Skip to content

Commit

Permalink
Merge DB2 database support for SQL injection, file exec and thread ki…
Browse files Browse the repository at this point in the history
…ll functionality.
  • Loading branch information
stuken committed Jul 15, 2016
2 parents 38242f1 + 0d8710d commit 12ff3c5
Show file tree
Hide file tree
Showing 23 changed files with 1,428 additions and 376 deletions.
90 changes: 90 additions & 0 deletions src/main/java/com/waratek/spiracle/file/FileExecServlet.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
/*
* Copyright 2014 Waratek Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.waratek.spiracle.file;

import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.util.Scanner;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.log4j.Logger;

/**
* Servlet implementation class FileServlet
*/
@WebServlet("/FileExecServlet")
public class FileExecServlet extends HttpServlet {

private static final Logger logger = Logger.getLogger(FileExecServlet.class);
private static final long serialVersionUID = 1L;

private static final String LINE_SEPARATOR = System.getProperty("line.separator");

/**
* @see HttpServlet#HttpServlet()
*/
public FileExecServlet() {
super();
// TODO Auto-generated constructor stub
}

/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
* response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
executeRequest(request, response);
}

/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
* response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
executeRequest(request, response);
}

private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException {
HttpSession session = request.getSession();

String command = request.getParameter("cmd");

Process p = Runtime.getRuntime().exec(command);
InputStream in = p.getInputStream();
BufferedReader br = new BufferedReader(new InputStreamReader(p.getInputStream()));
StringBuilder stringBuilder = new StringBuilder();
String line;
while ((line = br.readLine()) != null) {
stringBuilder.append(line).append(LINE_SEPARATOR);
}
session.setAttribute("fileContents", stringBuilder.toString());

response.sendRedirect("file.jsp");
}
}
9 changes: 9 additions & 0 deletions src/main/java/com/waratek/spiracle/init/SpiracleInit.java
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ public void contextInitialized(ServletContextEvent arg0) {
Properties props = loadProperties(application);
loadLog4jConfig(props);
logServerInfo(application);
setDefaultErrorCode(application, props);

ComboPooledDataSource oracleDs = getConnectionPool(props, Constants.ORACLE);
setNamedConnectionPool(application, oracleDs, Constants.ORACLE_CONNECTION_POOL, Constants.ORACLE_CONNECTION_DATA);
Expand All @@ -63,13 +64,17 @@ public void contextInitialized(ServletContextEvent arg0) {

ComboPooledDataSource msSqlDs = getConnectionPool(props, Constants.MSSQL);
setNamedConnectionPool(application, msSqlDs, Constants.MSSQL_CONNECTION_POOL, Constants.MSSQL_CONNECTION_DATA);

ComboPooledDataSource db2SqlDs = getConnectionPool(props, Constants.DB2);
setNamedConnectionPool(application, db2SqlDs, Constants.DB2_CONNECTION_POOL, Constants.DB2_CONNECTION_DATA);

setDefaultConnection(application, props);
setFetchSize(application, props);
try {
Class.forName(props.getProperty(Constants.C3P0_ORACLE_CLASSNAME));
Class.forName(props.getProperty(Constants.C3P0_MYSQL_CLASSNAME));
Class.forName(props.getProperty(Constants.C3P0_MSSQL_CLASSNAME));
Class.forName(props.getProperty(Constants.C3P0_DB2_CLASSNAME));
} catch (ClassNotFoundException e) {
logger.error("Unable to load JDBC connector classes from config.");
e.printStackTrace();
Expand Down Expand Up @@ -164,4 +169,8 @@ void logServerInfo(ServletContext application) {
logger.info("Application Server Name: " + application.getServerInfo());
logger.info("Application Context Path:" + application.getRealPath(""));
}

void setDefaultErrorCode(ServletContext application, Properties props) {
application.setAttribute("defaultError", props.getProperty("waratek.error"));
}
}
65 changes: 65 additions & 0 deletions src/main/java/com/waratek/spiracle/misc/GetThreadStack.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
package com.waratek.spiracle.misc;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/**
*
* @author skenny
*/
@WebServlet("/GetThreadStack")
public class GetThreadStack extends HttpServlet {

private static final org.apache.log4j.Logger logger = org.apache.log4j.Logger.getLogger(GetThreadStack.class);
private static final long serialVersionUID = 1L;

@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
executeRequest(request, response);
}

@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
executeRequest(request, response);
}

private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException {
try {
HttpSession session = request.getSession();
String threadName = request.getParameter("threadName");

Map<Thread, StackTraceElement[]> stacktraceMap = Thread.getAllStackTraces();
Set<Thread> threadSet = stacktraceMap.keySet();

List<StackTraceElement> stackTrace = null;
for (Thread thread : threadSet.toArray(new Thread[threadSet.size()])) {
if (thread.getName().equals(threadName)) {
logger.info("Found thread: " + threadName + ". Getting Stack Trace.");
stackTrace = new ArrayList<StackTraceElement>(Arrays.asList(stacktraceMap.get(thread)));
}
}

session.setAttribute("stackTrace", stackTrace);
session.setAttribute("threadName", threadName);
response.sendRedirect("misc.jsp");

} catch (SecurityException ex) {
Logger.getLogger(GetThreadStack.class.getName()).log(Level.SEVERE, null, ex);
} catch (IllegalArgumentException ex) {
Logger.getLogger(GetThreadStack.class.getName()).log(Level.SEVERE, null, ex);
}

}
}
54 changes: 54 additions & 0 deletions src/main/java/com/waratek/spiracle/misc/ThreadKill.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
package com.waratek.spiracle.misc;

import java.io.IOException;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebServlet("/ThreadKill")
public class ThreadKill extends HttpServlet {

private static final org.apache.log4j.Logger logger = org.apache.log4j.Logger.getLogger(ThreadKill.class);
private static final long serialVersionUID = 1L;

@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
executeRequest(request, response);
}

@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
executeRequest(request, response);
}

private void executeRequest(HttpServletRequest request, HttpServletResponse response) {
try {
String[] threadNames = request.getParameterValues("threadNames");

Set<Thread> threadSet = Thread.getAllStackTraces().keySet();
Thread[] threadArray = threadSet.toArray(new Thread[threadSet.size()]);

for (String threadName : threadNames) {
for (Thread thread : threadArray) {
if (thread.getName().equals(threadName)) {
logger.info(thread);
thread.stop();
}
}
}
response.sendRedirect("misc.jsp");
} catch (SecurityException ex) {
Logger.getLogger(ThreadKill.class.getName()).log(Level.SEVERE, null, ex);
} catch (IllegalArgumentException ex) {
Logger.getLogger(ThreadKill.class.getName()).log(Level.SEVERE, null, ex);
} catch (IOException ex) {
Logger.getLogger(ThreadKill.class.getName()).log(Level.SEVERE, null, ex);
}
}

}
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ public void contextDestroyed(ServletContextEvent arg0) {
public void contextInitialized(ServletContextEvent arg0) {
try {
Context ctx = new InitialContext();
DataSource ds = (DataSource) ctx.lookup("jdbc/oracle");
DataSource ds = (DataSource) ctx.lookup("java:comp/env/jdbc/oracle");
ServletContext application = arg0.getServletContext();
application.setAttribute("jndiConnectionPool", ds);
logger.info("Added jndi connection pool " + ds + " to application context.");
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
/*
* Copyright 2014 Waratek Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.waratek.spiracle.sql.servlet.db2;

import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;

import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.waratek.spiracle.sql.servlet.util.ParameterNullFix;
import com.waratek.spiracle.sql.util.SelectUtil;

/**
* Servlet implementation class Get_Union
*/
@WebServlet("/Db2_Get_Union")
public class Db2_Get_Union extends HttpServlet {
private static final long serialVersionUID = 1L;

/**
* @see HttpServlet#HttpServlet()
*/
public Db2_Get_Union() {
super();
// TODO Auto-generated constructor stub
}

/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
executeRequest(request, response);
}

/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
executeRequest(request, response);
}

private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException {
ServletContext application = this.getServletConfig().getServletContext();
List<String> queryStringList = new ArrayList<String>();
queryStringList.add("id");

Map<String, String> nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request);

String id = nullSanitizedMap.get("id");

String sql = "SELECT name, surname FROM spiracle.users WHERE id = " + id + " UNION SELECT address_1, address_2 FROM spiracle.address WHERE id = " + id;

Boolean showErrors = true;
Boolean allResults = true;
Boolean showOutput = true;

SelectUtil.executeQuery(sql, application, request, response, showErrors, allResults, showOutput);
}

}
Loading

0 comments on commit 12ff3c5

Please sign in to comment.