Skip to content

Commit

Permalink
update README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@b4zinga
b4zinga committed May 10, 2023
1 parent b016389 commit bd41d5d
Show file tree
Hide file tree
Showing 5 changed files with 27 additions and 2 deletions.
27 changes: 26 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,4 +24,29 @@
| Swagger-ui未授权 | 1 | |
| 阿里巴巴 Druid 未授权 | 1 | |

误报数量 = 漏洞修复数量 + 误报案例数量
误报数量 = 漏洞修复数量 + 误报案例数量

## 漏洞详情

漏洞源码主要在[controller](./src/main/java/com/example/vulnerablejava/controller/)目录下,详情可参考代码注释信息。

## 漏洞验证方式

执行 `mvn spring-boot:run``java -jar vulnerablejava.jar`运行项目,使用curl或burp进行验证即可,例如:

![burp](./docs/imgs/burp.png)

或直接访问 `http://127.0.0.1:8080/swagger-ui.html` ,如下:

![swagger](./docs/imgs/swagger.png)

选择其中漏洞进行测试,例如:

![swagger](./docs/imgs/swagger2.png)

## 注意

0. 主要用于验证SAST产品常规漏洞准确性及覆盖面
1. 默认使用内置sqlite数据库,打包后可直接运行
2. 无前端项目,内置swagger辅助测试
3. 漏洞详情、利用方式,主要在[controller](./src/main/java/com/example/vulnerablejava/controller/)文件注释中
Binary file added docs/imgs/burp.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/imgs/swagger.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/imgs/swagger2.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>com.example</groupId>
<artifactId>vulnerablejava</artifactId>
<version>0.0.1-SNAPSHOT</version>
<version>1.0-SNAPSHOT</version>
<name>vulnerablejava</name>
<description>Demo project for Spring Boot</description>
<properties>
Expand Down

0 comments on commit bd41d5d

Please sign in to comment.