Nova-8
diff --git a/‎Dockerfile‎
Lines changed: 9 additions & 0 deletions b/‎Dockerfile‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎LICENSE‎
Lines changed: 340 additions & 0 deletions b/‎LICENSE‎
Lines changed: 340 additions & 0 deletions
diff --git a/‎azure-pipelines.yml‎
Lines changed: 25 additions & 0 deletions b/‎azure-pipelines.yml‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎dependencia/txt‎
Lines changed: 1 addition & 0 deletions b/‎dependencia/txt‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎docker-compose.yml‎
Lines changed: 11 additions & 0 deletions b/‎docker-compose.yml‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎package.json‎
Lines changed: 24 additions & 0 deletions b/‎package.json‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎pom.xml‎
Lines changed: 47 additions & 0 deletions b/‎pom.xml‎
Lines changed: 47 additions & 0 deletions
diff --git a/‎src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java‎
Lines changed: 116 additions & 0 deletions b/‎src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java‎
Lines changed: 116 additions & 0 deletions
diff --git a/‎src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java‎
Lines changed: 108 additions & 0 deletions b/‎src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java‎
Lines changed: 108 additions & 0 deletions
@@ -0,0 +1,9 @@
+FROM tomcat
+
+COPY . .
+
+RUN apt-get update ; apt-get install maven default-jdk -y ; update-alternatives --config javac
+
+RUN mvn clean package ; cp target/*.war /usr/local/tomcat/webapps/
+
+CMD ["catalina.sh","run"]
@@ -0,0 +1,25 @@
+# Starter pipeline
+# Start with a minimal pipeline that you can customize to build and deploy your code.
+# Add steps that build, run tests, deploy, and more:
+# https://aka.ms/yaml
+
+trigger:
+- master
+
+pool:
+  vmImage: ubuntu-latest
+  
+resources:
+  repositories:
+    - repository: CheckmarxYamlTemplates
+      type: git
+      name: DevSecOps/CheckmarxYamlTemplates
+      ref: master
+  
+variables:
+  cxTeam: 'CxServer\JornadaIngresso\JIFU'
+  cxProjectName: '$(Build.DefinitionName)'
+
+
+steps:
+  - template: NightlyAsync.AllInOne.yaml@CheckmarxYamlTemplates
@@ -0,0 +1 @@
+
@@ -0,0 +1,11 @@
+javavulnlab:
+  build: .
+  ports:
+    - 8080:8080
+  links: 
+    - mysql
+
+mysql:
+  image: mysql
+  environment:
+    - MYSQL_ROOT_PASSWORD=root
@@ -0,0 +1,24 @@
+{
+  "name": "SupplyChainSecurity",
+  "private": false,
+  "version": "1.0.0",
+  "description": "SCS Examples to be cautious of... and protected by Checkmarx for...",
+  "main": "server.js",
+  "dependencies": {
+    "handlebars": "4.7.9",
+    "lodash": "4.17.11",
+    "node-ipc": "9.2.2",
+    "ua-parser-js": "0.7.29",
+    "event-pubsub": "5.0.3",
+    "momnet": "2.29.1",
+    "flow-dev-tools": "99.10.9",
+    "scs": "0.0.1"
+  },
+  "scripts": {},
+  "devDependencies": {
+    "async": "^2.0.0-rc.4",
+    "grunt": "^1.0.1",
+    "qs": "6.0.0",
+    "js-yaml": "3.6.1"
+  }
+}
@@ -0,0 +1,47 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>org.cysecurity</groupId>
+  <artifactId>JavaVulnerableLab</artifactId>
+  <packaging>war</packaging>
+  <version>0.0.1-SNAPSHOT</version>
+  <name>JavaVulnerableLab Maven Webapp</name>
+  <url>http://maven.apache.org</url>
+  <dependencies>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>3.8.1</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+    	<groupId>mysql</groupId>
+    	<artifactId>mysql-connector-java</artifactId>
+    	<version>5.1.26</version>
+    </dependency>
+    <dependency>
+	    <groupId>org.json</groupId>
+	    <artifactId>json</artifactId>
+	    <version>20090211</version>
+	</dependency>
+	<dependency>
+		<groupId>javax.servlet</groupId>
+		<artifactId>jstl</artifactId>
+		<version>1.2</version>
+	</dependency>
+	<dependency>
+		<groupId>org.hibernate</groupId>
+		<artifactId>hibernate-core</artifactId>
+		<version>4.0.1.Final</version>
+	</dependency>
+	<dependency>
+    <groupId>javax.servlet</groupId>
+    <artifactId>servlet-api</artifactId>
+    <version>2.3</version>
+    <scope>provided</scope>
+</dependency>	 	
+  </dependencies>
+  <build>
+    <finalName>JavaVulnerableLab</finalName>
+  </build>
+</project>
@@ -0,0 +1,116 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+
+package org.cysecurity.cspf.jvl.controller;
+
+import java.io.BufferedWriter;
+import java.io.File;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.io.PrintWriter;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ *
+ * @author breakthesec
+ */
+public class AddPage extends HttpServlet {
+
+    /**
+     * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
+     * methods.
+     *
+     * @param request servlet request
+     * @param response servlet response
+     * @throws ServletException if a servlet-specific error occurs
+     * @throws IOException if an I/O error occurs
+     */
+    protected void processRequest(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+        response.setContentType("text/html;charset=UTF-8");
+        PrintWriter out = response.getWriter();
+        try {
+           String fileName=request.getParameter("filename");
+           String content=request.getParameter("content");
+           if(fileName!=null && content!=null)
+           {
+            String pagesDir=getServletContext().getRealPath("/pages");
+            String filePath=pagesDir+"/"+fileName;
+            File f=new File(filePath);
+            if(f.exists())
+            {
+                f.delete();
+            }
+                if(f.createNewFile())
+                {
+                    BufferedWriter bw=new BufferedWriter(new FileWriter(f.getAbsoluteFile()));
+                    bw.write(content);
+                    bw.close();
+                    out.print("Successfully created the file: <a href='../pages/"+fileName+"'>"+fileName+"</a>");
+                }
+                else
+                {
+                    out.print("Failed to create the file");
+                }
+           }
+           else
+           {
+               out.print("filename or content Parameter is missing");
+           }           
+           
+        } 
+        catch(Exception e)
+        {
+            out.print(e);
+        }
+        finally {
+            out.close();
+        }
+    }
+
+    // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
+    /**
+     * Handles the HTTP <code>GET</code> method.
+     *
+     * @param request servlet request
+     * @param response servlet response
+     * @throws ServletException if a servlet-specific error occurs
+     * @throws IOException if an I/O error occurs
+     */
+    @Override
+    protected void doGet(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+        processRequest(request, response);
+    }
+
+    /**
+     * Handles the HTTP <code>POST</code> method.
+     *
+     * @param request servlet request
+     * @param response servlet response
+     * @throws ServletException if a servlet-specific error occurs
+     * @throws IOException if an I/O error occurs
+     */
+    @Override
+    protected void doPost(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+        processRequest(request, response);
+    }
+
+    /**
+     * Returns a short description of the servlet.
+     *
+     * @return a String containing servlet description
+     */
+    @Override
+    public String getServletInfo() {
+        return "Short description";
+    }// </editor-fold>
+
+}
@@ -0,0 +1,108 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+
+package org.cysecurity.cspf.jvl.controller;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.sql.Connection;
+import java.sql.ResultSet;
+import java.sql.Statement;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.cysecurity.cspf.jvl.model.DBConnect;
+import org.json.JSONObject;
+
+/**
+ *
+ * @author breakthesec
+ */
+public class EmailCheck extends HttpServlet {
+
+    /**
+     * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
+     * methods.
+     *
+     * @param request servlet request
+     * @param response servlet response
+     * @throws ServletException if a servlet-specific error occurs
+     * @throws IOException if an I/O error occurs
+     */
+    protected void processRequest(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+         response.setContentType("application/json");
+        PrintWriter out = response.getWriter();
+        try {
+               Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
+               String email=request.getParameter("email").trim();
+               JSONObject json=new JSONObject();
+                if(con!=null && !con.isClosed())
+                {
+                    ResultSet rs=null;
+                    Statement stmt = con.createStatement();  
+                    rs=stmt.executeQuery("select * from users where email='"+email+"'");
+                    if (rs.next()) 
+                    {  
+                     json.put("available", "1"); 
+                    }  
+                    else
+                    {  
+                      json.put("available", new Integer(0));  
+                    }  
+                }
+                out.print(json);
+        } 
+        catch(Exception e)
+        {
+            out.print(e);
+        }
+        finally {
+            out.close();
+        }
+    }
+
+    // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
+    /**
+     * Handles the HTTP <code>GET</code> method.
+     *
+     * @param request servlet request
+     * @param response servlet response
+     * @throws ServletException if a servlet-specific error occurs
+     * @throws IOException if an I/O error occurs
+     */
+    @Override
+    protected void doGet(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+        processRequest(request, response);
+    }
+
+    /**
+     * Handles the HTTP <code>POST</code> method.
+     *
+     * @param request servlet request
+     * @param response servlet response
+     * @throws ServletException if a servlet-specific error occurs
+     * @throws IOException if an I/O error occurs
+     */
+    
+    protected void doPost(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+        processRequest(request, response);
+    }
+
+    /**
+     * Returns a short description of the servlet.
+     *
+     * @return a String containing servlet description
+     */
+    @Override
+    public String getServletInfo() {
+        return "Short description";
+    }// </editor-fold>
+
+}