Common Classes [Java]
A snippet of the code which will be used to demonstrate examples:
// SOURCE: mhttps://github.com/ScaleSec/vulnado
package com.scalesec.vulnado;
import org.jsoup.Jsoup;
import org.jsoup.nodes.Document;
import org.jsoup.nodes.Element;
import org.jsoup.select.Elements;
import java.util.ArrayList;
import java.util.List;
import java.io.IOException;
import java.net.*;
public class LinkLister {
public static List<String> getLinks(String url) throws IOException {
List<String> result = new ArrayList<String>();
Document doc = Jsoup.connect(url).get();
Elements links = doc.select("a");
for (Element link : links) {
result.add(link.absUrl("href"));
}
return result;
}
public static List<String> getLinksV2(String url) throws BadRequest {
try {
URL aUrl= new URL(url);
String host = aUrl.getHost();
System.out.println(host);
if (host.startsWith("172.") || host.startsWith("192.168") || host.startsWith("10.")){
throw new BadRequest("Use of Private IP");
} else {
return getLinks(url);
}
} catch(Exception e) {
throw new BadRequest(e.getMessage());
}
}
}// SOURCE: mhttps://github.com/ScaleSec/vulnado
package com.scalesec.vulnado;
import org.springframework.boot.*;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.*;
import org.springframework.boot.autoconfigure.*;
import java.util.List;
import java.io.Serializable;
import java.io.IOException;
@RestController
@EnableAutoConfiguration
public class LinksController {
@RequestMapping(value = "/links", produces = "application/json")
List<String> links(@RequestParam String url) throws IOException{
return LinkLister.getLinks(url);
}
@RequestMapping(value = "/links-v2", produces = "application/json")
List<String> linksV2(@RequestParam String url) throws BadRequest{
return LinkLister.getLinksV2(url);
}
}
Common Classes and their use-cases
Method - Returns all the methods which are defined.
from Method m
where m.hasQualifiedName("com.scalesec.vulnado", "LinkLister", "getLinksV2")
select m
Common predicates of the Methodclass:
hasQualifiedName() - Returns all the methods that belong to the specific class.
getCallee() - Returns all the calls the method makes:
getDeclaringType() - Gets the class where this method is declared:
MethodAccess - Returns all the methods which were invoked with a list of arguments.
from MethodAccess m
where m.getMethod().hasQualifiedName("com.scalesec.vulnado", "LinkLister" , "getLinksV2")
select m
Common predicates of the MethodAccess class:
getMethod() - Cast the
MethodAccessobject of typeMethodso the predicates listed above can be called.getCaller() - Returns all the locations (<- change this word) from where the method is called:
Last updated
Was this helpful?