XVulnFinder
介绍
静态Java代码安全审计工具(开发中)
语法分析基于:https://github.com/javaparser/javaparser
暂时只写了个开头,能够对一些简单的XSS和SQL注入做审计
简单使用了线程池和Future原理做并发处理,效果还是不错的
开始
打包:mvn clean package
指定java文件审计:
java -jar XVulnFinder.jar -f Test.java
指定输出HTML:
java -jar XVulnFinder.jar -f Test.java -o result.html
HTML的效果: 
案例
支持的案例如下:
- 基础Servlet型XSS
public class XssServlet1 extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String input1 = req.getParameter("input1");
resp.getWriter().write(input1);
}
}
- 经过初步封装的Servlet型XSS
public class XssServlet2 extends HttpServlet {
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String input1 = req.getParameter("input1");
indirectWrite(resp.getWriter(), input1);
}
public void indirectWrite(PrintWriter pw, String input1) {
pw.write(input1);
}
}
- 基本的JDBC型SQL注入
public class Jdbc {
Connection con;
public void query1(String input) throws SQLException {
Statement stmt = con.createStatement();
ResultSet rs = stmt.executeQuery("select * from Users where name = '" + input + "'");
}
}
- 简单的注解型Mybatis注入
@Mapper
public interface CategoryMapper {
@Select("select * from category_ where name= '${name}' ")
public CategoryM getByName(@Param("name") String name);
}
