Project Description

This project contains examples of vulnerabilities and their secure implementations in Java applications. The main topics are:

• Path Traversal
• SQL Injection

Each module includes a vulnerable class and its secure version, along with unit tests.

Directory Structure

lab1/
├── database.db                # SQLite database
├── lib/
│   └── sqlite-jdbc-3.50.3.0.jar   # SQLite JDBC driver
├── src/
│   ├── path_traversal/
│   │   ├── Secure.java           # Secure implementation
│   │   ├── Vulnerable.java       # Vulnerable implementation
│   │   ├── SecureTest.java       # Secure version tests
│   │   ├── VulnerableTest.java   # Vulnerable version tests
│   │   └── resources/
│   │       ├── secret_file.txt   # Test file (secret)
│   │       └── public/
│   │           └── public_file.txt # Test file (public)
│   └── sql_injection/
│       ├── Secure.java           # Secure implementation
│       ├── Vulnerable.java       # Vulnerable implementation
│       ├── SecureTest.java       # Secure version tests
│       ├── VulnerableTest.java   # Vulnerable version tests
│       └── resources/
│           ├── setup_database.sh # Database setup script
│           └── SetupDatabase.java# Database setup program

Requirements

• Java 8+
• SQLite JDBC (lib/sqlite-jdbc-3.50.3.0.jar)

How to Run

1. Make sure the database.db database is created (you can use setup_database.sh or SetupDatabase.java).
2. Compile the project:

   javac -cp lib/sqlite-jdbc-3.50.3.0.jar src/path_traversal/*.java src/sql_injection/*.java
   

3. Run selected tests or classes:

   java -cp lib/sqlite-jdbc-3.50.3.0.jar;src path_traversal.SecureTest
   java -cp lib/sqlite-jdbc-3.50.3.0.jar;src sql_injection.SecureTest
   

Tests

Unit tests are located in SecureTest.java and VulnerableTest.java files in both modules. Test files in the resources folder are used to demonstrate vulnerabilities.

Author

Educational project for application security laboratory.