Improve overall design and message utils

k-tamura · Apr 5, 2017 · 741b837 · 741b837
1 parent 8143a3b
commit 741b837
Show file tree

Hide file tree

Showing 9 changed files with 105 additions and 142 deletions.
diff --git a/src/main/java/org/t246osslab/easybuggy/core/utils/MessageUtils.java b/src/main/java/org/t246osslab/easybuggy/core/utils/MessageUtils.java
@@ -28,6 +28,15 @@ public static String getMsg(String propertyKey, Locale locale) {
         return getMsg(propertyKey, (Object[]) null, locale);
     }
 
+    /**
+     * Return an error message for a given property key.
+     * 
+     * @return An error message for a given property key
+     */
+    public static String getErrMsg(String propertyKey, Locale locale) {
+        return getErrMsg(propertyKey, (Object[]) null, locale);
+    }
+
     /**
      * Return a message for a given property key, replaced with placeholders.
      * 
@@ -40,9 +49,23 @@ public static String getMsg(String propertyKey, Object[] placeholders, Locale lo
             if (placeholders != null) {
                 propertyValue = MessageFormat.format(propertyValue, placeholders);
             }
+            if (propertyValue.indexOf("(i) ") >= 0) {
+                propertyValue = propertyValue.replace("(i) ",
+                        "<span class=\"glyphicon glyphicon-info-sign\"></span>&nbsp; ");
+            }
         } catch (Exception e) {
             log.error("Exception occurs: ", e);
         }
         return propertyValue;
     }
+
+    /**
+     * Return an error message for a given property key, replaced with placeholders.
+     * 
+     * @return An error message for a given property key, replaced with placeholders
+     */
+    public static String getErrMsg(String propertyKey, Object[] placeholders, Locale locale) {
+        return "<div class=\"alert alert-danger\" role=\"alert\">" + getMsg(propertyKey, placeholders, locale)
+                + "</div>";
+    }
 }
diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java
@@ -50,14 +50,15 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S
                     ScriptEngine scriptEngine = manager.getEngineByName("JavaScript");
                     scriptEngine.eval("JSON.parse('" + jsonString + "')");
                     bodyHtml.append(MessageUtils.getMsg("msg.valid.json", locale));
+                    bodyHtml.append("<br><br>");
                 } catch (ScriptException e) {
-                    bodyHtml.append(MessageUtils.getMsg("msg.invalid.json", locale) + " : ");
-                    bodyHtml.append(ESAPI.encoder().encodeForHTML(e.getMessage()));
+                    bodyHtml.append(MessageUtils.getErrMsg("msg.invalid.json", new String[] { ESAPI.encoder()
+                            .encodeForHTML(e.getMessage()) }, locale));
                 }
             } else {
                 bodyHtml.append(MessageUtils.getMsg("msg.enter.json.string", locale));
+                bodyHtml.append("<br><br>");
             }
-            bodyHtml.append("<br><br>");
             bodyHtml.append(MessageUtils.getMsg("msg.note.code.injection", locale));
             bodyHtml.append("</form>");
 

diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/LDAPInjectionServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/LDAPInjectionServlet.java
@@ -69,17 +69,18 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S
                                 + "<BR>");
                     }
                     if (!isExist) {
-                        bodyHtml.append("<font color=\"red\">" + MessageUtils.getMsg("msg.error.user.not.exist", req.getLocale()) + "</font><BR>");
+                        bodyHtml.append(MessageUtils.getErrMsg("msg.error.user.not.exist", req.getLocale()));
+                    }else{
+                        bodyHtml.append("<br>");
                     }
                     cursor.close();
                 } catch (ParseException e) {
-                    bodyHtml.append("<font color=\"red\">" + MessageUtils.getMsg("msg.error.user.not.exist", req.getLocale()) + "</font><BR>");
+                    bodyHtml.append(MessageUtils.getErrMsg("msg.error.user.not.exist", req.getLocale()));
                 }
             } else {
                 bodyHtml.append(MessageUtils.getMsg("msg.warn.enter.name.and.passwd", locale));
-                bodyHtml.append("<br>");
+                bodyHtml.append("<br><br>");
             }
-            bodyHtml.append("<br>");
             bodyHtml.append(MessageUtils.getMsg("msg.note.ldap.injection", locale));
             bodyHtml.append("</form>");
 

diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java
@@ -50,9 +50,9 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S
             if (name != null && password != null && !"".equals(name) && !"".equals(password) && password.length() >= 8) {
                 bodyHtml.append(selectUsers(name, password, req));
             } else {
-                bodyHtml.append(MessageUtils.getMsg("msg.warn.enter.name.and.passwd", locale) + "<br>");
+                bodyHtml.append(MessageUtils.getMsg("msg.warn.enter.name.and.passwd", locale));
+                bodyHtml.append("<br><br>");
             }
-            bodyHtml.append("<br>");
             bodyHtml.append(MessageUtils.getMsg("msg.note.sql.injection", locale));
             bodyHtml.append("</form>");
 
@@ -69,8 +69,7 @@ private String selectUsers(String name, String password, HttpServletRequest req)
         Connection conn = null;
         Statement stmt = null;
         ResultSet rs = null;
-        String result = "<font color=\"red\">" + MessageUtils.getMsg("msg.error.user.not.exist", req.getLocale())
-                + "</font><br>";
+        String result = MessageUtils.getErrMsg("msg.error.user.not.exist", req.getLocale());
         try {
             conn = DBClient.getConnection();
             stmt = conn.createStatement();
@@ -80,7 +79,7 @@ private String selectUsers(String name, String password, HttpServletRequest req)
                 sb.append(rs.getString("name") + ", " + rs.getString("secret") + "<BR>");
             }
             if (sb.length() > 0) {
-                result = MessageUtils.getMsg("user.table.column.names", req.getLocale()) + "<BR>" + sb.toString();
+                result = MessageUtils.getMsg("user.table.column.names", req.getLocale()) + "<BR>" + sb.toString() + "<BR>";
             }
         } catch (Exception e) {
             log.error("Exception occurs: ", e);

diff --git a/...ain/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java b/...ain/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java
@@ -52,7 +52,6 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) throws Ser
         bodyHtml.append("<br><br>");
         if (req.getAttribute("errorMessage") != null) {
             bodyHtml.append(req.getAttribute("errorMessage"));
-            bodyHtml.append("<br><br>");
         }
         bodyHtml.append(MessageUtils.getMsg("msg.note.unrestricted.ext.upload", locale));
         bodyHtml.append("</form>");
@@ -82,7 +81,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse res) throws Se
         try {
             filePart = req.getPart("file");
         } catch (Exception e) {
-            req.setAttribute("errorMessage", MessageUtils.getMsg("msg.max.file.size.exceed", locale));
+            req.setAttribute("errorMessage", MessageUtils.getErrMsg("msg.max.file.size.exceed", locale));
             doGet(req, res);
             return;
         }

diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java
@@ -50,7 +50,6 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) throws Ser
         bodyHtml.append("<br><br>");
         if (req.getAttribute("errorMessage") != null) {
             bodyHtml.append(req.getAttribute("errorMessage"));
-            bodyHtml.append("<br><br>");
         }
         bodyHtml.append(MessageUtils.getMsg("msg.note.unrestricted.size.upload", locale));
         bodyHtml.append("</form>");
@@ -82,7 +81,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse res) throws Se
                 doGet(req, res);
                 return;
             } else if (!isImageFile(fileName)) {
-                req.setAttribute("errorMessage", MessageUtils.getMsg("msg.not.image.file", locale));
+                req.setAttribute("errorMessage", MessageUtils.getErrMsg("msg.not.image.file", locale));
                 doGet(req, res);
                 return;
             }

diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java
@@ -72,7 +72,6 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) throws Ser
         bodyHtml.append("<br><br>");
         if (req.getAttribute("errorMessage") != null) {
             bodyHtml.append(req.getAttribute("errorMessage"));
-            bodyHtml.append("<br><br>");
         }
         if ("/xee".equals(req.getServletPath())) {
             bodyHtml.append(MessageUtils.getMsg("msg.note.xee", locale));
@@ -154,7 +153,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse res) throws Se
                 doGet(req, res);
                 return;
             } else if (!fileName.endsWith(".xml")) {
-                req.setAttribute("errorMessage", MessageUtils.getMsg("msg.not.xml.file", locale));
+                req.setAttribute("errorMessage", MessageUtils.getErrMsg("msg.not.xml.file", locale));
                 doGet(req, res);
                 return;
             }