Skip to content

Commit

Permalink
Add default app deployed for Tomcat and Jetty
Browse files Browse the repository at this point in the history
  • Loading branch information
jandro996 committed Apr 10, 2024
1 parent 7a54b98 commit b32b4df
Show file tree
Hide file tree
Showing 9 changed files with 151 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,27 @@ public class ApplicationModuleImpl extends SinkModuleBase implements Application
static final String TOMCAT_HOST_MANAGER_APP = "Tomcat Host Manager Application";
private static final String TOMCAT_HOST_MANAGER_APP_PATTERN =
DISPLAY_NAME_START_TAG + TOMCAT_HOST_MANAGER_APP + DISPLAY_NAME_END_TAG;
static final String TOMCAT_SAMPLES_APP = "Servlet and JSP Examples";
private static final String TOMCAT_SAMPLES_APP_PATTERN =
DISPLAY_NAME_START_TAG + TOMCAT_SAMPLES_APP + DISPLAY_NAME_END_TAG;
static final String JETTY_ASYNC_REST_APP = "Async REST Webservice Example";
private static final String JETTY_ASYNC_REST_APP_PATTERN =
DISPLAY_NAME_START_TAG + JETTY_ASYNC_REST_APP + DISPLAY_NAME_END_TAG;
static final String JETTY_JAVADOC_APP = "Transparent Proxy WebApp";
private static final String JETTY_JAVADOC_APP_PATTERN =
DISPLAY_NAME_START_TAG + JETTY_JAVADOC_APP + DISPLAY_NAME_END_TAG;
static final String JETTY_JAAS_APP = "JAAS Test";
private static final String JETTY_JAAS_APP_PATTERN =
DISPLAY_NAME_START_TAG + JETTY_JAAS_APP + DISPLAY_NAME_END_TAG;
static final String JETTY_JNDI_APP = "Test JNDI WebApp";
private static final String JETTY_JNDI_APP_PATTERN =
DISPLAY_NAME_START_TAG + JETTY_JNDI_APP + DISPLAY_NAME_END_TAG;
static final String JETTY_SPEC_APP = "Test Annotations WebApp";
private static final String JETTY_SPEC_APP_PATTERN =
DISPLAY_NAME_START_TAG + JETTY_SPEC_APP + DISPLAY_NAME_END_TAG;
static final String JETTY_TEST_APP = "Test WebApp";
private static final String JETTY_TEST_APP_PATTERN =
DISPLAY_NAME_START_TAG + JETTY_TEST_APP + DISPLAY_NAME_END_TAG;
public static final String WEB_INF = "WEB-INF";
public static final String WEB_XML = "web.xml";
public static final String WEBLOGIC_XML = "weblogic.xml";
Expand All @@ -83,6 +104,13 @@ public class ApplicationModuleImpl extends SinkModuleBase implements Application
DEFAULT_HTML_ESCAPE,
TOMCAT_MANAGER_APP_PATTERN,
TOMCAT_HOST_MANAGER_APP_PATTERN,
TOMCAT_SAMPLES_APP_PATTERN,
JETTY_ASYNC_REST_APP_PATTERN,
JETTY_JAVADOC_APP_PATTERN,
JETTY_JAAS_APP_PATTERN,
JETTY_JNDI_APP_PATTERN,
JETTY_SPEC_APP_PATTERN,
JETTY_TEST_APP_PATTERN,
LISTINGS_PATTERN,
JETTY_LISTINGS_PATTERN,
SESSION_TIMEOUT_START_TAG,
Expand Down Expand Up @@ -212,6 +240,27 @@ private void checkWebXmlVulnerabilities(@Nonnull Path path, AgentSpan span) {
case TOMCAT_HOST_MANAGER_APP_PATTERN:
reportAdminConsoleActive(span, TOMCAT_HOST_MANAGER_APP);
break;
case TOMCAT_SAMPLES_APP_PATTERN:
reportAdminConsoleActive(span, TOMCAT_SAMPLES_APP);
break;
case JETTY_ASYNC_REST_APP_PATTERN:
reportAdminConsoleActive(span, JETTY_ASYNC_REST_APP);
break;
case JETTY_JAVADOC_APP_PATTERN:
reportAdminConsoleActive(span, JETTY_JAVADOC_APP);
break;
case JETTY_JAAS_APP_PATTERN:
reportAdminConsoleActive(span, JETTY_JAAS_APP);
break;
case JETTY_JNDI_APP_PATTERN:
reportAdminConsoleActive(span, JETTY_JNDI_APP);
break;
case JETTY_SPEC_APP_PATTERN:
reportAdminConsoleActive(span, JETTY_SPEC_APP);
break;
case JETTY_TEST_APP_PATTERN:
reportAdminConsoleActive(span, JETTY_TEST_APP);
break;
case LISTINGS_PATTERN:
case JETTY_LISTINGS_PATTERN:
checkDirectoryListingLeak(webXmlContent, matcher.start(), span);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import datadog.trace.api.iast.InstrumentationBridge
import datadog.trace.api.iast.sink.ApplicationModule

import static com.datadog.iast.model.VulnerabilityType.ADMIN_CONSOLE_ACTIVE
import static com.datadog.iast.model.VulnerabilityType.DEFAULT_APP_DEPLOYED
import static com.datadog.iast.model.VulnerabilityType.DEFAULT_HTML_ESCAPE_INVALID
import static com.datadog.iast.model.VulnerabilityType.DIRECTORY_LISTING_LEAK
import static com.datadog.iast.model.VulnerabilityType.INSECURE_JSP_LAYOUT
Expand Down Expand Up @@ -69,8 +70,15 @@ class ApplicationModuleTest extends IastModuleImplTestBase {
'report' | 'application/directorylistingleak/insecure/websphere/xmi' | DIRECTORY_LISTING_LEAK | 'Directory listings configured' | 1
'report' | 'application/directorylistingleak/insecure/websphere/xml' | DIRECTORY_LISTING_LEAK | 'Directory listings configured' | 10
'noDedupReport' | 'application/adminconsoleactive/secure' | null | null | _
'noDedupReport' | 'application/adminconsoleactive/insecure/tomcat/manager' | ADMIN_CONSOLE_ACTIVE | ApplicationModuleImpl.TOMCAT_MANAGER_APP | NO_LINE
'noDedupReport' | 'application/adminconsoleactive/insecure/tomcat/host' | ADMIN_CONSOLE_ACTIVE | ApplicationModuleImpl.TOMCAT_HOST_MANAGER_APP | NO_LINE
'noDedupReport' | 'application/adminconsoleactive/insecure/tomcat/manager' | DEFAULT_APP_DEPLOYED | ApplicationModuleImpl.TOMCAT_MANAGER_APP | NO_LINE
'noDedupReport' | 'application/adminconsoleactive/insecure/tomcat/host' | DEFAULT_APP_DEPLOYED | ApplicationModuleImpl.TOMCAT_HOST_MANAGER_APP | NO_LINE
'noDedupReport' | 'application/defaultappdeployed/insecure/tomcat/samples' | DEFAULT_APP_DEPLOYED | ApplicationModuleImpl.TOMCAT_SAMPLES_APP | NO_LINE
'noDedupReport' | 'application/defaultappdeployed/insecure/jetty/async' | DEFAULT_APP_DEPLOYED | ApplicationModuleImpl.JETTY_ASYNC_REST_APP | NO_LINE
'noDedupReport' | 'application/defaultappdeployed/insecure/jetty/jaas' | DEFAULT_APP_DEPLOYED | ApplicationModuleImpl.JETTY_JAAS_APP | NO_LINE
'noDedupReport' | 'application/defaultappdeployed/insecure/jetty/javadoc' | DEFAULT_APP_DEPLOYED | ApplicationModuleImpl.JETTY_JAVADOC_APP | NO_LINE
'noDedupReport' | 'application/defaultappdeployed/insecure/jetty/jndi' | DEFAULT_APP_DEPLOYED | ApplicationModuleImpl.JETTY_JNDI_APP | NO_LINE
'noDedupReport' | 'application/defaultappdeployed/insecure/jetty/spec' | DEFAULT_APP_DEPLOYED | ApplicationModuleImpl.JETTY_SPEC_APP | NO_LINE
'noDedupReport' | 'application/defaultappdeployed/insecure/jetty/test' | DEFAULT_APP_DEPLOYED | ApplicationModuleImpl.JETTY_TEST_APP | NO_LINE
'report' | 'application/defaulthtmlescapeinvalid/secure' | null | null | _
'report' | 'application/defaulthtmlescapeinvalid/secure_tag' | null | null | _
'report' | 'application/defaulthtmlescapeinvalid/false_tag' | DEFAULT_HTML_ESCAPE_INVALID | 'defaultHtmlEscape tag should be true' | 8
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
<?xml version="1.0"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">

<display-name>Async REST Webservice Example</display-name>

</web-app>
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
<web-app
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">

<display-name>JAAS Test</display-name>

</web-app>
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" metadata-complete="false" version="3.0">

<display-name>Transparent Proxy WebApp</display-name>

</web-app>
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
<?xml version="1.0" encoding="UTF-8"?>
<web-app
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
metadata-complete="true"
version="2.5">

<display-name>Test JNDI WebApp</display-name>


</web-app>


Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<web-app
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
metadata-complete="false"
version="3.1">

<display-name>Test Annotations WebApp</display-name>

</web-app>
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
<?xml version="1.0" encoding="UTF-8"?>
<web-app
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
metadata-complete="false"
version="3.1">

<display-name>Test WebApp</display-name>

</web-app>


Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
version="4.0"
metadata-complete="true">

<description>
Servlet and JSP Examples.
</description>
<display-name>Servlet and JSP Examples</display-name>

</web-app>

0 comments on commit b32b4df

Please sign in to comment.