package com.baidu.springbootservlet.servlet;

import java.io.IOException;
import java.io.PrintWriter;
import java.net.URLEncoder;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebServlet(urlPatterns = {"/index"})
/* loaded from: input_file:com/baidu/springbootservlet/servlet/Index.class */
public class Index extends HttpServlet {
    @Override // javax.servlet.http.HttpServlet
    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doPost(httpServletRequest, httpServletResponse);
    }

    @Override // javax.servlet.http.HttpServlet
    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletResponse.setCharacterEncoding("utf-8");
        httpServletResponse.setContentType("text/html; charset=utf-8");
        PrintWriter writer = httpServletResponse.getWriter();
        String str = new String(httpServletRequest.getRequestURL());
        String substring = str.substring(0, str.lastIndexOf("/"));
        writer.print("<html>");
        writer.print("<head>");
        writer.print("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" /> ");
        writer.print("<title>OpenRASP 测试用例集合</title>");
        writer.print("</head>");
        writer.print("<body>");
        writer.print("文件上传hook点测试，请自行上传文件测试,请求url:" + substring + "/fileUpload<br>");
        writer.print("<a href=" + substring + "/readFile?file=../../../../../../../../../../../../../../../../../../../../../../etc/passwd target=\"_blank\">任意文件读取</a><br>");
        writer.print("<a href=" + substring + "/command target=\"_blank\">命令执行后门</a><br>");
        writer.print("<a href=" + substring + "/deserialization target=\"_blank\">Transformer 反序列化</a><br>");
        writer.print("<a href=" + substring + "/directory target=\"_blank\">使用 File.listFiles 遍历目录</a><br>");
        writer.print("<a href=" + substring + "/httpClient target=\"_blank\">SSRF - HttpClient 方式</a><br>");
        writer.print("<a href=" + substring + "/commonClient target=\"_blank\">SSRF - commons.httpclient 方式</a><br>");
        writer.print("<a href=" + substring + "/urlConnection target=\"_blank\">SSRF - URL.openConnection 方式</a><br>");
        writer.print("<a href=" + substring + "/mysql?id=1 or 88=88 or 99=99 or 100=100 or 100=100 target=\"_blank\">MySQL</a><br>");
        writer.print("<a href=" + substring + "/mysqlPrepared?id=1 or 88=88 or 99=99 or 100=100 or 100=100 target=\"_blank\">MySQL Prepared</a><br>");
        writer.print("<a href=" + substring + "/ognl target=\"_blank\">OGNL</a><br>");
        writer.print("<a href=" + substring + "/okHttp target=\"_blank\">SSRF - OKHTTP 方式</a><br>");
        writer.print("<a href=" + substring + "/okHttp3 target=\"_blank\">SSRF - OKHTTP3 方式</a><br>");
        writer.print("<a href=" + substring + "/xxe target=\"_blank\">通过XXE读取系统文件</a><br>");
        writer.print("<a href=" + substring + "/sqlException target=\"_blank\">sqlException</a><br>");
        writer.print("<a href=" + substring + "/sqlAccess target=\"_blank\">sqlException_Access_Deny</a><br>");
        writer.print("<a href=" + substring + "/xss?tag=11111111" + URLEncoder.encode("<") + "sdggdssdd" + URLEncoder.encode(">") + "111111111111 target=\"_blank\">body_xss检测</a><br>");
        writer.print("</body>");
        writer.print("</html>");
        writer.print(httpServletRequest.getParameter("tag"));
    }
}
