u3001\u6587\u5B57\u5217\u751F\u6210\u306B\u6570\u5341\u79D2\u304B\u308A\u307E\u3059\u3002 +msg.note.threadleak = \u3053\u306E\u30DA\u30FC\u30B8\u3092\u8AAD\u307F\u8FBC\u3080\u305F\u3073\u306B\u3001\u30B9\u30EC\u30C3\u30C9\u30EA\u30FC\u30AF\u304C\u767A\u751F\u3057\u307E\u3059\u3002 +msg.note.truncationerror = 3\u30017\u30019\u3092\u5165\u529B\u3059\u308B\u3068\u3001\u6253\u3061\u5207\u308A\u8AA4\u5DEE\u304C\u767A\u751F\u3057\u307E\u3059\u3002 +msg.note.unrestrictedextupload = <% System.exit(0); %> \u3068\u66F8\u3044\u305FJSP\u30D5\u30A1\u30A4\u30EB(\u30D5\u30A1\u30A4\u30EB\u540D\uFF1Aexit.jsp)\u3092\u30A2\u30C3\u30D7\u30ED\u30FC\u30C9\u3057\u3066\u3001http://localhost:8080/uploadFiles/exit.jsp\u306B\u30A2\u30AF\u30BB\u30B9\u3059\u308B\u3068\u3001JavaVM\u304C\u5F37\u5236\u7D42\u4E86\u3057\u307E\u3059\u3002 +msg.note.unrestrictedsizeupload = \u30A2\u30C3\u30D7\u30ED\u30FC\u30C9\u53EF\u80FD\u306A\u30D5\u30A1\u30A4\u30EB\u30B5\u30A4\u30BA\u306E\u5236\u9650\u304C\u7121\u3044\u305F\u3081\u3001DoS\u653B\u6483\u306A\u3069\u306B\u5BFE\u3057\u3066\u8106\u5F31\u3067\u3059\u3002 +msg.note.verbose.errror.message = admin \u3068 password\u3092\u5165\u529B\u3059\u308B\u3068\u3001\u30ED\u30B0\u30A4\u30F3\u3067\u304D\u307E\u3059\u3002\u3053\u306E\u753B\u9762\u3067\u306E\u8A8D\u8A3C\u30A8\u30E9\u30FC\u306E\u30E1\u30C3\u30BB\u30FC\u30B8\u306F\u8A73\u7D30\u904E\u304E\u308B\u305F\u3081\u3001\u30ED\u30B0\u30A4\u30F3\u53EF\u80FD\u306A\u30A2\u30AB\u30A6\u30F3\u30C8\u304C\u63A8\u6E2C\u3057\u3084\u3059\u304F\u306A\u3063\u3066\u3044\u307E\u3059\u3002 +msg.note.xee = \u4EE5\u4E0B\u306EXML\u30D5\u30A1\u30A4\u30EB\u3092\u30A2\u30C3\u30D7\u30ED\u30FC\u30C9\u3059\u308B\u3068\u3001\u30B5\u30FC\u30D0\u30FC\u30EA\u30BD\u30FC\u30B9\u3092\u6D6A\u8CBB\u3057\u307E\u3059\u3002 +msg.note.xss = \u540D\u524D\u306B >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< \u3092\u5165\u529B\u3059\u308B\u3068\u3001\u30BB\u30C3\u30B7\u30E7\u30F3ID\u304C\u8868\u793A\u3055\u308C\u307E\u3059\u3002 +msg.note.xxe.step1 = \u3053\u306E\u30B5\u30FC\u30D0\u30FC\u304B\u3089\u30A2\u30AF\u30BB\u30B9\u3067\u304D\u308BWeb\u30B5\u30FC\u30D0\u30FC\u306B\u6B21\u306EDTD\u30D5\u30A1\u30A4\u30EB\u3092\u4F5C\u6210\u3057\u307E\u3059\u3002\u4F8B) http://attacker.site/vulnerable.dtd +msg.note.xxe.step2 = \u6B21\u306B\u4EE5\u4E0B\u306EXML\u30D5\u30A1\u30A4\u30EB\u3092\u30A2\u30C3\u30D7\u30ED\u30FC\u30C9\u3059\u308B\u3068\u3001Linux\u30B5\u30FC\u30D0\u30FC\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u30D5\u30A1\u30A4\u30EB(/etc/passwd)\u304C\u8868\u793A\u3067\u304D\u307E\u3059\u3002 +msg.passwd.change.failed = \u30D1\u30B9\u30EF\u30FC\u30C9\u306E\u5909\u66F4\u306B\u5931\u6557\u3057\u307E\u3057\u305F\u3002 +msg.passwd.changed = \u30D1\u30B9\u30EF\u30FC\u30C9\u306F\u6B63\u5E38\u306B\u5909\u66F4\u3055\u308C\u307E\u3057\u305F\u3002 +msg.passwd.is.too.short = \u30D1\u30B9\u30EF\u30FC\u30C9\u306F8\u6841\u4EE5\u4E0A\u306B\u3057\u3066\u4E0B\u3055\u3044\u3002 +msg.password.not.match = \u30D1\u30B9\u30EF\u30FC\u30C9\u304C\u4E00\u81F4\u3057\u307E\u305B\u3093\u3002 +msg.permgen.space.leak.occur = \u3053\u306E\u30DA\u30FC\u30B8\u3092\u8AAD\u307F\u8FBC\u3080\u305F\u3073\u306B\u3001{0}\u306E\u30E1\u30E2\u30EA\u30EA\u30FC\u30AF\u304C\u767A\u751F\u3057\u307E\u3059\u3002\u753B\u9762\u3092\u30ED\u30FC\u30C9\u3057\u7D9A\u3051\u308B\u3068\u3001\u6700\u7D42\u7684\u306BOutOfMemoryError\u304C\u30B9\u30ED\u30FC\u3055\u308C\u307E\u3059\u3002 +msg.question.reach.the.moon = 0.1mm\u306E\u539A\u3055\u306E\u7D19\u3092\u4F55\u56DE\u6298\u308A\u305F\u305F\u3080\u3068\u3001\u5730\u7403\u304B\u3089\u6708\u306E\u8DDD\u96E2(384,400km)\u306B\u5230\u9054\u3059\u308B\u3067\u3057\u3087\u3046\u304B\uFF1F +msg.reverse.color = \u753B\u50CF\u30D5\u30A1\u30A4\u30EB\u306E\u8272\u53CD\u8EE2\u3092\u884C\u3046\u3053\u3068\u304C\u3067\u304D\u307E\u3059\u3002 +msg.reverse.color.complete = \u753B\u50CF\u30D5\u30A1\u30A4\u30EB\u306E\u8272\u53CD\u8EE2\u304C\u5B8C\u4E86\u3057\u307E\u3057\u305F\u3002 +msg.reverse.color.fail = \u753B\u50CF\u30D5\u30A1\u30A4\u30EB\u306E\u8272\u53CD\u8EE2\u306B\u5931\u6557\u3057\u307E\u3057\u305F\u3002 +msg.select.upload.file = \u30A2\u30C3\u30D7\u30ED\u30FC\u30C9\u3059\u308B\u30D5\u30A1\u30A4\u30EB\u3092\u9078\u629E\u3057\u3066\u4E0B\u3055\u3044\u3002 +msg.sent.mail = \u30E1\u30FC\u30EB\u304C\u6B63\u5E38\u306B\u9001\u4FE1\u3055\u308C\u307E\u3057\u305F\u3002 +msg.unknown.exception.occur = \u4F55\u3089\u304B\u306E\u4F8B\u5916\u304C\u767A\u751F\u3057\u307E\u3057\u305F : {0} +msg.update.records = {0}\u4EF6\u66F4\u65B0\u3057\u307E\u3057\u305F\u3002 +msg.update.users = \u30E6\u30FC\u30B6\u30FC\u60C5\u5831\u3092\u4E00\u62EC\u3067\u66F4\u65B0\u3057\u307E\u3059\u3002 +msg.update.users.by.xml = \u6B21\u306E\u5F62\u5F0F\u306EXML\u30D5\u30A1\u30A4\u30EB\u3092\u30A2\u30C3\u30D7\u30ED\u30FC\u30C9\u3059\u308B\u3068\u3001\u30E6\u30FC\u30B6\u30FC\u304C\u4E00\u62EC\u3067\u66F4\u65B0\u3067\u304D\u307E\u3059\u3002 +msg.user.already.exist = \u65E2\u306B\u30E6\u30FC\u30B6\u30FC\u304C\u5B58\u5728\u3057\u307E\u3059\u3002 +msg.user.not.exist = \u30E6\u30FC\u30B6\u30FC\u304C\u5B58\u5728\u3057\u307E\u305B\u3093\u3002 +msg.valid.json = \u6B63\u3057\u3044JSON\u6587\u5B57\u5217\u3067\u3059\u3002 +msg.warn.enter.name.and.passwd = \u540D\u524D\u3068\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3057\u3066\u4E0B\u3055\u3044\u3002 + +style.description.basic = \u30D9\u30FC\u30B7\u30C3\u30AF\u306A\u30D8\u30C3\u30C0\u30FC\u3068\u30D5\u30C3\u30BF\u30FC\u304C\u4F7F\u7528\u3055\u308C\u307E\u3059\u3002 +style.description.bootstrap = \u8A73\u7D30\u306F\u6B21\u306E\u30DA\u30FC\u30B8\u3092\u53C2\u7167\u4E0B\u3055\u3044: http://getbootstrap.com/ +style.description.google.mdl = \u8A73\u7D30\u306F\u6B21\u306E\u30DA\u30FC\u30B8\u3092\u53C2\u7167\u4E0B\u3055\u3044: https://getmdl.io/ +style.description.materialize = \u8A73\u7D30\u306F\u6B21\u306E\u30DA\u30FC\u30B8\u3092\u53C2\u7167\u4E0B\u3055\u3044: http://materializecss.com/ +style.description.monochro = \u30E2\u30CE\u30AF\u30ED\u306E\u30D8\u30C3\u30C0\u30FC\u3068\u30D5\u30C3\u30BF\u30FC\u304C\u4F7F\u7528\u3055\u308C\u307E\u3059\u3002 +style.description.noframe = \u30D8\u30C3\u30C0\u30FC\u3068\u30D5\u30C3\u30BF\u30FC\u306F\u4F7F\u7528\u3055\u308C\u307E\u305B\u3093\u3002 +style.description.nonstyle = \u30B9\u30BF\u30A4\u30EB\u30B7\u30FC\u30C8\u3092\u6307\u5B9A\u3057\u307E\u305B\u3093\u3002 +style.name.basic = \u30D9\u30FC\u30B7\u30C3\u30AF +style.name.bootstrap = Bootstrap +style.name.google.mdl = Google Material Design Lite +style.name.materialize = Materialize +style.name.monochro = \u30E2\u30CE\u30AF\u30ED\u30FC\u30E0 +style.name.noframe = \u30D5\u30EC\u30FC\u30E0\u306A\u3057 +style.name.nonstyle = \u30B9\u30BF\u30A4\u30EB\u30B7\u30FC\u30C8\u672A\u6307\u5B9A + +title.adminmain.page = \u7BA1\u7406\u8005\u5411\u3051\u30E1\u30A4\u30F3\u30DA\u30FC\u30B8 +title.clickjacking.page = \u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u5909\u66F4 +title.clientinfo.page = \u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u60C5\u5831 +title.codeinjection.page = JSON\u306E\u89E3\u6790 +title.commandinjection.page = \u6570\u5024\u51E6\u7406\u306E\u5B9F\u884C +title.createobjects.page = \u81EA\u7136\u6570\u306E\u7DCF\u548C +title.csrf.page = \u30D1\u30B9\u30EF\u30FC\u30C9\u5909\u66F4 +title.dbconnectionleak.page = \u30E6\u30FC\u30B6\u30FC\u4E00\u89A7 +title.deadlock.page = \u30C7\u30C3\u30C9\u30ED\u30C3\u30AF\u306E\u691C\u77E5 +title.design.test.page = \u30C7\u30B6\u30A4\u30F3\u30C6\u30B9\u30C8 +title.endlesswaiting.page = \u30D0\u30C3\u30C1\u306E\u5B9F\u884C +title.filedescriptorleak.page = \u30A2\u30AF\u30BB\u30B9\u5C65\u6B74 +title.intoverflow.page = \u6708\u307E\u3067\u306E\u8DDD\u96E2 +title.login.page = \u7BA1\u7406\u8005\u30ED\u30B0\u30A4\u30F3\u30DA\u30FC\u30B8 +title.lossoftrailingdigits.page = \u5C0F\u6570\u306E\u8DB3\u3057\u7B97 +title.mailheaderinjection.page = \u7BA1\u7406\u8005\u3078\u306E\u554F\u3044\u5408\u308F\u305B +title.memoryleak.page = \u30D2\u30FC\u30D7\u30E1\u30E2\u30EA\u306E\u4F7F\u7528\u91CF +title.memoryleak2.page = \u975E\u30D2\u30FC\u30D7\u30E1\u30E2\u30EA\u306E\u4F7F\u7528\u91CF +title.memoryleak3.page = \u30BF\u30A4\u30E0\u30BE\u30FC\u30F3\u60C5\u5831 +title.mojibake.page = \u6587\u5B57\u5217\u306E\u5148\u982D\u5927\u6587\u5B57\u5316 +title.netsocketleak.page = \u5FDC\u7B54\u6642\u9593\u306E\u6E2C\u5B9A +title.nullbyteinjection.page = \u30AC\u30A4\u30C9\u306E\u30C0\u30A6\u30F3\u30ED\u30FC\u30C9 +title.roundofferror.page = \u7C21\u5358\u306A\u5F15\u304D\u7B97 +title.serverinfo.page = \u30B5\u30FC\u30D0\u30FC\u60C5\u5831 +title.slowregex.page = \u6B63\u898F\u8868\u73FE\u306E\u30C6\u30B9\u30C8 +title.sqlijc.page = \u6697\u8A3C\u756A\u53F7\u691C\u7D22 +title.strplusopr.page = \u30E9\u30F3\u30C0\u30E0\u306A\u6587\u5B57\u5217\u3092\u751F\u6210 +title.threadleak.page = \u73FE\u5728\u306E\u30B9\u30EC\u30C3\u30C9\u6570\u306E\u8868\u793A +title.truncationerror.page = \u5C0F\u6570\u306E\u5272\u308A\u7B97 +title.unrestrictedextupload.page = \u753B\u50CF\u30D5\u30A1\u30A4\u30EB\u306E\u30B0\u30EC\u30FC\u30B9\u30B1\u30FC\u30EB\u5909\u63DB +title.unrestrictedsizeupload.page = \u753B\u50CF\u30D5\u30A1\u30A4\u30EB\u306E\u8272\u53CD\u8EE2 +title.xee.page = \u30E6\u30FC\u30B6\u30FC\u306E\u4E00\u62EC\u767B\u9332 +title.xss.page = \u6587\u5B57\u5217\u306E\u9006\u8EE2 +title.xxe.page = \u30E6\u30FC\u30B6\u30FC\u306E\u4E00\u62EC\u66F4\u65B0 \ No newline at end of file diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml new file mode 100644 index 0000000..0410e67 --- /dev/null +++ b/src/main/webapp/WEB-INF/web.xml @@ -0,0 +1,23 @@ + + + + default + + org.apache.catalina.servlets.DefaultServlet + + + debug + 0 + + + listings + true + + 1 + + diff --git a/src/main/webapp/dfi/includable.jsp b/src/main/webapp/dfi/includable.jsp new file mode 100644 index 0000000..8bc7112 --- /dev/null +++ b/src/main/webapp/dfi/includable.jsp @@ -0,0 +1,72 @@ +<%@ page pageEncoding="UTF-8"%> +<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> +<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%> +<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%> + + + + + + +<fmt:message key="title.design.test.page" /> + + + + " /> + + + + + + + + + +
+

+   + +

+
+
+
+ + + + + +
+
+
+

+ +

+
    +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +
+
+ +
+
+ Copyright © 2017 T246 OSS Lab, all rights reserved. +
+ + \ No newline at end of file diff --git a/src/main/webapp/dfi/style_bootstrap.html b/src/main/webapp/dfi/style_bootstrap.html new file mode 100644 index 0000000..4741559 --- /dev/null +++ b/src/main/webapp/dfi/style_bootstrap.html @@ -0,0 +1,8 @@ + + + + diff --git a/src/main/webapp/dfi/style_google_mdl.html b/src/main/webapp/dfi/style_google_mdl.html new file mode 100644 index 0000000..de27fd5 --- /dev/null +++ b/src/main/webapp/dfi/style_google_mdl.html @@ -0,0 +1,6 @@ + + + \ No newline at end of file diff --git a/src/main/webapp/dfi/style_materialize.html b/src/main/webapp/dfi/style_materialize.html new file mode 100644 index 0000000..a85e364 --- /dev/null +++ b/src/main/webapp/dfi/style_materialize.html @@ -0,0 +1,4 @@ + + diff --git a/src/main/webapp/dt/basic_footer.html b/src/main/webapp/dt/basic_footer.html new file mode 100644 index 0000000..1994afc --- /dev/null +++ b/src/main/webapp/dt/basic_footer.html @@ -0,0 +1,4 @@ +
+
+ Copyright © 2017 T246 OSS Lab, all rights reserved. +
diff --git a/src/main/webapp/dt/basic_header.html b/src/main/webapp/dt/basic_header.html new file mode 100644 index 0000000..1f0eddd --- /dev/null +++ b/src/main/webapp/dt/basic_header.html @@ -0,0 +1,10 @@ +
+ + + + + +
+
+
+ \ No newline at end of file diff --git a/src/main/webapp/dt/includable.jsp b/src/main/webapp/dt/includable.jsp new file mode 100644 index 0000000..a853314 --- /dev/null +++ b/src/main/webapp/dt/includable.jsp @@ -0,0 +1,65 @@ +<%@ page pageEncoding="UTF-8"%> +<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> +<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%> +<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%> + + + + + + +<fmt:message key="title.design.test.page" /> + + + + + + + + + +
+

+   + +

+
+
+ + + + " /> + + + +

+ +

+
    +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +
+
+ + + + + " /> + + + + + diff --git a/src/main/webapp/dt/monochro_footer.html b/src/main/webapp/dt/monochro_footer.html new file mode 100644 index 0000000..9d4cc54 --- /dev/null +++ b/src/main/webapp/dt/monochro_footer.html @@ -0,0 +1,4 @@ +
+
+ Copyright © 2017 T246 OSS Lab, all rights reserved. +
diff --git a/src/main/webapp/dt/monochro_header.html b/src/main/webapp/dt/monochro_header.html new file mode 100644 index 0000000..f678119 --- /dev/null +++ b/src/main/webapp/dt/monochro_header.html @@ -0,0 +1,10 @@ +
+ + + + + +
+
+
+ \ No newline at end of file diff --git a/src/main/webapp/images/easybuggy.png b/src/main/webapp/images/easybuggy.png new file mode 100644 index 0000000..2615938 Binary files /dev/null and b/src/main/webapp/images/easybuggy.png differ diff --git a/src/main/webapp/images/easybuggyL.png b/src/main/webapp/images/easybuggyL.png new file mode 100644 index 0000000..d3d0ea6 Binary files /dev/null and b/src/main/webapp/images/easybuggyL.png differ diff --git a/src/main/webapp/images/easybuggyL_monochro.png b/src/main/webapp/images/easybuggyL_monochro.png new file mode 100644 index 0000000..21341f3 Binary files /dev/null and b/src/main/webapp/images/easybuggyL_monochro.png differ diff --git a/src/main/webapp/images/easybuggy_monochro.png b/src/main/webapp/images/easybuggy_monochro.png new file mode 100644 index 0000000..0d6719f Binary files /dev/null and b/src/main/webapp/images/easybuggy_monochro.png differ diff --git a/src/main/webapp/images/favicon.ico b/src/main/webapp/images/favicon.ico new file mode 100644 index 0000000..9d284ce Binary files /dev/null and b/src/main/webapp/images/favicon.ico differ diff --git a/src/main/webapp/images/regular-expression.png b/src/main/webapp/images/regular-expression.png new file mode 100644 index 0000000..9f19d02 Binary files /dev/null and b/src/main/webapp/images/regular-expression.png differ diff --git a/src/main/webapp/index.jsp b/src/main/webapp/index.jsp new file mode 100644 index 0000000..cc8fbb9 --- /dev/null +++ b/src/main/webapp/index.jsp @@ -0,0 +1,521 @@ +<%@ page pageEncoding="UTF-8"%> +<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> +<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%> +<%@ page import="java.util.ResourceBundle"%> + + + +<%!boolean isFirstLoad = true;%> +<% + session.removeAttribute("dlpinit"); + ResourceBundle rb = ResourceBundle.getBundle("messages", request.getLocale()); + String permName = rb.getString("label.metaspace"); + String permNameInErrorMsg = permName; + String javaVersion = System.getProperty("java.version"); + if (javaVersion.startsWith("1.6") || javaVersion.startsWith("1.7")) { + permName = rb.getString("label.permgen.space"); + permNameInErrorMsg = "PermGen space"; + } + String mode = System.getProperty("easybuggy.mode"); + boolean isOnlyVulnerabilities = mode != null && mode.equalsIgnoreCase("only-vulnerabilities"); +%> + + + +EasyBuggy + + + + + +
+ + + + + +
+
+
+ <% + if (!isOnlyVulnerabilities) { + %> +

+   + +

+

+ +

+
    +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + + + + : + + + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +
+ <% + } + %> + +

+   + +

+

+ +

+
    +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + ">: + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +
+ + <% + if (!isOnlyVulnerabilities) { + %> +

+   + +

+

+ +

+
    +

  • + : + +

    • +

  • + : + +

    • +

  • + : + +

    • +
+ +

+   + +

+

+ +

+ + +

+   + +

+

+ +

+ + <% + } + %> + +
+
+ Copyright © 2017 T246 OSS Lab, all rights reserved.

+
+ + \ No newline at end of file diff --git a/src/main/webapp/pdf/AdminGuide.pdf b/src/main/webapp/pdf/AdminGuide.pdf new file mode 100644 index 0000000..171337c Binary files /dev/null and b/src/main/webapp/pdf/AdminGuide.pdf differ diff --git a/src/main/webapp/pdf/DeveloperGuide.pdf b/src/main/webapp/pdf/DeveloperGuide.pdf new file mode 100644 index 0000000..fc2e5c7 Binary files /dev/null and b/src/main/webapp/pdf/DeveloperGuide.pdf differ diff --git a/src/main/webapp/uid/adminpassword.txt b/src/main/webapp/uid/adminpassword.txt new file mode 100644 index 0000000..5b7676d --- /dev/null +++ b/src/main/webapp/uid/adminpassword.txt @@ -0,0 +1,4 @@ +admin, password +admin2, pas2w0rd +admin3, pa33word +admin4, pathwood diff --git a/src/main/webapp/uid/clientinfo.jsp b/src/main/webapp/uid/clientinfo.jsp new file mode 100644 index 0000000..6435922 --- /dev/null +++ b/src/main/webapp/uid/clientinfo.jsp @@ -0,0 +1,74 @@ +<%@ page pageEncoding="UTF-8"%> +<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> +<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%> +<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%> + + + + + + +<fmt:message key="title.clientinfo.page" /> + + + + + + + + + +
+

+   + +

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+ + + + \ No newline at end of file diff --git a/src/main/webapp/uid/serverinfo.jsp b/src/main/webapp/uid/serverinfo.jsp new file mode 100644 index 0000000..3cfd9ef --- /dev/null +++ b/src/main/webapp/uid/serverinfo.jsp @@ -0,0 +1,45 @@ +<%@ page pageEncoding="UTF-8"%> +<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> +<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%> +<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%> + + + + + + +<fmt:message key="title.serverinfo.page" /> + + + + + + + + + +
+

+   + +

+ 		: <%=session.getAttribute("userid")%>
+
+ <% + request.setAttribute("systemProperties", java.lang.System.getProperties()); + %> + + + + + + + + + + + +
+ + \ No newline at end of file