Common Classes [Java]

A snippet of the code which will be used to demonstrate examples:

// SOURCE: mhttps://github.com/ScaleSec/vulnado

package com.scalesec.vulnado;

import org.jsoup.Jsoup;
import org.jsoup.nodes.Document;
import org.jsoup.nodes.Element;
import org.jsoup.select.Elements;
import java.util.ArrayList;
import java.util.List;
import java.io.IOException;
import java.net.*;


public class LinkLister {
  public static List<String> getLinks(String url) throws IOException {
    List<String> result = new ArrayList<String>();
    Document doc = Jsoup.connect(url).get();
    Elements links = doc.select("a");
    for (Element link : links) {
      result.add(link.absUrl("href"));
    }
    return result;
  }

  public static List<String> getLinksV2(String url) throws BadRequest {
    try {
      URL aUrl= new URL(url);
      String host = aUrl.getHost();
      System.out.println(host);
      if (host.startsWith("172.") || host.startsWith("192.168") || host.startsWith("10.")){
        throw new BadRequest("Use of Private IP");
      } else {
        return getLinks(url);
      }
    } catch(Exception e) {
      throw new BadRequest(e.getMessage());
    }
  }
}

// SOURCE: mhttps://github.com/ScaleSec/vulnado

package com.scalesec.vulnado;

import org.springframework.boot.*;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.*;
import org.springframework.boot.autoconfigure.*;
import java.util.List;
import java.io.Serializable;
import java.io.IOException;


@RestController
@EnableAutoConfiguration
public class LinksController {
  @RequestMapping(value = "/links", produces = "application/json")
  List<String> links(@RequestParam String url) throws IOException{
    return LinkLister.getLinks(url);
  }
  @RequestMapping(value = "/links-v2", produces = "application/json")
  List<String> linksV2(@RequestParam String url) throws BadRequest{
    return LinkLister.getLinksV2(url);
  }
}

Common Classes and their use-cases

Method - Returns all the methods which are defined.

from Method m
where m.hasQualifiedName("com.scalesec.vulnado", "LinkLister", "getLinksV2")
select m

Common predicates of the Methodclass:

hasQualifiedName() - Returns all the methods that belong to the specific class.
getCallee() - Returns all the calls the method makes:

getDeclaringType() - Gets the class where this method is declared:

MethodAccess - Returns all the methods which were invoked with a list of arguments.

from MethodAccess m
where m.getMethod().hasQualifiedName("com.scalesec.vulnado", "LinkLister" , "getLinksV2")
select m

Common predicates of the MethodAccess class:

getMethod() - Cast the MethodAccess object of type Method so the predicates listed above can be called.
getCaller() - Returns all the locations (<- change this word) from where the method is called:

PreviousUntitled NextUseful Classes [Java]

Last updated 3 years ago