From 9e43a966a4bcba3d84c64fd251befb2e509b886c Mon Sep 17 00:00:00 2001
From: GiriRaj249 <gr66575@gmail.com>
Date: Thu, 17 Aug 2023 23:24:38 +0530
Subject: [PATCH 1/2] Added Spring4Shell.bcheck rule

Added a rule to check for Spring4Shell vulnerability using a BCheck rule targeting GET requests.
---
 .../injection/Spring4Shell.bcheck             | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 vulnerability-classes/injection/Spring4Shell.bcheck

diff --git a/vulnerability-classes/injection/Spring4Shell.bcheck b/vulnerability-classes/injection/Spring4Shell.bcheck
new file mode 100644
index 0000000..1613388
--- /dev/null
+++ b/vulnerability-classes/injection/Spring4Shell.bcheck
@@ -0,0 +1,24 @@
+metadata:
+    language: v1-beta
+    name: "Spring4Shell (Response)"
+    description: "Checks for the Spring4Shell vulnerability"
+    author: "Giriraj R (cipherlover)"
+    tags: "Srping4Shell", "CVE-2022-22965", "cve"
+
+define:
+    spring4shell_payload = `class.module.classLoader.URLs%5B0%5D=0`
+    issueDetail = `The server has returned a response status code as "400" and along with "java.lang.IllegalArgumentException" error on the response body denoting that there is possibility for Spring4shell vulnerability`
+    issueRemediation = "Make sure you are up to date with patches and follow the remediation steps for CVE-2022-22965."
+
+given request then
+    send request called check :
+        appending queries: `{spring4shell_payload}`
+
+		if {check.response.status_code} is "400" and "java.lang.IllegalArgumentException" in {check.response.body} then
+         report issue:
+             severity: high
+             confidence: firm
+             detail: `{issueDetail}`
+             remediation: `{issueRemediation}`
+    end if
+

From dfe3d64157e15d59041c7fa534d0fa2944c1ad15 Mon Sep 17 00:00:00 2001
From: GiriRaj249 <gr66575@gmail.com>
Date: Fri, 18 Aug 2023 16:56:19 +0530
Subject: [PATCH 2/2] Update Spring4Shell.bcheck

The indentation was fixed.
---
 vulnerability-classes/injection/Spring4Shell.bcheck | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vulnerability-classes/injection/Spring4Shell.bcheck b/vulnerability-classes/injection/Spring4Shell.bcheck
index 1613388..afbefc3 100644
--- a/vulnerability-classes/injection/Spring4Shell.bcheck
+++ b/vulnerability-classes/injection/Spring4Shell.bcheck
@@ -14,7 +14,7 @@ given request then
     send request called check :
         appending queries: `{spring4shell_payload}`
 
-		if {check.response.status_code} is "400" and "java.lang.IllegalArgumentException" in {check.response.body} then
+    if {check.response.status_code} is "400" and "java.lang.IllegalArgumentException" in {check.response.body} then
          report issue:
              severity: high
              confidence: firm