aaronxu/vulhub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Details
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Details
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Details
Vulhub Docker Image CI / images-test (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Aaron
2025-09-06 16:08:15 +08:00
commit 63285f61aa
2624 changed files with 88491 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
base/spring/spring-cloud-function/3.2.2/Dockerfile Normal file
View File

@@ -0,0 +1,14 @@
FROM maven:3-jdk-8 AS builder
COPY ./ /usr/src
RUN cd /usr/src; \
mvn -U clean package -Dmaven.test.skip=true -Dmaven.artifact.threads=10
FROM openjdk:8-jre
LABEL maintainer="phithon <root@leavesongs.com>"
COPY --from=builder /usr/src/target/spring-cloud-function-sample-0.0.1-SNAPSHOT.jar /spring-cloud-function-sample-0.0.1-SNAPSHOT.jar
CMD ["java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "/spring-cloud-function-sample-0.0.1-SNAPSHOT.jar"]

65
base/spring/spring-cloud-function/3.2.2/pom.xml Normal file
View File

@@ -0,0 +1,65 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.6.5</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>org.vulhub</groupId>
<artifactId>spring-cloud-function-sample</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>spring-cloud-function-sample</name>
<description>spring-cloud-function-sample</description>
<properties>
<java.version>1.8</java.version>
<spring-cloud.version>2021.0.1</spring-cloud.version>
<spring-cloud-function.version>3.2.2</spring-cloud-function.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
<version>${parent.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-function-context</artifactId>
<version>${spring-cloud-function.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-function-web</artifactId>
<version>${spring-cloud-function.version}</version>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>

26
base/spring/spring-cloud-function/3.2.2/src/main/java/org/vulhub/springcloudfunctionsample/SpringCloudFunctionSampleApplication.java Normal file
View File

@@ -0,0 +1,26 @@
package org.vulhub.springcloudfunctionsample;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
import java.util.function.Function;
import org.springframework.cloud.function.context.FunctionalSpringApplication;
import org.springframework.beans.factory.support.DefaultListableBeanFactory;
@SpringBootApplication
public class SpringCloudFunctionSampleApplication {
public static void main(String[] args) {
SpringApplication.run(SpringCloudFunctionSampleApplication.class, args);
}
@Bean
public Function<String, String> uppercase() {
return value -> value.toUpperCase();
}
@Bean
public Function<String, String> lowercase() {
return value -> value.toLowerCase();
}
}

0
base/spring/spring-cloud-function/3.2.2/src/main/resources/application.properties Normal file
View File

33
base/spring/spring-cloud-gateway/3.1.0/.gitignore vendored Normal file
View File

@@ -0,0 +1,33 @@
HELP.md
target/
!.mvn/wrapper/maven-wrapper.jar
!**/src/main/**/target/
!**/src/test/**/target/
### STS ###
.apt_generated
.classpath
.factorypath
.project
.settings
.springBeans
.sts4-cache
### IntelliJ IDEA ###
.idea
*.iws
*.iml
*.ipr
### NetBeans ###
/nbproject/private/
/nbbuild/
/dist/
/nbdist/
/.nb-gradle/
build/
!**/src/main/**/build/
!**/src/test/**/build/
### VS Code ###
.vscode/

14
base/spring/spring-cloud-gateway/3.1.0/Dockerfile Normal file
View File

@@ -0,0 +1,14 @@
FROM maven:3-jdk-8 AS builder
COPY ./ /usr/src
RUN cd /usr/src; \
mvn -U clean package -Dmaven.test.skip=true -Dmaven.artifact.threads=10
FROM openjdk:8-jre
LABEL maintainer="phithon <root@leavesongs.com>"
COPY --from=builder /usr/src/target/spring-cloud-gateway-0.0.1-SNAPSHOT.jar /spring-cloud-gateway-0.0.1-SNAPSHOT.jar
CMD ["java", "-Djava.security.egd=file:/dev/./urandom", "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005", "-jar", "/spring-cloud-gateway-0.0.1-SNAPSHOT.jar"]

64
base/spring/spring-cloud-gateway/3.1.0/pom.xml Normal file
View File

@@ -0,0 +1,64 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.6.4</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>org.vulhub</groupId>
<artifactId>spring-cloud-gateway</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>spring-cloud-gateway</name>
<description>spring-cloud-gateway</description>
<properties>
<java.version>1.8</java.version>
<spring-cloud.version>2021.0.1</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter</artifactId>
<version>3.1.0</version>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-gateway-server</artifactId>
<version>3.1.0</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
<version>${parent.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
<version>${parent.version}</version>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>

17
base/spring/spring-cloud-gateway/3.1.0/src/main/java/org/vulhub/springcloudgateway/SpringCloudGatewayApplication.java Normal file
View File

@@ -0,0 +1,17 @@
package org.vulhub.springcloudgateway;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.util.StreamUtils;
import org.springframework.cloud.gateway.support.ShortcutConfigurable;
@SpringBootApplication
@RestController
public class SpringCloudGatewayApplication {
public static void main(String[] args) {
SpringApplication.run(SpringCloudGatewayApplication.class, args);
}
}

14
base/spring/spring-cloud-gateway/3.1.0/src/main/resources/application.yml Normal file
View File

@@ -0,0 +1,14 @@
management:
endpoints:
web:
exposure:
include: "*"
spring:
cloud:
gateway:
routes:
- id: index
uri: http://example.com
predicates:
- Method=GET

14
base/spring/spring-data-commons/2.0.5/Dockerfile Normal file
View File

@@ -0,0 +1,14 @@
FROM maven:3-jdk-8 AS builder
COPY ./ /usr/src
RUN cd /usr/src; \
mvn clean install
FROM openjdk:8-jre
LABEL maintainer="phithon <root@leavesongs.com>"
COPY --from=builder /usr/src/target/spring-data-web-example-2.0.0.RELEASE.jar /spring-data-web-example-2.0.0.RELEASE.jar
CMD ["java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "/spring-data-web-example-2.0.0.RELEASE.jar"]

70
base/spring/spring-data-commons/2.0.5/pom.xml Normal file
View File

@@ -0,0 +1,70 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<artifactId>spring-data-web-example</artifactId>
<name>Spring Data - Basic web example</name>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.0.RELEASE</version>
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-commons</artifactId>
<version>2.0.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.hsqldb</groupId>
<artifactId>hsqldb</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>

80
base/spring/spring-data-commons/2.0.5/src/main/java/example/Application.java Normal file
View File

@@ -0,0 +1,80 @@
/*
* Copyright 2015-2018 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package example;
import example.users.Password;
import example.users.UserManagement;
import example.users.Username;
import java.util.stream.IntStream;
import javax.annotation.PostConstruct;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.data.domain.Pageable;
import org.springframework.data.web.config.EnableSpringDataWebSupport;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
/**
* Central Spring Boot application class to bootstrap the application. Excludes Spring Security auto-configuration as we
* don't need it for the example but only want to use a {@link PasswordEncoder} (see {@link #passwordEncoder()}).
* <p>
* Spring Data web support is transparently activated by Boot for you. In case you want to manually activate it, use
* {@link EnableSpringDataWebSupport}. The core aspects of the enabled functionality shown in this example are:
* <ol>
* <li>Automatic population of a {@link Pageable} instances from request parameters (see
* {@link example.users.web.UserController#users(Pageable)})</li>
* <li>The ability to use proxy-backed interfaces to bind request payloads (see
* {@link example.users.web.UserController.UserForm})</li>
* </ol>
*
* @author Oliver Gierke
* @author Mark Paluch
*/
@SpringBootApplication
public class Application {
public static void main(String... args) {
SpringApplication.run(Application.class, args);
}
@Autowired UserManagement userManagement;
/**
* Creates a few sample users.
*/
@PostConstruct
public void init() {
IntStream.range(0, 41).forEach(index -> {
userManagement.register(new Username("user" + index), Password.raw("foobar"));
});
}
/**
* A Spring Security {@link PasswordEncoder} to encrypt passwords for newly created users, used in
* {@link UserManagement}.
*
* @return
*/
public @Bean PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}

76
base/spring/spring-data-commons/2.0.5/src/main/java/example/users/Password.java Normal file
View File

@@ -0,0 +1,76 @@
/*
* Copyright 2015-2018 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package example.users;
import javax.persistence.Embeddable;
import lombok.AccessLevel;
import lombok.AllArgsConstructor;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.experimental.Delegate;
/**
* A value object to represent {@link Password}s in encrypted and unencrypted state. Note how the methods to create a
* {@link Password} in encrypted state are restricted to package scope so that only the user subsystem is actually able
* to encrypted passwords.
*
* @author Oliver Gierke
*/
@EqualsAndHashCode
@AllArgsConstructor(access = AccessLevel.PRIVATE)
@Getter(AccessLevel.PACKAGE)
@Embeddable
public class Password implements CharSequence {
private @Delegate final String password;
private @Getter transient boolean encrypted;
Password() {
this.password = null;
this.encrypted = true;
}
/**
* Creates a new raw {@link Password} for the given source {@link String}.
*
* @param password must not be {@literal null} or empty.
* @return
*/
public static Password raw(String password) {
return new Password(password, false);
}
/**
* Creates a new encrypted {@link Password} for the given {@link String}. Note how this method is package protected so
* that encrypted passwords can only created by components in this package and not accidentally by clients using the
* type from other packages.
*
* @param password must not be {@literal null} or empty.
* @return
*/
static Password encrypted(String password) {
return new Password(password, true);
}
/*
* (non-Javadoc)
* @see java.lang.Object#toString()
*/
public String toString() {
return encrypted ? password : "********";
}
}

63
base/spring/spring-data-commons/2.0.5/src/main/java/example/users/User.java Normal file
View File

@@ -0,0 +1,63 @@
/*
* Copyright 2015-2018 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package example.users;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.PrePersist;
import javax.persistence.PreUpdate;
import lombok.AccessLevel;
import lombok.AllArgsConstructor;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.RequiredArgsConstructor;
/**
* A {@link User} domain object. The primary entity of this example. Basically a combination of a {@link Username} and
* {@link Password}.
*
* @author Oliver Gierke
*/
@Entity
@Getter
@RequiredArgsConstructor
@AllArgsConstructor(access = AccessLevel.PACKAGE)
@EqualsAndHashCode(of = "id")
public class User {
private @GeneratedValue @Id Long id;
private final Username username;
private final Password password;
User() {
this.username = null;
this.password = null;
}
/**
* Makes sure only {@link User}s with encrypted {@link Password} can be persisted.
*/
@PrePersist
@PreUpdate
void assertEncrypted() {
if (!password.isEncrypted()) {
throw new IllegalStateException("Tried to persist/load a user with a non-encrypted password!");
}
}
}

90
base/spring/spring-data-commons/2.0.5/src/main/java/example/users/UserManagement.java Normal file
View File

@@ -0,0 +1,90 @@
/*
* Copyright 2015-2018 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package example.users;
import java.util.Optional;
import javax.transaction.Transactional;
import lombok.RequiredArgsConstructor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.Pageable;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.util.Assert;
/**
* Domain service to register {@link User}s in the system.
*
* @author Oliver Gierke
*/
@Transactional
@Service
@RequiredArgsConstructor
public class UserManagement {
private final UserRepository repository;
private final PasswordEncoder encoder;
/**
* Registers a {@link User} with the given {@link Username} and {@link Password}.
*
* @param username must not be {@literal null}.
* @param password must not be {@literal null}.
* @return
*/
public User register(Username username, Password password) {
Assert.notNull(username, "Username must not be null!");
Assert.notNull(password, "Password must not be null!");
repository.findByUsername(username).ifPresent(user -> {
throw new IllegalArgumentException("User with that name already exists!");
});
Password encryptedPassword = Password.encrypted(encoder.encode(password));
return repository.save(new User(username, encryptedPassword));
}
/**
* Returns a {@link Page} of {@link User} for the given {@link Pageable}.
*
* @param pageable must not be {@literal null}.
* @return
*/
public Page<User> findAll(Pageable pageable) {
Assert.notNull(pageable, "Pageable must not be null!");
return repository.findAll(pageable);
}
/**
* Returns the {@link User} with the given {@link Username}.
*
* @param username must not be {@literal null}.
* @return
*/
public Optional<User> findByUsername(Username username) {
Assert.notNull(username, "Username must not be null!");
return repository.findByUsername(username);
}
}

36
base/spring/spring-data-commons/2.0.5/src/main/java/example/users/UserRepository.java Normal file
View File

@@ -0,0 +1,36 @@
/*
* Copyright 2015-2018 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package example.users;
import java.util.Optional;
import org.springframework.data.repository.PagingAndSortingRepository;
/**
* A Spring Data repository to persist {@link User}s.
*
* @author Oliver Gierke
*/
interface UserRepository extends PagingAndSortingRepository<User, Long> {
/**
* Returns the user with the given {@link Username}.
*
* @param username can be {@literal null}.
* @return
*/
Optional<User> findByUsername(Username username);
}

61
base/spring/spring-data-commons/2.0.5/src/main/java/example/users/Username.java Normal file
View File

@@ -0,0 +1,61 @@
/*
* Copyright 2015-2018 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package example.users;
import javax.persistence.Embeddable;
import lombok.EqualsAndHashCode;
import org.springframework.util.StringUtils;
/**
* value object to represent user names.
*
* @author Oliver Gierke
*/
@EqualsAndHashCode
@Embeddable
public class Username {
private final String username;
Username() {
this.username = null;
}
/**
* Creates a new {@link Username}.
*
* @param username must not be {@literal null} or empty.
*/
public Username(String username) {
if (!StringUtils.hasText(username)) {
throw new IllegalArgumentException("Invalid username!");
}
this.username = username;
}
/*
* (non-Javadoc)
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
return username;
}
}

155
base/spring/spring-data-commons/2.0.5/src/main/java/example/users/web/UserController.java Normal file
View File

@@ -0,0 +1,155 @@
/*
* Copyright 2015-2018 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package example.users.web;
import static org.springframework.validation.ValidationUtils.*;
import java.util.Map;
import lombok.RequiredArgsConstructor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.Pageable;
import org.springframework.data.web.PageableDefault;
import org.springframework.data.web.PageableHandlerMethodArgumentResolver;
import org.springframework.data.web.config.EnableSpringDataWebSupport;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.view.RedirectView;
import example.users.Password;
import example.users.User;
import example.users.UserManagement;
import example.users.Username;
/**
* A sample controller implementation to showcase Spring Data web support:
* <ol>
* <li>Automatic population of a {@link Pageable} instance as controller method argument. This is achieved by the
* automatic activation of {@link EnableSpringDataWebSupport} and in turn its registration of a
* {@link PageableHandlerMethodArgumentResolver}.</li>
* <li>Usage of proxy-backed interfaces to bind request parameters.</li>
* </ol>
*
* @author Oliver Gierke
*/
@Controller
@RequiredArgsConstructor
@RequestMapping("/users")
class UserController {
private final UserManagement userManagement;
/**
* Equis the model with a {@link Page} of {@link User}s. Spring Data automatically populates the {@link Pageable} from
* request data according to the setup of {@link PageableHandlerMethodArgumentResolver}. Note how the defaults can be
* tweaked by using {@link PageableDefault}.
*
* @param pageable will never be {@literal null}.
* @return
*/
@ModelAttribute("users")
public Page<User> users(@PageableDefault(size = 5) Pageable pageable) {
return userManagement.findAll(pageable);
}
/**
* Registers a new {@link User} for the data provided by the given {@link UserForm}. Note, how an interface is used to
* bind request parameters.
*
* @param userForm the request data bound to the {@link UserForm} instance.
* @param binding the result of the binding operation.
* @param model the Spring MVC {@link Model}.
* @return
*/
@RequestMapping(method = RequestMethod.POST)
public Object register(UserForm userForm, BindingResult binding, Model model) {
userForm.validate(binding, userManagement);
if (binding.hasErrors()) {
return "users";
}
userManagement.register(new Username(userForm.getUsername()), Password.raw(userForm.getPassword()));
RedirectView redirectView = new RedirectView("redirect:/users");
redirectView.setPropagateQueryParams(true);
return redirectView;
}
/**
* Populates the {@link Model} with the {@link UserForm} automatically created by Spring Data web components. It will
* create a {@link Map}-backed proxy for the interface.
*
* @param model will never be {@literal null}.
* @param userForm will never be {@literal null}.
* @return
*/
@RequestMapping(method = RequestMethod.GET)
public String listUsers(Model model, UserForm userForm) {
model.addAttribute("userForm", userForm);
return "users";
}
/**
* An interface to represent the form to be used
*
* @author Oliver Gierke
*/
interface UserForm {
String getUsername();
String getPassword();
String getRepeatedPassword();
/**
* Validates the {@link UserForm}.
*
* @param errors
* @param userManagement
*/
default void validate(BindingResult errors, UserManagement userManagement) {
rejectIfEmptyOrWhitespace(errors, "username", "user.username.empty");
rejectIfEmptyOrWhitespace(errors, "password", "user.password.empty");
rejectIfEmptyOrWhitespace(errors, "repeatedPassword", "user.repeatedPassword.empty");
if (!getPassword().equals(getRepeatedPassword())) {
errors.rejectValue("repeatedPassword", "user.password.no-match");
}
try {
userManagement.findByUsername(new Username(getUsername())).ifPresent(
user -> errors.rejectValue("username", "user.username.exists"));
} catch (IllegalArgumentException o_O) {
errors.rejectValue("username", "user.username.invalidFormat");
}
}
}
}

1
base/spring/spring-data-commons/2.0.5/src/main/resources/application.properties Normal file
View File

@@ -0,0 +1 @@
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration

7
base/spring/spring-data-commons/2.0.5/src/main/resources/messages.properties Normal file
View File

@@ -0,0 +1,7 @@
user.username.empty = Username is required!
user.username.exists = Username already exists!
user.username.invalidFormat = Invalid Username format!
user.password.empty = Password is required!
user.password.no-match = The given passwords don't match!
user.repeatedPassword.empty = Repeated password is required!

28
base/spring/spring-data-commons/2.0.5/src/main/resources/static/css/style.css Normal file
View File

@@ -0,0 +1,28 @@
body {
margin: auto;
width: 50%;
}
form.user-form {
padding: 9px 14px;
border: 1px solid #e1e1e8;
border-radius: 4px;
}
.fieldError {
border: 1px solid #a94442;
}
.errors {
padding: 1em;
margin: 1em 0;
border: 1px solid #eee;
border-left-width: 5px;
border-left-color: #a94442;
border-radius: 5px;
}
.errors li {
list-style-type: none;
margin: 0.5em 0.7em;
}

53
base/spring/spring-data-commons/2.0.5/src/main/resources/templates/users.html Normal file
View File

@@ -0,0 +1,53 @@
<!DOCTYPE html SYSTEM "http://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-4.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
<head>
<title>Users</title>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootstrap/3.3.2/css/bootstrap.min.css" />
<link rel="stylesheet" th:href="@{/css/style.css}" type="text/css" />
</head>
<body>
<h1>Users</h1>
<nav>
<ul class="pagination" th:with="total = ${users.totalPages}">
<li th:if="${users.hasPrevious()}">
<a th:href="@{/users(page=${users.previousPageable().pageNumber},size=${users.size})}" aria-label="Previous">
<span aria-hidden="true">&laquo;</span>
</a>
</li>
<li th:each="page : ${#numbers.sequence(0, total - 1)}"><a th:href="@{/users(page=${page},size=${users.size})}" th:text="${page + 1}">1</a></li>
<li th:if="${users.hasNext()}">
<a th:href="@{/users(page=${users.nextPageable().pageNumber},size=${users.size})}" aria-label="Next">
<span aria-hidden="true">&raquo;</span>
</a>
</li>
</ul>
</nav>
<ol>
<li th:each="user, it : ${users}" th:with="index = ${it.count}" th:text="${user.username + ' - ' + user.password}" th:value="${users.number * users.size + index}">Username</li>
</ol>
<form method="post" role="form" class="gb-form" id="form" th:action="@{/users(page=${page},size=${users.size})}" th:object="${userForm}">
<ul th:if="${#fields.hasErrors('*')}" class="errors" >
<li th:each="error : ${#fields.errors('*')}" th:text="${error}" class="text-danger">Input is incorrect</li>
</ul>
<div class="form-group">
<label for="username">Username</label><br />
<input type="text" th:field="*{username}" class="form-control" th:errorclass="fieldError" required="required" />
</div>
<div class="form-group">
<label for="password">Password</label><br />
<input type="password" th:field="*{password}" class="form-control" th:errorclass="fieldError" required="required" />
</div>
<div class="form-group">
<label for="repeatedPassword">Password (repeated)</label><br />
<input type="password" th:field="*{repeatedPassword}" class="form-control" th:errorclass="fieldError" required="required" />
</div>
<input type="submit" class="btn btn-default" value="Register user" />
</form>
</body>
</html>

14
base/spring/spring-messaging/5.0.4/Dockerfile Normal file
View File

@@ -0,0 +1,14 @@
FROM maven:3-jdk-8-alpine AS builder
COPY . /usr/src
RUN cd /usr/src; \
mvn package
FROM openjdk:8-jre
LABEL maintainer="root <root@leavesongs.com>"
COPY --from=builder /usr/src/target/websocket-0.0.1-SNAPSHOT.jar /websocket-0.0.1-SNAPSHOT.jar
CMD ["java", "-jar", "/websocket-0.0.1-SNAPSHOT.jar"]

74
base/spring/spring-messaging/5.0.4/pom.xml Normal file
View File

@@ -0,0 +1,74 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.vulhub</groupId>
<artifactId>websocket</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>websocket</name>
<description>Demo project for Spring Boot</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.1.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-websocket</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-messaging</artifactId>
<version>5.0.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.webjars</groupId>
<artifactId>webjars-locator-core</artifactId>
</dependency>
<dependency>
<groupId>org.webjars</groupId>
<artifactId>sockjs-client</artifactId>
<version>1.0.2</version>
</dependency>
<dependency>
<groupId>org.webjars</groupId>
<artifactId>stomp-websocket</artifactId>
<version>2.3.3</version>
</dependency>
<dependency>
<groupId>org.webjars</groupId>
<artifactId>bootstrap</artifactId>
<version>3.3.7</version>
</dependency>
<dependency>
<groupId>org.webjars</groupId>
<artifactId>jquery</artifactId>
<version>3.1.0</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>

13
base/spring/spring-messaging/5.0.4/src/main/java/org/vulhub/Application.java Normal file
View File

@@ -0,0 +1,13 @@
package org.vulhub;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}

18
base/spring/spring-messaging/5.0.4/src/main/java/org/vulhub/Greeting.java Normal file
View File

@@ -0,0 +1,18 @@
package org.vulhub;
public class Greeting {
private String content;
public Greeting() {
}
public Greeting(String content) {
this.content = content;
}
public String getContent() {
return content;
}
}

19
base/spring/spring-messaging/5.0.4/src/main/java/org/vulhub/GreetingController.java Normal file
View File

@@ -0,0 +1,19 @@
package org.vulhub;
import org.springframework.messaging.handler.annotation.MessageMapping;
import org.springframework.messaging.handler.annotation.SendTo;
import org.springframework.stereotype.Controller;
import org.springframework.web.util.HtmlUtils;
@Controller
public class GreetingController {
@MessageMapping("/hello")
@SendTo("/topic/greetings")
public Greeting greeting(HelloMessage message) throws Exception {
Thread.sleep(1000); // simulated delay
return new Greeting("Hello, " + HtmlUtils.htmlEscape(message.getName()) + "!");
}
}

21
base/spring/spring-messaging/5.0.4/src/main/java/org/vulhub/HelloMessage.java Normal file
View File

@@ -0,0 +1,21 @@
package org.vulhub;
public class HelloMessage {
private String name;
public HelloMessage() {
}
public HelloMessage(String name) {
this.name = name;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
}

24
base/spring/spring-messaging/5.0.4/src/main/java/org/vulhub/WebSocketConfig.java Normal file
View File

@@ -0,0 +1,24 @@
package org.vulhub;
import org.springframework.context.annotation.Configuration;
import org.springframework.messaging.simp.config.MessageBrokerRegistry;
import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker;
import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer;
@Configuration
@EnableWebSocketMessageBroker
public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
@Override
public void configureMessageBroker(MessageBrokerRegistry config) {
config.enableSimpleBroker("/topic");
config.setApplicationDestinationPrefixes("/app");
}
@Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
registry.addEndpoint("/gs-guide-websocket").withSockJS();
}
}

50
base/spring/spring-messaging/5.0.4/src/main/resources/static/app.js Normal file
View File

@@ -0,0 +1,50 @@
var stompClient = null;
function setConnected(connected) {
$("#connect").prop("disabled", connected);
$("#disconnect").prop("disabled", !connected);
if (connected) {
$("#conversation").show();
}
else {
$("#conversation").hide();
}
$("#greetings").html("");
}
function connect() {
var socket = new SockJS('/gs-guide-websocket');
stompClient = Stomp.over(socket);
stompClient.connect({}, function (frame) {
setConnected(true);
console.log('Connected: ' + frame);
stompClient.subscribe('/topic/greetings', function (greeting) {
showGreeting(JSON.parse(greeting.body).content);
});
});
}
function disconnect() {
if (stompClient !== null) {
stompClient.disconnect();
}
setConnected(false);
console.log("Disconnected");
}
function sendName() {
stompClient.send("/app/hello", {}, JSON.stringify({'name': $("#name").val()}));
}
function showGreeting(message) {
$("#greetings").append("<tr><td>" + message + "</td></tr>");
}
$(function () {
$("form").on('submit', function (e) {
e.preventDefault();
});
$( "#connect" ).click(function() { connect(); });
$( "#disconnect" ).click(function() { disconnect(); });
$( "#send" ).click(function() { sendName(); });
});

53
base/spring/spring-messaging/5.0.4/src/main/resources/static/index.html Normal file
View File

@@ -0,0 +1,53 @@
<!DOCTYPE html>
<html>
<head>
<title>Hello WebSocket</title>
<link href="/webjars/bootstrap/css/bootstrap.min.css" rel="stylesheet">
<link href="/main.css" rel="stylesheet">
<script src="/webjars/jquery/jquery.min.js"></script>
<script src="/webjars/sockjs-client/sockjs.min.js"></script>
<script src="/webjars/stomp-websocket/stomp.min.js"></script>
<script src="/app.js"></script>
</head>
<body>
<noscript><h2 style="color: #ff0000">Seems your browser doesn't support Javascript! Websocket relies on Javascript being
enabled. Please enable
Javascript and reload this page!</h2></noscript>
<div id="main-content" class="container">
<div class="row">
<div class="col-md-6">
<form class="form-inline">
<div class="form-group">
<label for="connect">WebSocket connection:</label>
<button id="connect" class="btn btn-default" type="submit">Connect</button>
<button id="disconnect" class="btn btn-default" type="submit" disabled="disabled">Disconnect
</button>
</div>
</form>
</div>
<div class="col-md-6">
<form class="form-inline">
<div class="form-group">
<label for="name">What is your name?</label>
<input type="text" id="name" class="form-control" placeholder="Your name here...">
</div>
<button id="send" class="btn btn-default" type="submit">Send</button>
</form>
</div>
</div>
<div class="row">
<div class="col-md-12">
<table id="conversation" class="table table-striped">
<thead>
<tr>
<th>Greetings</th>
</tr>
</thead>
<tbody id="greetings">
</tbody>
</table>
</div>
</div>
</div>
</body>
</html>

14
base/spring/spring-messaging/5.0.4/src/main/resources/static/main.css Normal file
View File

@@ -0,0 +1,14 @@
body {
background-color: #f5f5f5;
}
#main-content {
max-width: 940px;
padding: 2em 3em;
margin: 0 auto 20px;
background-color: #fff;
border: 1px solid #e5e5e5;
-webkit-border-radius: 5px;
-moz-border-radius: 5px;
border-radius: 5px;
}

19
base/spring/spring-rest-data/2.6.6/Dockerfile Normal file
View File

@@ -0,0 +1,19 @@
FROM maven:3-jdk-8 AS builder
LABEL maintainer="phithon <root@leavesongs.com>"
COPY ./ /usr/src/
WORKDIR /usr/src
RUN cd /usr/src; \
mvn clean install
# production
FROM openjdk:8-jre
LABEL maintainer="phithon <root@leavesongs.com>"
COPY --from=builder /usr/src/target/spring-rest-data-demo-2.0.0.BUILD.jar /spring-rest-data-demo-2.0.0.BUILD.jar
CMD ["java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "/spring-rest-data-demo-2.0.0.BUILD.jar"]

68
base/spring/spring-rest-data/2.6.6/pom.xml Normal file
View File

@@ -0,0 +1,68 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.vulhub.examples</groupId>
<artifactId>spring-rest-data-demo</artifactId>
<version>2.0.0.BUILD</version>
<packaging>jar</packaging>
<name>Spring Data - Examples</name>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.7.RELEASE</version>
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-rest</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-rest-webmvc</artifactId>
<version>2.6.6.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-rest-core</artifactId>
<version>2.6.6.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.datatype</groupId>
<artifactId>jackson-datatype-jsr310</artifactId>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>

52
base/spring/spring-rest-data/2.6.6/src/main/java/example/springdata/rest/headers/Address.java Normal file
View File

@@ -0,0 +1,52 @@
/*
* Copyright 2014 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package example.springdata.rest.headers;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import lombok.Data;
import lombok.RequiredArgsConstructor;
/**
* @author Oliver Gierke
*/
@Entity
@Data
@RequiredArgsConstructor
public class Address {
@GeneratedValue @Id//
private Long id;
public final String street, zipCode, city, state;
Address() {
this.street = null;
this.zipCode = null;
this.city = null;
this.state = null;
}
/*
* (non-Javadoc)
* @see java.lang.Object#toString()
*/
public String toString() {
return String.format("%s, %s %s, %s", street, zipCode, city, state);
}
}

45
base/spring/spring-rest-data/2.6.6/src/main/java/example/springdata/rest/headers/Application.java Normal file
View File

@@ -0,0 +1,45 @@
/*
* Copyright 2015-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package example.springdata.rest.headers;
import example.springdata.rest.headers.Customer.Gender;
import javax.annotation.PostConstruct;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.data.jpa.repository.config.EnableJpaAuditing;
/**
* @author Oliver Gierke
* @soundtrack The Intersphere - Out of phase (Live at Alte Feuerwache Mannheim)
*/
@EnableJpaAuditing
@SpringBootApplication
public class Application {
public static void main(String... args) {
SpringApplication.run(Application.class, args);
}
@Autowired CustomerRepository customers;
public @PostConstruct void init() {
customers.save(new Customer("Dave", "Matthews", Gender.MALE, //
new Address("4711 Some Place", "54321", "Charlottesville", "VA")));
}
}

68
base/spring/spring-rest-data/2.6.6/src/main/java/example/springdata/rest/headers/Customer.java Normal file
View File

@@ -0,0 +1,68 @@
/*
* Copyright 2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package example.springdata.rest.headers;
import java.time.LocalDateTime;
import javax.persistence.CascadeType;
import javax.persistence.Entity;
import javax.persistence.EntityListeners;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.OneToOne;
import javax.persistence.Version;
import lombok.Data;
import lombok.RequiredArgsConstructor;
import org.springframework.data.annotation.LastModifiedDate;
import org.springframework.data.jpa.domain.support.AuditingEntityListener;
import com.fasterxml.jackson.annotation.JsonIgnore;
/**
* Aggregate root representing a customer.
*
* @author Oliver Gierke
* @soundtrack The Intersphere - Out of phase (Live at Alte Feuerwache Mannheim)
*/
@Entity
@Data
@RequiredArgsConstructor
@EntityListeners(AuditingEntityListener.class)
public class Customer {
private @GeneratedValue @Id Long id;
private @Version Long version;
private @JsonIgnore @LastModifiedDate LocalDateTime lastModifiedDate;
public final String firstname, lastname;
public final Gender gender;
@OneToOne(cascade = CascadeType.ALL, orphanRemoval = true)//
public final Address address;
Customer() {
this.firstname = null;
this.lastname = null;
this.address = null;
this.gender = null;
}
static enum Gender {
MALE, FEMALE;
}
}

29
base/spring/spring-rest-data/2.6.6/src/main/java/example/springdata/rest/headers/CustomerRepository.java Normal file
View File

@@ -0,0 +1,29 @@
/*
* Copyright 2015-2017 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package example.springdata.rest.headers;
import org.springframework.data.repository.CrudRepository;
import org.springframework.web.bind.annotation.CrossOrigin;
/**
* Spring Data repository interface to manage {@link Customer} instances.
*
* @author Oliver Gierke
* @author Mark Paluch
* @soundtrack The Intersphere - Out of phase (Live at Alte Feuerwache Mannheim)
*/
@CrossOrigin(origins = { "http://localhost", "http://localhost:1234" })
public interface CustomerRepository extends CrudRepository<Customer, Long> {}

17
base/spring/spring-security-oauth2/2.0.8/Dockerfile Normal file
View File

@@ -0,0 +1,17 @@
FROM maven:3-jdk-8 AS builder
LABEL maintainer="phithon <root@leavesongs.com>"
COPY src/ /usr/src/
WORKDIR /usr/src
RUN cd /usr/src; \
mvn clean install
# production
FROM openjdk:8-jre
COPY --from=builder /usr/src/target/demo-0.0.1-SNAPSHOT.jar /spring-security-oauth2-0.0.1-SNAPSHOT.jar
CMD ["java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "/spring-security-oauth2-0.0.1-SNAPSHOT.jar"]

78
base/spring/spring-security-oauth2/2.0.8/src/pom.xml Normal file
View File

@@ -0,0 +1,78 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.example</groupId>
<artifactId>demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>demo</name>
<description>Demo project for Spring Boot</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.3.3.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.0.8.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>Brixton.M5</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
<repositories>
<repository>
<id>spring-snapshots</id>
<name>Spring Snapshots</name>
<url>https://repo.spring.io/snapshot</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
<repository>
<id>spring-milestones</id>
<name>Spring Milestones</name>
<url>https://repo.spring.io/milestone</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
</repositories>
</project>

18
base/spring/spring-security-oauth2/2.0.8/src/src/main/java/com/example/DemoApplication.java Normal file
View File

@@ -0,0 +1,18 @@
package com.example;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.web.bind.annotation.RestController;
@SpringBootApplication
@RestController
@EnableResourceServer
@EnableAuthorizationServer
public class DemoApplication {
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class, args);
}
}

7
base/spring/spring-security-oauth2/2.0.8/src/src/main/resources/application.properties Normal file
View File

@@ -0,0 +1,7 @@
security.oauth2.client.clientId: acme
security.oauth2.client.clientSecret: acmesecret
security.oauth2.client.authorized-grant-types: authorization_code,refresh_token,password
security.oauth2.client.scope: openid
security.oauth2.client.registered-redirect-uri: http://localhost
security.user.name: admin
security.user.password: admin

14
base/spring/spring-security/5.6.3/Dockerfile Normal file
View File

@@ -0,0 +1,14 @@
FROM maven:3-jdk-8 AS builder
COPY ./code/ /usr/src/
WORKDIR /usr/src
RUN cd /usr/src; \
mvn -U clean package -Dmaven.test.skip=true
FROM openjdk:8-jdk-alpine
COPY --from=builder /usr/src/target/com.vulhub.authzvuln-0.0.1-SNAPSHOT.jar /demo.jar
EXPOSE 8080
CMD ["java", "-jar", "/demo.jar"]

57
base/spring/spring-security/5.6.3/code/.gitignore vendored Normal file
View File

@@ -0,0 +1,57 @@
HELP.md
target/
!.mvn/wrapper/maven-wrapper.jar
!**/src/main/**/target/
!**/src/test/**/target/
### STS ###
.apt_generated
.classpath
.factorypath
.project
.settings
.springBeans
.sts4-cache
### IntelliJ IDEA ###
.idea
*.iws
*.iml
*.ipr
### NetBeans ###
/nbproject/private/
/nbbuild/
/dist/
/nbdist/
/.nb-gradle/
build/
!**/src/main/**/build/
!**/src/test/**/build/
### VS Code ###
.vscode/
### Java template
# Compiled class file
*.class
# Log file
*.log
# BlueJ files
*.ctxt
# Mobile Tools for Java (J2ME)
.mtj.tmp/
# Package Files #
*.jar
*.war
*.nar
*.ear
*.zip
*.tar.gz
*.rar
# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
hs_err_pid*

64
base/spring/spring-security/5.6.3/code/pom.xml Normal file
View File

@@ -0,0 +1,64 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.7.0</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.vulhub.authzvuln</groupId>
<artifactId>com.vulhub.authzvuln</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>CVE-2022-22978</name>
<description>CVE-2022-22978</description>
<properties>
<java.version>1.8</java.version>
<spring-security.version>5.6.3</spring-security.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration><!--
<jvmArguments>
-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8989
</jvmArguments>-->
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<testFailureIgnore>true</testFailureIgnore>
</configuration>
</plugin>
</plugins>
</build>
</project>

12
base/spring/spring-security/5.6.3/code/src/main/java/com/vulhub/authzvuln/App.java Normal file
View File

@@ -0,0 +1,12 @@
package com.vulhub.authzvuln;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication(scanBasePackages = { "com.vulhub" })
public class App {
public static void main(String[] args) {
SpringApplication.run(App.class, args);
}
}

18
base/spring/spring-security/5.6.3/code/src/main/java/com/vulhub/authzvuln/DemoController.java Normal file
View File

@@ -0,0 +1,18 @@
package com.vulhub.authzvuln;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
@Controller
public class DemoController {
@GetMapping("/admin/*")
public String Admin(){
return "admin";
}
@GetMapping("/")
public String User(){
return "index";
}
}

28
base/spring/spring-security/5.6.3/code/src/main/java/com/vulhub/authzvuln/MyErrorController.java Normal file
View File

@@ -0,0 +1,28 @@
package com.vulhub.authzvuln;
import org.springframework.stereotype.Controller;
import org.springframework.boot.web.servlet.error.ErrorController;
import org.springframework.web.bind.annotation.RequestMapping;
import javax.servlet.http.HttpServletRequest;
import org.springframework.http.HttpStatus;
import javax.servlet.RequestDispatcher;
@Controller
public class MyErrorController implements ErrorController {
@RequestMapping("/error")
public String handleError(HttpServletRequest request) {
Object status = request.getAttribute(RequestDispatcher.ERROR_STATUS_CODE);
if (status != null) {
Integer statusCode = Integer.valueOf(status.toString());
if(statusCode == HttpStatus.FORBIDDEN.value()) {
return "error-403";
}
}
return "error";
}
}

15
base/spring/spring-security/5.6.3/code/src/main/java/com/vulhub/authzvuln/ServletInit.java Normal file
View File

@@ -0,0 +1,15 @@
package com.vulhub.authzvuln;
import org.springframework.boot.builder.SpringApplicationBuilder;
import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
import org.springframework.context.annotation.ComponentScan;
@ComponentScan(basePackages = {"com.vulhub.authzvuln"})
public class ServletInit extends SpringBootServletInitializer {
@Override
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(App.class);
}
}

16
base/spring/spring-security/5.6.3/code/src/main/java/com/vulhub/authzvuln/SpringSecurityConfig.java Normal file
View File

@@ -0,0 +1,16 @@
package com.vulhub.authzvuln;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception{
httpSecurity.authorizeRequests().regexMatchers("/admin/.*").authenticated();
}
}

10
base/spring/spring-security/5.6.3/code/src/main/resources/templates/admin.html Normal file
View File

@@ -0,0 +1,10 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Admin Page</title>
</head>
<body>
Congratulations, you are an admin!
</body>
</html>

10
base/spring/spring-security/5.6.3/code/src/main/resources/templates/error-403.html Normal file
View File

@@ -0,0 +1,10 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>CVE-2022-22978</title>
</head>
<body>
Forbidden / Access denied
</body>
</html>

10
base/spring/spring-security/5.6.3/code/src/main/resources/templates/error.html Normal file
View File

@@ -0,0 +1,10 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>CVE-2022-22978</title>
</head>
<body>
ERROR sorry...
</body>
</html>

15
base/spring/spring-security/5.6.3/code/src/main/resources/templates/index.html Normal file
View File

@@ -0,0 +1,15 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>CVE-2022-22978</title>
</head>
<body>
CVE-2022-22978 Demo via Spring security 5.6.3<br/>
Admin page: <a href="/admin/index">/admin/</a><br/>
Payload: /admin/index%0a
</body>
</html>

20
base/spring/spring-webflow/2.4.4/Dockerfile Normal file
View File

@@ -0,0 +1,20 @@
FROM maven:3-jdk-8 AS build-env
RUN set -ex \
&& apt-get update \
&& apt-get install -y wget unzip \
&& cd /usr/src/ \
&& wget https://github.com/spring-projects/spring-webflow-samples/archive/f2312608cb924666d5d068e8016c1727b006d372.zip -O spring-webflow-samples.zip \
&& unzip spring-webflow-samples.zip \
&& cd spring-webflow-samples-f2312608cb924666d5d068e8016c1727b006d372/booking-mvc \
&& sed -i 's/factoryCreator\.setUseSpringBeanBinding.*;//g' src/main/java/org/springframework/webflow/samples/booking/config/WebFlowConfig.java \
&& mvn clean install
FROM vulhub/tomcat:8.0
LABEL maintainer="phithon <root@leavesongs.com>"
RUN rm -rf /usr/local/tomcat/webapps/* \
&& sed -i 's/securerandom.source=file:\/dev\/urandom/securerandom.source=file:\/dev\/.\/urandom/g' $JAVA_HOME/lib/security/java.security
COPY --from=build-env /usr/src/spring-webflow-samples-f2312608cb924666d5d068e8016c1727b006d372/booking-mvc/target/booking-mvc.war /usr/local/tomcat/webapps/ROOT.war

17
base/spring/spring-webmvc/5.3.17/Dockerfile Normal file
View File

@@ -0,0 +1,17 @@
FROM maven:3-jdk-11 AS builder
COPY ./ /usr/src
RUN cd /usr/src; \
mvn -U clean package -Dmaven.test.skip=true -Dmaven.artifact.threads=10
FROM tomcat:8.5.77-jre11
LABEL maintainer="phithon <root@leavesongs.com>"
RUN set -ex \
&& rm -rf /usr/local/tomcat/webapps/* \
&& sed -i 's/securerandom\.source=file:\/dev\/random/securerandom.source=file:\/dev\/.\/urandom/g' $JAVA_HOME/conf/security/java.security
COPY --from=builder /usr/src/target/spring4shell.war /usr/local/tomcat/webapps/ROOT.war
EXPOSE 8080

93
base/spring/spring-webmvc/5.3.17/pom.xml Normal file
View File

@@ -0,0 +1,93 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.vulhub</groupId>
<artifactId>spring4shell</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>war</packaging>
<name>spring4shell Maven Webapp</name>
<!-- FIXME change it to the project's website -->
<url>http://www.example.com</url>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>11</maven.compiler.source>
<maven.compiler.target>11</maven.compiler.target>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>5.3.17</version>
</dependency>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
<artifactId>javax.servlet.jsp.jstl-api</artifactId>
<version>1.2.1</version>
</dependency>
<dependency>
<groupId>taglibs</groupId>
<artifactId>standard</artifactId>
<version>1.1.2</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
<scope>provided</scope>
</dependency>
<!-- JSP Dependency -->
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>javax.servlet.jsp-api</artifactId>
<version>2.3.3</version>
<scope>provided</scope>
</dependency>
</dependencies>
<build>
<finalName>spring4shell</finalName>
<pluginManagement><!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) -->
<plugins>
<plugin>
<artifactId>maven-clean-plugin</artifactId>
<version>3.1.0</version>
</plugin>
<!-- see http://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_war_packaging -->
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<version>3.0.2</version>
</plugin>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.8.0</version>
</plugin>
<plugin>
<artifactId>maven-surefire-plugin</artifactId>
<version>2.22.1</version>
</plugin>
<plugin>
<artifactId>maven-war-plugin</artifactId>
<version>3.2.2</version>
</plugin>
<plugin>
<artifactId>maven-install-plugin</artifactId>
<version>2.5.2</version>
</plugin>
<plugin>
<artifactId>maven-deploy-plugin</artifactId>
<version>2.8.2</version>
</plugin>
</plugins>
</pluginManagement>
</build>
</project>

24
base/spring/spring-webmvc/5.3.17/src/main/java/org/vulhub/spring4shell/config/AppConfig.java Normal file
View File

@@ -0,0 +1,24 @@
package org.vulhub.spring4shell.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.view.InternalResourceViewResolver;
import org.springframework.web.servlet.view.JstlView;
@Configuration
@EnableWebMvc
@ComponentScan(basePackages = { "org.vulhub.spring4shell" })
public class AppConfig {
@Bean
public InternalResourceViewResolver resolver() {
InternalResourceViewResolver resolver = new InternalResourceViewResolver();
resolver.setViewClass(JstlView.class);
resolver.setPrefix("/WEB-INF/views/");
resolver.setSuffix(".jsp");
return resolver;
}
}

23
base/spring/spring-webmvc/5.3.17/src/main/java/org/vulhub/spring4shell/config/SpringMvcDispatcherServletInitializer.java Normal file
View File

@@ -0,0 +1,23 @@
package org.vulhub.spring4shell.config;
import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
public class SpringMvcDispatcherServletInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
// TODO Auto-generated method stub
return null;
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[] { AppConfig.class };
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
}

22
base/spring/spring-webmvc/5.3.17/src/main/java/org/vulhub/spring4shell/controller/HelloController.java Normal file
View File

@@ -0,0 +1,22 @@
package org.vulhub.spring4shell.controller;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.vulhub.spring4shell.model.Person;
@Controller
public class HelloController {
@GetMapping("/")
public String index(Person person, Model model)
{
// model.addAttribute("name", person.getName());
// model.addAttribute("age", person.getAge());
model.addAttribute("person", person);
return "hello";
}
}

22
base/spring/spring-webmvc/5.3.17/src/main/java/org/vulhub/spring4shell/model/Person.java Normal file
View File

@@ -0,0 +1,22 @@
package org.vulhub.spring4shell.model;
public class Person {
private String name;
private Integer age;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public Integer getAge() {
return age;
}
public void setAge(Integer age) {
this.age = age;
}
}

10
base/spring/spring-webmvc/5.3.17/src/main/webapp/WEB-INF/views/hello.jsp Normal file
View File

@@ -0,0 +1,10 @@
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ page isELIgnored="false" %>
<html>
<body>
<h2>Hello, my name is ${person.name}, I am ${person.age} years old.</h2>
</body>
</html>

7
base/spring/spring-webmvc/5.3.17/src/main/webapp/WEB-INF/web.xml Normal file
View File

@@ -0,0 +1,7 @@
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd" >
<web-app>
<display-name>Archetype Created Web Application</display-name>
</web-app>

31
base/spring/with-h2database/1.4.197/.gitignore vendored Normal file
View File

@@ -0,0 +1,31 @@
HELP.md
target/
!.mvn/wrapper/maven-wrapper.jar
!**/src/main/**
!**/src/test/**
### STS ###
.apt_generated
.classpath
.factorypath
.project
.settings
.springBeans
.sts4-cache
### IntelliJ IDEA ###
.idea
*.iws
*.iml
*.ipr
### NetBeans ###
/nbproject/private/
/nbbuild/
/dist/
/nbdist/
/.nb-gradle/
build/
### VS Code ###
.vscode/

20
base/spring/with-h2database/1.4.197/Dockerfile Normal file
View File

@@ -0,0 +1,20 @@
FROM maven:3-jdk-8 AS builder
LABEL maintainer="phithon <root@leavesongs.com>"
COPY ./ /usr/src/
WORKDIR /usr/src
RUN cd /usr/src; \
mvn -U clean package -Dmaven.test.skip=true
FROM eclipse-temurin:8u442-b06-jre
LABEL maintainer="phithon <root@leavesongs.com>"
COPY --from=builder /usr/src/target/h2-console-demo-0.0.1-SNAPSHOT.jar /h2-console-demo-0.0.1-SNAPSHOT.jar
EXPOSE 8080 5005
CMD ["java", "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005", "-jar", "/h2-console-demo-0.0.1-SNAPSHOT.jar"]

44
base/spring/with-h2database/1.4.197/pom.xml Normal file
View File

@@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.7.18</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>org.vulhub</groupId>
<artifactId>h2-console-demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>h2-console-demo</name>
<description>Demo project for Spring H2 Console</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>2.7.18</version>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<version>1.4.197</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>

11
base/spring/with-h2database/1.4.197/src/main/java/org/vulhub/h2consoledemo/H2ConsoleDemoApplication.java Normal file
View File

@@ -0,0 +1,11 @@
package org.vulhub.h2consoledemo;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class H2ConsoleDemoApplication {
public static void main(String[] args) {
SpringApplication.run(H2ConsoleDemoApplication.class, args);
}
}

2
base/spring/with-h2database/1.4.197/src/main/resources/application.properties Normal file
View File

@@ -0,0 +1,2 @@
spring.h2.console.enabled=true
spring.h2.console.settings.web-allow-others=true

31
base/spring/with-h2database/2.0.204/.gitignore vendored Normal file
View File

@@ -0,0 +1,31 @@
HELP.md
target/
!.mvn/wrapper/maven-wrapper.jar
!**/src/main/**
!**/src/test/**
### STS ###
.apt_generated
.classpath
.factorypath
.project
.settings
.springBeans
.sts4-cache
### IntelliJ IDEA ###
.idea
*.iws
*.iml
*.ipr
### NetBeans ###
/nbproject/private/
/nbbuild/
/dist/
/nbdist/
/.nb-gradle/
build/
### VS Code ###
.vscode/

21
base/spring/with-h2database/2.0.204/Dockerfile Normal file
View File

@@ -0,0 +1,21 @@
FROM maven:3-jdk-8 AS builder
LABEL maintainer="phithon <root@leavesongs.com>"
COPY pom.xml /usr/src/pom.xml
COPY src /usr/src/src
WORKDIR /usr/src
RUN cd /usr/src; \
mvn -U clean package -Dmaven.test.skip=true
FROM eclipse-temurin:8u302-b08-jre
LABEL maintainer="phithon <root@leavesongs.com>"
COPY --from=builder /usr/src/target/h2-console-demo-0.0.1-SNAPSHOT.jar /h2-console-demo-0.0.1-SNAPSHOT.jar
EXPOSE 8080 5005
CMD ["java", "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005", "-jar", "/h2-console-demo-0.0.1-SNAPSHOT.jar"]

44
base/spring/with-h2database/2.0.204/pom.xml Normal file
View File

@@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.6.7</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>org.vulhub</groupId>
<artifactId>h2-console-demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>h2-console-demo</name>
<description>Demo project for Spring H2 Console</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>2.6.7</version>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<version>2.0.204</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>

11
base/spring/with-h2database/2.0.204/src/main/java/org/vulhub/h2consoledemo/H2ConsoleDemoApplication.java Normal file
View File

@@ -0,0 +1,11 @@
package org.vulhub.h2consoledemo;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class H2ConsoleDemoApplication {
public static void main(String[] args) {
SpringApplication.run(H2ConsoleDemoApplication.class, args);
}
}

2
base/spring/with-h2database/2.0.204/src/main/resources/application.properties Normal file
View File

@@ -0,0 +1,2 @@
spring.h2.console.enabled=true
spring.h2.console.settings.web-allow-others=true

31
base/spring/with-h2database/2.0.206/.gitignore vendored Normal file
View File

@@ -0,0 +1,31 @@
HELP.md
target/
!.mvn/wrapper/maven-wrapper.jar
!**/src/main/**
!**/src/test/**
### STS ###
.apt_generated
.classpath
.factorypath
.project
.settings
.springBeans
.sts4-cache
### IntelliJ IDEA ###
.idea
*.iws
*.iml
*.ipr
### NetBeans ###
/nbproject/private/
/nbbuild/
/dist/
/nbdist/
/.nb-gradle/
build/
### VS Code ###
.vscode/

21
base/spring/with-h2database/2.0.206/Dockerfile Normal file
View File

@@ -0,0 +1,21 @@
FROM maven:3-jdk-8 AS builder
LABEL maintainer="phithon <root@leavesongs.com>"
COPY pom.xml /usr/src/pom.xml
COPY src /usr/src/src
WORKDIR /usr/src
RUN cd /usr/src; \
mvn -U clean package -Dmaven.test.skip=true
FROM eclipse-temurin:8u442-b06-jre
LABEL maintainer="phithon <root@leavesongs.com>"
COPY --from=builder /usr/src/target/h2-console-demo-0.0.1-SNAPSHOT.jar /h2-console-demo-0.0.1-SNAPSHOT.jar
EXPOSE 8080 5005
CMD ["java", "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005", "-jar", "/h2-console-demo-0.0.1-SNAPSHOT.jar"]

44
base/spring/with-h2database/2.0.206/pom.xml Normal file
View File

@@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.7.18</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>org.vulhub</groupId>
<artifactId>h2-console-demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>h2-console-demo</name>
<description>Demo project for Spring H2 Console</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>2.7.18</version>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<version>2.0.206</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>

11
base/spring/with-h2database/2.0.206/src/main/java/org/vulhub/h2consoledemo/H2ConsoleDemoApplication.java Normal file
View File

@@ -0,0 +1,11 @@
package org.vulhub.h2consoledemo;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class H2ConsoleDemoApplication {
public static void main(String[] args) {
SpringApplication.run(H2ConsoleDemoApplication.class, args);
}
}

2
base/spring/with-h2database/2.0.206/src/main/resources/application.properties Normal file
View File

@@ -0,0 +1,2 @@
spring.h2.console.enabled=true
spring.h2.console.settings.web-allow-others=true

53
base/spring/with-jackson/2.8.8/.gitignore vendored Normal file
View File

@@ -0,0 +1,53 @@
mvnw
mvnw.cmd
.mvn
/target/
!.mvn/wrapper/maven-wrapper.jar
### STS ###
.apt_generated
.classpath
.factorypath
.project
.settings
.springBeans
.sts4-cache
### IntelliJ IDEA ###
.idea
*.iws
*.iml
*.ipr
### NetBeans ###
/nbproject/private/
/build/
/nbbuild/
/dist/
/nbdist/
/.nb-gradle/
### Java template
# Compiled class file
*.class
# Log file
*.log
# BlueJ files
*.ctxt
# Mobile Tools for Java (J2ME)
.mtj.tmp/
# Package Files #
*.jar
*.war
*.nar
*.ear
*.zip
*.tar.gz
*.rar
# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
hs_err_pid*

20
base/spring/with-jackson/2.8.8/Dockerfile Normal file
View File

@@ -0,0 +1,20 @@
FROM maven:3-jdk-7 AS builder
LABEL MAINTAINER="phithon <root@leavesongs.com>"
COPY ./ /usr/src/
WORKDIR /usr/src
RUN cd /usr/src; \
mvn -U clean package -Dmaven.test.skip=true
FROM vulhub/java:7u21-jdk
LABEL MAINTAINER="b1ngz <blinking.yan@gmail.com>"
COPY --from=builder /usr/src/target/jackson.jar /jackson.jar
EXPOSE 8080
CMD ["java", "-jar", "/jackson.jar"]

72
base/spring/with-jackson/2.8.8/pom.xml Normal file
View File

@@ -0,0 +1,72 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.b1ngz.sec</groupId>
<artifactId>jackson-vul</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>jackson-vul</name>
<description>Jackson CVE-2017-7525 / CVE-2017-17485 for vulhub</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.12.RELEASE</version>
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.7</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.8.8</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.javassist/javassist -->
<dependency>
<groupId>org.javassist</groupId>
<artifactId>javassist</artifactId>
<version>3.22.0-GA</version>
<scope>test</scope>
</dependency>
<!-- https://mvnrepository.com/artifact/commons-codec/commons-codec -->
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.11</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<finalName>jackson</finalName>
</configuration>
</plugin>
</plugins>
</build>
</project>

23
base/spring/with-jackson/2.8.8/src/main/java/com/b1ngz/sec/JacksonApplication.java Normal file
View File

@@ -0,0 +1,23 @@
package com.b1ngz.sec;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
@SpringBootApplication
public class JacksonApplication {
public static void main(String[] args) {
SpringApplication.run(JacksonApplication.class, args);
}
@Bean
public ObjectMapper objectMapper() {
ObjectMapper mapper = new ObjectMapper();
// enable Polymorphic Deserialization, one of
mapper.enableDefaultTyping();
// mapper.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL);
return mapper;
}
}

26
base/spring/with-jackson/2.8.8/src/main/java/com/b1ngz/sec/controller/JacksonController.java Normal file
View File

@@ -0,0 +1,26 @@
package com.b1ngz.sec.controller;
import com.b1ngz.sec.model.Target;
import com.b1ngz.sec.util.ResourceUtils;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;
/**
* Created by b1ngz on 2018/9/8.
*/
@RestController
public class JacksonController {
@PostMapping(value = "exploit", consumes = "application/json")
public String test(@RequestBody Target target) throws Exception {
return target.toString();
}
@GetMapping(value = "spel.xml")
public String getSpelXml() throws Exception {
return ResourceUtils.readResourceFileAsStr("/spel.xml");
}
}

16
base/spring/with-jackson/2.8.8/src/main/java/com/b1ngz/sec/model/Target.java Normal file
View File

@@ -0,0 +1,16 @@
package com.b1ngz.sec.model;
/**
* Created by b1ngz on 2018/9/8.
*/
public class Target {
private Object param;
public Object getParam() {
return param;
}
public void setParam(Object param) {
this.param = param;
}
}

22
base/spring/with-jackson/2.8.8/src/main/java/com/b1ngz/sec/util/ResourceUtils.java Normal file
View File

@@ -0,0 +1,22 @@
package com.b1ngz.sec.util;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
/**
* Created by b1ngz on 2018/9/9.
*/
public class ResourceUtils {
public static String readResourceFileAsStr(String filename) throws IOException {
BufferedReader br = new BufferedReader(new InputStreamReader(ResourceUtils.class.getResourceAsStream(filename)));
String line;
StringBuilder sb = new StringBuilder();
while ((line = br.readLine()) != null) {
sb.append(line);
}
return sb.toString();
}
}