remm 02/04/23 08:17:26
Modified: webapps/examples/WEB-INF/classes CookieExample.java
RequestHeaderExample.java RequestInfoExample.java
RequestParamExample.java SessionExample.java
webapps/examples/jsp/cal cal1.jsp
webapps/examples/jsp/checkbox checkresult.jsp
webapps/examples/jsp/sessions carts.jsp
webapps/examples/jsp/snp snoop.jsp
Added: webapps/examples/WEB-INF/classes/util HTMLFilter.java
Removed: webapps/examples/WEB-INF/classes SnoopServlet.java
TroubleShooter.java
Log:
- Fix all the cross-scripting vulnerabilities I could find.
- Remove the two servlets which were exposing path information.
- Obviously, the examples webapp should be removed before putting
Tomcat in production anyway.
Revision Changes Path
1.3 +12 -7
jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/CookieExample.java
Index: CookieExample.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/CookieExample.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- CookieExample.java 11 Jun 2001 22:49:11 -0000 1.2
+++ CookieExample.java 23 Apr 2002 15:17:25 -0000 1.3
@@ -1,4 +1,4 @@
-/* $Id: CookieExample.java,v 1.2 2001/06/11 22:49:11 craigmcc Exp $
+/* $Id: CookieExample.java,v 1.3 2002/04/23 15:17:25 remm Exp $
*
*/
@@ -8,6 +8,8 @@
import javax.servlet.*;
import javax.servlet.http.*;
+import util.HTMLFilter;
+
/**
* Example servlet showing request headers
*
@@ -54,9 +56,11 @@
out.println(rb.getString("cookies.cookies") + "<br>");
for (int i = 0; i < cookies.length; i++) {
Cookie cookie = cookies[i];
- out.print("Cookie Name: " + cookie.getName() + "<br>");
- out.println(" Cookie Value: " + cookie.getValue() +
- "<br><br>");
+ out.print("Cookie Name: " + HTMLFilter.filter(cookie.getName())
+ + "<br>");
+ out.println(" Cookie Value: "
+ + HTMLFilter.filter(cookie.getValue())
+ + "<br><br>");
}
} else {
out.println(rb.getString("cookies.no-cookies"));
@@ -69,9 +73,10 @@
response.addCookie(cookie);
out.println("<P>");
out.println(rb.getString("cookies.set") + "<br>");
- out.print(rb.getString("cookies.name") + " " + cookieName +
- "<br>");
- out.print(rb.getString("cookies.value") + " " + cookieValue);
+ out.print(rb.getString("cookies.name") + " "
+ + HTMLFilter.filter(cookieName) + "<br>");
+ out.print(rb.getString("cookies.value") + " "
+ + HTMLFilter.filter(cookieValue));
}
out.println("<P>");
1.2 +8 -3
jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/RequestHeaderExample.java
Index: RequestHeaderExample.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/RequestHeaderExample.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- RequestHeaderExample.java 17 Aug 2000 00:57:53 -0000 1.1
+++ RequestHeaderExample.java 23 Apr 2002 15:17:25 -0000 1.2
@@ -1,4 +1,4 @@
-/* $Id: RequestHeaderExample.java,v 1.1 2000/08/17 00:57:53 horwat Exp $
+/* $Id: RequestHeaderExample.java,v 1.2 2002/04/23 15:17:25 remm Exp $
*
*/
@@ -8,6 +8,8 @@
import javax.servlet.*;
import javax.servlet.http.*;
+import util.HTMLFilter;
+
/**
* Example servlet showing request headers
*
@@ -53,8 +55,11 @@
while (e.hasMoreElements()) {
String headerName = (String)e.nextElement();
String headerValue = request.getHeader(headerName);
- out.println("<tr><td bgcolor=\"#CCCCCC\">" + headerName);
- out.println("</td><td>" + headerValue + "</td></tr>");
+ out.println("<tr><td bgcolor=\"#CCCCCC\">");
+ out.println(HTMLFilter.filter(headerName));
+ out.println("</td><td>");
+ out.println(HTMLFilter.filter(headerValue));
+ out.println("</td></tr>");
}
out.println("</table>");
}
1.2 +4 -3
jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/RequestInfoExample.java
Index: RequestInfoExample.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/RequestInfoExample.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- RequestInfoExample.java 17 Aug 2000 00:57:53 -0000 1.1
+++ RequestInfoExample.java 23 Apr 2002 15:17:25 -0000 1.2
@@ -1,4 +1,4 @@
-/* $Id: RequestInfoExample.java,v 1.1 2000/08/17 00:57:53 horwat Exp $
+/* $Id: RequestInfoExample.java,v 1.2 2002/04/23 15:17:25 remm Exp $
*
*/
@@ -8,6 +8,7 @@
import javax.servlet.*;
import javax.servlet.http.*;
+import util.HTMLFilter;
/**
* Example servlet showing request information.
@@ -58,7 +59,7 @@
out.println("</td></tr><tr><td>");
out.println(rb.getString("requestinfo.label.requesturi"));
out.println("</td><td>");
- out.println(request.getRequestURI());
+ out.println(HTMLFilter.filter(request.getRequestURI()));
out.println("</td></tr><tr><td>");
out.println(rb.getString("requestinfo.label.protocol"));
out.println("</td><td>");
@@ -66,7 +67,7 @@
out.println("</td></tr><tr><td>");
out.println(rb.getString("requestinfo.label.pathinfo"));
out.println("</td><td>");
- out.println(request.getPathInfo());
+ out.println(HTMLFilter.filter(request.getPathInfo()));
out.println("</td></tr><tr><td>");
out.println(rb.getString("requestinfo.label.remoteaddr"));
out.println("</td><td>");
1.2 +4 -4
jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/RequestParamExample.java
Index: RequestParamExample.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/RequestParamExample.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- RequestParamExample.java 17 Aug 2000 00:57:53 -0000 1.1
+++ RequestParamExample.java 23 Apr 2002 15:17:25 -0000 1.2
@@ -1,4 +1,4 @@
-/* $Id: RequestParamExample.java,v 1.1 2000/08/17 00:57:53 horwat Exp $
+/* $Id: RequestParamExample.java,v 1.2 2002/04/23 15:17:25 remm Exp $
*
*/
@@ -8,7 +8,7 @@
import javax.servlet.*;
import javax.servlet.http.*;
-
+import util.HTMLFilter;
/**
* Example servlet showing request headers
@@ -58,9 +58,9 @@
out.println(rb.getString("requestparams.params-in-req") + "<br>");
if (firstName != null || lastName != null) {
out.println(rb.getString("requestparams.firstname"));
- out.println(" = " + firstName + "<br>");
+ out.println(" = " + HTMLFilter.filter(firstName) + "<br>");
out.println(rb.getString("requestparams.lastname"));
- out.println(" = " + lastName);
+ out.println(" = " + HTMLFilter.filter(lastName));
} else {
out.println(rb.getString("requestparams.no-params"));
}
1.2 +4 -3
jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/SessionExample.java
Index: SessionExample.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/SessionExample.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- SessionExample.java 17 Aug 2000 00:57:53 -0000 1.1
+++ SessionExample.java 23 Apr 2002 15:17:25 -0000 1.2
@@ -1,4 +1,4 @@
-/* $Id: SessionExample.java,v 1.1 2000/08/17 00:57:53 horwat Exp $
+/* $Id: SessionExample.java,v 1.2 2002/04/23 15:17:25 remm Exp $
*
*/
@@ -8,7 +8,7 @@
import javax.servlet.*;
import javax.servlet.http.*;
-
+import util.HTMLFilter;
/**
* Example servlet showing request headers
@@ -72,7 +72,8 @@
while (names.hasMoreElements()) {
String name = (String) names.nextElement();
String value = session.getAttribute(name).toString();
- out.println(name + " = " + value + "<br>");
+ out.println(HTMLFilter.filter(name) + " = "
+ + HTMLFilter.filter(value) + "<br>");
}
out.println("<P>");
1.1
jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/util/HTMLFilter.java
Index: HTMLFilter.java
===================================================================
/*
* $Header:
/home/cvs/jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/util/HTMLFilter.java,v
1.1 2002/04/23 15:17:25 remm Exp $
* $Revision: 1.1 $
* $Date: 2002/04/23 15:17:25 $
*
* ====================================================================
*
* The Apache Software License, Version 1.1
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution, if
* any, must include the following acknowlegement:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowlegement may appear in the software itself,
* if and wherever such third-party acknowlegements normally appear.
*
* 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
* Foundation" must not be used to endorse or promote products derived
* from this software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache"
* nor may "Apache" appear in their names without prior written
* permission of the Apache Group.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* [Additional notices, if required by prior licensing conditions]
*
*/
package util;
/**
* HTML filter utility.
*
* @author Craig R. McClanahan
* @author Tim Tye
* @version $Revision: 1.1 $ $Date: 2002/04/23 15:17:25 $
*/
public final class HTMLFilter {
/**
* Filter the specified message string for characters that are sensitive
* in HTML. This avoids potential attacks caused by including JavaScript
* codes in the request URL that is often reported in error messages.
*
* @param message The message string to be filtered
*/
public static String filter(String message) {
if (message == null)
return (null);
char content[] = new char[message.length()];
message.getChars(0, message.length(), content, 0);
StringBuffer result = new StringBuffer(content.length + 50);
for (int i = 0; i < content.length; i++) {
switch (content[i]) {
case '<':
result.append("<");
break;
case '>':
result.append(">");
break;
case '&':
result.append("&");
break;
case '"':
result.append(""");
break;
default:
result.append(content[i]);
}
}
return (result.toString());
}
}
1.2 +3 -3 jakarta-tomcat-4.0/webapps/examples/jsp/cal/cal1.jsp
Index: cal1.jsp
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/examples/jsp/cal/cal1.jsp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- cal1.jsp 17 Aug 2000 00:58:04 -0000 1.1
+++ cal1.jsp 23 Apr 2002 15:17:25 -0000 1.2
@@ -45,7 +45,7 @@
<%= entr.getHour() %> </A>
</TD>
<TD BGCOLOR=<%= entr.getColor() %>>
- <%= entr.getDescription() %>
+ <% out.print(util.HTMLFilter.filter(entr.getDescription())); %>
</TD>
</TR>
<%
@@ -58,8 +58,8 @@
<!-- footer -->
<TABLE WIDTH=60% BGCOLOR=yellow CELLPADDING=15>
<TR>
-<TD ALIGN=CENTER> <%= table.getName() %> :
- <%= table.getEmail() %> </TD>
+<TD ALIGN=CENTER> <% out.print(util.HTMLFilter.filter(table.getName())); %> :
+ <% out.print(util.HTMLFilter.filter(table.getEmail())); %> </TD>
</TR>
</TABLE>
</CENTER>
1.2 +2 -2 jakarta-tomcat-4.0/webapps/examples/jsp/checkbox/checkresult.jsp
Index: checkresult.jsp
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/webapps/examples/jsp/checkbox/checkresult.jsp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- checkresult.jsp 17 Aug 2000 00:58:07 -0000 1.1
+++ checkresult.jsp 23 Apr 2002 15:17:26 -0000 1.2
@@ -22,7 +22,7 @@
%>
<li>
<%
- out.println (fruits[i]);
+ out.println (util.HTMLFilter.filter(fruits[i]));
}
} else out.println ("none selected");
%>
@@ -42,7 +42,7 @@
%>
<li>
<%
- out.println (fruits[i]);
+ out.println (util.HTMLFilter.filter(fruits[i]));
}
} else out.println ("none selected");
%>
1.2 +1 -1 jakarta-tomcat-4.0/webapps/examples/jsp/sessions/carts.jsp
Index: carts.jsp
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/examples/jsp/sessions/carts.jsp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- carts.jsp 17 Aug 2000 00:58:18 -0000 1.1
+++ carts.jsp 23 Apr 2002 15:17:26 -0000 1.2
@@ -19,7 +19,7 @@
String[] items = cart.getItems();
for (int i=0; i<items.length; i++) {
%>
-<li> <%= items[i] %>
+<li> <% out.print(util.HTMLFilter.filter(items[i])); %>
<%
}
%>
1.2 +3 -5 jakarta-tomcat-4.0/webapps/examples/jsp/snp/snoop.jsp
Index: snoop.jsp
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/examples/jsp/snp/snoop.jsp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- snoop.jsp 17 Aug 2000 00:58:19 -0000 1.1
+++ snoop.jsp 23 Apr 2002 15:17:26 -0000 1.2
@@ -15,11 +15,9 @@
<br>
Servlet path: <%= request.getServletPath() %>
<br>
-Path info: <%= request.getPathInfo() %>
+Path info: <% out.print(util.HTMLFilter.filter(request.getPathInfo())); %>
<br>
-Path translated: <%= request.getPathTranslated() %>
-<br>
-Query string: <%= request.getQueryString() %>
+Query string: <% out.print(util.HTMLFilter.filter(request.getQueryString())); %>
<br>
Content length: <%= request.getContentLength() %>
<br>
@@ -39,7 +37,7 @@
<br>
Locale: <%= request.getLocale() %>
<hr>
-The browser you are using is <%= request.getHeader("User-Agent") %>
+The browser you are using is <%
out.print(util.HTMLFilter.filter(request.getHeader("User-Agent"))); %>
<hr>
</font>
</body>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
