You can download the Tool - O2 Cmd SpringMVC v1.0.exe (or build it using O2) which is the stand alone exe of the old O2_Cmd_SpringMvc.msi tool (See at the end of this post for details on how this exe was created)
When you open this tool, you will get a GUI that looks like this:
Then if you drop a jar (or the zip of *.classes like the one you will find in the jPetClinic – O2 Demo Pack.zip that you get from the Packaged Spring MVC Security Test Apps: JPetStore and PetClinc ), a series of conversions will occur (Jython is used to parse the java byte code) :
Which when finished will look like this:
For a detailed explanation of how this module works (including the VERY important /*O2Helper:MVCAutoBindListObject: hack) take a look at this blog post:
Visualizing Spring MVC Annotations based Controls (and Autobinding PetClinic’s vulnerabilities)
How the Tool - O2 Cmd SpringMVC v1.0.exe was created
It was quite easy to package the O2_Cmd_SpringMvc.msi tool (note-to-self: do this for the other really powerful old O2 tools that are gathering dust in the O2 archives)
Step 1: Create an installer that downloads and extracts the msi:
Step 2: In an O2 C# REPL script create the Tool - O2 Cmd SpringMVC.h2 file
Which will consume the installers (shown above) and will trigger the extraction (when executed for the first time as a standalone exe)
Step 3: Open the context menu and chose the item to package the current script
And that's it!
The package tool (which is a script it self) should be open with the created exe:
It's quite powerful the fact that it took me longer to write this blog post than to package that old O2 tool :)
