From 5de1c2b699b417e2b108b3da285afb5276b039b6 Mon Sep 17 00:00:00 2001
From: karan preet singh sasan <karanpreet_singh@intuit.com>
Date: Sun, 2 Aug 2020 02:14:30 +0530
Subject: [PATCH] UI changes for Command Injection

---
 .../commandInjection/CommandInjection.java    | 28 +++++++++++--------
 .../CommandInjection/LEVEL_1/CI_Level1.js     | 18 ++++++------
 2 files changed, 25 insertions(+), 21 deletions(-)

diff --git a/src/main/java/org/sasanlabs/service/vulnerability/commandInjection/CommandInjection.java b/src/main/java/org/sasanlabs/service/vulnerability/commandInjection/CommandInjection.java
index ebbc2df8..b93cbb29 100644
--- a/src/main/java/org/sasanlabs/service/vulnerability/commandInjection/CommandInjection.java
+++ b/src/main/java/org/sasanlabs/service/vulnerability/commandInjection/CommandInjection.java
@@ -79,11 +79,12 @@ public ResponseBean<GenericVulnerabilityResponseBean<String>> getVulnerablePaylo
 
     @AttackVector(
             vulnerabilityExposed = VulnerabilitySubType.COMMAND_INJECTION,
-            description = "COMMAND_INJECTION_URL_PARAM_DIRECTLY_EXECUTED_IF_SEMICOLON_SPACE_LOGICAL_AND_NOT_PRESENT")
+            description =
+                    "COMMAND_INJECTION_URL_PARAM_DIRECTLY_EXECUTED_IF_SEMICOLON_SPACE_LOGICAL_AND_NOT_PRESENT")
     @VulnerabilityLevel(
             value = LevelEnum.LEVEL_2,
             descriptionLabel = "COMMAND_INJECTION_URL_CONTAINING_IPADDRESS",
-           htmlTemplate = "LEVEL_1/CI_Level1",
+            htmlTemplate = "LEVEL_1/CI_Level1",
             parameterName = IP_ADDRESS,
             sampleValues = {"localhost"})
     public ResponseBean<GenericVulnerabilityResponseBean<String>> getVulnerablePayloadLevel2(
@@ -103,11 +104,12 @@ public ResponseBean<GenericVulnerabilityResponseBean<String>> getVulnerablePaylo
     // Case Insensitive
     @AttackVector(
             vulnerabilityExposed = VulnerabilitySubType.COMMAND_INJECTION,
-            description = "COMMAND_INJECTION_URL_PARAM_DIRECTLY_EXECUTED_IF_SEMICOLON_SPACE_LOGICAL_AND_%26_%3B_NOT_PRESENT")
+            description =
+                    "COMMAND_INJECTION_URL_PARAM_DIRECTLY_EXECUTED_IF_SEMICOLON_SPACE_LOGICAL_AND_%26_%3B_NOT_PRESENT")
     @VulnerabilityLevel(
             value = LevelEnum.LEVEL_3,
             descriptionLabel = "COMMAND_INJECTION_URL_CONTAINING_IPADDRESS",
-           htmlTemplate = "LEVEL_1/CI_Level1",
+            htmlTemplate = "LEVEL_1/CI_Level1",
             parameterName = IP_ADDRESS,
             sampleValues = {"localhost"})
     public ResponseBean<GenericVulnerabilityResponseBean<String>> getVulnerablePayloadLevel3(
@@ -130,11 +132,12 @@ public ResponseBean<GenericVulnerabilityResponseBean<String>> getVulnerablePaylo
     // http://localhost:9090/vulnerable/CommandInjectionVulnerability/LEVEL_3?ipaddress=192.168.0.1%20%7c%20cat%20/etc/passwd
     @AttackVector(
             vulnerabilityExposed = VulnerabilitySubType.COMMAND_INJECTION,
-            description = "COMMAND_INJECTION_URL_PARAM_DIRECTLY_EXECUTED_IF_SEMICOLON_SPACE_LOGICAL_AND_%26_%3B_CASE_INSENSITIVE_NOT_PRESENT")
+            description =
+                    "COMMAND_INJECTION_URL_PARAM_DIRECTLY_EXECUTED_IF_SEMICOLON_SPACE_LOGICAL_AND_%26_%3B_CASE_INSENSITIVE_NOT_PRESENT")
     @VulnerabilityLevel(
             value = LevelEnum.LEVEL_4,
             descriptionLabel = "COMMAND_INJECTION_URL_CONTAINING_IPADDRESS",
-           htmlTemplate = "LEVEL_1/CI_Level1",
+            htmlTemplate = "LEVEL_1/CI_Level1",
             parameterName = IP_ADDRESS,
             sampleValues = {"localhost"})
     public ResponseBean<GenericVulnerabilityResponseBean<String>> getVulnerablePayloadLevel4(
@@ -155,11 +158,12 @@ public ResponseBean<GenericVulnerabilityResponseBean<String>> getVulnerablePaylo
 
     @AttackVector(
             vulnerabilityExposed = VulnerabilitySubType.COMMAND_INJECTION,
-            description = "COMMAND_INJECTION_URL_PARAM_DIRECTLY_EXECUTED_IF_SEMICOLON_SPACE_LOGICAL_AND_%26_%3B_%7C_CASE_INSENSITIVE_NOT_PRESENT")
+            description =
+                    "COMMAND_INJECTION_URL_PARAM_DIRECTLY_EXECUTED_IF_SEMICOLON_SPACE_LOGICAL_AND_%26_%3B_%7C_CASE_INSENSITIVE_NOT_PRESENT")
     @VulnerabilityLevel(
             value = LevelEnum.LEVEL_5,
             descriptionLabel = "COMMAND_INJECTION_URL_CONTAINING_IPADDRESS",
-           htmlTemplate = "LEVEL_1/CI_Level1",
+            htmlTemplate = "LEVEL_1/CI_Level1",
             parameterName = IP_ADDRESS,
             sampleValues = {"localhost"})
     public ResponseBean<GenericVulnerabilityResponseBean<String>> getVulnerablePayloadLevel5(
@@ -182,7 +186,7 @@ public ResponseBean<GenericVulnerabilityResponseBean<String>> getVulnerablePaylo
     @VulnerabilityLevel(
             value = LevelEnum.LEVEL_6,
             descriptionLabel = "COMMAND_INJECTION_URL_CONTAINING_IPADDRESS",
-           htmlTemplate = "LEVEL_1/CI_Level1",
+            htmlTemplate = "LEVEL_1/CI_Level1",
             parameterName = IP_ADDRESS,
             sampleValues = {"localhost"})
     public ResponseBean<GenericVulnerabilityResponseBean<String>> getVulnerablePayloadLevel6(
@@ -195,8 +199,10 @@ public ResponseBean<GenericVulnerabilityResponseBean<String>> getVulnerablePaylo
                                         () ->
                                                 ipAddress != null
                                                         && (IP_ADDRESS_PATTERN
-                                                                .matcher(ipAddress)
-                                                                .matches() || ipAddress.contentEquals("localhost")))
+                                                                        .matcher(ipAddress)
+                                                                        .matches()
+                                                                || ipAddress.contentEquals(
+                                                                        "localhost")))
                                 .toString(),
                         true));
     }
diff --git a/src/main/resources/static/templates/CommandInjection/LEVEL_1/CI_Level1.js b/src/main/resources/static/templates/CommandInjection/LEVEL_1/CI_Level1.js
index 32e3e69b..3e540180 100644
--- a/src/main/resources/static/templates/CommandInjection/LEVEL_1/CI_Level1.js
+++ b/src/main/resources/static/templates/CommandInjection/LEVEL_1/CI_Level1.js
@@ -1,14 +1,12 @@
 function addingEventListenerToPingButton() {
-  document
-    .getElementById("pingBtn")
-    .addEventListener("click", function() {
-      let url = getUrlForVulnerabilityLevel();
-      doGetAjaxCall(
-        pingUtilityCallback,
-        url + "?ipaddress=" + document.getElementById("ipaddress").value,
-        true
-      );
-    });
+  document.getElementById("pingBtn").addEventListener("click", function() {
+    let url = getUrlForVulnerabilityLevel();
+    doGetAjaxCall(
+      pingUtilityCallback,
+      url + "?ipaddress=" + document.getElementById("ipaddress").value,
+      true
+    );
+  });
 }
 addingEventListenerToPingButton();