Merge pull request #67 from hahwul/hahwul-dev

Add JSP Analyzer
owasp-noir · Sep 5, 2023 · 5fb4b45 · 5fb4b45
2 parents 5915a12 + 9f46eba
commit 5fb4b45
Show file tree

Hide file tree

Showing 6 changed files with 79 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -28,7 +28,7 @@
 | Ruby     | Sinatra   | ✅   | ✅      | ✅     | ✅      | X  |
 | Php      |           | ✅   | ✅      | ✅     | ✅      | X  |
 | Java     | Spring    | ✅   | ✅      | X     | X      | X  |
-| Java     | Jsp       | X   | X      | X     | X      | X  |
+| Java     | Jsp       | ✅   | ✅      | ✅     | X      | X  |
 | Crystal  | Kemal     | ✅   | ✅      | ✅     | ✅      | ✅  |
 | JS       | Express   | ✅   | ✅      | X     | X      | X  |
 | JS       | Next      | X   | X      | X     | X      | X  |

diff --git a/spec/functional_test/fixtures/jsp/el.jsp b/spec/functional_test/fixtures/jsp/el.jsp
@@ -0,0 +1,3 @@
+<%
+    String username = ${param.username}
+%>
diff --git a/spec/functional_test/fixtures/jsp/get_param.jsp b/spec/functional_test/fixtures/jsp/get_param.jsp
@@ -0,0 +1,4 @@
+<%
+    String username = request.getParameter("username");
+    String password = request.getParameter("password");
+%>
diff --git a/spec/functional_test/testers/jsp_spec.cr b/spec/functional_test/testers/jsp_spec.cr
@@ -0,0 +1,14 @@
+require "../func_spec.cr"
+
+extected_endpoints = [
+  Endpoint.new("/get_param.jsp", "GET", [
+    Param.new("username", "", "query"),
+    Param.new("password", "", "query"),
+  ]),
+  Endpoint.new("/el.jsp", "GET", [Param.new("username", "", "query")]),
+]
+
+FunctionalTester.new("fixtures/jsp/", {
+  :techs     => 1,
+  :endpoints => 2,
+}, extected_endpoints).test_all
diff --git a/src/analyzer/analyzer.cr b/src/analyzer/analyzer.cr
@@ -14,6 +14,7 @@ def initialize_analyzers(logger : NoirLogger)
   analyzers["oas2"] = ->analyzer_oas2(Hash(Symbol, String))
   analyzers["oas3"] = ->analyzer_oas3(Hash(Symbol, String))
   analyzers["raml"] = ->analyzer_raml(Hash(Symbol, String))
+  analyzers["java_jsp"] = ->analyzer_jsp(Hash(Symbol, String))
 
   logger.info_sub "#{analyzers.size} Analyzers initialized"
   logger.debug "Analyzers:"

diff --git a/src/analyzer/analyzers/analyzer_jsp.cr b/src/analyzer/analyzers/analyzer_jsp.cr
@@ -0,0 +1,56 @@
+require "../../utils/utils.cr"
+require "../../models/analyzer"
+
+class AnalyzerJsp < Analyzer
+  def analyze
+    # Source Analysis
+    Dir.glob("#{base_path}/**/*") do |path|
+      next if File.directory?(path)
+      if base_path[-1].to_s == "/"
+        relative_path = path.sub("#{base_path}", "").sub("./", "").sub("//", "/")
+      else
+        relative_path = path.sub("#{base_path}/", "").sub("./", "").sub("//", "/")
+      end
+      relative_path = remove_start_slash(relative_path)
+
+      if File.exists?(path) && File.extname(path) == ".jsp"
+        File.open(path, "r", encoding: "utf-8", invalid: :skip) do |file|
+          params_query = [] of Param
+
+          file.each_line do |line|
+            if line.includes? "request.getParameter"
+              match = line.strip.match(/request.getParameter\("(.*?)"\)/)
+              if match
+                param_name = match[1]
+                params_query << Param.new(param_name, "", "query")
+              end
+            end
+
+            if line.includes? "${param."
+              match = line.strip.match(/\$\{param\.(.*?)\}/)
+              if match
+                param_name = match[1]
+                params_query << Param.new(param_name, "", "query")
+              end
+            end
+          rescue
+            next
+          end
+          result << Endpoint.new("#{url}/#{relative_path}", "GET", params_query)
+        end
+      end
+    end
+    Fiber.yield
+
+    result
+  end
+
+  def allow_patterns
+    ["$_GET", "$_POST", "$_REQUEST", "$_SERVER"]
+  end
+end
+
+def analyzer_jsp(options : Hash(Symbol, String))
+  instance = AnalyzerJsp.new(options)
+  instance.analyze
+end