Java tutorial
package org.owasp.webgoat.lessons; import java.io.File; import java.io.IOException; import java.util.ArrayList; import java.util.Enumeration; import java.util.List; import java.util.zip.ZipEntry; import java.util.zip.ZipException; import java.util.zip.ZipFile; import org.apache.commons.fileupload.FileItem; import org.apache.commons.fileupload.disk.DiskFileItemFactory; import org.apache.commons.fileupload.servlet.ServletFileUpload; import org.apache.ecs.Element; import org.apache.ecs.ElementContainer; import org.apache.ecs.html.A; import org.apache.ecs.html.Form; import org.apache.ecs.html.IMG; import org.apache.ecs.html.Input; import org.apache.ecs.html.P; import org.owasp.webgoat.session.ECSFactory; import org.owasp.webgoat.session.WebSession; /******************************************************************************* * * * This file is part of WebGoat, an Open Web Application Security Project * utility. For details, please see http://www.owasp.org/ * * Copyright (c) 2002 - 20014 Bruce Mayhew * * This program is free software; you can redistribute it and/or modify it under * the terms of the GNU General Public License as published by the Free Software * Foundation; either version 2 of the License, or (at your option) any later * version. * * This program is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more * details. * * You should have received a copy of the GNU General Public License along with * this program; if not, write to the Free Software Foundation, Inc., 59 Temple * Place - Suite 330, Boston, MA 02111-1307, USA. * * Getting Source ============== * * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository * for free software projects. * * For details, please see http://webgoat.github.io * * @author Jakub Koperwas of <a href="http://www.sages.com.pl">Sages</a> * @created October 31, 2014 */ public class ZipBomb extends LessonAdapter { public final static A SAGES_LOGO = new A().setHref("http://www.sages.com.pl") .addElement(new IMG("images/logos/sages.png").setAlt("Sages").setBorder(0).setHspace(0).setVspace(0) .setStyle("width:180px; height:60px")); protected Element createContent(WebSession s) { ElementContainer ec = new ElementContainer(); if ("success".equalsIgnoreCase((String) s.get(ZIP_DOS))) { System.out.println("final success"); makeSuccess(s); } try { ec.addElement(new P().addElement("Upload new File")); Input input = new Input(Input.FILE, "myfile", ""); ec.addElement(input); Element b = ECSFactory.makeButton("Start Upload"); ec.addElement(b); } catch (Exception e) { s.setMessage("Error generating " + this.getClass().getName()); e.printStackTrace(); } return ec; } protected Category getDefaultCategory() { return Category.DOS; } public List<String> getHints(WebSession s) { List<String> hints = new ArrayList<String>(); hints.add("You can upload up to 2MB file at once,see what can you insert INTO the file"); return hints; } public String getInstructions(WebSession s) { String instructions = ""; instructions = "Server accepts only ZIP files, \n" + "extracts them after uploading, does something with them and deletes," + "\n it provides 20 MB temporal storage to handle all request \n" + "try do perform DOS attack that consume all temporal storage with one request"; return (instructions); } private final static Integer DEFAULT_RANKING = new Integer(10); private static final String ZIP_DOS = "ZIP_DOS"; protected Integer getDefaultRanking() { return DEFAULT_RANKING; } public String getTitle() { return ("ZipBomb"); } public Element getCredits() { return super.getCustomCredits("", SAGES_LOGO); } public void handleRequest(WebSession s) { File tmpDir = (File) s.getRequest().getServletContext().getAttribute("javax.servlet.context.tempdir"); try { if (ServletFileUpload.isMultipartContent(s.getRequest())) { DiskFileItemFactory factory = new DiskFileItemFactory(); factory.setSizeThreshold(500000); ServletFileUpload upload = new ServletFileUpload(factory); List /* FileItem */ items = upload.parseRequest(s.getRequest()); java.util.Iterator iter = items.iterator(); while (iter.hasNext()) { FileItem item = (FileItem) iter.next(); if (!item.isFormField()) { File uploadedFile = new File(tmpDir, item.getName()); if (item.getSize() < 2000 * 1024) { if (item.getName().endsWith(".zip")) { item.write(uploadedFile); long total = unzippedSize(uploadedFile); s.setMessage("File uploaded"); if (total > 20 * 1024 * 1024) { s.add(ZIP_DOS, "success"); System.out.println("success"); makeMessages(s); } else { s.setMessage("I still have plenty of free storage on the server..."); } } else { s.setMessage("Only ZIP files are accepted"); } } else { s.setMessage("Only up to 2 MB files are accepted"); } } } } Form form = new Form(getFormAction(), Form.POST).setName("form").setEncType("multipart/form-data"); form.addElement(createContent(s)); setContent(form); } catch (Exception e) { e.printStackTrace(System.out); } } private long unzippedSize(File uploadedFile) throws ZipException, IOException { ZipFile zf = new ZipFile(uploadedFile); long total = 0; Enumeration e = zf.entries(); while (e.hasMoreElements()) { ZipEntry entry = (ZipEntry) e.nextElement(); total += entry.getSize(); } return total; } }