Merge pull request #650 from doyensec:spring4shell_detection_2

PiperOrigin-RevId: 790617129
Change-Id: Iadf9dbb233dcd434ea63bb4a78dd1dc5734490fa

Author: copybara-github

community/detectors/spring_framework_cve_2022_22965/build.gradle

@@ -2,19 +2,17 @@ plugins {
     id 'java'
 }
 
-group 'com.google.tsunami'
-version '1.0-SNAPSHOT'
+group = 'com.google.tsunami'
+version = '1.0-SNAPSHOT'
 
 repositories {
     maven { // The google mirror is less flaky than mavenCentral()
-        url 'https://maven-central.storage-download.googleapis.com/repos/central/data/'
+        url = 'https://maven-central.storage-download.googleapis.com/repos/central/data/'
     }
     mavenCentral()
     mavenLocal()
 }
 
-
-
 dependencies {
     implementation "com.google.auto.value:auto-value-annotations:1.11.0"
     implementation("com.google.tsunami:tsunami-common") {
@@ -30,10 +28,10 @@ dependencies {
 
     testImplementation "junit:junit:4.13.2"
     testImplementation "org.mockito:mockito-core:5.18.0"
+    testImplementation "com.google.inject:guice:4.2.3"
+    testImplementation "com.google.inject.extensions:guice-testlib:4.2.3"
     testImplementation "com.google.truth:truth:1.4.4"
     testImplementation "com.google.truth.extensions:truth-java8-extension:1.4.4"
     testImplementation "com.google.truth.extensions:truth-proto-extension:1.4.4"
     testImplementation "com.squareup.okhttp3:mockwebserver:3.12.0"
-
-    implementation "org.jsoup:jsoup:1.9.2"
 }

community/detectors/spring_framework_cve_2022_22965/src/main/java/com/google/tsunami/plugins/detectors/spring/SpringCve202222965Detector.java

@@ -0,0 +1,36 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.tsunami.plugins.detectors.spring4shell;
+
+import static java.lang.annotation.ElementType.FIELD;
+import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.ElementType.PARAMETER;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import javax.inject.Qualifier;
+
+/** Annotation for {@link SpringCve202222965Detector}. */
+final class Annotations {
+  @Qualifier
+  @Retention(RetentionPolicy.RUNTIME)
+  @Target({PARAMETER, METHOD, FIELD})
+  @interface DelayBetweenRequests {}
+
+  private Annotations() {}
+}