Fix: null param in PUT and DELETE requests

osxtest · osxtest · commit 8c28e26313ec · 2024-11-20T10:49:01.000+08:00
diff --git a/dast-java/src/main/java/com/alipay/antbenchmark/controller/bs/BS00084Controller.java b/dast-java/src/main/java/com/alipay/antbenchmark/controller/bs/BS00084Controller.java
@@ -14,6 +14,8 @@
 import java.io.InputStreamReader;
 import java.net.HttpURLConnection;
 import java.net.URL;
+import java.nio.charset.StandardCharsets;
+import java.util.HashMap;
 
 @Controller
 @RequestMapping(value = "/ssrf")
@@ -26,7 +28,22 @@ public class BS00084Controller extends HttpServlet {
     public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
         response.setContentType("text/html;charset=UTF-8");
 
-        String param = request.getParameter("BS00084");
+        BufferedReader reader = request.getReader();
+        String line;
+        StringBuilder builder = new StringBuilder();
+        while ((line = reader.readLine()) != null) {
+            builder.append(line);
+        }
+        String[] pairs = builder.toString().split("&");
+        HashMap<String, String> params = new HashMap<>();
+        for (String pair : pairs) {
+            String[] parts = pair.split("=");
+            String key = parts[0];
+            String value = parts.length > 1 ? parts[1] : "";
+            params.put(key, value);
+        }
+        String param = params.get("BS00084");
+        param = java.net.URLDecoder.decode(param, StandardCharsets.UTF_8.toString());
         StringBuffer responsestr = new StringBuffer();
         if (param.startsWith("https://www.alipay.com")) {
             try {
diff --git a/dast-java/src/main/java/com/alipay/antbenchmark/controller/bs/BS00085Controller.java b/dast-java/src/main/java/com/alipay/antbenchmark/controller/bs/BS00085Controller.java
@@ -14,6 +14,8 @@
 import java.io.InputStreamReader;
 import java.net.HttpURLConnection;
 import java.net.URL;
+import java.nio.charset.StandardCharsets;
+import java.util.HashMap;
 
 @Controller
 @RequestMapping(value = "/ssrf")
@@ -26,7 +28,22 @@ public class BS00085Controller extends HttpServlet {
     public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
         response.setContentType("text/html;charset=UTF-8");
 
-        String param = request.getParameter("BS00085");
+        BufferedReader reader = request.getReader();
+        String line;
+        StringBuilder builder = new StringBuilder();
+        while ((line = reader.readLine()) != null) {
+            builder.append(line);
+        }
+        String[] pairs = builder.toString().split("&");
+        HashMap<String, String> params = new HashMap<>();
+        for (String pair : pairs) {
+            String[] parts = pair.split("=");
+            String key = parts[0];
+            String value = parts.length > 1 ? parts[1] : "";
+            params.put(key, value);
+        }
+        String param = params.get("BS00085");
+        param = java.net.URLDecoder.decode(param, StandardCharsets.UTF_8.toString());
         StringBuffer responsestr = new StringBuffer();
         if (param.startsWith("https://www.alipay.com")) {
             try {
diff --git a/dast-java/src/main/resources/callscanner/payloads/BS00084.txt b/dast-java/src/main/resources/callscanner/payloads/BS00084.txt
@@ -11,4 +11,4 @@ scannerauth:cd117e0a9365670f19c768032f8dabfe
 Content-Type: application/x-www-form-urlencoded
 Content-Length: 30
 
-BS00084=https://www.alipay.com
+BS00084=https://www.alipay.com@foo.dnslog.cn
diff --git a/dast-java/src/main/resources/callscanner/payloads/BS00085.txt b/dast-java/src/main/resources/callscanner/payloads/BS00085.txt
@@ -11,4 +11,4 @@ scannerauth:cd117e0a9365670f19c768032f8dabfe
 Content-Type: application/x-www-form-urlencoded
 Content-Length: 30
 
-BS00085=https://www.alipay.com
+BS00085=https://www.alipay.com@foo.dnslog.cn
