commit deb511d92a90861bf1204b3c62c847f42a26aab1
Author: weishao <wanwei@educoder.com>
Date:   Fri Mar 10 16:15:36 2023 +0800

    1

diff --git a/.DS_Store b/.DS_Store
new file mode 100644
index 0000000..2f49abf
Binary files /dev/null and b/.DS_Store differ
diff --git a/Command_Injection/Command_Injection.class b/Command_Injection/Command_Injection.class
new file mode 100644
index 0000000..9573368
Binary files /dev/null and b/Command_Injection/Command_Injection.class differ
diff --git a/Create_Boolean_Object/Create_Boolean_Object.class b/Create_Boolean_Object/Create_Boolean_Object.class
new file mode 100644
index 0000000..006dd13
Binary files /dev/null and b/Create_Boolean_Object/Create_Boolean_Object.class differ
diff --git a/Create_String_Object/Create_String_Object.class b/Create_String_Object/Create_String_Object.class
new file mode 100644
index 0000000..1920583
Binary files /dev/null and b/Create_String_Object/Create_String_Object.class differ
diff --git a/Debug_Code/Debug_Code_bad.class b/Debug_Code/Debug_Code_bad.class
new file mode 100644
index 0000000..7f54a52
Binary files /dev/null and b/Debug_Code/Debug_Code_bad.class differ
diff --git a/Debug_Code/Debug_Code_good.class b/Debug_Code/Debug_Code_good.class
new file mode 100644
index 0000000..031add7
Binary files /dev/null and b/Debug_Code/Debug_Code_good.class differ
diff --git a/Empty_Catch_Block/Empty_Catch_Block.class b/Empty_Catch_Block/Empty_Catch_Block.class
new file mode 100644
index 0000000..f75774c
Binary files /dev/null and b/Empty_Catch_Block/Empty_Catch_Block.class differ
diff --git a/Empty_If_Block/Empty_If_Block.class b/Empty_If_Block/Empty_If_Block.class
new file mode 100644
index 0000000..8b1279c
Binary files /dev/null and b/Empty_If_Block/Empty_If_Block.class differ
diff --git a/Empty_Password/Empty_Password.class b/Empty_Password/Empty_Password.class
new file mode 100644
index 0000000..81c516c
Binary files /dev/null and b/Empty_Password/Empty_Password.class differ
diff --git a/Empty_String_Compare/Empty_String_Compare.class b/Empty_String_Compare/Empty_String_Compare.class
new file mode 100644
index 0000000..ff8769a
Binary files /dev/null and b/Empty_String_Compare/Empty_String_Compare.class differ
diff --git a/Empty_Syn_Block/Empty_Syn_Block.class b/Empty_Syn_Block/Empty_Syn_Block.class
new file mode 100644
index 0000000..be7f314
Binary files /dev/null and b/Empty_Syn_Block/Empty_Syn_Block.class differ
diff --git a/Expression_Always_False/Expression_Always_False_01.class b/Expression_Always_False/Expression_Always_False_01.class
new file mode 100644
index 0000000..73f5a33
Binary files /dev/null and b/Expression_Always_False/Expression_Always_False_01.class differ
diff --git a/Expression_Always_False/Expression_Always_False_02.class b/Expression_Always_False/Expression_Always_False_02.class
new file mode 100644
index 0000000..0ae049a
Binary files /dev/null and b/Expression_Always_False/Expression_Always_False_02.class differ
diff --git a/Expression_Always_True/Expression_Always_True_01.class b/Expression_Always_True/Expression_Always_True_01.class
new file mode 100644
index 0000000..21e45e5
Binary files /dev/null and b/Expression_Always_True/Expression_Always_True_01.class differ
diff --git a/Expression_Always_True/Expression_Always_True_02.class b/Expression_Always_True/Expression_Always_True_02.class
new file mode 100644
index 0000000..5a4bb7e
Binary files /dev/null and b/Expression_Always_True/Expression_Always_True_02.class differ
diff --git a/HTML_Comment_in_JSP/HTML_Comment_in_JSP.jsp b/HTML_Comment_in_JSP/HTML_Comment_in_JSP.jsp
new file mode 100644
index 0000000..aa87321
--- /dev/null
+++ b/HTML_Comment_in_JSP/HTML_Comment_in_JSP.jsp
@@ -0,0 +1,13 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+    pageEncoding="ISO-8859-1"%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>HTTP Splitting</title>
+</head>
+<body>  
+ <% response.sendRedirect("https://aa.com/test.php"); %>	<%--  // good HTML Comment in JSP file --%>	        
+ <!-- this is an html comment.it will show up int the response. -->  <%--  // bad HTML Comment in JSP file --%>
+</body>
+</html>
\ No newline at end of file
diff --git a/HTTP_Response_Splitting/HTTP_Response_Splitting.class b/HTTP_Response_Splitting/HTTP_Response_Splitting.class
new file mode 100644
index 0000000..f0626ee
Binary files /dev/null and b/HTTP_Response_Splitting/HTTP_Response_Splitting.class differ
diff --git a/Hard_Coded_Password/Hard_Coded_Password.class b/Hard_Coded_Password/Hard_Coded_Password.class
new file mode 100644
index 0000000..70039e4
Binary files /dev/null and b/Hard_Coded_Password/Hard_Coded_Password.class differ
diff --git a/Insecuere_Randomness/Insecuere_Randomness.class b/Insecuere_Randomness/Insecuere_Randomness.class
new file mode 100644
index 0000000..e527053
Binary files /dev/null and b/Insecuere_Randomness/Insecuere_Randomness.class differ
diff --git a/J2EE_Bad_Practices_Use_of_System_Exit/J2EE_Bad_Practices_Use_of_System_Exit__Servlet_01.class b/J2EE_Bad_Practices_Use_of_System_Exit/J2EE_Bad_Practices_Use_of_System_Exit__Servlet_01.class
new file mode 100644
index 0000000..3b10fcf
Binary files /dev/null and b/J2EE_Bad_Practices_Use_of_System_Exit/J2EE_Bad_Practices_Use_of_System_Exit__Servlet_01.class differ
diff --git a/Just_one_of_Equals_or_hashCode_defined/Just_one_of_Equals_or_hashCode_defined_bad.class b/Just_one_of_Equals_or_hashCode_defined/Just_one_of_Equals_or_hashCode_defined_bad.class
new file mode 100644
index 0000000..35259b1
Binary files /dev/null and b/Just_one_of_Equals_or_hashCode_defined/Just_one_of_Equals_or_hashCode_defined_bad.class differ
diff --git a/Just_one_of_Equals_or_hashCode_defined/Just_one_of_Equals_or_hashCode_defined_good.class b/Just_one_of_Equals_or_hashCode_defined/Just_one_of_Equals_or_hashCode_defined_good.class
new file mode 100644
index 0000000..2c0ea50
Binary files /dev/null and b/Just_one_of_Equals_or_hashCode_defined/Just_one_of_Equals_or_hashCode_defined_good.class differ
diff --git a/LDAP_Injection/LDAP_Injection.class b/LDAP_Injection/LDAP_Injection.class
new file mode 100644
index 0000000..844dfa4
Binary files /dev/null and b/LDAP_Injection/LDAP_Injection.class differ
diff --git a/Log_Forging/Log_Forging.class b/Log_Forging/Log_Forging.class
new file mode 100644
index 0000000..af783e9
Binary files /dev/null and b/Log_Forging/Log_Forging.class differ
diff --git a/Logging_using_System_output/Logging_using_System_output.class b/Logging_using_System_output/Logging_using_System_output.class
new file mode 100644
index 0000000..41fa860
Binary files /dev/null and b/Logging_using_System_output/Logging_using_System_output.class differ
diff --git a/Null_Password/Null_Password.class b/Null_Password/Null_Password.class
new file mode 100644
index 0000000..6a25e8b
Binary files /dev/null and b/Null_Password/Null_Password.class differ
diff --git a/Obsolete_Method/Obsolete_Method.class b/Obsolete_Method/Obsolete_Method.class
new file mode 100644
index 0000000..d0376b1
Binary files /dev/null and b/Obsolete_Method/Obsolete_Method.class differ
diff --git a/Open_Redirect/Open_Redirect_bad.jsp b/Open_Redirect/Open_Redirect_bad.jsp
new file mode 100644
index 0000000..d56b8b9
--- /dev/null
+++ b/Open_Redirect/Open_Redirect_bad.jsp
@@ -0,0 +1,6 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1" import="java.util.regex.*" 
+    pageEncoding="ISO-8859-1"%>
+<%
+
+String strDest = request.getParameter("dest");
+pageContext.forward(strDest);   %>  <%--  // good Open Redirect --%>
\ No newline at end of file
diff --git a/Open_Redirect/Open_Redirect_good.jsp b/Open_Redirect/Open_Redirect_good.jsp
new file mode 100644
index 0000000..7685d25
--- /dev/null
+++ b/Open_Redirect/Open_Redirect_good.jsp
@@ -0,0 +1,8 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1" import="java.util.regex.*" 
+    pageEncoding="ISO-8859-1"%>
+<%
+	String[] strURLArray = new String[]{"http://aa.com","http://bb.com","http://cc.com"};
+    int strDest = Integer.parseInt(request.getParameter("dest"));
+    if((strDest >= 0) && (strDest <= 15 ))
+    {   String strFinalURL = strURLArray[strDest];
+        pageContext.forward(strFinalURL);  } %>  <%--  // good Open Redirect --%>
\ No newline at end of file
diff --git a/Overly_board_Catch/Overly_board_Catch.class b/Overly_board_Catch/Overly_board_Catch.class
new file mode 100644
index 0000000..b6c773a
Binary files /dev/null and b/Overly_board_Catch/Overly_board_Catch.class differ
diff --git a/Overly_board_Throws/Overly_board_Throws.class b/Overly_board_Throws/Overly_board_Throws.class
new file mode 100644
index 0000000..c2184cf
Binary files /dev/null and b/Overly_board_Throws/Overly_board_Throws.class differ
diff --git a/Path_Manipulate/Path_Manipulate.class b/Path_Manipulate/Path_Manipulate.class
new file mode 100644
index 0000000..73df9a6
Binary files /dev/null and b/Path_Manipulate/Path_Manipulate.class differ
diff --git a/Persist_XSS/Persist_XSS.class b/Persist_XSS/Persist_XSS.class
new file mode 100644
index 0000000..90c9c86
Binary files /dev/null and b/Persist_XSS/Persist_XSS.class differ
diff --git a/Redundence_Initialize/Redundence_Initialize.class b/Redundence_Initialize/Redundence_Initialize.class
new file mode 100644
index 0000000..c5a4c37
Binary files /dev/null and b/Redundence_Initialize/Redundence_Initialize.class differ
diff --git a/Reflect_XSS/Reflect_XSS_bad.jsp b/Reflect_XSS/Reflect_XSS_bad.jsp
new file mode 100644
index 0000000..56e0f7a
--- /dev/null
+++ b/Reflect_XSS/Reflect_XSS_bad.jsp
@@ -0,0 +1,19 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1" import="java.util.regex.*"
+    pageEncoding="ISO-8859-1"%>
+<%
+String action = request.getParameter("action");
+String field1 = request.getParameter("field1");
+String regex1 = "^[0-9]{3}$";// any three digits
+Pattern pattern1 = Pattern.compile(regex1);
+
+if("Purchase".equals(action))
+{
+	if(!pattern1.matcher(field1).matches())
+	{
+		/** If they supplied the right attack, pass them **/
+		
+		out.write("alert('Whoops: You entered an incorrect access code of \"" + field1 + "\"');");  // bad  XSS
+	}
+	
+}
+%>
\ No newline at end of file
diff --git a/Reflect_XSS/Reflect_XSS_good.jsp b/Reflect_XSS/Reflect_XSS_good.jsp
new file mode 100644
index 0000000..c6e621d
--- /dev/null
+++ b/Reflect_XSS/Reflect_XSS_good.jsp
@@ -0,0 +1,20 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1" import="java.util.regex.*" 
+    pageEncoding="ISO-8859-1"%>
+<%
+String action = request.getParameter("action");
+String field1 = "field1";
+String regex1 = "^[0-9]{3}$";// any three digits
+Pattern pattern1 = Pattern.compile(regex1);
+
+if("Purchase".equals(action))
+{
+	if(!pattern1.matcher(field1).matches())
+	{
+	
+		/** If they supplied the right attack, pass them **/
+		out.write("alert('Whoops: You entered an incorrect access code of \"" + field1 + "\"');");  // good  xss
+	
+	}
+	
+}
+%>
\ No newline at end of file
diff --git a/Return_in_Finally/Return_in_Finally.class b/Return_in_Finally/Return_in_Finally.class
new file mode 100644
index 0000000..faeafa9
Binary files /dev/null and b/Return_in_Finally/Return_in_Finally.class differ
diff --git a/SQL_Injection/SQL_Injection.class b/SQL_Injection/SQL_Injection.class
new file mode 100644
index 0000000..0d62b46
Binary files /dev/null and b/SQL_Injection/SQL_Injection.class differ
diff --git a/Static_Field_Not_Final/Static_Field_Not_Final.class b/Static_Field_Not_Final/Static_Field_Not_Final.class
new file mode 100644
index 0000000..1c073a5
Binary files /dev/null and b/Static_Field_Not_Final/Static_Field_Not_Final.class differ
diff --git a/String_Compare_Error/String_Compare_Error.class b/String_Compare_Error/String_Compare_Error.class
new file mode 100644
index 0000000..b4b352e
Binary files /dev/null and b/String_Compare_Error/String_Compare_Error.class differ
diff --git a/Stringbuild_in_loop/Stringbuild_in_loop.class b/Stringbuild_in_loop/Stringbuild_in_loop.class
new file mode 100644
index 0000000..62f4f51
Binary files /dev/null and b/Stringbuild_in_loop/Stringbuild_in_loop.class differ
diff --git a/System_Information_Leak/System_Information_Leak.class b/System_Information_Leak/System_Information_Leak.class
new file mode 100644
index 0000000..dcd9b6e
Binary files /dev/null and b/System_Information_Leak/System_Information_Leak.class differ
diff --git a/Throws_Excepiton_in_Finally/Throws_Excepiton_in_Finally.class b/Throws_Excepiton_in_Finally/Throws_Excepiton_in_Finally.class
new file mode 100644
index 0000000..30a4b0a
Binary files /dev/null and b/Throws_Excepiton_in_Finally/Throws_Excepiton_in_Finally.class differ
diff --git a/Trust_Boundary_Violation/Trust_Boundary_Violation.class b/Trust_Boundary_Violation/Trust_Boundary_Violation.class
new file mode 100644
index 0000000..7f584bd
Binary files /dev/null and b/Trust_Boundary_Violation/Trust_Boundary_Violation.class differ
diff --git a/Unchecked_Return_Value/Unchecked_Return_Value.class b/Unchecked_Return_Value/Unchecked_Return_Value.class
new file mode 100644
index 0000000..4b4e0a3
Binary files /dev/null and b/Unchecked_Return_Value/Unchecked_Return_Value.class differ
diff --git a/Unreleased_DB_Resource/Unreleased_DB_Resource.class b/Unreleased_DB_Resource/Unreleased_DB_Resource.class
new file mode 100644
index 0000000..6332973
Binary files /dev/null and b/Unreleased_DB_Resource/Unreleased_DB_Resource.class differ
diff --git a/Unreleased_Stream/Unreleased_Stream.class b/Unreleased_Stream/Unreleased_Stream.class
new file mode 100644
index 0000000..6fc536d
Binary files /dev/null and b/Unreleased_Stream/Unreleased_Stream.class differ
diff --git a/Unsafe_Hash_Algorithm/Unsafe_Hash_Algorithm.class b/Unsafe_Hash_Algorithm/Unsafe_Hash_Algorithm.class
new file mode 100644
index 0000000..b558878
Binary files /dev/null and b/Unsafe_Hash_Algorithm/Unsafe_Hash_Algorithm.class differ
diff --git a/Unsafe_Reflection/Unsafe_Reflection.class b/Unsafe_Reflection/Unsafe_Reflection.class
new file mode 100644
index 0000000..c6217d7
Binary files /dev/null and b/Unsafe_Reflection/Unsafe_Reflection.class differ
diff --git a/Unused_Filed/Unused_Filed.class b/Unused_Filed/Unused_Filed.class
new file mode 100644
index 0000000..57e239b
Binary files /dev/null and b/Unused_Filed/Unused_Filed.class differ
diff --git a/Unused_Method/Unused_Method.class b/Unused_Method/Unused_Method.class
new file mode 100644
index 0000000..d858b5c
Binary files /dev/null and b/Unused_Method/Unused_Method.class differ
diff --git a/Unused_Variable/Unused_Variable.class b/Unused_Variable/Unused_Variable.class
new file mode 100644
index 0000000..163f5a3
Binary files /dev/null and b/Unused_Variable/Unused_Variable.class differ
diff --git a/Use_Float_For_Compute/Use_Float_For_Compute.class b/Use_Float_For_Compute/Use_Float_For_Compute.class
new file mode 100644
index 0000000..94eb4d1
Binary files /dev/null and b/Use_Float_For_Compute/Use_Float_For_Compute.class differ
diff --git a/Weak_Encryption/Weak_Encryption.class b/Weak_Encryption/Weak_Encryption.class
new file mode 100644
index 0000000..d166668
Binary files /dev/null and b/Weak_Encryption/Weak_Encryption.class differ
diff --git a/XPath_Injection/XPath_Injection.class b/XPath_Injection/XPath_Injection.class
new file mode 100644
index 0000000..b446c36
Binary files /dev/null and b/XPath_Injection/XPath_Injection.class differ