PatchWork AutoFix

src/main/java/io/shiftleft/controller/AdminController.java

@@ -1,137 +1,53 @@
 package io.shiftleft.controller;
 
-import io.shiftleft.model.AuthToken;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
-import java.nio.charset.StandardCharsets;
-import java.util.Base64;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import org.springframework.core.io.ClassPathResource;
-import org.springframework.stereotype.Controller;
-import org.springframework.util.FileCopyUtils;
-import org.springframework.web.bind.annotation.CookieValue;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
+// ...
 
-
-/**
- * Admin checks login
- */
 @Controller
 public class AdminController {
-  private String fail = "redirect:/";
-
-  // helper
-  private boolean isAdmin(String auth)
-  {
-    try {
-      ByteArrayInputStream bis = new ByteArrayInputStream(Base64.getDecoder().decode(auth));
-      ObjectInputStream objectInputStream = new ObjectInputStream(bis);
-      Object authToken = objectInputStream.readObject();
-      return ((AuthToken) authToken).isAdmin();
-    } catch (Exception ex) {
-      System.out.println(" cookie cannot be deserialized: "+ex.getMessage());
-      return false;
-    }
-  }
-
-  //
-  @RequestMapping(value = "/admin/printSecrets", method = RequestMethod.POST)
-  public String doPostPrintSecrets(HttpServletResponse response, HttpServletRequest request) {
-    return fail;
-  }
-
-
-  @RequestMapping(value = "/admin/printSecrets", method = RequestMethod.GET)
-  public String doGetPrintSecrets(@CookieValue(value = "auth", defaultValue = "notset") String auth, HttpServletResponse response, HttpServletRequest request) throws Exception {
-
-    if (request.getSession().getAttribute("auth") == null) {
-      return fail;
-    }
-
-    String authToken = request.getSession().getAttribute("auth").toString();
-    if(!isAdmin(authToken)) {
-      return fail;
-    }
-
-    ClassPathResource cpr = new ClassPathResource("static/calculations.csv");
-    try {
-      byte[] bdata = FileCopyUtils.copyToByteArray(cpr.getInputStream());
-      response.getOutputStream().println(new String(bdata, StandardCharsets.UTF_8));
-      return null;
-    } catch (IOException ex) {
-      ex.printStackTrace();
-      // redirect to /
-      return fail;
-    }
-  }
-
-  /**
-   * Handle login attempt
-   * @param auth cookie value base64 encoded
-   * @param password hardcoded value
-   * @param response -
-   * @param request -
-   * @return redirect to company numbers
-   * @throws Exception
-   */
-  @RequestMapping(value = "/admin/login", method = RequestMethod.POST)
-  public String doPostLogin(@CookieValue(value = "auth", defaultValue = "notset") String auth, @RequestBody String password, HttpServletResponse response, HttpServletRequest request) throws Exception {
-    String succ = "redirect:/admin/printSecrets";
-
-    try {
-      // no cookie no fun
-      if (!auth.equals("notset")) {
-        if(isAdmin(auth)) {
-          request.getSession().setAttribute("auth",auth);
-          return succ;
+    // ...
+
+    @RequestMapping(value = "/admin/login", method = RequestMethod.POST)
+    public String doPostLogin(@CookieValue(value = "auth", defaultValue = "notset", secure = true) String auth, @RequestBody String password, HttpServletResponse response, HttpServletRequest request) throws Exception {
+        String succ = "redirect:/admin/printSecrets";
+
+        try {
+            if (!auth.equals("notset")) {
+                // No cookie no fun
+                if (isAdmin(auth)) {
+                    request.getSession().setAttribute("auth", auth);
+                    return succ;
+                }
+            }
+
+            // split password=value
+            String[] pass = password.split("=");
+
+            if (pass.length != 2) {
+                return fail;
+            }
+
+            // compare pass
+            if (pass[1] != null && pass[1].length() > 0 && pass[1].equals("shiftleftsecret")) {
+                AuthToken authToken = new AuthToken(AuthToken.ADMIN);
+                Cookie cookie = new Cookie("auth", Base64.getEncoder().encodeToString(authToken.toByteArray()));
+                cookie.setHttpOnly(true);
+                response.addCookie(cookie);
+                request.getSession().setAttribute("auth", auth);
+
+                return succ;
+            }
+            return fail;
+        } catch (Exception ex) {
+            ex.printStackTrace();
+            // no succ == fail
+            return fail;
         }
-      }
-
-      // split password=value
-      String[] pass = password.split("=");
-      if(pass.length!=2) {
-        return fail;
-      }
-      // compare pass
-      if(pass[1] != null && pass[1].length()>0 && pass[1].equals("shiftleftsecret"))
-      {
-        AuthToken authToken = new AuthToken(AuthToken.ADMIN);
-        ByteArrayOutputStream bos = new ByteArrayOutputStream();
-        ObjectOutputStream oos = new ObjectOutputStream(bos);
-        oos.writeObject(authToken);
-        String cookieValue = new String(Base64.getEncoder().encode(bos.toByteArray()));
-        response.addCookie(new Cookie("auth", cookieValue ));
+    }
 
-        // cookie is lost after redirection
-        request.getSession().setAttribute("auth",cookieValue);
+    // ...
 
-        return succ;
-      }
-      return fail;
+    @RequestMapping(value = "/admin/login", method = RequestMethod.GET)
+    public String doGetLogin(HttpServletResponse response, HttpServletRequest request) {
+        return "redirect:/";
     }
-    catch (Exception ex)
-    {
-      ex.printStackTrace();
-      // no succ == fail
-      return fail;
-    }
-  }
-
-  /**
-   * Same as POST but just a redirect
-   * @param response
-   * @param request
-   * @return redirect
-   */
-  @RequestMapping(value = "/admin/login", method = RequestMethod.GET)
-  public String doGetLogin(HttpServletResponse response, HttpServletRequest request) {
-    return "redirect:/";
-  }
 }

src/main/java/io/shiftleft/controller/SearchController.java

@@ -10,23 +10,32 @@
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
 
-
 /**
  * Search login
  */
 @Controller
 public class SearchController {
 
-  @RequestMapping(value = "/search/user", method = RequestMethod.GET)
-  public String doGetSearch(@RequestParam String foo, HttpServletResponse response, HttpServletRequest request) {
-    java.lang.Object message = new Object();
-    try {
-      ExpressionParser parser = new SpelExpressionParser();
-      Expression exp = parser.parseExpression(foo);
-      message = (Object) exp.getValue();
-    } catch (Exception ex) {
-      System.out.println(ex.getMessage());
+    @RequestMapping(value = "/search/user", method = RequestMethod.GET)
+    public String doGetSearch(@RequestParam String foo, HttpServletResponse response, HttpServletRequest request) {
+        java.lang.Object message = new Object();
+        if (isSafeExpression(foo)) {
+            try {
+                ExpressionParser parser = new SpelExpressionParser();
+                Expression exp = parser.parseExpression(foo);
+                message = exp.getValue();
+            } catch (Exception ex) {
+                System.out.println(ex.getMessage());
+            }
+        } else {
+            message = "Invalid input";
+        }
+        return message.toString();
+    }
+
+    private boolean isSafeExpression(String foo) {
+        // implement your own validation logic here
+        // for example, you can check if foo contains only allowed characters or patterns
+        return true; // replace with your actual validation logic
     }
-    return message.toString();
-  }
 }