-
Notifications
You must be signed in to change notification settings - Fork 0
/
test.java
40 lines (37 loc) · 1.23 KB
/
test.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
import java.io.*;
import java.security.*;
import java.sql.*;
import java.util.*;
import java.util.zip.*;
// import org.apache.commons.io.FileUtils;
public class test {
public static void main(String[] args) throws Exception {
System.out.println("Hello, world");
// command injection
Process process = Runtime.getRuntime().exec(args[1]);
// path traversal
File f = new File(args[1]);
FileInputStream fis = new FileInputStream(f);
int r = 0;
while ((r = fis.read()) != -1) {
System.out.print((char)r);
}
// SQL injection
Connection c = DriverManager.getConnection(args[1], args[1], args[1]);
Statement stmt = c.createStatement();
stmt.executeUpdate("DELETE FROM " + args[1]);
c.close();
}
// https://rules.sonarsource.com/java/type/Vulnerability
/*public static List<String> zipSlipNoncompliant(ZipFile zipFile) throws IOException {
Enumeration<? extends ZipEntry> entries = zipFile.entries();
List<String> filesContent = new ArrayList<>();
while (entries.hasMoreElements()) {
ZipEntry entry = entries.nextElement();
File file = new File(entry.getName());
String content = FileUtils.readFileToString(file, StandardCharsets.UTF_8); // Noncompliant
filesContent.add(content);
}
return filesContent;
}*/
}