devopselvis
diff --git a/‎.github/workflows/codeql-analysis.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/codeql-analysis.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.gitignore‎
Lines changed: 46 additions & 0 deletions b/‎.gitignore‎
Lines changed: 46 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 56 additions & 1 deletion b/‎README.md‎
Lines changed: 56 additions & 1 deletion
diff --git a/‎pom.xml‎
Lines changed: 4 additions & 0 deletions b/‎pom.xml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/main/java/com/example/app/VulnerableApplication.java‎
Lines changed: 12 additions & 0 deletions b/‎src/main/java/com/example/app/VulnerableApplication.java‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎src/main/java/com/example/database/UserDatabase.java‎
Lines changed: 20 additions & 0 deletions b/‎src/main/java/com/example/database/UserDatabase.java‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎src/main/java/com/example/ldap/LdapAuth.java‎
Lines changed: 82 additions & 0 deletions b/‎src/main/java/com/example/ldap/LdapAuth.java‎
Lines changed: 82 additions & 0 deletions
diff --git a/‎src/main/java/com/example/web/FileController.java‎
Lines changed: 22 additions & 0 deletions b/‎src/main/java/com/example/web/FileController.java‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎target/classes/com/example/app/VulnerableApplication.class‎
-1.91 KB b/‎target/classes/com/example/app/VulnerableApplication.class‎
-1.91 KB
diff --git a/‎target/classes/com/example/database/UserDatabase.class‎
-2.82 KB b/‎target/classes/com/example/database/UserDatabase.class‎
-2.82 KB
@@ -33,17 +33,17 @@ jobs:
         distribution: 'temurin'
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         queries: +security-and-quality
 
     # Autobuild attempts to build any compiled languages (Java, C#, Go, etc.)
     # If this step fails, remove it and run the build manually instead
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
       with:
         category: "/language:${{matrix.language}}"
@@ -0,0 +1,46 @@
+# Maven
+target/
+pom.xml.tag
+pom.xml.releaseBackup
+pom.xml.versionsBackup
+pom.xml.next
+release.properties
+dependency-reduced-pom.xml
+buildNumber.properties
+.mvn/timing.properties
+.mvn/wrapper/maven-wrapper.jar
+
+# Compiled class files
+*.class
+
+# Log files
+*.log
+
+# IDE files
+.idea/
+*.iws
+*.iml
+*.ipr
+.vscode/
+.settings/
+.project
+.classpath
+
+# OS generated files
+.DS_Store
+Thumbs.db
+
+# Temporary files
+*.tmp
+*.bak
+*.swp
+*~.nib
+
+# Package files
+*.jar
+*.war
+*.nar
+*.ear
+*.zip
+*.tar.gz
+*.rar
@@ -1 +1,56 @@
-# coding-agent-example-java-codeql-autobuild
+# coding-agent-example-java-codeql-autobuild
+
+A demonstration Java application with intentional security vulnerabilities for CodeQL scanning.
+
+## Overview
+
+This repository contains a simple Java application built with Maven that includes several common security vulnerabilities designed to be detected by GitHub's CodeQL static analysis tool.
+
+## Application Structure
+
+- **Main Application**: `com.example.app.VulnerableApplication` - Entry point that demonstrates various vulnerabilities
+- **Database Layer**: `com.example.database.UserDatabase` - Contains SQL injection vulnerabilities
+- **Security Utils**: `com.example.security.CryptoUtils` - Contains weak cryptographic implementations
+- **Web/File Handling**: `com.example.web.FileController` - Contains path traversal and command injection vulnerabilities
+- **LDAP Authentication**: `com.example.ldap.LdapAuth` - Contains LDAP injection vulnerabilities
+
+## Intentional Vulnerabilities
+
+This application contains the following types of security vulnerabilities:
+
+1. **SQL Injection** - Direct string concatenation in SQL queries
+2. **Command Injection** - Unsanitized user input passed to system commands
+3. **Path Traversal** - File operations without path validation
+4. **LDAP Injection** - Unescaped user input in LDAP filters
+5. **Weak Cryptography** - Use of MD5 and weak random number generation
+6. **Hard-coded Secrets** - Embedded credentials and encryption keys
+
+## CodeQL Analysis
+
+The repository includes a GitHub Actions workflow (`.github/workflows/codeql-analysis.yml`) that:
+
+- Runs CodeQL analysis on push and pull requests
+- Uses the autobuild functionality for Java
+- Includes security-and-quality queries for comprehensive coverage
+- Runs weekly scheduled scans
+
+## Building and Running
+
+```bash
+# Compile the application
+mvn clean compile
+
+# Run tests
+mvn test
+
+# Run the application (demonstrates vulnerabilities)
+mvn exec:java -Dexec.mainClass="com.example.app.VulnerableApplication"
+```
+
+## Warning
+
+⚠️ **This application contains intentional security vulnerabilities and should never be deployed in a production environment.** It is designed solely for educational purposes and CodeQL demonstration.
+
+## License
+
+This project is for educational and demonstration purposes only.
@@ -20,6 +20,10 @@
     </properties>
 
     <dependencies>
+        <!-- NOTE: Some dependency versions below may have known vulnerabilities.
+             This is intentional for demonstration purposes. In a real application,
+             always use the latest secure versions of dependencies. -->
+             
         <!-- Database connectivity for SQL injection demos -->
         <dependency>
             <groupId>mysql</groupId>
 
@@ -3,6 +3,7 @@
 import com.example.database.UserDatabase;
 import com.example.security.CryptoUtils;
 import com.example.web.FileController;
+import com.example.ldap.LdapAuth;
 
 /**
  * Main application class demonstrating various Java vulnerabilities
@@ -17,13 +18,15 @@ public static void main(String[] args) {
         UserDatabase userDb = new UserDatabase();
         CryptoUtils crypto = new CryptoUtils();
         FileController fileController = new FileController();
+        LdapAuth ldapAuth = new LdapAuth();
 
         // Example usage that would trigger vulnerabilities
         String userInput = args.length > 0 ? args[0] : "admin";
         String password = args.length > 1 ? args[1] : "password123";
 
         // SQL Injection vulnerability
         userDb.authenticateUser(userInput, password);
+        userDb.deleteUser(userInput);
 
         // Weak cryptography
         String token = crypto.generateToken();
@@ -33,6 +36,15 @@ public static void main(String[] args) {
         String filename = args.length > 2 ? args[2] : "../../etc/passwd";
         fileController.readFile(filename);
 
+        // Command injection
+        String command = args.length > 3 ? args[3] : "ls -la";
+        fileController.executeCommand(command);
+        fileController.executeSystemCommand(command);
+        
+        // LDAP injection
+        ldapAuth.authenticateUser(userInput, password);
+        ldapAuth.getUserInfo(userInput);
+        
         System.out.println("Application completed.");
     }
 }
@@ -67,4 +67,24 @@ public void updateUserProfile(String userId, String email, String fullName) {
             System.err.println("Update failed: " + e.getMessage());
         }
     }
+    
+    /**
+     * VULNERABLE: Dynamic query construction - another SQL injection pattern
+     */
+    public void deleteUser(String userIdParam) {
+        try {
+            Connection conn = DriverManager.getConnection(DB_URL, DB_USER, DB_PASSWORD);
+            Statement stmt = conn.createStatement();
+            
+            // VULNERABILITY: Direct concatenation in DELETE statement
+            String sql = "DELETE FROM users WHERE id = " + userIdParam;
+            stmt.executeUpdate(sql);
+            
+            stmt.close();
+            conn.close();
+            
+        } catch (Exception e) {
+            System.err.println("Delete failed: " + e.getMessage());
+        }
+    }
 }
@@ -0,0 +1,82 @@
+package com.example.ldap;
+
+import javax.naming.Context;
+import javax.naming.InitialContext;
+import javax.naming.NamingEnumeration;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.InitialDirContext;
+import javax.naming.directory.SearchResult;
+import java.util.Hashtable;
+
+/**
+ * LDAP authentication with intentional LDAP injection vulnerability
+ * to demonstrate CodeQL detection capabilities.
+ */
+public class LdapAuth {
+    
+    private static final String LDAP_URL = "ldap://localhost:389";
+    private static final String BASE_DN = "dc=example,dc=com";
+    
+    /**
+     * VULNERABLE: LDAP injection vulnerability - user input directly concatenated
+     * This should trigger a high/critical CodeQL alert
+     */
+    public boolean authenticateUser(String username, String password) {
+        try {
+            Hashtable<String, String> env = new Hashtable<>();
+            env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
+            env.put(Context.PROVIDER_URL, LDAP_URL);
+            
+            DirContext ctx = new InitialDirContext(env);
+            
+            // VULNERABILITY: Direct concatenation allows LDAP injection
+            String filter = "(&(uid=" + username + ")(userPassword=" + password + "))";
+            
+            System.out.println("LDAP filter: " + filter);
+            
+            NamingEnumeration<SearchResult> results = ctx.search(BASE_DN, filter, null);
+            boolean authenticated = results.hasMore();
+            
+            results.close();
+            ctx.close();
+            
+            return authenticated;
+            
+        } catch (Exception e) {
+            System.err.println("LDAP authentication failed: " + e.getMessage());
+            return false;
+        }
+    }
+    
+    /**
+     * VULNERABLE: Another LDAP injection pattern
+     */
+    public String getUserInfo(String userId) {
+        try {
+            Hashtable<String, String> env = new Hashtable<>();
+            env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
+            env.put(Context.PROVIDER_URL, LDAP_URL);
+            
+            DirContext ctx = new InitialDirContext(env);
+            
+            // VULNERABILITY: LDAP injection in search filter
+            String searchFilter = "(uid=" + userId + ")";
+            NamingEnumeration<SearchResult> results = ctx.search(BASE_DN, searchFilter, null);
+            
+            if (results.hasMore()) {
+                SearchResult result = results.next();
+                Attributes attrs = result.getAttributes();
+                return attrs.toString();
+            }
+            
+            results.close();
+            ctx.close();
+            
+        } catch (Exception e) {
+            System.err.println("LDAP search failed: " + e.getMessage());
+        }
+        
+        return null;
+    }
+}
@@ -97,4 +97,26 @@ public String executeCommand(String userCommand) {
             return null;
         }
     }
+    
+    /**
+     * VULNERABLE: Another command injection pattern using ProcessBuilder
+     */
+    public String executeSystemCommand(String cmd) {
+        try {
+            // VULNERABILITY: ProcessBuilder with unsanitized input
+            ProcessBuilder pb = new ProcessBuilder("/bin/sh", "-c", cmd);
+            Process process = pb.start();
+            
+            BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream()));
+            StringBuilder result = new StringBuilder();
+            String line;
+            while ((line = reader.readLine()) != null) {
+                result.append(line).append("\n");
+            }
+            
+            return result.toString();
+        } catch (Exception e) {
+            return "Error: " + e.getMessage();
+        }
+    }
 }