Faculty of Engineering &

Technology (Co-Ed)

Department of Computer Science &

Engineering

INTERNSHIP REPORT
AKSHITA GUDI
USN: SG20CSE018

Semester: 8th

Date of Internship

From: 04th FEB 2024 To: 05 MAY 2024

Faculty Advisor
SHIVKUMAR KAGI SIR

Department of Computer Science &

Engineering, Sharnbasva University,

Kalaburagi, Karnataka.
2024
 COMPUTER SCIENCE ENGINEERING
DEPARTMENT

CERTIFICATE
Certified that the Internship work entitled “EVENT MANAGEMENT SYSTEM” is a bonafide
work carried out by AKSHITA GUDI and bearing USN No SG20CSE018 in partial
fulfillment of the requirement for the award of the degree of COMPUTER SCIENCE
ENGINEERING Sharnbasva University, Kalaburagi during the year 2024-2025. It is
certified that all corrections / suggestion indicated for Internal Assessment have been
incorporated in the Report. The Project Report has been approved as it satisfies the academic
requirements in respect of project work
prescribed for the B.TECH Degree.

Marks Details
Sl Maximum Marks
Name of the Student USN
No Marks Obtained
1 AKSHITA GUDI SG20CSE018

Signature of the Guide Signature of the Chairperson Signature of the Dean

Names of the examiners Signature with date

2
 ACKNOWLEDGEMENT

I am grateful to my SHARNBASVA UNIVERSITY, KALABURAGI with its very ideal and

inspiration for having me provided with facilities, which has made this Internship a
success.

First, I would like to express my immense gratitude to Dr. V. D. MYTRI, pro-vice

chancellor, SHARNBASVA UNIVERSITY, KALABURAGI. For help and inspiration.

I also extend my sincere thanks to Dr. ANIL KUMAR BIDVE registrar SHARNBASVA
UNIVERSITY, KALABURAGI. For his constant encouragement.

I would like to express my sense to gratitude to my beloved dean

Dr. SHIVKUMAR JAWALAGI faculty of Engineering & Technology (Co-ed) for providing
the right academic climate this university that has made this entire task appreciable.

I am also thankful to chairman Dr. SYED ASRA of faculty of engineering & technology
(CO-EDUCATION), department of computer science & engineering for his
encouragement and insightful comments at all stages of my Project

With a deep sense of my gratitude, I express my indebtedness to my guide Prof.

SHIVKUMAR KAGI for his worth advice, commendable guidance, constant inspiration,
and encouragement during the Internship.

Finally, I express my heartfelt thanks to my parent’s staff members of my department

of who helped me a lot in the completion of my internship directly and indirectly
within the schedule period.

AKSHITA GUDI
(USN:SG20CSE018)
 TABLE OF CONTENTS

S.No Particular Page No

i. Brief summary of Internship i
ii. Completion Certificate ii
iii. Acknowledgement iii

Cha
pter Internship schedule
No Introduction of company and departments
1. Key Learnings
2. Documentation
3. Challenges faced
4. Conclusion
5. References
6. Appendix 1 :

Industry

supervisor’s

report

Appendix 2 :

Students log

sheet Appendix

3 : Students

feedback form

Appendix 4: Documentary
Evidence’s of
Internship Such has
Screenshots of Online
 S nship mail/any
e other
s communication

s letter copy.

i
o
n
s
/
A
u
d
i
o
-
V
i
d
e
o
File
s/Any other
details

Appendix 5:
Offer Letter’s
copies if placed.

Appendix 6:
I
n
t
e
r
 BRIEF SUMMARY

Company Name: SOOKSHMAS E-LEARNING

PRIVATE LIMITED

Company Address: #18th Second Floor,1st Cross

Road ,S.V.G Nagar,
Priyadarshini Layout,
Vijayanagar, Bengaluru,
Karnataka 560072
Starting and Completion Dates: 4th FEB 2024 &
5th MAY 2024

Department(s) Worked In: java Programming

Web Development with Servlets and JSP Database
Connectivity (JDBC)
Frontend Technologies (HTML, CSS, jQuery)

Supervisor’s Name: KARTHIK M N

Position: MANAGER

Phone Number: 9632106111

Email: [email protected]

Authorized
Seal and Signatory
CERTIFICATE OF COMPLETION
CHAPTER 1 INTERNSHIP REPORT 2o22

INTERNSHIP SCHEDULE

Sl no Tasks
1 Basics concepts of Java
2 Advanced of Java Concepts
3 Advanced of Java Concepts 2
4 JDBC Concepts
5 Servlets
6 (JSP) JavaServer Pages
7 HTML Fundamentals
8 CSS Fundamentals
9 Bootstrap Concepts
10 jQuery
11 Advanced SQL Concepts
12 Integration and Project web
development
CHAPTER 2 INTERNSHIP REPORT 2o22

INTRODUCTION OF COMPANY AND

DEPARTMENTS
Sookshma’s, established in 2017, is a leading software development company
specializing in innovative digital solutions. Committed to excellence, we strive to
empower businesses with cutting-edge technology

1. Development: Our development team is the backbone of Sooksmas,

comprising talented software engineers, architects, and developers. They
are proficient in a wide array of technologies and frameworks, ensuring the
delivery of high-quality, scalable solutions to our clients.
2. Design: The design department at Sookshmas is responsible for crafting
engaging and intuitive user experiences. Our creative designers and UX/UI
experts collaborate closely with clients to transform ideas into visually
stunning and user-friendly interfaces.
3. Quality Assurance: Ensuring the reliability and performance of our
products is paramount at Sukshma. Our dedicated QA team meticulously
tests every aspect of the software, employing advanced testing
methodologies and tools to guarantee superior quality and seamless
functionality.
4. Project Management: Effective project management is key to delivering
projects on time and within budget. Our project management department
oversees every stage of the development process, from initial planning to
final delivery, ensuring smooth execution and client satisfaction
CHAPTER 3 INTERNSHIP REPORT 2o22

KEY LEARNINGS
Sl no Departments Learnings

1 Develops front end developing of

HTML,CSS,& JS

2 Database Establishing Back-end

connection's using framework's

3 Manager Time management skills and

effective communication

4 Team Member Meeting deadlines and

collaboration with teammates
 Introduction
Documentation for the development of an innovative Event Management System (EMS).

Working

Phase 1:

Design and Development

During the initial phase, our focus will be on designing and developing the core functionalities of the EMS.
This includes:

 Objective: Designing and Developing an Innovative EMS:

 Utilizing Java and web technologies, the primary goal is to create an advanced EMS that
overcomes current challenges in event management practices.
 Scope: Designing and Developing an Advanced EMS:
 The project involves the creation of a robust EMS to streamline event management
processes

Phase 2:

User Interface and Functionality

In the second phase, we will concentrate on creating a user-friendly interface and implementing key
functionalities of the EMS. This includes:

 Objective: Creating a User-friendly Interface:

 The project aims to develop an intuitive interface that empowers event organizers to
efficiently plan, schedule, and manage events with ease.
 Scope: Leveraging Java and Web Technologies:
 The project will utilize Java and web technologies to enhance the functionality and user
experience of the EMS.

Phase 3:

Evaluation and Enhancement

The final phase involves evaluating the usability and effectiveness of the EMS, identifying areas for
improvement, and proposing enhancements. This includes:

 Objective: Evaluating Usability and Effectiveness:

 Through comprehensive user feedback and testing, we will assess the usability and
effectiveness of the EMS, identifying areas for improvement and refinement.
 Scope: Evaluating User Feedback and Testing:
 We will conduct surveys and interviews to gather user feedback and conduct testing to
ensure the EMS meets the needs of event organizers.
Installation

git clone https://github.com/Malwareman007/Open_Source_Web-Vulnerability-Scanner-and-Patcher.git

cd Open_Source_Web-Vulnerability-Scanner-and-Patcher/setup

python3 -m pip install --no-cache-dir -r requirements.txt

SOFTWARE REQUIREMENTS
Database: Oracle 10g

Server: Apache Tomcat 4 or higher

Frontend: HTML

Scripting language: Java Script

Web Technologies: Servlets, Jsp

IDE: My Eclipse

Technology: Java

Definition
Local File Inclusion (LFI) allows an attacker to include files on a server through the web browser. This
vulnerability exists when a web application includes a file without correctly sanitising the input, allowing
and attacker to manipulate the input and inject path traversal characters and include other files from the
web server. An LFI attack may lead to information disclosure, remote code execution, or even Cross-site
Scripting (XSS). Typically, LFI occurs when an application uses the path to a file as input. If the application
treats this input as trusted, a local file may be used in the include statement.

Libraries Used

Request – This particular library has been used as we need to make HTTP requests in order to check for
the LFI vulnerability.

sys – This particular library is necessary as it helps by providing various functions and variables to
manipulate different parts of the Python Runtime environment

How To Run

python3 Lfi.py [options] (url)

Goal of the code

Scan the target web application for a LFI vulnerability

Logic Utilized

Firstly, using the if statement we filter out invalid target application inputs. Once we find a valid target we
store it in selected_target. The selected target is then attacked with the given payload. If an LFI
vulnerability is found it will be printed on the terminal.

Log4j Scanner
This repository provides a scanning solution for the log4j Remote Code Execution vulnerabilities (CVE-
2021-44228 & CVE-2021-45046). The information and code in this repository are provided "as is" and was
assembled with the help of the Tribe N. This is not intended to be a 100% true positive solution; False
negatives may occur.

Libraries Used

Fuzzing

Fuzzing is an effective way to find security bugs in software, so much so that the Microsoft Security
Development Lifecycle requires fuzzing at every untrusted interface of every product. If you develop
software that may process untrusted inputs, you should use fuzzing.

WAF

A WAF or Web Application Firewall is the protective barrier between a web application and the internet.
In simple terms, It monitors the traffic hitting website servers with requests, and filters out the ones with
malicious intent.
WAF bypass payloads

Trying to gather xss payloads from the internet that bypasses WAF. All credit goes to the owners of the
payloads.

CVE-2021-45046

In certain non-default configurations, it was found that the fix to address CVE-2021-44228 in Apache Log4j
2.15.0 was insufficient. This issue affects the log4j version between 2.0 and 2.15. Log4j 1.x is NOT
impacted by this vulnerability.

DNS Callback

DNS Callback, custom-dns-callback-host Provides libopendkim with a handle representing the DNS
resolver package to be used, such as a handle to an instantiation of a library.The DNS callback is the first
stop in the DNS lookup, and it is responsible for dealing with the client that made the initial request. The
resolver starts the sequence of queries that ultimately leads to a URL being translated into the necessary
IP address.

RSA

RSA is a type of asymmetric encryption, which uses two different but linked keys. In RSA cryptography,
both the public and the private keys can encrypt a message. The opposite key from the one used to
encrypt a message is used to decrypt it.

B64ENCODE:-

Base64 is a binary to a text encoding scheme that represents binary data in an ASCII string format. It is
designed to carry data stored in binary format across the network channels. Base64 mechanism uses 64
characters to encode.

UUID4:-

Version 4 UUIDs, are simply 128 bits of random data, with some bit-twiddling to identify the UUID version
and variant. UUID collisions are extremely unlikely to happen, especially not in a single application space.

Decrypt_data:-

The conversion of encrypted data into its original form is called Decryption. It is generally a reverse
process of encryption. It decodes the encrypted information so that an authorized user can only decrypt
the data because decryption requires a secret key or password.

Append:-
Append in Python is a pre-defined method used to add a single item to certain collection types. Without
the append method, developers would have to alter the entire collection's code for adding a single value
or item.

Parse_logs:-

Parsing is the process of splitting unstructured log data into attributes (key/value pairs). You can use these
attributes to facet or filter logs in useful ways. This in turn helps you build better charts and alerts.

Steps to test

Configure your own DNS Server - Preferred)

DNS providers - (Interact.sh or canarytokens.org)

LDAP Server (OPTIONAL)

HTTP Service Discovery & Scanning

How To Run Command

python3 Log4jScanner.py [options] (url)

Remote File Inclusion

Definition

This is a vulnerability which is extremely common with web applications which dynamically include
external files. When web applications take user input (URL, parameter value, etc.) and pass them into file
include commands, the web application might be tricked into including remote files with malicious code.
Although almost all web application frameworks support file inclusion and they are perfectly secure. The
issue begins when the user supplied input is accepted without proper validation. The malicious user can
easily create backdoors, get unauthorised access to restricted data, run malicious code on the server, take
complete control of the server etc. As said before most web application architectures allow for user input
in the form of URL, parameter and value. When such user input is not sanitised and properly validated
then the user can easily redirect the web application to an unsafe address where the security of the web
application is ultimately compromised which maybe range from gaining unauthorised access to restricted
data all the way to Cross Site Scripting (XSS) and thus eventually leading to a compromised system. PHP is
particularly vulnerable to RFI attacks due to the extensive use of “file includes” in PHP programming and
due to default server configurations that increase susceptibility to an RFI attack.

Libraries Used

Request – This particular library has been used as we need to make HTTP requests in order to check for
the RFI vulnerability.

sys – This particular library is necessary as it helps by providing various functions and variables to
manipulate different parts of the Python Runtime environment.

Goal of the code

Scan the target web application for a RFI vulnerability

Logic Utilized

Firstly, we check for a valid target. After this step we try to redirect the target to a predetermined external
page. If the target web application accesses the external page then an appropriate message will be
displayed to the user.

To Be Noted

The present version of our RFI scanner checks the local host because of legal restrictions (lack of
permission) we cannot check on any web applications right now.
 SQL Injection scanner

Definition

A SQL injection scanner is an automated tool used to verify the vulnerability of websites and web apps for
potential SQL injection attacks. SQL injection is a code injection technique used to attack data-driven
applications, in which malicious SQL statements are inserted into an entry field for execution . SQL
injection must exploit a security vulnerability in an application's software, for example, when user input is
either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is
not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for
websites but can be used to attack any type of SQL database.

Libraries Used

requests - The requests library is the de facto standard for making HTTP requests in Python. It abstracts
the complexities of making requests behind a beautiful, simple API so that you can focus on interacting
with services and consuming data in your application.

argparse - This class helps create a program in a command-line-environment in a way that appears easy to
code but also improves interaction. It also automatically generates help and usage messages and issues
errors when users give the program invalid arguments.

sys - This particular library is necessary as it helps by providing various functions and variables to
manipulate different parts of the Python Runtime environment.

colorama - Colorama is a python module that is used to display colored output in console. It can change
both, foreground and background color of any text which is displayed in the console.

Goal of the code

injection and checks the playload for the vulnerability and slows it down if the vulnerabal's are presents ..

How To Run

python3 scanner.py [options] (url)

Logic Utlilized in the code

Using the fuzzing we inject and test the payload to check if the url has a vulnerability and to verfiy the url
for time elapsed from when the connection is made with url . If an SQLI vulnerability is found then the
payload slows down the browser and we are informed of the existence of the vulnerability.
 Cross-Site Scripting (XSS)

Definition

Cross-Site Scripting attacks are a type of injection, in which malicious scripts are injected into otherwise
trustworthy websites. An attacker exploits a XSS vulnerability via a web application, generally in the form
of a browser side script to a different end user. These vulnerabilities are quite widespread as they can
occur anywhere an input is taken from a user without validating or encoding it and is used to generate an
output. The end user’s browser has no way to know that the script should not be trusted and it will
execute the script as it thinks the script came from a trusted source. Thus, the malicious script after
injection can access any cookies, session tokens, or the other sensitive information retained by the
browser and use with that site.

Libraries Used

selenium - It is a library in python which is used to control web browsers through programs and
performing browser automation.

warnings - This class is usually used to warn the developer of situations that take place during the
execution of a program.

argparse - This class helps create a program in a command-line-environment in a way that appears easy to
code but also improves interaction. It also automatically generates help and usage messages and issues
errors when users give the program invalid arguments.

sys - This particular library is necessary as it helps by providing various functions and variables to
manipulate different parts of the Python Runtime environment.

Goal of the code

Scan the target web application for XSS vulnerabilities.

How To Run

python3 xss.py (url)

Logic Utilized

Using the Selenium Web Driver we have made a custom browser and then we test the web application in
that browser to check if it accepts user input without proper validation. If an XSS vulnerability is found
then the payload slows down the browser and we are informed of the existence of the vulnerability.
 Patcher
For our Patcher we have separate programs which will patch up different vulnerabilities. We cannot
present a complete, compiled software at this present moment as these patches are complex and are
written in different languages. To get the Patcher up and running in time for the final inspection would not
be possible as there are many languages which would need to be compiled into one.
 Angular XSS Patcher

When rendering AngularJS templates with a server-side templating engine like ERB or Haml it is easy to
introduce XSS vulnerabilities. These vulnerabilities are enabled by AngularJS evaluating user-provided
strings containing interpolation symbols (default symbols are {{ and }}).

This gem patches ERB/rails_xss and Haml so Angular interpolation symbols are auto-escaped in unsafe
strings. And by auto-escaped we mean replacing {{ with {{ $root.DOUBLE_LEFT_CURLY_BRACE }}. To leave
AngularJS interpolation marks unescaped, mark the string as html_safe.

This is an unsatisfactory hack. A better solution is very much desired, but is not possible without some
changes in AngularJS. See the related AngularJS issue.

Disable escaping locally

If you want to disable angular_xss in some part of your app, you can use

Installation

Installation

iv. Read the code so you know what you're getting into.

v. Put this into your Gemfile after other templating engines like Haml or Erubis:

vi. Run bundle install.

vii. Add this to your Angular code (replacing "myApp" of course):

viii. Run your test suite to find the places that broke.
 ix. Mark any string that is allowed to contain Angular expressions as #html_safe.

Known limitations

● Requires Haml. It could be refactored to only patch ERB/rails_xss.

● When using Haml with angular_xss, you can no longer use interpolation symbols in class or id
attributes, even if the value is marked as html_safe. This is a limitation of Haml. Try using ng-class
instead.

HTTPS PUT DEL Methods Patcher

This project demonstrates an approach to support HTTP PATCH with JSON Patch and JSON Merge Patch
for performing partial modifications to resources in Spring, as described in my [blog][blog.post]. I also have
put together a [Postman collection][repo.postman] so you can play around with the API.

As I have seen lots of misunderstanding on how PATCH works, I aim to clarify its usage before diving into
the actual solution.

The problem with PUT and the need for PATCH

Consider, for example, we are creating an API to manage contacts. On the server, we have a resource that
can be represented with the following JSON document:

Let's say that John has been promoted to senior engineer and we want to keep our contact list updated.
We could modify this resource using a PUT request, as shown below:

With PUT, however, we have to send the full representation of the resource even when we need to
modify a single field of a resource, which may not be desirable in some situations.
Let's have a look on how the PUT HTTP method is defined in the [RFC 7231][rfc7231], one of the
documents that currently define the HTTP/1.1 protocol:

So, as per definition, the PUT method is meant to be used for:

Creating resources [1]

Replacing the state of a given resource

The key here is: the PUT payload must be a new representation of the resource. Hence it's not meant for
performing partial modifications to resources at all. To fill this gap, the PATCH method was created and it
is currently defined in the [RFC 5789][rfc5789]:

The difference between the PUT and PATCH requests is reflected in the way the server processes the
request payload to modify a given resource:

• In a PUT request, the payload is a modified version of the resource stored on the
server. And the client is requesting the stored version to be replaced with the
new version.
• In a PATCH request, the request payload contains a set of instructions describing
how a resource currently stored on the server should be modified to produce a
new version.

Describing how the resource will be modified

The PATCH method definition, however, doesn't enforce any format for the request payload apart from
mentioning that the request payload should contain a set of instructions describing how the resource will
be modified and that set of instructions is identified by a media type.

Let's have a look at some formats for describing how a resource is to be PATCHed:

JSON Patch

JSON Patch is a format for expressing a sequence of operations to be applied to a JSON document. It is
defined in the [RFC 6902][rfc6902] and is identified by the application/json-patch+json media type.
The JSON Patch document represents an array of objects and each object represents a single operation to
be applied to the target JSON document.

The evaluation of a JSON Patch document begins against a target JSON document and the operations are
applied sequentially in the order they appear in the array. Each operation in the sequence is applied to the
target document and the resulting document becomes the target of the next operation. The evaluation
continues until all operations are successfully applied or until an error condition is encountered.

The operation objects must have exactly one op member, whose value indicates the operation to perform:

Any other values are considered errors.

A request to modify John's job title could be:

JSON Merge Patch

JSON Merge Patch is a format that describes the changes to be made to a target JSON document using a
syntax that closely mimics the document being modified. It is defined in the [RFC 7396][rfc7396] is
identified by the application/merge-patch+json media type.

The server processing a JSON Merge Patch document determine the exact set of changes being requested
by comparing the content of the provided patch against the current content of the target document:

1.
If the merge patch contains members that do not appear within the target
document, those members are added
2.
If the target does contain the member, the value is replaced
3.
null values in the merge patch indicate that existing values in the target
document are to be removed
4.
Other values in the target document will remain untouched

A request to modify John's job title could be:

JSON-P: Java API for JSON Processing

JSON-P 1.0, defined in the JSR 353 and also known as Java API for JSON Processing 1.0, brought official
support for JSON processing in Java EE. JSON-P 1.1, defined in the JSR 374, introduced support for JSON
Patch and JSON Merge Patch formats to Java EE.

Let's have a quick look at the API to start getting familiar with it:

To patch using JSON Patch, we would have the following:

And to patch using JSON Merge Patch, we would have the following:
Having said that, let me highlight that JSON-P is just an API, that is, a set of interfaces. If we want to work
with it, we need an implementation such as [Apache Johnzon][johnzon]:

Parsing the request payload

To parse a PATCH request payload, we must take the following into account:

For an incoming request with the application/json-patch+json content type, the payload must be
converted to an instance of [JsonPatch][javax.json.JsonPatch].
For an incoming request with the application/merge-patch+json content type, the payload must be
converted to an instance of [JsonMergePatch][javax.json.JsonMergePatch].
Spring MVC, however, doesn't know how to create instances of [JsonPatch][javax.json.JsonPatch] and
[JsonMergePatch][javax.json.JsonMergePatch]. So we need to provide a custom
[HttpMessageConverter<T>][org.springframework.http.converter.HttpMessageConverter] for each type.
Fortunately it's pretty straightforward.

For convenience, let's extend [AbstractHttpMessageConverter<T>]

[org.springframework.http.converter.AbstractHttpMessageConverter] and annotate the implementation
with [@Component][org.springframework.stereotype.Component], so Spring can pick it up:

The constructor will invoke the parent's constructor indicating the supported media type for this
converter:

We indicate that our converter supports the [JsonPatch][javax.json.JsonPatch] class:

Then we implement the method that will read the HTTP request payload and convert it to a [JsonPatch]
[javax.json.JsonPatch]instance:

It's unlikely we'll need to write [JsonPatch][javax.json.JsonPatch] instances to the responses, but we could
implement it as follows:

The message converter for [JsonMergePatch][javax.json.JsonMergePatch] is pretty much the same as the
converter described above (except for the types handled by the converter):
Creating the controller methods
With the HTTP message converters in place, we can receive [JsonPatch][javax.json.JsonPatch] and
[JsonMergePatch][javax.json.JsonMergePatch] as method arguments in our controller methods,
annotated with [@RequestBody][org.springframework.web.bind.annotation.RequestBody]:

Applying the patch

It is worth it to mention that both JSON Patch and JSON Merge Patch operate over JSON documents.

So, to apply the patch to a Java bean, we first need to convert the Java bean to a JSON-P type, such as
[JsonStructure][javax.json.JsonStructure] or [JsonValue][javax.json.JsonValue]. Then we apply the patch to
it and convert the patched document back to a Java bean:

These conversions could be handled by Jackson, which provides an [extension module][jackson-datatype-

jsr353] to work with JSON-P types. With this extension module, we can read JSON as [JsonValue]
[javax.json.JsonValue]s and write [JsonValue][javax.json.JsonValue]s as JSON as part of normal Jackson
processing, taking advantage of the powerful data-binding features that Jackson provides:

With module extension dependency on the classpath, we can configure the [ObjectMapper]
[com.fasterxml.jackson.databind.ObjectMapper] and expose it as a Spring [@Bean]
[org.springframework.context.annotation.Bean] (so it can be picked up by String and can be injected in
other Spring beans):
The[findAndRegisterModules()]
[com.fasterxml.jackson.databind.ObjectMapper.findAndRegisterModules] method is
important here: it tells Jackson to search and register the any modules found in the
classpath, including the [jackson-datatype-jsr353][jackson-datatype-jsr353] extension
module. Alternatively, we can register the module manually:

Once the [ObjectMapper][com.fasterxml.jackson.databind.ObjectMapper] is configured,

we can inject it in our Spring beans and create a method to apply the JSON Patch to a
Java bean:

And here's the method to patch using JSON Merge Patch:

With this in place, the controller method implementation for JSON Patch could be like:

And the implementation is quite similar for JSON Merge Patch, except for the media type
and for the types handled by the method:
Validating the patch
Once the patch has been applied and before persisting the changes, we must ensure that the patch didn't
lead the resource to an invalid state. We could use [Bean Validation annotations]
[javax.validation.constraints] to define constraints and then ensure that the state of the model is valid.

To perform the validation, we could inject [Validator][javax.validation.Validator] in our class and invoke
the [validate()][javax.validation.Validator.validate] method. If any constraint has been violated, it will
return a set of [ConstraintViolation<T>][javax.validation.ConstraintViolation] and then we can throw a
[ConstraintViolationException][javax.validation.ConstraintViolationException]. So the method to apply the
patch could be updated to handle the validation, as shown below:

Alternatively, we could simply annotate the method with [@Valid][javax.validation.Valid] and Bean
Validation will take care of performing the the validation on the returned value (the Spring bean may need
to be annotated with [@Validated][org.springframework.validation.annotation.Validated] to trigger the
validation):
Bonus: Decoupling the domain model from the API model
The models that represent the domain of our application and the models that represent the data handled
by our API are (or at least should be) different concerns and should be decoupled from each other. We
don't want to break our API clients when we add, remove or rename a field from the application domain
model.[2]

While our service layer operates over the domain/persistence models, our API controllers should operate
over a different set of models. As our domain/persistence models evolve to support new business
requirements, for example, we may want to create new versions of the API models to support these
changes. We also may want to deprecate the old versions of our API as new versions are released. And it's
perfectly possible to achieve when the things are decoupled.

To minimize the boilerplate code of converting the domain model to the API model (and vice versa), we
could rely on frameworks such as [MapStruct][mapstruct]. And we also could consider using [Lombok]
[lombok] to generate getters, setters, equals(), hashcode() and toString() methods for us.

By decoupling the API model from domain model, we also can ensure that we expose only the fields that
can be modified. For example, we don't want to allow the client to modify the id field of our domain
model. So our API model shouldn't contain the id field (and any attempt to modify it may cause an error or
may be ignored).

In this example, the domain model class is called Contact and the model class that represents a resource is
called ContactResourceInput. To convert between these two models with MapStruct, we could define a
mapper interface and MapStruct will generate an implementation for it:

The ContactMapper implementation will be exposed as a Spring [@Component]

[org.springframework.stereotype.Component], so it can be injected in other Spring beans. Let me
highlight that MapStruct doesn't use reflections. Instead, it creates an actual implementation for the
mapper interface and we can even check the code if we want to.

Once the ContactMapper is injected in our controller, we can use it to handle the model conversion.
Here's what the controller method for handling PATCH requests with JSON Patch could be like:
And, for comparision purposes, here's a controller method for handling PUT requests:

[Patch] LFI (revslider) vulnerability

In December 2014 thousands of pages based on WordPress suffered a large amount of cyber attacks. The
problem boils down to a Local File Inclusion (LFI) vulnerability, a widely used plugin in WordPress
templates, Revolution Slider (revslider).

This is a serious problem, which allows the attacker access to system files without any restrictions, for
example the file /etc/passwd or the WordPress wp-config.php file, which has the authentication data with
the system data base.

The solution to vulnerability patch is updating the plugin to the latest version, however, this can bring
some compatibility problems and dependence on certain systems. To this end, a corrective patch is herein
distributed.
Use
In order to resolve this vulnerability you have two possibilities:
1. Using a bash script provided with the patch, or if you are an experienced user,
2. Use the corrective patch directly in the file.
The file to be updated is as follows: image_view.class.php, and can be found on the directories described
below.
To use it, enter in the command line:

or

For experiente users, use:

At the end, the follows message is presented in terminal:

patching file {wordpress_path}/wp-content/plugins/revslider/inc_php/image_view.class.php

Log4jPatcher
A Java Agent based mitigation for Log4j2 JNDI exploits.

This agent employs 2 patches:

Disabling all Lookup conversions (on supported Log4j versions) in

org.apache.logging.log4j.core.pattern.MessagePatternConverter by setting noLookups to true in the
constructor.
Disabling the org.apache.logging.log4j.core.lookup.JndiLookup class by just returning null in its lookup
function.
To use
Add -javaagent:Log4jPatcher.jar as a JVM argument.

For Minecraft users: The full path to the jar needs to be added in the above argument unless the jar is put
into the instance (or .minecraft) folder. This jar does not go into the mods folder.

SQLI Patcher
Description
This module allows Ruby programs to interface with the SQLite3 database engine (http://www.sqlite.org).
You must have the SQLite engine installed in order to build this module.

Note that this module is NOT compatible with SQLite 2.x.

Synopsis
require sqlite3

Open a database
db = SQLite3::Database.new test.db

● Create a database rows = db.execute <<-SQL create table numbers ( name varchar(30), val int );
SQL
● Execute a few inserts { "one" => 1, "two" => 2, }.each do |pair| db.execute "insert into numbers
values ( ?, ? )", pair end
● Find a few rows db.execute( "select * from numbers" ) do |row| p row end
Compilation and Installation
Install SQLite3, enabling option SQLITE_ENABLE_COLUMN_METADATA (see www.sqlite.org/compile.html
for details).

Then do the following:

Alternatively, you can download and install the RubyGem package for SQLite3/Ruby (you must have
RubyGems and SQLite3 installed, first):

If you have sqlite3 installed in a non-standard location, you can specify the location of the include and lib
files by doing:

Usage
For help figuring out the SQLite3/Ruby interface, check out the FAQ. It includes examples of usage. If you
have any questions that you feel should be address in the FAQ, please send them to
[email protected]
CHAPTER 5 INTERNSHIP REPORT 2o22

CHALLENGES FACED

As a team member we had the opportunity to work on different

languages and get along with the team mates .

As a manager we had to complete the pending work and assign the

work to fellow team members based on there knowledge so that the
time management of the project is on schedule ,,.

As a developer we have to come up with the creative method of

writing the code and executing the developed code without errors
...
CHAPTER 6 INTERNSHIP REPORT 2o22

CONCLUSION

The
“Event Management”
was successfully designed and is tested for accuracy and quality. During this
project we have accomplished all the objectives and this project meets the
needs of the organization. The developed will be used in searching,
retrieving and generating information for the concerned requests.

GOALS ACHIVIED

1. Reduced entry work

2. Easy retrieval of information

3. Reduced errors due to human intervention

4. User friendly screens to enter the data

5. Portable and flexible for further enhancement

6. Web enabled.

7. Fast finding of information request

 SUPERVISOR EVALUATION OF INTERN
Student Name: abhishek ghasane Date:

Work Supervisor: dinesh behera Title: mentor

Company/Organization: Leap 5.0 (Prodevans)
Internship Address: MICO Layout, BTM 2nd stage, Bengaluru
Dates of Internship: From 08th Jan 2022To 02 Jul 2022 Please evaluate
your intern by indicating the frequency with which you observed the following behaviors:
Parameters Needs Satisfactory Good Excellent
improvement
Behaviors
Performs in a dependable manner
Cooperates with co-workers and supervisors
Shows interest in work
Learns quickly
Shows initiative
Produces high quality work
Accepts responsibility
Accepts criticism
Demonstrates organizational skills
Uses technical knowledge and expertise
Shows good judgment
Demonstrates creativity/originality
Analyzes problems effectively
Isself-reliant
Communicates well
Writes effectively
Has a professional attitude
Gives a professional appearance
Is punctual
Uses time effectively
Overall performance of student intern (circle one):
(Needs improvement/Satisfactory/ Good/ Excellent)

Additional comments, if any:

Signature of Industry supervisor HR Manager
 STUDENT’S DIARY
WEEK1
Date From: Date To:
Dept./Division Name of finished
Product
Name of HOD/
Supervisor With
e-mail id
Main points of the Week

Signature of Industry Supervisor

 STUDENT’S DIARY
WEEK 2
Date From: Date To:
Dept./Division Name of finished
Product
Name of HOD/
Supervisor With
e-mail id
Main points of the Week

Signature of Industry Supervisor

 STUDENT’S DIARY
WEEK 3
Date From: Date To:
Dept./Division Name of finished
Product
Name of HOD/
Supervisor With
e-mail id
Main points of the Week

Signature of Industry Supervisor

 STUDENT’S DIARY
WEEK 4
Date From: Date To:
Dept./Division Name of finished
Product
Name of HOD/
Supervisor With
e-mail id
Main points of the Week

Signature of Industry Supervisor

 STUDENT’S DIARY
WEEK 5
Date From: Date To:
Dept./Division Name of finished
Product
Name of HOD/
Supervisor With
e-mail id
Main points of the Week

Signature of Industry Supervisor

 STUDENT’S DIARY
WEEK 6
Date From: Date To:
Dept./Division Name of finished
Product
Name of HOD/
Supervisor With
e-mail id
Main points of the Week

Signature of Industry Supervisor

 STUDENT’S DIARY
WEEK 7
Date From: Date To:
Dept./Division Name of finished
Product
Name of HOD/
Supervisor With
e-mail id
Main points of the Week

Signature of Industry Supervisor

 STUDENT’S DIARY
WEEK 8
Date From: Date To:
Dept./Division Name of finished
Product
Name of HOD/
Supervisor With
e-mail id
Main points of the Week

Signature of Industry Supervisor

 STUDENT’S DIARY
WEEK 9
Date From: Date To:
Dept./Division Name of finished
Product
Name of HOD/
Supervisor With
e-mail id
Main points of the Week

Signature of Industry Supervisor

 STUDENT’S DIARY
WEEK 10
Date From: Date To:
Dept./Division Name of finished
Product
Name of HOD/
Supervisor With
e-mail id
Main points of the Week

Signature of Industry Supervisor

 STUDENT’S DIARY
WEEK 11
Date From: Date To:
Dept./Division Name of finished
Product
Name of HOD/
Supervisor With
e-mail id
Main points of the Week

Signature of Industry Supervisor

 STUDENT’S DIARY
WEEK 12
Date From: Date To:
Dept./Division Name of finished
Product
Name of HOD/
Supervisor With
e-mail id
Main points of the Week

Signature of Industry Supervisor

 STUDENT FEEDBACK OF INTERNSHIP
Student Name: Akshita Gudi Date:

Industrial Supervisor: K a r t h i k M N
Supervisor Email: [email protected] Internship is: Paid yes Unpaid

Company/Organization: sookshmas E-learning

pvt.Ltd.
Internship Address: S.V.G Nagar Priyadarshini Layout
Bangalore
Faculty Coordinator: shivkumar kagi sir

Department: training & placement

Dates of Internship:From 04 FEB2024 To 05
MAY 2024

***Please f i l l out the above in full detail***

Give a brief description of your internship work (title

and tasks for which you were responsible): Was your
internship experience related to your major area of
study?
, to a large degree , to a slight degree No, not
related at all
Indicate the degree to which you agree or disagree with the following statements.

This experience has: Strongly Agree No Opinion Disagree Strongly

Agree Disagree
Given me the opportunity to
explore a career field
Allowed me to apply classroom
theory to practice
Helped me develop my decision-
making and problem-solving
skills
Expanded my knowledge about the
work world prior to permanent
employment
This experience has: Strongly Agree No Disagree Strongly
Agree Opinion Disagree
Expanded my sensitivity to the ethical
implications of the work involved
Made it possible for me to be more
confident in new situations
Givenme a chanceto improve
my interpersonal skills
Helped me learn to handle
responsibility and use my time
wisely
Helped me discover new aspects
of myself that I didn’t know
existed before
Helped me develop new interests and
abilities
Helped me clarify my career goals

Provided me with contacts which may

lead to future employment
Allowed me to acquire information
and/ or use equipment not
available at my Institute
Helped me develop my written
and oral communication skills
Provided a chance to use
leadership skills (influence
others, develop ideas with
others, stimulate decision-
making and action)

In the Institute internship program, faculty members are expected to be mentors for students. Do you feel
that your Faculty coordinator served such a function? Why or why not?

How well were you able to accomplish the initial goals, tasks and new skills that were set down in
your learning contract? In what ways were you able to take anew direction or expand beyond your
contract? Why were some goals not accomplished adequately?

In what areas did you most develop

and improve?

What has been the most significant accomplishment or satisfying moment of your internship? What

did you dislike about the internship?

Considering your overall experience, how would you rate this internship? (Circle one). (Satisfactory/
Good/ Excellent)

Give suggestions as to how your internship experience could have been improved. (Could you have
handled added responsibility? Would you have liked more discussions with your professor concerning
your internship? Was closer supervision needed? Was more of an orientation required?)
 `

STUDENT INTERNSHIP PROGRAM APPLICATION

1. Student Name: AKSHITA GUDI

2.Campus Address: SHARNBASVA UNIVERSITY, KALABURAGI Phone:

3.Home Address: SHASHTRI CHOWK BRAMPHUR KALABURGI Phone: 7019756693

3a. Student email address: [email protected]

4.Academic Concentration 5.Internship Semester: 8th Year.

intern

6.Overall GPA:
NA

Location Core Area Company/ institution

Preferance-1 online dhoodakanlli,banglore institution

Preferance-2

Preferance-3

Faculty mentor Signature: Date .

Signature confirms that the student has attended the internship orientation and has met all paperwork and process
requirements to participate in the internship program,and has received approval from his/her Advisor..
Student Signature: Date .
Signature confirms that the student agrees to the terms, conditions, and requirements of the Internship Program
OBJECTIVES/ GUIDELINES/ AGREEMENT: INTERNSHIP SYNOPSIS (THIS WILL BE PREPARED IN
CONSULTATION WITH FACULTY MENTOR)
An internship is a unique learning experience that integrates studies with practical work. This agreement
is written by the student in consultation with the faculty Mentor and Industrial supervisor. It shall
serve to clarify the educational purpose of the internship and to ensure an understanding of the
total learning experience among the principal parties involved.
Part I: Contact Information Student
Name: Akshita Gudi Student ID# SG20CSE018 Class Year: Final year
Campus Address:
City, State: Kalaburagi, Karnataka
Phone: 7019756693 Email: [email protected]

Industrial Supervisor
Name: Title: Company/Organization: Internship Address: City, State, Pin:
Phone: Email:
Faculty Mentor
Name: shivkumar kagi Phone: 9632574447

Campus Address: vidya Nagar ,kalaburagi

Academic Credit Information

Internship Title: Department:
Course #: Credits:
Grading Option: Credit/Non-credit
Beginning Date: Ending Date:
Hours per Week: Internship is: Paid
Unpaid
Part II:Internship Objectives/Learning Activities
Internship Objectives: What do you intend to learn, acquire, and clarify through this
internship? Try to use concrete, Measurable terms in listing your learning
objectives under each of the following categories:
• Knowledge and Understanding

• Skills

Learning Activities: How will your internship activities enable you to acquire the
knowledge/understanding, and skills you listed above.
On the job: Describe how your internship activities will enable you to meet your learning objectives.
Include projects, research, report writing, conversations, etc., which you will do while working,
relating them to what you intend to learn.
Teaching/Mentoring Activities: How your technical knowledge can be applied at the site of the
internship. How you can create value through mentoring/help people learn new things.

Off the job: List reading, writing, contact with faculty supervisor, peer group discussion, field
trips, observations, etc., you will make and carry out which will help you meet your learning
objectives.

Evaluation: Your Internship supervisor will provide a written evaluation of your internship.
Describe in detail what other evidence you will provide to your faculty Mentor to document what
you have learned (e.g. journal, analytic paper, project, descriptive paper, oral presentation, etc.)
Include deadline dates.
Part III: The Internship
Job Description: Describe in as much detail as possible your role and responsibilities while on
your internship. List Duties, project to be completed, deadlines, etc. How can you contribute to the
organization/site of internship?

Supervision: Describe in as much detail as possible the supervision to be provided/needed at the

work site. List What kind of instruction, assistance, and consultation you will receive from whom,
etc.

Evaluation: How will your work performance be evaluated? By whom? When?

Part IV:Agreement

This contract may be terminated or amended by student, faculty coordinator or work supervisor at any
time upon Written notice, which is received and agreed to by the other two parties.

Student AKSHITA GUDI Date

Faculty Mentor SHIVKUMAR KAGI SIR Date

Industry Supervisor KARTHIK M N Date

 DEPARTMENT OF TRAINING AND PLACEMENT

Ph no:- 9632574447 Email [email protected]

Evaluation (I)

5.
Name of Student Akshita Gudi Mob. No. 7019756693
6.
College Roll No. 018 University Roll No. SG20CSE018
7.
Branch/Semester CSE 8th sem Period of Training Three months
8.
Home Address with contact Shahstri chowk Bramphur , Kalaburagi
7019756693
9.
Address of Training Site: www.prodevans.com
10.
Address of Training Providing Agency: #18th,S.V.G:
Nagar,Priyadarshini Layout,Vijayanagar, Bengaluru,
11.
Name/Designation of Training In- Karthik M N
12.
Type of Work
13.
Date of Evaluation
a) Atten

dance:
_(Satis
factory
/
Good/
Excelle
nt)
b)Pract
ical
Work:
d)Evaluation of Industry: (Satisfactory/ Good/ Excellent)
Overall grade: (Satisfactory/ Good/Excellent)
 Signature of Faculty Mentor

Signature of Internship Supervisor(Industry)

with date and stamp

*Photocopy of the attendance record duly

attested by the training in-charge should be
attached with the evaluation Performa.
 INTERNSHIP EVALUATION REPORT

(For UG/ PG COURSES)

Name &Address of Organization

Name of OVERALL GRADE

Sr. No. Roll No. Marks to be awarded by
Student

Punctuality Maintenance of Skill Test

Grade Daily Diary Grade Grade
(Satisfactory/ (Satisfactory/ (Satisfactory/
Good/ Excellent) Good/ Excellent) Good/ Excellent)

1 Abhishek SG18CSE400

Excellent – A+ Good – A Satisfactory - B

 ATTENDANCE SHEET

HOST ORGANIZATION

Name of Institution/Company: Sookshmas E-learning Privated

CERTIFICATE

* We hereby confirm, that Ms Akshita Gudi

Coming from Sharnbasva University [USN:SG20CSE018 ] has
been present for Internship at our Organization/Company dates
between

First day of Internship (04/02/24)

Last day of Internship (05/05/24)

Date:____/____/________

Signature:_____________
Name and position of the authorized person at the host
Institution/company: Sookshmas E-learning Privated

_____________________________

Stamp of the Organization/Company: