Skip to content

Commit 749f4ea

Browse files
CodingDepotCodingDepot
authored
Remove Website Tester (#9)
* use InetAddress functionality instead of hand-crafted verification * remove the WebsiteTestService and focus on the DomainTestService * revert tests
1 parent 85b7ebd commit 749f4ea

File tree

6 files changed

+7
-196
lines changed

6 files changed

+7
-196
lines changed

README.md

+6-20
Original file line numberDiff line numberDiff line change
@@ -1,39 +1,25 @@
11
# Vulnerable Java application
22

3-
This repository contains a sample application, the "Websites Tester Service", that's vulnerable to a [Command Injection](https://owasp.org/www-community/attacks/Command_Injection) and [Server-Side Request Forgery (SSRF)](https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/) vulnerability.
3+
This repository contains a sample application, the "Websites Tester Service", that's vulnerable to a [Command Injection](https://owasp.org/www-community/attacks/Command_Injection) vulnerability.
44

55
> **Warning!**
66
> This application is purposely vulnerable and can trivially be hacked. Don't expose it to the Internet, and don't run it in a production environment.
77
> Instead, you can run it locally on your machine, or in a cloud environment on a private VPC.
88
99
## Running locally
1010

11-
1. Build the image locally, or use `ghcr.io/datadog/vulnerable-java-application`:
11+
1. Build the image locally:
12+
```
13+
docker build -t vulnerable-java-application:latest .
14+
```
1215
2. Run:
1316
```
14-
docker run --rm -p 8000:8000 ghcr.io/datadog/vulnerable-java-application
17+
docker run --rm -p 8000:8000 vulnerable-java-application:latest
1518
```
1619
3. You can then access the web application at <http://127.0.0.1:8000>
1720
18-
## Running on Kubernetes
19-
20-
```
21-
kubectl run vulnerable-application --port=8000 --expose=true --image ghcr.io/datadog/vulnerable-java-application
22-
kubectl port-forward pod/vulnerable-application 8000
23-
```
24-
25-
You can then access the web application at <http://127.0.0.1:8000>
26-
2721
## Exploitation
2822
29-
### Server-side request vulnerability
30-
31-
1. Browse to <http://127.0.0.1:8000/website.html>
32-
2. Note how the input allows you to specify arbitrary URLs such as `http://google.com`, but also any internal IP such as `http://169.254.169.254/latest/meta-data/`
33-
3. When the applications is running in AWS, Azure or GCP, this can often be exploited to retrieve instance metadata credentials
34-
35-
### Command injection vulnerability
36-
3723
1. Browse to <http://127.0.0.1:8000/index.html>
3824
2. Note how the input allows you to specify domain names such as `google.com` and ping them
3925
3. Note that there is some level of input validation - entering `$(whoami)` returns `Invalid domain name: $(whoami) - don't try to hack us!`

src/main/java/com/datadoghq/workshops/samplevulnerablejavaapp/MainController.java

+1-15
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,6 @@
11
package com.datadoghq.workshops.samplevulnerablejavaapp;
22

33
import com.datadoghq.workshops.samplevulnerablejavaapp.exception.InvalidDomainException;
4-
import com.datadoghq.workshops.samplevulnerablejavaapp.exception.UnableToTestDomainException;
54
import org.slf4j.Logger;
65
import org.slf4j.LoggerFactory;
76
import org.springframework.beans.factory.annotation.Autowired;
@@ -17,9 +16,6 @@ public class MainController {
1716
@Autowired
1817
private DomainTestService domainTestService;
1918

20-
@Autowired
21-
private WebsiteTestService websiteTestService;
22-
2319
@RequestMapping(method=RequestMethod.POST, value="/test-domain", consumes="application/json")
2420
public ResponseEntity<String> testDomain(@RequestBody DomainTestRequest request) {
2521
log.info("Testing domain " + request.domainName);
@@ -28,18 +24,8 @@ public ResponseEntity<String> testDomain(@RequestBody DomainTestRequest request)
2824
return new ResponseEntity<>(result, HttpStatus.OK);
2925
} catch(InvalidDomainException e) {
3026
return new ResponseEntity<>(e.getMessage(), HttpStatus.BAD_REQUEST);
31-
} catch (UnableToTestDomainException e) {
32-
return new ResponseEntity<>(e.getMessage(), HttpStatus.INTERNAL_SERVER_ERROR);
33-
} catch(Exception e) {
27+
} catch (Exception e) {
3428
return new ResponseEntity<>(e.getMessage(), HttpStatus.INTERNAL_SERVER_ERROR);
3529
}
3630
}
37-
38-
@RequestMapping(method=RequestMethod.POST, value="/test-website", consumes="application/json")
39-
public ResponseEntity<String> testWebsite(@RequestBody WebsiteTestRequest request) {
40-
log.info("Testing website " + request.url);
41-
String result = websiteTestService.testWebsite(request);
42-
return new ResponseEntity<>(result, HttpStatus.OK);
43-
}
44-
4531
}

src/main/java/com/datadoghq/workshops/samplevulnerablejavaapp/WebsiteTestRequest.java

-10
This file was deleted.

src/main/java/com/datadoghq/workshops/samplevulnerablejavaapp/WebsiteTestService.java

-31
This file was deleted.

src/main/resources/static/js/website.js

-41
This file was deleted.

src/main/resources/static/website.html

-79
This file was deleted.

0 commit comments

Comments
 (0)