diff --git a/src/main/java/org/sasanlabs/service/vulnerability/jwt/JWTVulnerability.java b/src/main/java/org/sasanlabs/service/vulnerability/jwt/JWTVulnerability.java index 82000799..b70fff1b 100644 --- a/src/main/java/org/sasanlabs/service/vulnerability/jwt/JWTVulnerability.java +++ b/src/main/java/org/sasanlabs/service/vulnerability/jwt/JWTVulnerability.java @@ -11,6 +11,7 @@ import java.util.List; import java.util.Map; import java.util.Optional; +import javax.servlet.http.HttpServletRequest; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.sasanlabs.internal.utility.LevelConstants; @@ -32,8 +33,6 @@ import org.springframework.util.MultiValueMap; import org.springframework.web.bind.annotation.RequestParam; -import javax.servlet.http.HttpServletRequest; - /** * JWT client and server side implementation issues and remediations. Server side issues like: 1. * Weak HMAC key 2. none algorithm attack 3. Weak Hash algorithm 4. tweak Algorithm and Key. @@ -667,25 +666,19 @@ private ResponseEntity> getJWTResponseB @AttackVector( vulnerabilityExposed = VulnerabilityType.HEADER_INJECTION, - description = "HEADER_INJECTION_VULNERABILITY_EXAMPLE" - ) + description = "HEADER_INJECTION_VULNERABILITY_EXAMPLE") @VulnerableAppRequestMapping( value = LevelConstants.LEVEL_13, - htmlTemplate = "LEVEL_13/HeaderInjection_Level13" - ) - public ResponseEntity> getHeaderInjectionVulnerability(HttpServletRequest request) { + htmlTemplate = "LEVEL_13/HeaderInjection_Level13") + public ResponseEntity> getHeaderInjectionVulnerability( + HttpServletRequest request) { String headerValue = request.getHeader("User-Defined-Header"); if (headerValue != null && headerValue.contains("malicious")) { return new ResponseEntity<>( new GenericVulnerabilityResponseBean<>("Vulnerability exploited!", false), - HttpStatus.OK - ); + HttpStatus.OK); } return new ResponseEntity<>( - new GenericVulnerabilityResponseBean<>("Safe header", true), - HttpStatus.OK - ); + new GenericVulnerabilityResponseBean<>("Safe header", true), HttpStatus.OK); } - - } diff --git a/src/main/resources/static/templates/JWTVulnerability/LEVEL_13/HeaderInjection_Level13.js b/src/main/resources/static/templates/JWTVulnerability/LEVEL_13/HeaderInjection_Level13.js index 1baeddeb..d8a0d401 100644 --- a/src/main/resources/static/templates/JWTVulnerability/LEVEL_13/HeaderInjection_Level13.js +++ b/src/main/resources/static/templates/JWTVulnerability/LEVEL_13/HeaderInjection_Level13.js @@ -1,18 +1,23 @@ function addEventListenerToSendHeaderButton() { - document.getElementById("sendHeader").addEventListener("click", function() { - const headerName = document.getElementById("headerName").value; - const headerValue = document.getElementById("headerValue").value; + document.getElementById("sendHeader").addEventListener("click", function () { + const headerName = document.getElementById("headerName").value; + const headerValue = document.getElementById("headerValue").value; - let url = getUrlForVulnerabilityLevel(); + let url = getUrlForVulnerabilityLevel(); - doGetAjaxCall(function(data) { - document.getElementById("headerResponse").innerHTML = data.isValid ? - "Header Injection was successful!" : - "Header Injection failed. Please try again."; - }, url, true, { - [headerName]: headerValue - }); - }); + doGetAjaxCall( + function (data) { + document.getElementById("headerResponse").innerHTML = data.isValid + ? "Header Injection was successful!" + : "Header Injection failed. Please try again."; + }, + url, + true, + { + [headerName]: headerValue, + } + ); + }); } addEventListenerToSendHeaderButton();