Adding Sample Vulnerabilities

build.gradle

@@ -69,6 +69,24 @@ jib {
   	}
 }
 
+tasks.register('GenerateSampleVulnerability'){
+	group = 'SasanLabs'
+	description = 'Generates Sample Vulnerability template'
+	println 'Copying SampleVulnerability java file to org.sasanlabs.service.vulnerability.sampleVulnerability package'
+	copy {
+    	from(file('src/main/resources/sampleVulnerability/sampleVulnerability'))
+    	into(file('src/main/java/org/sasanlabs/service/vulnerability/sampleVulnerability'))
+    }
+    println 'Copy of java file is completed'
+    println 'Copying SampleVulnerability html/css/js files to static/templates/SampleVulnerability/LEVEL_1'
+    copy {
+    	from(file('src/main/resources/sampleVulnerability/staticResources/LEVEL_1'))
+    	into(file('src/main/resources/static/templates/SampleVulnerability/LEVEL_1'))
+    }
+    println 'Copy of html/css/js files is completed'
+    println 'SampleVulnerability is generated !!!'
+}
+
 dependencies {
     implementation group: 'org.springframework.boot', name: 'spring-boot-starter-web'
 

src/main/java/org/sasanlabs/internal/utility/annotations/VulnerableAppRequestMapping.java

@@ -36,6 +36,7 @@
      *
      * @return Localization Key
      */
+    @Deprecated
     String descriptionLabel() default "EMPTY_LABEL";
 
     /**
@@ -62,6 +63,7 @@ RequestParameterLocation requestParameterLocation() default
      *
      * @return name of the parameter which holds the value
      */
+    @Deprecated
     String parameterName() default "";
 
     /**

src/main/java/org/sasanlabs/vulnerability/types/VulnerabilityType.java

@@ -3,6 +3,9 @@
 /** @author KSASAN [email protected] */
 public enum VulnerabilityType {
 
+    // Sample Vulnerability type, should not be used for real vulnerability.
+    SAMPLE_VULNERABILITY(-1, -1),
+
     // SQL Injection
     BLIND_SQL_INJECTION(89, 19),
 

src/main/resources/i18n/messages.properties

@@ -1,5 +1,9 @@
 EMPTY_LABEL=
 
+#Sample Vulnerability Label
+SAMPLE_VULNERABILITY=Sample Vulnerability for helping developers to write new vulnerabilities. <br/>
+SAMPLE_VULNERABILITY_USER_INPUT_HANDLING_INJECTION=User input is not handled currently as it is a sample vulnerability
+
 # Exception Code Labels
 INVALID_END_POINT=Following {0} end point is not available. Please check endpoint name from allEndPoint call and try again.
 INVALID_LEVEL=Following {0} level is not a valid level value. Please check supported level and endpoint from allEndPoint call and try again.

src/main/resources/sampleVulnerability/sampleVulnerability/SampleVulnerability.java

@@ -0,0 +1,114 @@
+package org.sasanlabs.service.vulnerability.sampleVulnerability;
+
+import org.sasanlabs.internal.utility.LevelConstants;
+import org.sasanlabs.internal.utility.Variant;
+import org.sasanlabs.internal.utility.annotations.AttackVector;
+import org.sasanlabs.internal.utility.annotations.VulnerableAppRequestMapping;
+import org.sasanlabs.internal.utility.annotations.VulnerableAppRestController;
+import org.sasanlabs.service.vulnerability.bean.GenericVulnerabilityResponseBean;
+import org.sasanlabs.vulnerability.types.VulnerabilityType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.RequestParam;
+
+/**
+ * This is a sample vulnerability for helping developers in adding a new Vulnerability for
+ * VulnerableApp
+ *
+ * @author KSASAN [email protected]
+ */
+/**
+ * {@code VulnerableAppRestController} annotation is similar to {@link
+ * org.springframework.stereotype.Controller} Annotation
+ */
+@VulnerableAppRestController(
+        /**
+         * "descriptionLabel" parameter of annotation is i18n label stored in {@link
+         * /VulnerableApp/src/main/resources/i18n/}. This descriptionLabel
+         * will be shown in the UI as the description of the Vulnerability. It helps students to
+         * learn about the vulnerability and can also include some of the useful references etc.
+         */
+        descriptionLabel = "SAMPLE_VULNERABILITY",
+        /**
+         * "value" parameter of annotation is used to create the request mapping. e.g. for the below
+         * parameter value, /VulnerableApp/SampleVulnerability will be created as URI Path.
+         */
+        value = "SampleVulnerability")
+public class SampleVulnerability {
+
+    /**
+     * {@code AttackVector} annotation is used to create the Hints section in the User Interface.
+     * This annotation can be mentioned multiple times in case the same vulnerability level
+     */
+    @AttackVector(
+            /**
+             * "vulnerabilityExposed" parameter is used to depict the Vulnerability exposed by the
+             * level. For example say a level is exposing SQL_INJECTION.
+             */
+            vulnerabilityExposed = VulnerabilityType.SAMPLE_VULNERABILITY,
+            /**
+             * "description" parameter of annotation is i18n label stored in {@link
+             * /VulnerableApp/src/main/resources/i18n/}. This description
+             * will be shown in the UI as hint to give some indication on how the level is handling
+             * input to help user to crack the level.
+             */
+            description = "SAMPLE_VULNERABILITY_USER_INPUT_HANDLING_INJECTION",
+
+            /**
+             * "payload" parameter of annotation is i18n label stored in {@link
+             * /VulnerableApp/src/main/resources/attackvectors/*.properties}. This payload will be
+             * shown in UI to help users find/exploit the vulnerability
+             */
+            payload = "NOT_APPLICABLE")
+    /**
+     * This annotation is similar to {@link RequestMapping} SpringBoot annotation. It will map the
+     * endpoint to /VulnerableApp/SampleVulnerability/LEVEL_1 where LEVEL_1 is coming from the value
+     * parameter.
+     */
+    @VulnerableAppRequestMapping(
+            /**
+             * "value" parameter is used to map the level to URI path
+             * /VulnerableApp/SampleVulnerability/${value}.
+             */
+            value = LevelConstants.LEVEL_1,
+            /**
+             * "descriptionLabel" is not required and should be removed. Please don't populate it.
+             */
+            descriptionLabel = "EMPTY_LABEL",
+            /**
+             * "htmlTemplate" is used to load the UI for the level for taking input from the user.
+             * It points to files in directory
+             * src/main/resource/static/templates/${VulnerabilityName} e.g.
+             * src/main/resource/static/templates/SampleVulnerability as ${htmlTemplate}.js,
+             * ${htmlTemplate}.css, ${htmlTemplate}.html. e.g. in this case it will be:
+             * src/main/resource/static/templates/SampleVulnerability/LEVEL_1/SampleVulnerability_Level1.js
+             * etc
+             *
+             * <p>CSS, JS and HTML are all loaded to render the UI.
+             */
+            htmlTemplate = "LEVEL_1/SampleVulnerability",
+            /** "parameterName" is not required and should be removed. Please don't populate it. */
+            parameterName = "name")
+    public GenericVulnerabilityResponseBean<String> sampleUnsecuredLevel(@RequestParam("name") String key) {
+        /** Add Business logic here */
+        return new GenericVulnerabilityResponseBean<>("Not Implemented", true);
+    }
+
+    /** For secured level there is no need for {@link AttackVector} annotation. */
+    @VulnerableAppRequestMapping(
+            value = LevelConstants.LEVEL_2,
+            descriptionLabel = "EMPTY_LABEL",
+            // Can reuse the same UI template in case it doesn't change between levels
+            htmlTemplate = "LEVEL_1/SampleVulnerability",
+            parameterName = "name",
+            /**
+             * "variant" parameter defines whether the level is secure or not and same is depicted
+             * in the UI as a closed lock and open lock icon. Default value of the variant is
+             * UNSECURE so in case a secure level is added, please add the variant as {@link
+             * Variant#SECURE}
+             */
+            variant = Variant.SECURE)
+    public GenericVulnerabilityResponseBean<String> sampleSecuredLevel(@RequestParam("name") String key) {
+        /** Add Business logic here */
+    	return new GenericVulnerabilityResponseBean<>("Not Implemented", true);
+    }
+}

src/main/resources/sampleVulnerability/staticResources/LEVEL_1/SampleVulnerability.css

@@ -0,0 +1,16 @@
+#SampleVulnerability {
+    color: black;
+    text-align: center;
+}
+
+#fetchDetails {
+    background: blueviolet;
+    display: inline-block;
+    padding: 8px 8px;
+    margin: 10px;
+    border: 2px solid transparent;
+    border-radius: 3px;
+    transition: 0.2s opacity;
+    color: #FFF;
+    font-size: 12px;
+}

src/main/resources/sampleVulnerability/staticResources/LEVEL_1/SampleVulnerability.html

@@ -0,0 +1,9 @@
+<div id="SampleVulnerability">
+	<div>
+		<div id="level_info">
+			This is a Sample Vulnerability. please add the UI components here.
+		</div>
+		<button id=fetchDetails>Click Here</button>
+		<div id="response"></div>
+	</div>
+</div>

src/main/resources/sampleVulnerability/staticResources/LEVEL_1/SampleVulnerability.js

@@ -0,0 +1,27 @@
+function addingEventListenerToFetchData() {
+  document
+    .getElementById("fetchDetails")
+    .addEventListener("click", function () {
+      /**
+       * getUrlForVulnerabilityLevel() method provides url to call the Vulnerability Level
+       * of Sample Vulnerability.
+       * e.g. /VulnerableApp/SampleVulnerability/LEVEL_1 for LEVEL_1
+       */
+      let url = getUrlForVulnerabilityLevel();
+      /**
+       * doGetAjaxCall() method is used to do the ajax get call to the Vulnerability Level
+       */
+      doGetAjaxCall(
+        fetchDataCallback,
+        url + "?name=dummyInput",
+        true
+      );
+    });
+}
+// Used to register event on the button or any other component
+addingEventListenerToFetchData();
+
+//Callback function to handle the response and render in the UI
+function fetchDataCallback(data) {
+  document.getElementById("response").innerHTML = data.content;
+}