Routing

Importance of finding routing in the application

It is essential to find routing of the application and know how is it written in different languages and frameworks during security audit. identifying routing in the application allows security auditor to discover hidden attack surfaces, understand application workflow and locate entry points.

Servlet Mappings (Java)

Some Java applications use servlet mappings in order to control how the application handles HTTP requests. Information which describes how the application should behave is written in web.xml file.

Each route is made up of two entries: Entry 1: define a servlet Entry 2: mapping url to a servlet

In simple words this file describes which class handles which endpoint.

In the example below we can identify the following information:

1. File defines a servlet with id my_servlet for the com.example.ExampleServlet class

2. Servlet mapping binds requests from /example URL to ExampleServlet

<web-app xmlns="http://java.sun.com/xml/ns/javaee" version="3.0">
    <!-- Servlet declaration -->
    <servlet id="my_servlet">
        <servlet-name>ExampleServlet</servlet-name> 
        <servlet-class>com.example.ExampleServlet</servlet-class>
    </servlet>

    <!-- Servlet mapping -->
    <servlet-mapping>
        <servlet-name>ExampleServlet</servlet-name>
        <url-pattern>/example</url-pattern>
    </servlet-mapping>
</web-app>

ExpressJS (NodeJS)

In NodeJS routing is declared directly in the source code.

const express = require('express');
const app = express();

// Root route
app.get('/', (req, res) => {
    res.send('Welcome to the homepage!');
});

Spring MVC / Spring Boot (Java)

In Spring MVC / Spring Boot programmers usually create a seperate classes for storing the routing.

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;

@Controller // Annotation that says this class is handling requests
@RequestMapping("/api") // Prefix for all of the mappings in the code below
public class MyController {

    // Handles GET requests to /api/hello
    @GetMapping("/hello")
    @ResponseBody
    public String sayHello() {
        return "Hello, World!";
    }
}

Flask (Python)

In Flask routing is declared directly in the source code just as in ExpressJS.

from flask import Flask, jsonify, request

# Create a Flask application instance
app = Flask(__name__)

# Home route
@app.route('/')
def home():
    return "Welcome to the Flask App!"