feat: support servletNameFilter for GlassFishFilterProbe

Author: ReaJason

generator/src/main/java/com/reajason/javaweb/probe/payload/filter/GlassFishFilterProbe.java

@@ -10,85 +10,101 @@
  * @author ReaJason
  */
 public class GlassFishFilterProbe {
+
     @Override
     public String toString() {
-        String msg = "";
+        StringBuilder msg = new StringBuilder();
         Map<String, List<Map<String, String>>> allFiltersData = new LinkedHashMap<String, List<Map<String, String>>>();
         Set<Object> contexts = null;
         try {
             contexts = getContext();
         } catch (Throwable throwable) {
-            msg += "context error: " + getErrorMessage(throwable);
+            msg.append("context error: ").append(getErrorMessage(throwable));
         }
         if (contexts == null || contexts.isEmpty()) {
-            msg += "context not found\n";
+            msg.append("context not found\n");
         } else {
             for (Object context : contexts) {
                 String contextRoot = getContextRoot(context);
-                List<Map<String, String>> filters = collectFiltersData(context);
-                allFiltersData.put(contextRoot, filters);
+                try {
+                    List<Map<String, String>> filters = collectFiltersData(context);
+                    allFiltersData.put(contextRoot, filters);
+                } catch (Throwable e) {
+                    msg.append(contextRoot).append(" failed ").append(getErrorMessage(e)).append("\n");
+                }
             }
-            msg += formatFiltersData(allFiltersData);
+            msg.append(formatFiltersData(allFiltersData));
         }
-        return msg;
+        return msg.toString();
     }
 
-    private List<Map<String, String>> collectFiltersData(Object context) {
+    @SuppressWarnings("unchecked")
+    private List<Map<String, String>> collectFiltersData(Object context) throws Exception {
         Map<String, Map<String, Object>> aggregatedData = new LinkedHashMap<>();
 
-        try {
-            List filterMaps = (List) invokeMethod(context, "findFilterMaps");
-            if (filterMaps == null || filterMaps.isEmpty()) return Collections.emptyList();
-
-            Object[] filterDefs = (Object[]) invokeMethod(context, "findFilterDefs");
-            for (Object fm : filterMaps) {
-                String name = (String) invokeMethod(fm, "getFilterName");
-                if (name == null) continue;
-                if (!aggregatedData.containsKey(name)) {
-                    String filterClass = "N/A";
-                    if (filterDefs != null) {
-                        for (Object def : filterDefs) {
-                            if (!name.equals(invokeMethod(def, "getFilterName"))) continue;
-                            Class<?> cls = (Class<?>) invokeMethod(def, "getFilterClass");
-                            if (cls == null) {
-                                Object config = invokeMethod(context, "findFilterConfig", new Class[]{String.class}, new Object[]{name});
-                                Object filter = config != null ? invokeMethod(config, "getFilter") : null;
-                                if (filter != null) filterClass = filter.getClass().getName();
-                            }
-                            if (cls != null) filterClass = cls.getName();
-                            break;
-                        }
-                    }
-                    Map<String, Object> info = new HashMap<>();
-                    info.put("filterName", name);
-                    info.put("filterClass", filterClass);
-                    info.put("urlPatterns", new LinkedHashSet<String>());
-                    info.put("servletNames", new LinkedHashSet<String>());
-                    aggregatedData.put(name, info);
-                }
-                Map<String, Object> info = aggregatedData.get(name);
-                String[] urls = null;
-                try {
-                    urls = (String[]) invokeMethod(fm, "getURLPatterns");
-                } catch (Exception e) {
+        List filterMaps = (List) invokeMethod(context, "findFilterMaps");
+        if (filterMaps == null || filterMaps.isEmpty()) return Collections.emptyList();
+
+        Object[] filterDefs = (Object[]) invokeMethod(context, "findFilterDefs");
+
+        for (Object fm : filterMaps) {
+            String name = (String) invokeMethod(fm, "getFilterName");
+            if (name == null) continue;
+            if (!aggregatedData.containsKey(name)) {
+                String filterClass = "N/A";
+                if (filterDefs != null) {
+                    Object filterDef = invokeMethod(context, "findFilterDef", new Class[]{String.class}, new Object[]{name});
                     try {
-                        Object urlPattern = invokeMethod(fm, "getURLPattern");
-                        if (urlPattern instanceof String) {
-                            urls = new String[] { (String) urlPattern };
-                        }
-                    } catch (Exception ignored) {
+                        filterClass = (String) invokeMethod(filterDef, "getFilterClass");
+                    } catch (Throwable throwable) {
+                        filterClass = (String) invokeMethod(filterDef, "getFilterClassName");
                     }
+                    if (filterClass == null) {
+                        Object filterConfig = invokeMethod(context, "findFilterConfig", new Class[]{String.class}, new Object[]{name});
+                        Object filter = invokeMethod(filterConfig, "getFilter");
+                        if (filter != null) filterClass = filter.getClass().getName();
+                    }
+                }
+                Map<String, Object> info = new HashMap<>();
+                info.put("filterName", name);
+                info.put("filterClass", filterClass);
+                info.put("urlPatterns", new LinkedHashSet<String>());
+                info.put("servletNames", new LinkedHashSet<String>());
+                aggregatedData.put(name, info);
+            }
+            Map<String, Object> info = aggregatedData.get(name);
+            String[] urls = null;
+            try {
+                urls = (String[]) invokeMethod(fm, "getURLPatterns");
+            } catch (Exception e) {
+                // Tomcat 5
+                String urlPattern = (String) invokeMethod(fm, "getURLPattern");
+                if (urlPattern != null) {
+                    urls = new String[]{urlPattern};
                 }
-                if (urls != null) ((Set<String>) info.get("urlPatterns")).addAll(Arrays.asList(urls));
             }
-        } catch (Exception ignored) {}
+            if (urls != null) ((Set<String>) info.get("urlPatterns")).addAll(Arrays.asList(urls));
+            String[] servletNames = null;
+            try {
+                servletNames = (String[]) invokeMethod(fm, "getServletNames");
+            } catch (Exception e) {
+                // Tomcat 5
+                String servletName = (String) invokeMethod(fm, "getServletName");
+                if (servletName != null) {
+                    servletNames = new String[]{servletName};
+                }
+            }
+            if (servletNames != null) ((Set<String>) info.get("servletNames")).addAll(Arrays.asList(servletNames));
+        }
         List<Map<String, String>> result = new ArrayList<>();
         for (Map<String, Object> entry : aggregatedData.values()) {
             Map<String, String> finalInfo = new HashMap<>();
             finalInfo.put("filterName", (String) entry.get("filterName"));
             finalInfo.put("filterClass", (String) entry.get("filterClass"));
             Set<?> urls = (Set<?>) entry.get("urlPatterns");
             finalInfo.put("urlPatterns", urls.isEmpty() ? "" : urls.toString());
+            Set<?> servletNames = (Set<?>) entry.get("servletNames");
+            finalInfo.put("servletNames", servletNames.isEmpty() ? "" : servletNames.toString());
             result.add(finalInfo);
         }
         return result;
@@ -111,6 +127,7 @@ private String formatFiltersData(Map<String, List<Map<String, String>>> allFilte
                     appendIfPresent(output, "", info.get("filterName"), "");
                     appendIfPresent(output, " -> ", info.get("filterClass"), "");
                     appendIfPresent(output, " -> URL:", info.get("urlPatterns"), "");
+                    appendIfPresent(output, " -> Servlet:", info.get("servletNames"), "");
                     output.append("\n");
                 }
             }

generator/src/main/java/com/reajason/javaweb/probe/payload/filter/TomcatFilterProbe.java

@@ -74,15 +74,21 @@ private List<Map<String, String>> collectFiltersData(Object context) throws Exce
                 urls = (String[]) invokeMethod(fm, "getURLPatterns");
             } catch (Exception e) {
                 // Tomcat 5
-                urls = new String[]{(String) invokeMethod(fm, "getURLPattern")};
+                String urlPattern = (String) invokeMethod(fm, "getURLPattern");
+                if (urlPattern != null) {
+                    urls = new String[]{urlPattern};
+                }
             }
             if (urls != null) ((Set<String>) info.get("urlPatterns")).addAll(Arrays.asList(urls));
             String[] servletNames = null;
             try {
                 servletNames = (String[]) invokeMethod(fm, "getServletNames");
             } catch (Exception e) {
                 // Tomcat 5
-                servletNames = new String[]{(String) invokeMethod(fm, "getServletName")};
+                String servletName = (String) invokeMethod(fm, "getServletName");
+                if (servletName != null) {
+                    servletNames = new String[]{servletName};
+                }
             }
             if (servletNames != null) ((Set<String>) info.get("servletNames")).addAll(Arrays.asList(servletNames));
         }

integration-test/src/test/java/com/reajason/javaweb/integration/probe/DetectionTool.java

@@ -35,14 +35,6 @@ public static String getServerDetection() {
         return getBase64Class(ServerProbe.class);
     }
 
-    public static String getTomcatFilterProbe() {
-        return getBase64Class(TomcatFilterProbe.class);
-    }
-
-    public static String getJettyFilterProbe() {
-        return getBase64Class(JettyFilterProbe.class);
-    }
-
     public static String getResinFilterProbe() {
         return getBase64Class(ResinFilterProbe.class);
     }
@@ -51,10 +43,6 @@ public static String getUndertowFilterProbe() {
         return getBase64Class(UndertowFilterProbe.class);
     }
 
-    public static String getGlassFishFilterProbe() {
-        return getBase64Class(GlassFishFilterProbe.class);
-    }
-
     public static String getApusicFilterProbe() {
         return getBase64Class(ApusicFilterProbe.class);
     }

integration-test/src/test/java/com/reajason/javaweb/integration/probe/glassfish/GlassFish3ContainerTest.java

@@ -2,11 +2,14 @@
 
 import com.reajason.javaweb.Server;
 import com.reajason.javaweb.integration.ProbeAssertion;
+import com.reajason.javaweb.integration.ShellAssertion;
 import com.reajason.javaweb.integration.VulTool;
 import com.reajason.javaweb.integration.probe.DetectionTool;
+import com.reajason.javaweb.memshell.MemShellResult;
 import com.reajason.javaweb.memshell.ShellTool;
 import com.reajason.javaweb.memshell.ShellType;
 import com.reajason.javaweb.packer.Packers;
+import com.reajason.javaweb.probe.payload.FilterProbeFactory;
 import com.reajason.javaweb.utils.CommonUtil;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
@@ -94,20 +97,17 @@ void testBytecodeReqParamResponseBody() {
     @Test
     void testFilterProbe() {
         String url = getUrl(container);
-        String data = VulTool.post(url + "/b64", DetectionTool.getGlassFishFilterProbe());
-        System.out.println(data);
-        assertThat(data, anyOf(
-                containsString("EmptyFilter")
-        ));
+        String data = VulTool.post(url + "/b64", FilterProbeFactory.getBase64ByServer(Server.GlassFish));
+        ShellAssertion.assertFilterProbeIsRight(data);
     }
 
     @Test
     void testFilterFirstInject() {
         String url = getUrl(container);
-        shellInjectIsOk(url, Server.GlassFish, ShellType.FILTER, ShellTool.Command, Opcodes.V1_6, Packers.BigInteger, container);
-        String data = VulTool.post(url + "/b64", DetectionTool.getGlassFishFilterProbe());
+        MemShellResult memShellResult = shellInjectIsOk(url, Server.GlassFish, ShellType.FILTER, ShellTool.Command, Opcodes.V1_6, Packers.BigInteger, container);
+        String data = VulTool.post(url + "/b64", FilterProbeFactory.getBase64ByServer(Server.GlassFish));
         List<String> filter = ProbeAssertion.getFiltersForContext(data, "/app");
         String filterName = ProbeAssertion.extractFilterName(filter.get(0));
-        assertThat(filterName, anyOf(startsWith(CommonUtil.getWebPackageNameForServer(Server.GlassFish))));
+        assertEquals(filterName, memShellResult.getShellClassName());
     }
 }

integration-test/src/test/java/com/reajason/javaweb/integration/probe/glassfish/GlassFish4ContainerTest.java

@@ -2,11 +2,14 @@
 
 import com.reajason.javaweb.Server;
 import com.reajason.javaweb.integration.ProbeAssertion;
+import com.reajason.javaweb.integration.ShellAssertion;
 import com.reajason.javaweb.integration.VulTool;
 import com.reajason.javaweb.integration.probe.DetectionTool;
+import com.reajason.javaweb.memshell.MemShellResult;
 import com.reajason.javaweb.memshell.ShellTool;
 import com.reajason.javaweb.memshell.ShellType;
 import com.reajason.javaweb.packer.Packers;
+import com.reajason.javaweb.probe.payload.FilterProbeFactory;
 import com.reajason.javaweb.utils.CommonUtil;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
@@ -94,20 +97,17 @@ void testBytecodeReqParamResponseBody() {
     @Test
     void testFilterProbe() {
         String url = getUrl(container);
-        String data = VulTool.post(url + "/b64", DetectionTool.getGlassFishFilterProbe());
-        System.out.println(data);
-        assertThat(data, anyOf(
-                containsString("EmptyFilter")
-        ));
+        String data = VulTool.post(url + "/b64", FilterProbeFactory.getBase64ByServer(Server.GlassFish));
+        ShellAssertion.assertFilterProbeIsRight(data);
     }
 
     @Test
     void testFilterFirstInject() {
         String url = getUrl(container);
-        shellInjectIsOk(url, Server.GlassFish, ShellType.FILTER, ShellTool.Command, Opcodes.V1_6, Packers.BigInteger, container);
-        String data = VulTool.post(url + "/b64", DetectionTool.getGlassFishFilterProbe());
+        MemShellResult memShellResult = shellInjectIsOk(url, Server.GlassFish, ShellType.FILTER, ShellTool.Command, Opcodes.V1_6, Packers.BigInteger, container);
+        String data = VulTool.post(url + "/b64", FilterProbeFactory.getBase64ByServer(Server.GlassFish));
         List<String> filter = ProbeAssertion.getFiltersForContext(data, "/app");
         String filterName = ProbeAssertion.extractFilterName(filter.get(0));
-        assertThat(filterName, anyOf(startsWith(CommonUtil.getWebPackageNameForServer(Server.GlassFish))));
+        assertEquals(filterName, memShellResult.getShellClassName());
     }
 }

integration-test/src/test/java/com/reajason/javaweb/integration/probe/glassfish/GlassFish501ContainerTest.java

@@ -2,11 +2,14 @@
 
 import com.reajason.javaweb.Server;
 import com.reajason.javaweb.integration.ProbeAssertion;
+import com.reajason.javaweb.integration.ShellAssertion;
 import com.reajason.javaweb.integration.VulTool;
 import com.reajason.javaweb.integration.probe.DetectionTool;
+import com.reajason.javaweb.memshell.MemShellResult;
 import com.reajason.javaweb.memshell.ShellTool;
 import com.reajason.javaweb.memshell.ShellType;
 import com.reajason.javaweb.packer.Packers;
+import com.reajason.javaweb.probe.payload.FilterProbeFactory;
 import com.reajason.javaweb.utils.CommonUtil;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
@@ -87,20 +90,17 @@ void testBytecodeReqParamResponseBody() {
     @Test
     void testFilterProbe() {
         String url = getUrl(container);
-        String data = VulTool.post(url + "/b64", DetectionTool.getGlassFishFilterProbe());
-        System.out.println(data);
-        assertThat(data, anyOf(
-                containsString("EmptyFilter")
-        ));
+        String data = VulTool.post(url + "/b64", FilterProbeFactory.getBase64ByServer(Server.GlassFish));
+        ShellAssertion.assertFilterProbeIsRight(data);
     }
 
     @Test
     void testFilterFirstInject() {
         String url = getUrl(container);
-        shellInjectIsOk(url, Server.GlassFish, ShellType.FILTER, ShellTool.Command, Opcodes.V1_6, Packers.BigInteger, container);
-        String data = VulTool.post(url + "/b64", DetectionTool.getGlassFishFilterProbe());
+        MemShellResult memShellResult = shellInjectIsOk(url, Server.GlassFish, ShellType.FILTER, ShellTool.Command, Opcodes.V1_6, Packers.BigInteger, container);
+        String data = VulTool.post(url + "/b64", FilterProbeFactory.getBase64ByServer(Server.GlassFish));
         List<String> filter = ProbeAssertion.getFiltersForContext(data, "/app");
         String filterName = ProbeAssertion.extractFilterName(filter.get(0));
-        assertThat(filterName, anyOf(startsWith(CommonUtil.getWebPackageNameForServer(Server.GlassFish))));
+        assertEquals(filterName, memShellResult.getShellClassName());
     }
 }

integration-test/src/test/java/com/reajason/javaweb/integration/probe/glassfish/GlassFish510ContainerTest.java

@@ -2,11 +2,14 @@
 
 import com.reajason.javaweb.Server;
 import com.reajason.javaweb.integration.ProbeAssertion;
+import com.reajason.javaweb.integration.ShellAssertion;
 import com.reajason.javaweb.integration.VulTool;
 import com.reajason.javaweb.integration.probe.DetectionTool;
+import com.reajason.javaweb.memshell.MemShellResult;
 import com.reajason.javaweb.memshell.ShellTool;
 import com.reajason.javaweb.memshell.ShellType;
 import com.reajason.javaweb.packer.Packers;
+import com.reajason.javaweb.probe.payload.FilterProbeFactory;
 import com.reajason.javaweb.utils.CommonUtil;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
@@ -88,20 +91,17 @@ void testBytecodeReqParamResponseBody() {
     @Test
     void testFilterProbe() {
         String url = getUrl(container);
-        String data = VulTool.post(url + "/b64", DetectionTool.getGlassFishFilterProbe());
-        System.out.println(data);
-        assertThat(data, anyOf(
-                containsString("EmptyFilter")
-        ));
+        String data = VulTool.post(url + "/b64", FilterProbeFactory.getBase64ByServer(Server.GlassFish));
+        ShellAssertion.assertFilterProbeIsRight(data);
     }
 
     @Test
     void testFilterFirstInject() {
         String url = getUrl(container);
-        shellInjectIsOk(url, Server.GlassFish, ShellType.FILTER, ShellTool.Command, Opcodes.V1_6, Packers.BigInteger, container);
-        String data = VulTool.post(url + "/b64", DetectionTool.getGlassFishFilterProbe());
+        MemShellResult memShellResult = shellInjectIsOk(url, Server.GlassFish, ShellType.FILTER, ShellTool.Command, Opcodes.V1_6, Packers.BigInteger, container);
+        String data = VulTool.post(url + "/b64", FilterProbeFactory.getBase64ByServer(Server.GlassFish));
         List<String> filter = ProbeAssertion.getFiltersForContext(data, "/app");
         String filterName = ProbeAssertion.extractFilterName(filter.get(0));
-        assertThat(filterName, anyOf(startsWith(CommonUtil.getWebPackageNameForServer(Server.GlassFish))));
+        assertEquals(filterName, memShellResult.getShellClassName());
     }
 }