File tree Expand file tree Collapse file tree 5 files changed +27
-2
lines changed
Expand file tree Collapse file tree 5 files changed +27
-2
lines changed Original file line number Diff line number Diff line change 2424| Swagger-ui未授权 | 1 | |
2525| 阿里巴巴 Druid 未授权 | 1 | |
2626
27- 误报数量 = 漏洞修复数量 + 误报案例数量
27+ 误报数量 = 漏洞修复数量 + 误报案例数量
28+
29+ ## 漏洞详情
30+
31+ 漏洞源码主要在[ controller] ( ./src/main/java/com/example/vulnerablejava/controller/ ) 目录下,详情可参考代码注释信息。
32+
33+ ## 漏洞验证方式
34+
35+ 执行 ` mvn spring-boot:run ` 或 ` java -jar vulnerablejava.jar ` 运行项目,使用curl或burp进行验证即可,例如:
36+
37+ ![ burp] ( ./docs/imgs/burp.png )
38+
39+ 或直接访问 ` http://127.0.0.1:8080/swagger-ui.html ` ,如下:
40+
41+ ![ swagger] ( ./docs/imgs/swagger.png )
42+
43+ 选择其中漏洞进行测试,例如:
44+
45+ ![ swagger] ( ./docs/imgs/swagger2.png )
46+
47+ ## 注意
48+
49+ 0 . 主要用于验证SAST产品常规漏洞准确性及覆盖面
50+ 1 . 默认使用内置sqlite数据库,打包后可直接运行
51+ 2 . 无前端项目,内置swagger辅助测试
52+ 3 . 漏洞详情、利用方式,主要在[ controller] ( ./src/main/java/com/example/vulnerablejava/controller/ ) 文件注释中
Original file line number Diff line number Diff line change 44 <modelVersion >4.0.0</modelVersion >
55 <groupId >com.example</groupId >
66 <artifactId >vulnerablejava</artifactId >
7- <version >0.0.1 -SNAPSHOT</version >
7+ <version >1.0 -SNAPSHOT</version >
88 <name >vulnerablejava</name >
99 <description >Demo project for Spring Boot</description >
1010 <properties >
You can’t perform that action at this time.
0 commit comments