CheckmarxDev
diff --git a/‎Dockerfile
+18 b/‎Dockerfile
+18
diff --git a/‎LICENSE
+340 b/‎LICENSE
+340
diff --git a/‎README.md
+75 b/‎README.md
+75
diff --git a/‎docker-compose.yml
+11 b/‎docker-compose.yml
+11
diff --git a/‎infrostructure.tf
+59 b/‎infrostructure.tf
+59
diff --git a/‎pom.xml
+47 b/‎pom.xml
+47
diff --git a/‎src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java
+116 b/‎src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java
+116
@@ -0,0 +1,18 @@
+FROM ubuntu:17.10
+ENV WORKDIR /usr/src/app/
+WORKDIR $WORKDIR
+COPY package*.json $WORKDIR
+RUN npm install --production --no-cache
+
+FROM node:12-alpine
+ENV USER node
+ENV WORKDIR /home/$USER/app
+WORKDIR $WORKDIR
+COPY --from=0 /usr/src/app/node_modules node_modules
+RUN chown $USER:$USER $WORKDIR
+COPY --chown=node . $WORKDIR
+# In production environment uncomment the next line
+#RUN chown -R $USER:$USER /home/$USER && chmod -R g-s,o-rx /home/$USER && chmod -R o-wrx $WORKDIR
+# Then all further actions including running the containers should be done under non-root user.
+USER $USER
+EXPOSE 4000
@@ -0,0 +1,75 @@
+This is a "Vulnerable" Web Application developed by Cyber Security and Privacy Foundation(www.cysecurity.org). This app is intended for the Java Programmers and other people who wish to learn about Web application vulnerabilities and write secure code.
+
+**The full course content is now available on Github for free:**
+
+https://github.com/CSPF-Founder/JavaSecurityCourse
+
+
+**The full course on Hacking and Securing Web Java Programs is available in** 
+
+https://www.udemy.com/hacking-securing-java-web-programming/
+
+**Warning**: Don't run this app in Your Main Machine or in  an online server.  Install it in Vitual Machine.
+
+ 
+How to Use/Setup ?
+-------------
+
+**Method 1.Super Very Easiest Method: Docker**
+  The easiest way to use Java Vulnerable is using Docker which set up everything for you with 1 command line
+
+  Steps:
+
+     1. Install Docker: https://docs.docker.com/engine/installation/ 
+     2. Install docker-compose: https://docs.docker.com/compose/install/
+     3. Inside this directory, run `sudo docker-compose up` and wait untill everything is configured for you.
+     4. In your Browser, go to "http://localhost:8080/JavaVulnerableLab/install.jsp
+     5. Change the JDBC URL from jdbc:mysql://localhost:3306 to jdbc:mysql://mysql:3306
+     6. Click the Install Button
+     7. Enjoy :)
+
+
+**Method 2.Very Easiest Method : VirtualBox VM**
+  The second most easiest way to use Java Vulnerable is using the VirtualBox VM which has everything set up and ready to use. 
+  
+  Steps:
+      
+      1. Install the VirtualBox : https://www.virtualbox.org/wiki/Downloads
+      2. Download the VM Image from here : http://sourceforge.net/projects/javavulnerablelab/files/v0.1/JavaVulnerableLab.ova/download
+      3. Import the JavaVulnerable.ova into VirtualBox.
+      4. Change the Network Settings to Host-Only Network 
+      5. Start the Machine and Log into the Machine( Credentials; username: root password: cspf) 
+      6. Start Tomcat by entering "service tomcat start" in the Terminal
+      7. Start mysql by entering "service mysql start" in the Terminal
+      8. Find the IP Address of Machine
+      9. In your Browser, go to "http://[IP_ADDRESS_OF_VM]:8080/JavaVulnerableLab/install.jsp 
+      10. Click the Install Button
+      11. Enjoy :)
+      
+**Method 3.Easiest Method : Standalone Web Application**
+  In this mehtod, you will be running an executable "JAR" file which runs the application with an embedded Apache Tomcat. 
+ 
+    Steps:
+    
+        1. Install JDK
+        2. Download Executable Jar from here: http://sourceforge.net/projects/javavulnerablelab/files/v0.2/JavaVulnerableLab.jar/download
+        3. Double Click the JavaVulnerable.jar to run( if double click is not working, run this command "java -jar JavaVulnerable.jar" in your Terminal or CMD)
+        4. In your Browser, go to "http://localhost:8080/JavaVulnerableLab/install.jsp 
+        5. Click the Install Button
+        
+**Method 4. Using War file:**
+  This is a NORMAL method to deploy the WAR file. 
+  
+  Steps:
+  
+       1. Install Apache Tomcat server
+       2. Go to http://[Tomcat_INSTALLED_IP]:8080/manager/  (make sure you have modified tomcat-users.xml file of the tomcat to allow the manager).
+       3. Download our WAR file from here: https://sourceforge.net/projects/javavulnerablelab/files/latest/JavaVulnerableLab.war/download
+       4. Deploy the WAR in Apache Tomcat manager.
+       5. Go to http://[Tomcat_INSTALLED_IP]:8080/JavaVulnerableLab/install.jsp 
+       6. Click the Install Button
+       
+
+Get the VulnerableSpring Project from here:
+https://github.com/CSPF-Founder/VulnerableSpring
+
@@ -0,0 +1,11 @@
+javavulnlab:
+  build: .
+  ports:
+    - 8080:8080
+  links: 
+    - mysql
+
+mysql:
+  image: mysql
+  environment:
+    - MYSQL_ROOT_PASSWORD=root
@@ -0,0 +1,59 @@
+#### INSTANCE HTTP ####
+
+resource "aws_lb" "front_end" {
+  # ...
+}
+
+resource "aws_lb_target_group" "front_end" {
+  # ...
+}
+
+resource "aws_lb_listener" "front_end" {
+  load_balancer_arn = aws_lb.front_end.arn
+  port              = "80"
+  protocol          = "HTTP"
+
+  default_action {
+    type = "redirect"
+
+    redirect {
+      port        = "80"
+      protocol    = "HTTP"
+      status_code = "HTTP_301"
+    }
+  }
+}
+
+resource "aws_alb_listener" "front_end" {
+  load_balancer_arn = aws_lb.front_end.arn
+  port              = "8080"
+  protocol          = "HTTP"
+}
+
+# Create instance
+resource "aws_instance" "http" {
+  for_each      = var.http_instance_names
+  ami           = data.aws_ami.ubuntu.id
+  instance_type = "t2.micro"
+  key_name      = aws_key_pair.user_key.key_name
+  vpc_security_group_ids = [
+    aws_security_group.administration.id,
+    aws_security_group.web.id,
+  ]
+  subnet_id = aws_subnet.http.id
+  user_data = "1234567890123456789012345678901234567890$"
+  tags = {
+    Name = each.key
+  }
+}
+
+# Attach floating ip on instance http
+resource "aws_eip" "public_http" {
+  for_each   = var.http_instance_names
+  vpc        = true
+  instance   = aws_instance.http[each.key].id
+  depends_on = [aws_internet_gateway.gw]
+  tags = {
+    Name = "public-http-${each.key}"
+  }
+}
@@ -0,0 +1,47 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>org.cysecurity</groupId>
+  <artifactId>JavaVulnerableLab</artifactId>
+  <packaging>war</packaging>
+  <version>0.0.1-SNAPSHOT</version>
+  <name>JavaVulnerableLab Maven Webapp</name>
+  <url>http://maven.apache.org</url>
+  <dependencies>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>3.8.1</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+    	<groupId>mysql</groupId>
+    	<artifactId>mysql-connector-java</artifactId>
+    	<version>5.1.26</version>
+    </dependency>
+    <dependency>
+	    <groupId>org.json</groupId>
+	    <artifactId>json</artifactId>
+	    <version>20131018</version>
+	</dependency>
+	<dependency>
+		<groupId>javax.servlet</groupId>
+		<artifactId>jstl</artifactId>
+		<version>1.2</version>
+	</dependency>
+	<dependency>
+		<groupId>org.hibernate</groupId>
+		<artifactId>hibernate-core</artifactId>
+		<version>4.0.1.Final</version>
+	</dependency>
+	<dependency>
+    <groupId>javax.servlet</groupId>
+    <artifactId>servlet-api</artifactId>
+    <version>2.3</version>
+    <scope>provided</scope>
+</dependency>	 	
+  </dependencies>
+  <build>
+    <finalName>JavaVulnerableLab</finalName>
+  </build>
+</project>
@@ -0,0 +1,116 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+
+package org.cysecurity.cspf.jvl.controller;
+
+import java.io.BufferedWriter;
+import java.io.File;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.io.PrintWriter;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ *
+ * @author breakthesec
+ */
+public class AddPage extends HttpServlet {
+
+    /**
+     * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
+     * methods.
+     *
+     * @param request servlet request
+     * @param response servlet response
+     * @throws ServletException if a servlet-specific error occurs
+     * @throws IOException if an I/O error occurs
+     */
+    protected void processRequest(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+        response.setContentType("text/html;charset=UTF-8");
+        PrintWriter out = response.getWriter();
+        try {
+           String fileName=request.getParameter("filename");
+           String content=request.getParameter("content");
+           if(fileName!=null && content!=null)
+           {
+            String pagesDir=getServletContext().getRealPath("/pages");
+            String filePath=pagesDir+"/"+fileName;
+            File f=new File(filePath);
+            if(f.exists())
+            {
+                f.delete();
+            }
+                if(f.createNewFile())
+                {
+                    BufferedWriter bw=new BufferedWriter(new FileWriter(f.getAbsoluteFile()));
+                    bw.write(content);
+                    bw.close();
+                    out.print("Successfully created the file: <a href='../pages/"+fileName+"'>"+fileName+"</a>");
+                }
+                else
+                {
+                    out.print("Failed to create the file");
+                }
+           }
+           else
+           {
+               out.print("filename or content Parameter is missing");
+           }           
+           
+        } 
+        catch(Exception e)
+        {
+            out.print(e);
+        }
+        finally {
+            out.close();
+        }
+    }
+
+    // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
+    /**
+     * Handles the HTTP <code>GET</code> method.
+     *
+     * @param request servlet request
+     * @param response servlet response
+     * @throws ServletException if a servlet-specific error occurs
+     * @throws IOException if an I/O error occurs
+     */
+    @Override
+    protected void doGet(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+        processRequest(request, response);
+    }
+
+    /**
+     * Handles the HTTP <code>POST</code> method.
+     *
+     * @param request servlet request
+     * @param response servlet response
+     * @throws ServletException if a servlet-specific error occurs
+     * @throws IOException if an I/O error occurs
+     */
+    @Override
+    protected void doPost(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+        processRequest(request, response);
+    }
+
+    /**
+     * Returns a short description of the servlet.
+     *
+     * @return a String containing servlet description
+     */
+    @Override
+    public String getServletInfo() {
+        return "Short description";
+    }// </editor-fold>
+
+}