diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..e1c583a
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,18 @@
+# Maven build artifacts
+target/
+
+# IDE files
+.idea/
+*.iml
+.vscode/
+.classpath
+.project
+.settings/
+
+# OS files
+.DS_Store
+Thumbs.db
+
+# Temporary files
+*.log
+*.tmp
diff --git a/call_graph.dot b/call_graph.dot
new file mode 100644
index 0000000..467d800
--- /dev/null
+++ b/call_graph.dot
@@ -0,0 +1,53 @@
+digraph G {
+ "BooksServlet.PreparedStatementDirectPara";
+ "BooksServlet.PreparedStatementDirectParaAsync";
+ "BooksServlet.PreparedStatementDirectParaIdentifier1";
+ "BooksServlet.PreparedStatementDirectParaIdentifier2";
+ "BooksServlet.PreparedStatementDirectParaIdentifier3";
+ "BooksServlet.PreparedStatementEexecuteQuerySQL";
+ "BooksServlet.PreparedStatementEexecuteQuerySQL";
+ "BooksServlet.StoredProcDirectPara";
+ "BooksServlet.StoredProcDirectParaAsync";
+ "BooksServlet.connect";
+ "BooksServlet.connectpsql";
+ "BooksServlet.createRecord";
+ "BooksServlet.doGet";
+ "BooksServlet.doPost";
+ "BooksServlet.executeQuerySQL";
+ "BooksServlet.executeQuerySQL";
+ "BooksServlet.executeSQL";
+ "BooksServlet.executeSQLHelper";
+ "BooksServlet.executeSQLHelper";
+ "BooksServlet.executeSQLHelper";
+ "BooksServlet.executeSQLWithAutogenkeys";
+ "BooksServlet.executeSQLWithColIndex";
+ "BooksServlet.executeUpdateSQL";
+ "BooksServlet.getCustomerPreparedStatement2";
+ "BooksServlet.getCustomersMultipleStoredProc";
+ "BooksServlet.getCustomersNonvulnerableStoredProc";
+ "BooksServlet.getCustomersPreparedStatement";
+ "BooksServlet.getCustomersPreparedStatementExecute";
+ "BooksServlet.getCustomersPreparedStatementExecuteQuery";
+ "BooksServlet.getCustomersPreparedStatementExecuteUpdate";
+ "BooksServlet.getCustomersStoredProc";
+ "BooksServlet.getCustomersStoredProc";
+ "BooksServlet.getCustomersStoredProc";
+ "BooksServlet.getCustomersStoredProc1";
+ "BooksServlet.getCustomersStoredProc2";
+ "BooksServlet.getCustomersStoredProcAsync";
+ "BooksServlet.getCustomersUpdateColName";
+ "BooksServlet.init";
+ "BooksServlet.insertCustomers";
+ "BooksServlet.isNumeric";
+ "BooksServlet.storedproccallbyName";
+ "BooksServlet.storedproccallwithsqlinj";
+ "CallableStatementTask.CallableStatementTask";
+ "CallableStatementTask.call";
+ "PrepareStatementTask.PrepareStatementTask";
+ "PrepareStatementTask.call";
+
+
+ "CallableStatementTask.CallableStatementTask" -> "CallableStatementTask.call";
+ "PrepareStatementTask.PrepareStatementTask" -> "PrepareStatementTask.call";
+
+ }
diff --git a/pom.xml b/pom.xml
index ddcc05b..ccdc834 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,17 +24,17 @@
org.apache.commons
commons-text
- 1.9
+ 1.10.0
mysql
mysql-connector-java
- 5.1.42
+ 8.0.33
com.mchange
c3p0
- 0.9.5.2
+ 0.10.0
org.jboss.weld
@@ -66,7 +66,7 @@
org.apache.logging.log4j
log4j-core
- 2.3
+ 2.23.1
true
test
@@ -98,12 +98,12 @@
org.mockito
mockito-core
- 2.28.2
+ 5.8.0
com.google.errorprone
error_prone_annotations
- 2.7.1
+ 2.24.1
org.webjars.bowergithub.webcomponents
diff --git a/src/main/java/com/endor/AsyncServlet.java b/src/main/java/com/endor/AsyncServlet.java
index 789dc6a..e6f4319 100644
--- a/src/main/java/com/endor/AsyncServlet.java
+++ b/src/main/java/com/endor/AsyncServlet.java
@@ -318,12 +318,17 @@ private Connection connect() {
Connection conn = null;
boolean retval = false;
try {
- // Create database connection
+ // Create database connection using system properties
System.out.println("Oracle JDBC Driver Loaded");
System.out.println("Oracle Connecting..");
- String nameForConnect = "sys as sysdba";
- String pass1 = "Psmo0601";
- String url = "jdbc:oracle:thin:@10.0.22.108:1521:XE";
+ String nameForConnect = System.getProperty("endor_db_user");
+ String pass1 = System.getProperty("endor_db_password");
+ String url = System.getProperty("endor_connection_url");
+
+ if (url == null || nameForConnect == null || pass1 == null || pass1.isEmpty()) {
+ throw new IllegalStateException("Database credentials must be provided via system properties");
+ }
+
conn = DriverManager.getConnection(url, nameForConnect, pass1);
System.out.println("Oracle Connected");
} catch (Exception e) {
@@ -338,9 +343,14 @@ public static String insertCustomers(String first, String last, String pass) {
StringBuffer sbuf = new StringBuffer();
Connection conn = null;
- String db = "jdbc:hsqldb:hsql://localhost/xdb";
- String user = "SA";
- String password = "";
+ String db = System.getProperty("endor_hsqldb_url", "jdbc:hsqldb:hsql://localhost/xdb");
+ String user = System.getProperty("endor_hsqldb_user", "SA");
+ String password = System.getProperty("endor_hsqldb_password");
+
+ // Return error string instead of throwing exception to match method signature
+ if (password == null) {
+ return "ERROR: Database password must be provided via endor_hsqldb_password system property";
+ }
try {
// Create database connection
diff --git a/src/main/java/com/endor/BooksServlet.java b/src/main/java/com/endor/BooksServlet.java
index 73168c4..4f6c2c0 100644
--- a/src/main/java/com/endor/BooksServlet.java
+++ b/src/main/java/com/endor/BooksServlet.java
@@ -35,9 +35,18 @@ public class BooksServlet extends HttpServlet {
@Override
public void init() throws ServletException {
super.init();
- connectionUrl =System.getProperty("endor_connection_url", "jdbc:oracle:thin:@10.0.22.108:1521:XE");
- dbUser =System.getProperty("endor_db_user", "sys as sysdba");
- dbPassword =System.getProperty("endor_db_password", "Psmo0601");
+ connectionUrl =System.getProperty("endor_connection_url");
+ if (connectionUrl == null) {
+ throw new ServletException("Database connection URL must be provided via endor_connection_url system property");
+ }
+ dbUser =System.getProperty("endor_db_user");
+ if (dbUser == null) {
+ throw new ServletException("Database user must be provided via endor_db_user system property");
+ }
+ dbPassword =System.getProperty("endor_db_password");
+ if (dbPassword == null || dbPassword.isEmpty()) {
+ throw new ServletException("Database password must be provided via endor_db_password system property");
+ }
dbType =System.getProperty("endor_db_type", DB_TYPE_ORACLE);
}
@@ -556,12 +565,17 @@ private Connection connect() {
private Connection connectpsql() {
Connection conn = null;
try {
- // Create database connection
- String dbURL = "jdbc:postgresql://localhost:5432/sqlinject?sslmode=disable";
- String user = "postgres";
- String password = "Psqlpsmo@1";
- conn = DriverManager.getConnection(dbURL, user, password);
- System.out.println("DB Connection established");
+ // Create database connection using system properties
+ String dbURL = System.getProperty("endor_connection_url");
+ String user = System.getProperty("endor_db_user");
+ String password = System.getProperty("endor_db_password");
+
+ if (dbURL == null || user == null || password == null || password.isEmpty()) {
+ throw new IllegalStateException("Database credentials must be provided via system properties");
+ }
+
+ conn = DriverManager.getConnection(dbURL, user, password);
+ System.out.println("DB Connection established");
} catch (Exception e) {
System.err.println("ERROR: failed to connect postgres SQL.");
e.printStackTrace();
@@ -574,9 +588,14 @@ public static String insertCustomers(String first, String last, String pass) {
StringBuffer sbuf = new StringBuffer();
Connection conn = null;
- String db = "jdbc:hsqldb:hsql://localhost/xdb";
- String user = "SA";
- String password = "";
+ String db = System.getProperty("endor_hsqldb_url", "jdbc:hsqldb:hsql://localhost/xdb");
+ String user = System.getProperty("endor_hsqldb_user", "SA");
+ String password = System.getProperty("endor_hsqldb_password");
+
+ // Return error string instead of throwing exception to match method signature
+ if (password == null) {
+ return "ERROR: Database password must be provided via endor_hsqldb_password system property";
+ }
try {
// Create database connection
diff --git a/src/main/java/com/endor/ExtraServlet.java b/src/main/java/com/endor/ExtraServlet.java
index 977a32f..b2e048a 100644
--- a/src/main/java/com/endor/ExtraServlet.java
+++ b/src/main/java/com/endor/ExtraServlet.java
@@ -38,9 +38,18 @@ public class ExtraServlet extends HttpServlet {
@Override
public void init() throws ServletException {
super.init();
- connectionUrl =System.getProperty("endor_connection_url", "jdbc:oracle:thin:@10.0.22.108:1521:XE");
- dbUser =System.getProperty("endor_db_user", "sys as sysdba");
- dbPassword =System.getProperty("endor_db_password", "Psmo0601");
+ connectionUrl =System.getProperty("endor_connection_url");
+ if (connectionUrl == null) {
+ throw new ServletException("Database connection URL must be provided via endor_connection_url system property");
+ }
+ dbUser =System.getProperty("endor_db_user");
+ if (dbUser == null) {
+ throw new ServletException("Database user must be provided via endor_db_user system property");
+ }
+ dbPassword =System.getProperty("endor_db_password");
+ if (dbPassword == null || dbPassword.isEmpty()) {
+ throw new ServletException("Database password must be provided via endor_db_password system property");
+ }
dbType =System.getProperty("endor_db_type", DB_TYPE_ORACLE);
}
diff --git a/src/main/java/com/endor/GetInputStreamInnerTest.java b/src/main/java/com/endor/GetInputStreamInnerTest.java
index bb5c2a6..16aea69 100644
--- a/src/main/java/com/endor/GetInputStreamInnerTest.java
+++ b/src/main/java/com/endor/GetInputStreamInnerTest.java
@@ -93,9 +93,18 @@ else if(multileg.equalsIgnoreCase("stored_procedure") && getCustomersStoredProc(
@Override
public void init() throws ServletException {
super.init();
- connectionUrl =System.getProperty("endor_connection_url", "jdbc:oracle:thin:@10.0.22.108:1521:XE");
- dbUser =System.getProperty("endor_db_user", "sys as sysdba");
- dbPassword =System.getProperty("endor_db_password", "Psmo0601");
+ connectionUrl =System.getProperty("endor_connection_url");
+ if (connectionUrl == null) {
+ throw new ServletException("Database connection URL must be provided via endor_connection_url system property");
+ }
+ dbUser =System.getProperty("endor_db_user");
+ if (dbUser == null) {
+ throw new ServletException("Database user must be provided via endor_db_user system property");
+ }
+ dbPassword =System.getProperty("endor_db_password");
+ if (dbPassword == null || dbPassword.isEmpty()) {
+ throw new ServletException("Database password must be provided via endor_db_password system property");
+ }
dbType =System.getProperty("endor_db_type", DB_TYPE_ORACLE);
}
diff --git a/src/main/java/com/endor/GetInputStreamTest.java b/src/main/java/com/endor/GetInputStreamTest.java
index 2dfc795..2f5e06f 100644
--- a/src/main/java/com/endor/GetInputStreamTest.java
+++ b/src/main/java/com/endor/GetInputStreamTest.java
@@ -19,7 +19,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
doGet(request, response);
}
- private static final String POST_URL_GET_PARAMETER = "http://localhost:8080/endor-webapp/GetInputStreamInnerTest";
+ private static final String POST_URL_GET_PARAMETER = "https://localhost:8080/endor-webapp/GetInputStreamInnerTest";
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
diff --git a/src/main/java/com/endor/HttpURLConnectionExample.java b/src/main/java/com/endor/HttpURLConnectionExample.java
index 12da576..93374a9 100644
--- a/src/main/java/com/endor/HttpURLConnectionExample.java
+++ b/src/main/java/com/endor/HttpURLConnectionExample.java
@@ -12,10 +12,10 @@ public class HttpURLConnectionExample {
private static final String USER_AGENT = "Mozilla/5.0";
- private static final String GET_URL = "http://localhost:8080";
+ private static final String GET_URL = "https://localhost:8080";
- //private static final String POST_URL = "http://localhost:9090/SpringMVCExample/home";
- private static final String POST_URL = "http://localhost:8080/endor-webapp/ExtraServlet";
+ //private static final String POST_URL = "https://localhost:9090/SpringMVCExample/home";
+ private static final String POST_URL = "https://localhost:8080/endor-webapp/ExtraServlet";
private static final String POST_PARAMS = "userName=Pankaj";
@@ -167,7 +167,7 @@ public static int sendPOSTwithParameter(String last, String pass, String multile
}
public static String sendTRACE() throws IOException {
- String TRACE_URL = "http://localhost:8080/endor-webapp/httptrace";
+ String TRACE_URL = "https://localhost:8080/endor-webapp/httptrace";
URL obj = new URL(TRACE_URL);
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("TRACE");
diff --git a/src/main/java/com/endor/NewSQLExitServlet.java b/src/main/java/com/endor/NewSQLExitServlet.java
index a8025db..0faa6e2 100644
--- a/src/main/java/com/endor/NewSQLExitServlet.java
+++ b/src/main/java/com/endor/NewSQLExitServlet.java
@@ -29,9 +29,18 @@ public class NewSQLExitServlet extends HttpServlet {
@Override
public void init() throws ServletException {
super.init();
- connectionUrl =System.getProperty("endor_connection_url", "jdbc:oracle:thin:@10.0.22.108:1521:XE");
- dbUser =System.getProperty("endor_db_user", "sys as sysdba");
- dbPassword =System.getProperty("endor_db_password", "Psmo0601");
+ connectionUrl =System.getProperty("endor_connection_url");
+ if (connectionUrl == null) {
+ throw new ServletException("Database connection URL must be provided via endor_connection_url system property");
+ }
+ dbUser =System.getProperty("endor_db_user");
+ if (dbUser == null) {
+ throw new ServletException("Database user must be provided via endor_db_user system property");
+ }
+ dbPassword =System.getProperty("endor_db_password");
+ if (dbPassword == null || dbPassword.isEmpty()) {
+ throw new ServletException("Database password must be provided via endor_db_password system property");
+ }
dbType =System.getProperty("endor_db_type", DB_TYPE_ORACLE);
}
@@ -147,19 +156,24 @@ public boolean getCustomersPreparedStatementExecuteNewExit(String name, String p
return hasResults;
}
- /** Shiva use the following java system properties instead of new connection function.
+ /** Use the following java system properties for connection.
-Dendor_connection_url="jdbc:postgresql://localhost:5432/sqlinject?sslmode=disable"
-Dendor_db_user="postgres"
- -Dendor_db_password=""Psqlpsmo@1"
+ -Dendor_db_password=""
-Dendor_db_type="Postgress"
*/
private Connection connectpsql() {
Connection conn = null;
try {
- // Create database connection
- String dbURL = "jdbc:postgresql://localhost:5432/sqlinject?sslmode=disable";
- String user = "postgres";
- String password = "Psqlpsmo@1";
+ // Create database connection using system properties
+ String dbURL = System.getProperty("endor_connection_url");
+ String user = System.getProperty("endor_db_user");
+ String password = System.getProperty("endor_db_password");
+
+ if (dbURL == null || user == null || password == null || password.isEmpty()) {
+ throw new IllegalStateException("Database credentials must be provided via system properties");
+ }
+
conn = DriverManager.getConnection(dbURL, user, password);
System.out.println("DB Connection established");
} catch (Exception e) {
diff --git a/src/main/java/com/endor/NewSQLExitServlet1.java b/src/main/java/com/endor/NewSQLExitServlet1.java
index 9d8e8c6..fcdb3c8 100644
--- a/src/main/java/com/endor/NewSQLExitServlet1.java
+++ b/src/main/java/com/endor/NewSQLExitServlet1.java
@@ -29,9 +29,18 @@ public class NewSQLExitServlet1 extends HttpServlet {
@Override
public void init() throws ServletException {
super.init();
- connectionUrl =System.getProperty("endor_connection_url", "jdbc:oracle:thin:@10.0.22.108:1521:XE");
- dbUser =System.getProperty("endor_db_user", "sys as sysdba");
- dbPassword =System.getProperty("endor_db_password", "Psmo0601");
+ connectionUrl =System.getProperty("endor_connection_url");
+ if (connectionUrl == null) {
+ throw new ServletException("Database connection URL must be provided via endor_connection_url system property");
+ }
+ dbUser =System.getProperty("endor_db_user");
+ if (dbUser == null) {
+ throw new ServletException("Database user must be provided via endor_db_user system property");
+ }
+ dbPassword =System.getProperty("endor_db_password");
+ if (dbPassword == null || dbPassword.isEmpty()) {
+ throw new ServletException("Database password must be provided via endor_db_password system property");
+ }
dbType =System.getProperty("endor_db_type", DB_TYPE_ORACLE);
}
@@ -147,19 +156,24 @@ public boolean getCustomersPreparedStatementExecuteNewExit(String name, String p
return hasResults;
}
- /** Shiva use the following java system properties instead of new connection function.
+ /** Use the following java system properties for connection.
-Dendor_connection_url="jdbc:postgresql://localhost:5432/sqlinject?sslmode=disable"
-Dendor_db_user="postgres"
- -Dendor_db_password=""Psqlpsmo@1"
+ -Dendor_db_password=""
-Dendor_db_type="Postgress"
*/
private Connection connectpsql() {
Connection conn = null;
try {
- // Create database connection
- String dbURL = "jdbc:postgresql://localhost:5432/sqlinject?sslmode=disable";
- String user = "postgres";
- String password = "Psqlpsmo@1";
+ // Create database connection using system properties
+ String dbURL = System.getProperty("endor_connection_url");
+ String user = System.getProperty("endor_db_user");
+ String password = System.getProperty("endor_db_password");
+
+ if (dbURL == null || user == null || password == null || password.isEmpty()) {
+ throw new IllegalStateException("Database credentials must be provided via system properties");
+ }
+
conn = DriverManager.getConnection(dbURL, user, password);
System.out.println("DB Connection established");
} catch (Exception e) {
diff --git a/src/main/java/com/endor/RecordServlet.java b/src/main/java/com/endor/RecordServlet.java
index 2d192aa..b41d786 100644
--- a/src/main/java/com/endor/RecordServlet.java
+++ b/src/main/java/com/endor/RecordServlet.java
@@ -31,9 +31,18 @@ public class RecordServlet extends HttpServlet {
@Override
public void init() throws ServletException {
super.init();
- connectionUrl =System.getProperty("endor_connection_url", "jdbc:oracle:thin:@10.0.22.108:1521:XE");
- dbUser =System.getProperty("endor_db_user", "sys as sysdba");
- dbPassword =System.getProperty("endor_db_password", "Psmo0601");
+ connectionUrl =System.getProperty("endor_connection_url");
+ if (connectionUrl == null) {
+ throw new ServletException("Database connection URL must be provided via endor_connection_url system property");
+ }
+ dbUser =System.getProperty("endor_db_user");
+ if (dbUser == null) {
+ throw new ServletException("Database user must be provided via endor_db_user system property");
+ }
+ dbPassword =System.getProperty("endor_db_password");
+ if (dbPassword == null || dbPassword.isEmpty()) {
+ throw new ServletException("Database password must be provided via endor_db_password system property");
+ }
dbType =System.getProperty("endor_db_type", DB_TYPE_ORACLE);
}