From adc01f04d65d2fc86775fb5cf27cba1598b6e57b Mon Sep 17 00:00:00 2001 From: k-tamura Date: Wed, 5 Apr 2017 23:32:36 +0900 Subject: [PATCH] Improve overall design and message utils --- .../core/servlets/DefaultLoginServlet.java | 9 ++- .../easybuggy/core/utils/MessageUtils.java | 31 +++++--- .../SlowRegularExpressionServlet.java | 2 +- .../StringPlusOperationServlet.java | 5 +- .../troubles/DBConnectionLeakServlet.java | 2 +- .../easybuggy/troubles/DeadlockServlet2.java | 2 +- .../troubles/EndlessWaitingServlet.java | 10 +-- .../troubles/IntegerOverflowServlet.java | 2 +- .../troubles/LossOfTrailingDigitsServlet.java | 2 +- .../easybuggy/troubles/MemoryLeakServlet.java | 2 + .../troubles/MemoryLeakServlet2.java | 7 +- .../troubles/MemoryLeakServlet3.java | 7 +- .../easybuggy/troubles/MojibakeServlet.java | 2 +- .../troubles/RoundOffErrorServlet.java | 2 +- .../troubles/TruncationErrorServlet.java | 2 +- .../vulnerabilities/CSRFServlet.java | 12 ++-- .../vulnerabilities/ClickJackingServlet.java | 10 +-- .../vulnerabilities/CodeInjectionServlet.java | 2 +- .../vulnerabilities/LDAPInjectionServlet.java | 2 +- .../MailHeaderInjectionServlet.java | 2 +- .../NullByteInjectionServlet.java | 2 +- .../OGNLExpressionInjectionServlet.java | 2 +- .../vulnerabilities/SQLInjectionServlet.java | 2 +- .../UnrestrictedExtensionUploadServlet.java | 2 +- .../UnrestrictedSizeUploadServlet.java | 2 +- .../vulnerabilities/XEEandXXEServlet.java | 13 ++-- .../easybuggy/vulnerabilities/XSSServlet.java | 2 +- src/main/resources/messages_en.properties | 70 +++++++++---------- src/main/resources/messages_ja.properties | 70 +++++++++---------- src/main/webapp/dfi/includable.jsp | 5 +- src/main/webapp/dt/includable.jsp | 38 +++++----- src/main/webapp/uid/clientinfo.jsp | 5 +- 32 files changed, 177 insertions(+), 151 deletions(-) diff --git a/src/main/java/org/t246osslab/easybuggy/core/servlets/DefaultLoginServlet.java b/src/main/java/org/t246osslab/easybuggy/core/servlets/DefaultLoginServlet.java index efcffc12..15e44623 100644 --- a/src/main/java/org/t246osslab/easybuggy/core/servlets/DefaultLoginServlet.java +++ b/src/main/java/org/t246osslab/easybuggy/core/servlets/DefaultLoginServlet.java @@ -63,9 +63,6 @@ public void doGet(HttpServletRequest req, HttpServletResponse res) throws IOExce bodyHtml.append(""); bodyHtml.append(""); bodyHtml.append(""); - if (req.getAttribute("login.page.note") != null) { - bodyHtml.append("

" + MessageUtils.getMsg((String) req.getAttribute("login.page.note"), locale) + "

"); - } String queryString = req.getQueryString(); if (queryString != null) { bodyHtml.append("" + MessageUtils.getMsg((String)session.getAttribute("authNMsg"), locale) + "

"); + bodyHtml.append(MessageUtils.getErrMsg((String)session.getAttribute("authNMsg"), locale)); session.setAttribute("authNMsg", null); } + if (req.getAttribute("login.page.note") != null) { + bodyHtml.append(MessageUtils.getInfoMsg((String) req.getAttribute("login.page.note"), locale)); + } bodyHtml.append(""); HTTPResponseCreator.createSimpleResponse(res, MessageUtils.getMsg("title.login.page", locale), bodyHtml.toString()); diff --git a/src/main/java/org/t246osslab/easybuggy/core/utils/MessageUtils.java b/src/main/java/org/t246osslab/easybuggy/core/utils/MessageUtils.java index 5f7004b1..483448c2 100644 --- a/src/main/java/org/t246osslab/easybuggy/core/utils/MessageUtils.java +++ b/src/main/java/org/t246osslab/easybuggy/core/utils/MessageUtils.java @@ -18,7 +18,7 @@ public final class MessageUtils { private MessageUtils() { throw new IllegalAccessError("Utility class"); } - + /** * Return a message for a given property key. * @@ -28,6 +28,15 @@ public static String getMsg(String propertyKey, Locale locale) { return getMsg(propertyKey, (Object[]) null, locale); } + /** + * Return an information message for a given property key. + * + * @return An information message for a given property key + */ + public static String getInfoMsg(String propertyKey, Locale locale) { + return getInfoMsg(propertyKey, (Object[]) null, locale); + } + /** * Return an error message for a given property key. * @@ -49,23 +58,29 @@ public static String getMsg(String propertyKey, Object[] placeholders, Locale lo if (placeholders != null) { propertyValue = MessageFormat.format(propertyValue, placeholders); } - if (propertyValue.indexOf("(i) ") >= 0) { - propertyValue = propertyValue.replace("(i) ", - "  "); - } - } catch (Exception e) { + } catch (Exception e) { log.error("Exception occurs: ", e); } return propertyValue; } + /** + * Return an information message for a given property key, replaced with placeholders. + * + * @return An information message for a given property key, replaced with placeholders + */ + public static String getInfoMsg(String propertyKey, Object[] placeholders, Locale locale) { + return "
  " + + getMsg(propertyKey, placeholders, locale) + "
"; + } + /** * Return an error message for a given property key, replaced with placeholders. * * @return An error message for a given property key, replaced with placeholders */ public static String getErrMsg(String propertyKey, Object[] placeholders, Locale locale) { - return "
" + getMsg(propertyKey, placeholders, locale) - + "
"; + return "
  " + + getMsg(propertyKey, placeholders, locale) + "
"; } } diff --git a/src/main/java/org/t246osslab/easybuggy/performance/SlowRegularExpressionServlet.java b/src/main/java/org/t246osslab/easybuggy/performance/SlowRegularExpressionServlet.java index c4549740..8a88092e 100644 --- a/src/main/java/org/t246osslab/easybuggy/performance/SlowRegularExpressionServlet.java +++ b/src/main/java/org/t246osslab/easybuggy/performance/SlowRegularExpressionServlet.java @@ -59,7 +59,7 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S bodyHtml.append(MessageUtils.getMsg("msg.enter.word", locale)); } bodyHtml.append("

"); - bodyHtml.append(MessageUtils.getMsg("msg.note.slow.regular.expression", locale)); + bodyHtml.append(MessageUtils.getInfoMsg("msg.note.slow.regular.expression", locale)); bodyHtml.append(""); HTTPResponseCreator.createSimpleResponse(res, MessageUtils.getMsg("title.slow.regular.expression.page", locale), diff --git a/src/main/java/org/t246osslab/easybuggy/performance/StringPlusOperationServlet.java b/src/main/java/org/t246osslab/easybuggy/performance/StringPlusOperationServlet.java index 2db29aad..38272b81 100644 --- a/src/main/java/org/t246osslab/easybuggy/performance/StringPlusOperationServlet.java +++ b/src/main/java/org/t246osslab/easybuggy/performance/StringPlusOperationServlet.java @@ -3,7 +3,6 @@ import java.io.IOException; import java.util.Arrays; import java.util.Date; -import java.util.List; import java.util.Locale; import javax.servlet.ServletException; @@ -66,8 +65,6 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S bodyHtml.append(""); bodyHtml.append("

"); - bodyHtml.append(MessageUtils.getMsg("msg.note.slow.string.plus.operation", locale)); - bodyHtml.append("

"); if (length > 0) { // StringBuilder builder = new StringBuilder(); @@ -87,6 +84,8 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S } else { bodyHtml.append(MessageUtils.getMsg("msg.enter.positive.number", locale)); } + bodyHtml.append("

"); + bodyHtml.append(MessageUtils.getInfoMsg("msg.note.slow.string.plus.operation", locale)); bodyHtml.append(""); HTTPResponseCreator.createSimpleResponse(res, MessageUtils.getMsg("title.random.string.generator", locale), bodyHtml.toString()); diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/DBConnectionLeakServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/DBConnectionLeakServlet.java index 9c89462d..8f265f49 100644 --- a/src/main/java/org/t246osslab/easybuggy/troubles/DBConnectionLeakServlet.java +++ b/src/main/java/org/t246osslab/easybuggy/troubles/DBConnectionLeakServlet.java @@ -37,7 +37,7 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S final String dbUrl = ApplicationUtils.getDatabaseURL(); final String dbDriver = ApplicationUtils.getDatabaseDriver(); if(dbUrl == null || "".equals(dbUrl) || dbUrl.startsWith("jdbc:derby:memory:")){ - HTTPResponseCreator.createSimpleResponse(res, null, MessageUtils.getMsg("msg.note.not.use.ext.db", locale)); + HTTPResponseCreator.createSimpleResponse(res, null, MessageUtils.getInfoMsg("msg.note.not.use.ext.db", locale)); return; } diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/DeadlockServlet2.java b/src/main/java/org/t246osslab/easybuggy/troubles/DeadlockServlet2.java index da789abd..da5dc3de 100644 --- a/src/main/java/org/t246osslab/easybuggy/troubles/DeadlockServlet2.java +++ b/src/main/java/org/t246osslab/easybuggy/troubles/DeadlockServlet2.java @@ -57,7 +57,7 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S bodyHtml.append(MessageUtils.getMsg("msg.warn.select.asc.or.desc", locale)); } bodyHtml.append("

"); - bodyHtml.append(MessageUtils.getMsg("msg.note.sql.deadlock", locale)); + bodyHtml.append(MessageUtils.getInfoMsg("msg.note.sql.deadlock", locale)); bodyHtml.append(""); HTTPResponseCreator.createSimpleResponse(res, null, bodyHtml.toString()); diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/EndlessWaitingServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/EndlessWaitingServlet.java index 156b68c5..e0118fea 100644 --- a/src/main/java/org/t246osslab/easybuggy/troubles/EndlessWaitingServlet.java +++ b/src/main/java/org/t246osslab/easybuggy/troubles/EndlessWaitingServlet.java @@ -48,8 +48,6 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S bodyHtml.append("

"); bodyHtml.append(""); bodyHtml.append("

"); - bodyHtml.append(MessageUtils.getMsg("msg.note.enter.count", locale)); - bodyHtml.append("

"); if (count > 0) { /* create a batch file in the temp directory */ @@ -62,16 +60,18 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S ProcessBuilder pb = new ProcessBuilder(batFile.getAbsolutePath()); Process process = pb.start(); process.waitFor(); - bodyHtml.append(MessageUtils.getMsg("msg.executed.batch", locale) + batFile.getAbsolutePath() - + "

"); + bodyHtml.append( + MessageUtils.getMsg("msg.executed.batch", locale) + batFile.getAbsolutePath() + "

"); bodyHtml.append(MessageUtils.getMsg("label.execution.result", locale) + "

"); bodyHtml.append(printInputStream(process.getInputStream())); bodyHtml.append(printInputStream(process.getErrorStream())); } - bodyHtml.append(""); } else { bodyHtml.append(MessageUtils.getMsg("msg.enter.positive.number", locale)); } + bodyHtml.append("

"); + bodyHtml.append(MessageUtils.getInfoMsg("msg.note.enter.count", locale)); + bodyHtml.append(""); HTTPResponseCreator.createSimpleResponse(res, MessageUtils.getMsg("title.endless.waiting.page", locale), bodyHtml.toString()); diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/IntegerOverflowServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/IntegerOverflowServlet.java index 763ba07b..4bbb22f5 100644 --- a/src/main/java/org/t246osslab/easybuggy/troubles/IntegerOverflowServlet.java +++ b/src/main/java/org/t246osslab/easybuggy/troubles/IntegerOverflowServlet.java @@ -72,7 +72,7 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S bodyHtml.append(""); bodyHtml.append("
"); bodyHtml.append("
"); - bodyHtml.append(MessageUtils.getMsg("msg.note.positive.number", locale)); + bodyHtml.append(MessageUtils.getInfoMsg("msg.note.positive.number", locale)); bodyHtml.append(""); HTTPResponseCreator.createSimpleResponse(res, MessageUtils.getMsg("title.integer.overflow.page", locale), diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/LossOfTrailingDigitsServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/LossOfTrailingDigitsServlet.java index 3833ff39..02167ad0 100644 --- a/src/main/java/org/t246osslab/easybuggy/troubles/LossOfTrailingDigitsServlet.java +++ b/src/main/java/org/t246osslab/easybuggy/troubles/LossOfTrailingDigitsServlet.java @@ -58,7 +58,7 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S bodyHtml.append(""); bodyHtml.append("
"); bodyHtml.append("
"); - bodyHtml.append(MessageUtils.getMsg("msg.note.enter.decimal.value", locale)); + bodyHtml.append(MessageUtils.getInfoMsg("msg.note.enter.decimal.value", locale)); bodyHtml.append(""); HTTPResponseCreator.createSimpleResponse(res, MessageUtils.getMsg("title.loss.of.trailing.digits.page", locale), bodyHtml.toString()); diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/MemoryLeakServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/MemoryLeakServlet.java index 2fddfb55..20624146 100644 --- a/src/main/java/org/t246osslab/easybuggy/troubles/MemoryLeakServlet.java +++ b/src/main/java/org/t246osslab/easybuggy/troubles/MemoryLeakServlet.java @@ -26,6 +26,8 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) throws Ser hm.put(String.valueOf(cnt++), sb.toString()); StringBuilder bodyHtml = new StringBuilder(); bodyHtml.append(MessageUtils.getMsg("msg.java.heap.space.leak.occur", req.getLocale())); + bodyHtml.append("

"); + bodyHtml.append(MessageUtils.getInfoMsg("msg.note.oome.finally.thrown", req.getLocale())); HTTPResponseCreator.createSimpleResponse(res, null, bodyHtml.toString()); } diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/MemoryLeakServlet2.java b/src/main/java/org/t246osslab/easybuggy/troubles/MemoryLeakServlet2.java index 64088715..481e67ca 100644 --- a/src/main/java/org/t246osslab/easybuggy/troubles/MemoryLeakServlet2.java +++ b/src/main/java/org/t246osslab/easybuggy/troubles/MemoryLeakServlet2.java @@ -31,8 +31,11 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) throws Ser ClassPool pool = ClassPool.getDefault(); pool.makeClass("eu.plumbr.demo.Generated" + i).toClass(); } - HTTPResponseCreator.createSimpleResponse(res, null, - MessageUtils.getMsg("msg.permgen.space.leak.occur", req.getLocale())); + StringBuilder bodyHtml = new StringBuilder(); + bodyHtml.append(MessageUtils.getMsg("msg.permgen.space.leak.occur", req.getLocale())); + bodyHtml.append("

"); + bodyHtml.append(MessageUtils.getInfoMsg("msg.note.oome.finally.thrown", req.getLocale())); + HTTPResponseCreator.createSimpleResponse(res, null, bodyHtml.toString()); } catch (Exception e) { log.error("Exception occurs: ", e); } catch (Error e) { diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/MemoryLeakServlet3.java b/src/main/java/org/t246osslab/easybuggy/troubles/MemoryLeakServlet3.java index fc8806a7..42860308 100644 --- a/src/main/java/org/t246osslab/easybuggy/troubles/MemoryLeakServlet3.java +++ b/src/main/java/org/t246osslab/easybuggy/troubles/MemoryLeakServlet3.java @@ -31,8 +31,11 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) throws Ser compresser.setInput(input); compresser.deflate(output); } - HTTPResponseCreator.createSimpleResponse(res, null, - MessageUtils.getMsg("msg.c.heap.space.leak.occur", req.getLocale())); + StringBuilder bodyHtml = new StringBuilder(); + bodyHtml.append(MessageUtils.getMsg("msg.c.heap.space.leak.occur", req.getLocale())); + bodyHtml.append("

"); + bodyHtml.append(MessageUtils.getInfoMsg("msg.note.oome.finally.thrown", req.getLocale())); + HTTPResponseCreator.createSimpleResponse(res, null, bodyHtml.toString()); } catch (Exception e) { log.error("Exception occurs: ", e); } diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/MojibakeServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/MojibakeServlet.java index 10bd7a55..2d7c8fde 100644 --- a/src/main/java/org/t246osslab/easybuggy/troubles/MojibakeServlet.java +++ b/src/main/java/org/t246osslab/easybuggy/troubles/MojibakeServlet.java @@ -49,7 +49,7 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S bodyHtml.append(MessageUtils.getMsg("msg.enter.name", locale)); } bodyHtml.append("

"); - bodyHtml.append(MessageUtils.getMsg("msg.note.mojibake", locale)); + bodyHtml.append(MessageUtils.getInfoMsg("msg.note.mojibake", locale)); bodyHtml.append(""); HTTPResponseCreator.createSimpleResponse(res, MessageUtils.getMsg("title.xss.page", locale), diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/RoundOffErrorServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/RoundOffErrorServlet.java index 0aa9bf1f..6352ad09 100644 --- a/src/main/java/org/t246osslab/easybuggy/troubles/RoundOffErrorServlet.java +++ b/src/main/java/org/t246osslab/easybuggy/troubles/RoundOffErrorServlet.java @@ -57,7 +57,7 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S bodyHtml.append(""); bodyHtml.append("
"); bodyHtml.append("
"); - bodyHtml.append(MessageUtils.getMsg("msg.note.enter.one", locale)); + bodyHtml.append(MessageUtils.getInfoMsg("msg.note.enter.one", locale)); bodyHtml.append(""); HTTPResponseCreator.createSimpleResponse(res, MessageUtils.getMsg("title.round.off.error.page", locale), bodyHtml.toString()); diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/TruncationErrorServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/TruncationErrorServlet.java index 4791eb10..03273d80 100644 --- a/src/main/java/org/t246osslab/easybuggy/troubles/TruncationErrorServlet.java +++ b/src/main/java/org/t246osslab/easybuggy/troubles/TruncationErrorServlet.java @@ -59,7 +59,7 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S bodyHtml.append(""); bodyHtml.append("
"); bodyHtml.append("
"); - bodyHtml.append(MessageUtils.getMsg("msg.note.enter.specific.nembers", locale)); + bodyHtml.append(MessageUtils.getInfoMsg("msg.note.enter.specific.nembers", locale)); bodyHtml.append(""); HTTPResponseCreator.createSimpleResponse(res, MessageUtils.getMsg("title.loss.of.trailing.digits.page", locale), bodyHtml.toString()); diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CSRFServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CSRFServlet.java index 0130385f..8e886cd9 100644 --- a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CSRFServlet.java +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CSRFServlet.java @@ -55,11 +55,12 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) throws Ser bodyHtml.append("

"); bodyHtml.append(""); bodyHtml.append("

"); - bodyHtml.append(MessageUtils.getMsg("msg.note.csrf", locale)); String errorMessage = (String) req.getAttribute("errorMessage"); if (errorMessage != null) { - bodyHtml.append("

" + errorMessage); + bodyHtml.append(errorMessage); } + bodyHtml.append(MessageUtils.getInfoMsg("msg.note.csrf", locale)); + bodyHtml.append(""); HTTPResponseCreator.createSimpleResponse(res, MessageUtils.getMsg("title.admins.main.page", locale), bodyHtml.toString()); } @@ -105,18 +106,19 @@ protected void doPost(HttpServletRequest req, HttpServletResponse res) throws Se bodyHtml.append("

"); bodyHtml.append("" + MessageUtils.getMsg("label.goto.admin.page", locale) + ""); + bodyHtml.append(""); HTTPResponseCreator.createSimpleResponse(res, MessageUtils.getMsg("title.admins.main.page", locale), bodyHtml.toString()); } catch (Exception e) { log.error("Exception occurs: ", e); - req.setAttribute("errorMessage", MessageUtils.getMsg("msg.passwd.change.failed", locale)); + req.setAttribute("errorMessage", MessageUtils.getErrMsg("msg.passwd.change.failed", locale)); doGet(req, res); } } else { if (password == null || "".equals(password) || password.length() < 8) { - req.setAttribute("errorMessage", MessageUtils.getMsg("msg.passwd.is.too.short", locale)); + req.setAttribute("errorMessage", MessageUtils.getErrMsg("msg.passwd.is.too.short", locale)); } else { - req.setAttribute("errorMessage", MessageUtils.getMsg("msg.unknown.exception.occur", locale)); + req.setAttribute("errorMessage", MessageUtils.getErrMsg("msg.unknown.exception.occur", locale)); } doGet(req, res); } diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/ClickJackingServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/ClickJackingServlet.java index 6f021c3d..c05c21d0 100644 --- a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/ClickJackingServlet.java +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/ClickJackingServlet.java @@ -57,11 +57,12 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) throws Ser bodyHtml.append("

"); bodyHtml.append(""); bodyHtml.append("

"); - bodyHtml.append(MessageUtils.getMsg("msg.note.clickjacking", locale)); String errorMessage = (String) req.getAttribute("errorMessage"); if (errorMessage != null) { - bodyHtml.append("

" + errorMessage); + bodyHtml.append(errorMessage); } + bodyHtml.append(MessageUtils.getInfoMsg("msg.note.clickjacking", locale)); + bodyHtml.append(""); HTTPResponseCreator.createSimpleResponse(res, MessageUtils.getMsg("title.admins.main.page", locale), bodyHtml.toString()); } @@ -107,15 +108,16 @@ protected void doPost(HttpServletRequest req, HttpServletResponse res) throws Se bodyHtml.append("

"); bodyHtml.append("" + MessageUtils.getMsg("label.goto.admin.page", locale) + ""); + bodyHtml.append(""); HTTPResponseCreator.createSimpleResponse(res, MessageUtils.getMsg("title.admins.main.page", locale), bodyHtml.toString()); } catch (Exception e) { log.error("Exception occurs: ", e); - req.setAttribute("errorMessage", MessageUtils.getMsg("msg.mail.change.failed", locale)); + req.setAttribute("errorMessage", MessageUtils.getErrMsg("msg.mail.change.failed", locale)); doGet(req, res); } } else { - req.setAttribute("errorMessage", MessageUtils.getMsg("msg.mail.format.is.invalid", locale)); + req.setAttribute("errorMessage", MessageUtils.getErrMsg("msg.mail.format.is.invalid", locale)); doGet(req, res); } } diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java index 8b4c12dc..2e8761ff 100644 --- a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java @@ -59,7 +59,7 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S bodyHtml.append(MessageUtils.getMsg("msg.enter.json.string", locale)); bodyHtml.append("

"); } - bodyHtml.append(MessageUtils.getMsg("msg.note.code.injection", locale)); + bodyHtml.append(MessageUtils.getInfoMsg("msg.note.code.injection", locale)); bodyHtml.append(""); HTTPResponseCreator.createSimpleResponse(res, MessageUtils.getMsg("title.parse.json", locale), diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/LDAPInjectionServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/LDAPInjectionServlet.java index 7bb8972b..194107cc 100644 --- a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/LDAPInjectionServlet.java +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/LDAPInjectionServlet.java @@ -81,7 +81,7 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S bodyHtml.append(MessageUtils.getMsg("msg.warn.enter.name.and.passwd", locale)); bodyHtml.append("

"); } - bodyHtml.append(MessageUtils.getMsg("msg.note.ldap.injection", locale)); + bodyHtml.append(MessageUtils.getInfoMsg("msg.note.ldap.injection", locale)); bodyHtml.append(""); HTTPResponseCreator.createSimpleResponse(res, MessageUtils.getMsg("title.sql.injection.page", locale), diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java index 2b1ab40a..e6ecef93 100644 --- a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java @@ -75,7 +75,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) throws Ser bodyHtml.append(""); bodyHtml.append(""); bodyHtml.append("
"); - bodyHtml.append(MessageUtils.getMsg("msg.note.mail.header.injection", locale)); + bodyHtml.append(MessageUtils.getInfoMsg("msg.note.mail.header.injection", locale)); if (req.getAttribute("message") != null) { bodyHtml.append("

"); bodyHtml.append(req.getAttribute("message")); diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java index 4a3d2283..16e9f3ce 100644 --- a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java @@ -34,7 +34,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) throws Ser bodyHtml.append("

" + MessageUtils.getMsg("msg.download.file", locale) + "

"); bodyHtml.append(""); - bodyHtml.append("

" + MessageUtils.getMsg("msg.note.null.byte.injection", locale) + "

"); + bodyHtml.append("

" + MessageUtils.getInfoMsg("msg.note.null.byte.injection", locale) + "

"); try { String fileName = req.getParameter("fileName"); if (fileName == null || "".equals(fileName)) { diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java index 9bc2d852..2a97f706 100644 --- a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java @@ -63,7 +63,7 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S bodyHtml.append("

"); bodyHtml.append(""); bodyHtml.append("

"); - bodyHtml.append(MessageUtils.getMsg("msg.note.enter.runtime.exec", locale)); + bodyHtml.append(MessageUtils.getInfoMsg("msg.note.enter.runtime.exec", locale)); bodyHtml.append(""); HTTPResponseCreator.createSimpleResponse(res, MessageUtils.getMsg("title.ognl.expression.injection.page", locale), bodyHtml.toString()); diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java index d8bddb91..16ffef7b 100644 --- a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java @@ -53,7 +53,7 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S bodyHtml.append(MessageUtils.getMsg("msg.warn.enter.name.and.passwd", locale)); bodyHtml.append("

"); } - bodyHtml.append(MessageUtils.getMsg("msg.note.sql.injection", locale)); + bodyHtml.append(MessageUtils.getInfoMsg("msg.note.sql.injection", locale)); bodyHtml.append(""); HTTPResponseCreator.createSimpleResponse(res, MessageUtils.getMsg("title.sql.injection.page", locale), diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java index d2bb5a34..7e337c49 100644 --- a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java @@ -53,7 +53,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) throws Ser if (req.getAttribute("errorMessage") != null) { bodyHtml.append(req.getAttribute("errorMessage")); } - bodyHtml.append(MessageUtils.getMsg("msg.note.unrestricted.ext.upload", locale)); + bodyHtml.append(MessageUtils.getInfoMsg("msg.note.unrestricted.ext.upload", locale)); bodyHtml.append(""); HTTPResponseCreator.createSimpleResponse(res, MessageUtils.getMsg("title.unrestricted.upload", locale), bodyHtml.toString()); diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java index 216f3283..5c85d2d0 100644 --- a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java @@ -51,7 +51,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) throws Ser if (req.getAttribute("errorMessage") != null) { bodyHtml.append(req.getAttribute("errorMessage")); } - bodyHtml.append(MessageUtils.getMsg("msg.note.unrestricted.size.upload", locale)); + bodyHtml.append(MessageUtils.getInfoMsg("msg.note.unrestricted.size.upload", locale)); bodyHtml.append(""); HTTPResponseCreator.createSimpleResponse(res, MessageUtils.getMsg("title.unrestricted.upload", locale), bodyHtml.toString()); diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java index fee699d1..6edfa4ba 100644 --- a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java +++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java @@ -74,8 +74,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) throws Ser bodyHtml.append(req.getAttribute("errorMessage")); } if ("/xee".equals(req.getServletPath())) { - bodyHtml.append(MessageUtils.getMsg("msg.note.xee", locale)); - bodyHtml.append("

"); + bodyHtml.append(MessageUtils.getInfoMsg("msg.note.xee", locale)); bodyHtml.append("
");
             bodyHtml.append(ESAPI.encoder().encodeForHTML("") + "
");
             bodyHtml.append(ESAPI.encoder().encodeForHTML("");
@@ -99,8 +98,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) throws Ser
             bodyHtml.append(ESAPI.encoder().encodeForHTML("") + "
");
             bodyHtml.append("
"); } else { - bodyHtml.append(MessageUtils.getMsg("msg.note.xxe.step1", locale)); - bodyHtml.append("

"); + bodyHtml.append(MessageUtils.getInfoMsg("msg.note.xxe.step1", locale)); bodyHtml.append("
");
             bodyHtml.append(ESAPI.encoder().encodeForHTML("") + "
");
             bodyHtml.append(
@@ -108,8 +106,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) throws Ser
             bodyHtml.append(ESAPI.encoder().encodeForHTML("%p2;"));
             bodyHtml.append("
"); bodyHtml.append("
"); - bodyHtml.append(MessageUtils.getMsg("msg.note.xxe.step2", locale)); - bodyHtml.append("

"); + bodyHtml.append(MessageUtils.getInfoMsg("msg.note.xxe.step2", locale)); bodyHtml.append("
");
             bodyHtml.append(ESAPI.encoder().encodeForHTML("") + "
");
             bodyHtml.append(
@@ -200,10 +197,10 @@ protected void doPost(HttpServletRequest req, HttpServletResponse res) throws Se
             StringBuilder bodyHtml = new StringBuilder();
             if (isRegistered && customHandler.isRegistered()) {
                 bodyHtml.append(MessageUtils.getMsg("msg.batch.registration.complete", locale));
+                bodyHtml.append("

");
             } else {
-                bodyHtml.append(MessageUtils.getMsg("msg.batch.registration.fail", locale));
+                bodyHtml.append(MessageUtils.getErrMsg("msg.batch.registration.fail", locale));
             }
-            bodyHtml.append("

");
             bodyHtml.append(customHandler.getResult());
             bodyHtml.append("

");
             bodyHtml.append("
");
-            bodyHtml.append(MessageUtils.getMsg("msg.note.xss", locale));
+            bodyHtml.append(MessageUtils.getInfoMsg("msg.note.xss", locale));
             bodyHtml.append("");
 
             HTTPResponseCreator.createSimpleResponse(res, MessageUtils.getMsg("title.xss.page", locale),
diff --git a/src/main/resources/messages_en.properties b/src/main/resources/messages_en.properties
index f306e6cc..9cb84b71 100644
--- a/src/main/resources/messages_en.properties
+++ b/src/main/resources/messages_en.properties
@@ -45,8 +45,7 @@ msg.answer.is.correct=Your answer is correct!
 msg.authentication.fail=Authentication failed. Please login again.
 msg.batch.registration.complete=Batch registration of users has completed.
 msg.batch.registration.fail=Batch registration of users fails.
-msg.c.heap.space.leak.occur=Memory leak occurs in C heap space every time you load this page.

 \
-(i) If keeping on loading this page, OutOfMemoryError is finally thrown.
+msg.c.heap.space.leak.occur=Memory leak occurs in C heap space every time you load this page.
 msg.cant.create.batch=Can't create a batch file.
 msg.db.connection.leak.occur=DB connection leak occurs every time you load this page.
 msg.dead.lock.not.occur=Dead Lock does not occur.
@@ -64,48 +63,48 @@ msg.enter.decimal.value=Please enter a decimal number less than 1.
 msg.enter.id.and.password=Please enter your user ID and password.
 msg.enter.word=Please enter a string.
 msg.error.user.not.exist=User does not exist or password does not match.
-msg.example.name.and.passwd=For example, Mark and password
+msg.example.name.and.passwd=For example, Mark and password
 msg.executed.batch=Created and executed the batch: 
 msg.file.descriptor.leak.occur=File descriptor leak occurs every time you load this page.
 msg.info.jvm.not.crash=JVM crash only occurs if using Oracle JDK 6 or 7.
 msg.invalid.json=Invalid JSON : {0}
-msg.java.heap.space.leak.occur=Memory leak occurs in Java heap space every time you load this page.

 \
-(i) If keeping on loading this page, OutOfMemoryError is finally thrown.
+msg.java.heap.space.leak.occur=Memory leak occurs in Java heap space every time you load this page.
 msg.low.alphnum8=Password is 8 lowercase alphanumeric characters.
 msg.need.admin.privilege=You need admin privileges to go ahead from here.
-msg.note.brute.force=(i) The number of login attempts is not limited on this page, so the brute force attack is possible.
-msg.note.clickjacking=(i) This page receives a request that a user does not intend and changes the user's mail address.
-msg.note.code.injection=(i) If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection.
-msg.note.csrf=(i) This page receives a request that a user does not intend and changes the user's password.
-msg.note.dangerous.file.inclusion=(i) Change the query string to template=[URL where malicious JSP file is deployed], then a malicious code is executed.
-msg.note.directory.traversal=(i) Change the query string to template=../WEB-INF/web.xml?, then you can see the content of web.xml in the source code of this page.
-msg.note.enter.count=(i) If you enter a large character count, then an endless waiting process occurs.
-msg.note.enter.one=(i) Round off error occurs if you enter 1. 
-msg.note.enter.specific.nembers=(i) Truncation error occurs if you enter 3 or 7 or 9.
-msg.note.enter.decimal.value=(i) Loss of trailing digits occurs if you enter 0.0000000000000001.
-msg.note.enter.runtime.exec=(i) If you enter @java.lang.Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server.
-msg.note.not.use.ext.db=(i) Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS.
-msg.note.positive.number=(i) Integer overflow occurs if you enter a number greater than or equal to 63.
-msg.note.slow.regular.expression=(i) If you set string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
 \
+msg.note.brute.force=The number of login attempts is not limited on this page, so the brute force attack is possible.
+msg.note.clickjacking=This page receives a request that a user does not intend and changes the user's mail address.
+msg.note.code.injection=If you enter {}');java.lang.System.exit(0);// , then JavaVM is forcibly finished due to code injection.
+msg.note.csrf=This page receives a request that a user does not intend and changes the user's password.
+msg.note.dangerous.file.inclusion=Change the query string to template=[URL where malicious JSP file is deployed], then a malicious code is executed.
+msg.note.directory.traversal=Change the query string to template=../WEB-INF/web.xml?, then you can see the content of web.xml in the source code of this page.
+msg.note.enter.count=If you enter a large character count, then an endless waiting process occurs.
+msg.note.enter.one=Round off error occurs if you enter 1. 
+msg.note.enter.specific.nembers=Truncation error occurs if you enter 3 or 7 or 9.
+msg.note.enter.decimal.value=Loss of trailing digits occurs if you enter 0.0000000000000001.
+msg.note.enter.runtime.exec=If you enter @java.lang.Runtime@getRuntime().exec('rm -fr /your-important-dir/') , then your important directory is removed on your server.
+msg.note.not.use.ext.db=Database connection leak occurs if using an external RDBMS such as MySQL. Please edit application.properties if using an external RDBMS.
+msg.note.positive.number=Integer overflow occurs if you enter a number greater than or equal to 63.
+msg.note.slow.regular.expression=If you set string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, parse processing will take several tens of seconds
 \
      If you set string to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042, then ...
-msg.note.slow.string.plus.operation=(i) If you set a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator.
-msg.note.sql.deadlock=(i) If you open two windows (or tabs) and select "asc" and click the "update" button on one windows immediately after you select "desc" \
+msg.note.slow.string.plus.operation=If you set a large number then the processing will take several tens of seconds because the string is created by "+" (plus) operator.
+msg.note.sql.deadlock=If you open two windows (or tabs) and select "asc" and click the "update" button on one windows immediately after you select "desc" \
 and click the "update" button on the other, then dead lock occurs in database.
-msg.note.sql.injection=(i) You can see other users information if you set password to ' OR '1'='1
-msg.note.ldap.injection=(i) You can see other users information if you set name to *)(|(objectClass=*" and password to "aaaaaaa)
-msg.note.mail.header.injection=(i) If you change the subject field to textarea tag by browser's developer mode and set it to [subject][line break]Bcc: [a mail address], then you can send a mail to the address.
-msg.note.mojibake=(i) Mojibake occurs if you set name in a multibyte language
-msg.note.null.byte.injection=(i) If using Java earlier than version 1.7.0_40 and you add fileName=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml.
-msg.note.open.redirect=(i) If you add goto=[an URL of a malicious site] to the query string, you can redirect to the malicious site.
-msg.note.unrestricted.ext.upload=(i) If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http://localhost:8080/uploadFiles/exit.jsp, \
+msg.note.sql.injection=You can see other users information if you set password to ' OR '1'='1
+msg.note.ldap.injection=You can see other users information if you set name to *)(|(objectClass=*" and password to "aaaaaaa)
+msg.note.mail.header.injection=If you change the subject field to textarea tag by browser's developer mode and set it to [subject][line break]Bcc: [a mail address], then you can send a mail to the address.
+msg.note.mojibake=Mojibake occurs if you set name in a multibyte language
+msg.note.null.byte.injection=If using Java earlier than version 1.7.0_40 and you add fileName=../WEB-INF/web.xml%00 to the query string, you can download a file which includes the content of web.xml.
+msg.note.open.redirect=If you add goto=[an URL of a malicious site] to the query string, you can redirect to the malicious site.
+msg.note.oome.finally.thrown=If keeping on loading this page, OutOfMemoryError is finally thrown.
+msg.note.unrestricted.ext.upload=If you upload JSP file (named exit.jsp) including <% System.exit(0); %> and access to http://localhost:8080/uploadFiles/exit.jsp, \
 then JavaVM is forcibly finished.
-msg.note.unintended.file.disclosure=(i) If the directory listing feature works and you access to http://localhost:8080/uid/, then you can see the file list in the uid directory. \
+msg.note.unintended.file.disclosure=If the directory listing feature works and you access to http://localhost:8080/uid/, then you can see the file list in the uid directory. \
 If you login as an acount written in http://localhost:8080/uid/adminpassword.txtm you can access to /uid/serverinfo.jsp.
-msg.note.unrestricted.size.upload=(i) This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size.
-msg.note.verbose.errror.message=(i) It is easy to guess an account who can logs in since authentication error messages on this page is too detailed.
-msg.note.xee=(i) If you upload the following file, it will waste server resource.
-msg.note.xss=(i) Session ID is shown if you set name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs<
-msg.note.xxe.step1=(i) If you create the following DTD file on a web server that can be accessed by this server. For example, http://attacker.site/vulnerable.dtd
+msg.note.unrestricted.size.upload=This page is vulnerable for attacks such as DoS because there are no limitation for uploading file size.
+msg.note.verbose.errror.message=It is easy to guess an account who can logs in since authentication error messages on this page is too detailed.
+msg.note.xee=If you upload the following file, it will waste server resource.
+msg.note.xss=Session ID is shown if you set name to >tpircs/<;)eikooc.tnemucod(trela>tpIrcs<
+msg.note.xxe.step1=If you create the following DTD file on a web server that can be accessed by this server. For example, http://attacker.site/vulnerable.dtd
 msg.note.xxe.step2=and upload the following file, you can display password file (/etc/passwd) on the server.
 msg.not.exist=The user does not exist.
 msg.not.image.file=The chosen file is not an image file.
@@ -121,8 +120,7 @@ msg.passwd.changed=Your password is successfully changed.
 msg.passwd.change.failed=Password change failed.
 msg.passwd.is.too.short=The password must be at least 8 characters.
 msg.password.not.match=The password does not match.
-msg.permgen.space.leak.occur=Memory leak occurs in PermGen space every time you load this page.

 \
-(i) If keeping on loading this page, OutOfMemoryError is finally thrown.
+msg.permgen.space.leak.occur=Memory leak occurs in PermGen space every time you load this page.
 msg.question.reach.the.moon=How many times would you have to fold a piece of paper (thickness 0.1mm) for it to be thick enough to reach the moon (384,400 km)?
 msg.reverse.color=You can reverse the color of an image file.
 msg.reverse.color.complete=The color reversal of the image file has completed.
diff --git a/src/main/resources/messages_ja.properties b/src/main/resources/messages_ja.properties
index 6bb77502..3d80dc65 100644
--- a/src/main/resources/messages_ja.properties
+++ b/src/main/resources/messages_ja.properties
@@ -45,8 +45,7 @@ msg.answer.is.correct=\u6b63\u89e3\u3067\u3059\u3002
 msg.authentication.fail=\u8a8d\u8a3c\u306b\u5931\u6557\u3057\u307e\u3057\u305f\u3002\u518d\u5ea6\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u4e0b\u3055\u3044\u3002
 msg.batch.registration.complete=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u767b\u9332\u304c\u5b8c\u4e86\u3057\u307e\u3057\u305f\u3002
 msg.batch.registration.fail=\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u62ec\u767b\u9332\u304c\u5931\u6557\u3057\u307e\u3057\u305f\u3002
-msg.c.heap.space.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001C\u30d2\u30fc\u30d7\u9818\u57df\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002

 \
-(i) \u753b\u9762\u3092\u30ed\u30fc\u30c9\u3057\u7d9a\u3051\u308b\u3068\u3001\u6700\u7d42\u7684\u306bOutOfMemoryError\u304c\u30b9\u30ed\u30fc\u3055\u308c\u307e\u3059\u3002
+msg.c.heap.space.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001C\u30d2\u30fc\u30d7\u9818\u57df\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002
 msg.cant.create.batch=\u30d0\u30c3\u30c1\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f\u3002
 msg.db.connection.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002
 msg.dead.lock.not.occur=\u30c7\u30c3\u30c9\u30ed\u30c3\u30af\u306f\u767a\u751f\u3057\u307e\u305b\u3093\u3067\u3057\u305f\u3002
@@ -64,48 +63,48 @@ msg.enter.decimal.value=1\u672a\u6e80\u306e\u5c0f\u6570\u3092\u5165\u529b\u3057\
 msg.enter.id.and.password=\u30e6\u30fc\u30b6\u30fcID\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002
 msg.enter.word=\u6587\u5b57\u5217\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044\u3002
 msg.error.user.not.exist=\u30e6\u30fc\u30b6\u30fc\u304c\u5b58\u5728\u3057\u306a\u3044\u304b\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u4e00\u81f4\u3057\u307e\u305b\u3093\u3002
-msg.example.name.and.passwd=\u4f8b\u3048\u3070\u3001Mark \u3068 password
+msg.example.name.and.passwd=\u4f8b\u3048\u3070\u3001Mark \u3068 password
 msg.executed.batch=\u30d0\u30c3\u30c1\u3092\u4f5c\u6210\u3001\u5b9f\u884c\u3057\u307e\u3057\u305f: 
 msg.file.descriptor.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30d5\u30a1\u30a4\u30eb\u30c7\u30a3\u30b9\u30af\u30ea\u30d7\u30bf\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002
 msg.info.jvm.not.crash=JVM\u30af\u30e9\u30c3\u30b7\u30e5\u306f\u3001Oracle JDK 6\u307e\u305f\u306f7\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u306b\u306e\u307f\u767a\u751f\u3057\u307e\u3059\u3002
 msg.invalid.json=\u4e0d\u6b63\u306aJSON\u6587\u5b57\u5217\u3067\u3059 : {0}
-msg.java.heap.space.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001Java\u30d2\u30fc\u30d7\u9818\u57df\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002

 \
-(i) \u753b\u9762\u3092\u30ed\u30fc\u30c9\u3057\u7d9a\u3051\u308b\u3068\u3001\u6700\u7d42\u7684\u306bOutOfMemoryError\u304c\u30b9\u30ed\u30fc\u3055\u308c\u307e\u3059\u3002
+msg.java.heap.space.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001Java\u30d2\u30fc\u30d7\u9818\u57df\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002
 msg.low.alphnum8=\u30d1\u30b9\u30ef\u30fc\u30c9\u306f8\u6841\u306e\u82f1\u6570\u5b57\u3067\u3059\u3002
 msg.need.admin.privilege=\u3053\u3053\u304b\u3089\u5148\u306f\u7ba1\u7406\u8005\u6a29\u9650\u304c\u5fc5\u8981\u3067\u3059\u3002
-msg.note.brute.force=(i) \u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u30ed\u30b0\u30a4\u30f3\u8a66\u884c\u56de\u6570\u306e\u5236\u9650\u304c\u7121\u3044\u305f\u3081\u3001\u30d6\u30eb\u30fc\u30c8\u30d5\u30a9\u30fc\u30b9\u653b\u6483\u304c\u53ef\u80fd\u3067\u3059\u3002
-msg.note.clickjacking=(i) \u3053\u306e\u30da\u30fc\u30b8\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u610f\u56f3\u3057\u306a\u3044\u30ea\u30af\u30a8\u30b9\u30c8\u3082\u53d7\u4fe1\u3057\u3066\u3001\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u3092\u5909\u66f4\u3057\u3066\u3057\u307e\u3044\u307e\u3059\u3002
-msg.note.code.injection=(i) {}');java.lang.System.exit(0);// \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3067 JavaVM\u304c\u5f37\u5236\u7d42\u4e86\u3057\u307e\u3059\u3002
-msg.note.csrf=(i) \u3053\u306e\u30da\u30fc\u30b8\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u610f\u56f3\u3057\u306a\u3044\u30ea\u30af\u30a8\u30b9\u30c8\u3082\u53d7\u4fe1\u3057\u3066\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5909\u66f4\u3057\u3066\u3057\u307e\u3044\u307e\u3059\u3002
-msg.note.dangerous.file.inclusion=(i) \u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u3092 template=[\u60aa\u610f\u306e\u3042\u308bJSP\u30d5\u30a1\u30a4\u30eb\u304c\u30c7\u30d7\u30ed\u30a4\u3055\u308c\u305fURL] \u306b\u5909\u66f4\u3059\u308b\u3068\u3001\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u307e\u3059\u3002
-msg.note.directory.traversal=(i) \u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u3092 template=../WEB-INF/web.xml? \u306b\u5909\u66f4\u3059\u308b\u3068\u3001\u3053\u306e\u30da\u30fc\u30b8\u306e\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u306bweb.xml\u306e\u5185\u5bb9\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002
-msg.note.enter.count=(i) \u5927\u304d\u306a\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u5b8c\u4e86\u3057\u306a\u3044\u30d7\u30ed\u30bb\u30b9\u306e\u5f85\u6a5f\u304c\u767a\u751f\u3057\u307e\u3059\u3002
-msg.note.enter.one=(i) 1\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4e38\u3081\u8aa4\u5dee\u304c\u767a\u751f\u3057\u307e\u3059\u3002
-msg.note.enter.specific.nembers=(i) 3\u30017\u30019\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6253\u3061\u5207\u308a\u8aa4\u5dee\u304c\u767a\u751f\u3057\u307e\u3059\u3002
-msg.note.enter.decimal.value=(i) 0.0000000000000001\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u60c5\u5831\u6b20\u843d\u304c\u767a\u751f\u3057\u307e\u3059\u3002
-msg.note.enter.runtime.exec=(i) @java.lang.Runtime@getRuntime().exec('rm -fr /your-important-dir/') \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u4e0a\u306e\u91cd\u8981\u306a\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u524a\u9664\u3055\u308c\u307e\u3059\u3002
-msg.note.not.use.ext.db=(i) \u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30ea\u30fc\u30af\u306f\u3001MySQL\u306a\u3069\u306e\u5916\u90e8RDBMS\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306b\u306e\u307f\u767a\u751f\u3057\u307e\u3059\u3002\u5916\u90e8RDBMS\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306f\u3001application.properties\u3092\u7de8\u96c6\u3057\u3066\u4e0b\u3055\u3044\u3002
-msg.note.positive.number=(i) 63\u4ee5\u4e0a\u306e\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6574\u6570\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u304c\u767a\u751f\u3057\u307e\u3059\u3002
-msg.note.sql.deadlock=(i) 2\u3064\u306e\u30a6\u30a4\u30f3\u30c9\u30a6\u307e\u305f\u306f\u30bf\u30d6\u3092\u958b\u304d\u3001\u4e00\u65b9\u3067\u300c\u964d\u9806\u300d\u3092\u9078\u629e\u3057\u3066\u300c\u66f4\u65b0\u300d\u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3057\u305f\u76f4\u5f8c\u306b\u3001\u3082\u3046\u4e00\u65b9\u3067\u300c\u6607\u9806\u300d\u3092\u9078\u629e\u3057\u3066\
+msg.note.brute.force=\u3053\u306e\u30da\u30fc\u30b8\u306b\u306f\u30ed\u30b0\u30a4\u30f3\u8a66\u884c\u56de\u6570\u306e\u5236\u9650\u304c\u7121\u3044\u305f\u3081\u3001\u30d6\u30eb\u30fc\u30c8\u30d5\u30a9\u30fc\u30b9\u653b\u6483\u304c\u53ef\u80fd\u3067\u3059\u3002
+msg.note.clickjacking=\u3053\u306e\u30da\u30fc\u30b8\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u610f\u56f3\u3057\u306a\u3044\u30ea\u30af\u30a8\u30b9\u30c8\u3082\u53d7\u4fe1\u3057\u3066\u3001\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u3092\u5909\u66f4\u3057\u3066\u3057\u307e\u3044\u307e\u3059\u3002
+msg.note.code.injection={}');java.lang.System.exit(0);// \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3067 JavaVM\u304c\u5f37\u5236\u7d42\u4e86\u3057\u307e\u3059\u3002
+msg.note.csrf=\u3053\u306e\u30da\u30fc\u30b8\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u610f\u56f3\u3057\u306a\u3044\u30ea\u30af\u30a8\u30b9\u30c8\u3082\u53d7\u4fe1\u3057\u3066\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5909\u66f4\u3057\u3066\u3057\u307e\u3044\u307e\u3059\u3002
+msg.note.dangerous.file.inclusion=\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u3092 template=[\u60aa\u610f\u306e\u3042\u308bJSP\u30d5\u30a1\u30a4\u30eb\u304c\u30c7\u30d7\u30ed\u30a4\u3055\u308c\u305fURL] \u306b\u5909\u66f4\u3059\u308b\u3068\u3001\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u307e\u3059\u3002
+msg.note.directory.traversal=\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u3092 template=../WEB-INF/web.xml? \u306b\u5909\u66f4\u3059\u308b\u3068\u3001\u3053\u306e\u30da\u30fc\u30b8\u306e\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u306bweb.xml\u306e\u5185\u5bb9\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002
+msg.note.enter.count=\u5927\u304d\u306a\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u5b8c\u4e86\u3057\u306a\u3044\u30d7\u30ed\u30bb\u30b9\u306e\u5f85\u6a5f\u304c\u767a\u751f\u3057\u307e\u3059\u3002
+msg.note.enter.one=1\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4e38\u3081\u8aa4\u5dee\u304c\u767a\u751f\u3057\u307e\u3059\u3002
+msg.note.enter.specific.nembers=3\u30017\u30019\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6253\u3061\u5207\u308a\u8aa4\u5dee\u304c\u767a\u751f\u3057\u307e\u3059\u3002
+msg.note.enter.decimal.value=0.0000000000000001\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u60c5\u5831\u6b20\u843d\u304c\u767a\u751f\u3057\u307e\u3059\u3002
+msg.note.enter.runtime.exec=@java.lang.Runtime@getRuntime().exec('rm -fr /your-important-dir/') \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u4e0a\u306e\u91cd\u8981\u306a\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u524a\u9664\u3055\u308c\u307e\u3059\u3002
+msg.note.not.use.ext.db=\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30ea\u30fc\u30af\u306f\u3001MySQL\u306a\u3069\u306e\u5916\u90e8RDBMS\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306b\u306e\u307f\u767a\u751f\u3057\u307e\u3059\u3002\u5916\u90e8RDBMS\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306f\u3001application.properties\u3092\u7de8\u96c6\u3057\u3066\u4e0b\u3055\u3044\u3002
+msg.note.positive.number=63\u4ee5\u4e0a\u306e\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6574\u6570\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u304c\u767a\u751f\u3057\u307e\u3059\u3002
+msg.note.sql.deadlock=2\u3064\u306e\u30a6\u30a4\u30f3\u30c9\u30a6\u307e\u305f\u306f\u30bf\u30d6\u3092\u958b\u304d\u3001\u4e00\u65b9\u3067\u300c\u964d\u9806\u300d\u3092\u9078\u629e\u3057\u3066\u300c\u66f4\u65b0\u300d\u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3057\u305f\u76f4\u5f8c\u306b\u3001\u3082\u3046\u4e00\u65b9\u3067\u300c\u6607\u9806\u300d\u3092\u9078\u629e\u3057\u3066\
 \u300c\u66f4\u65b0\u300d\u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u3067\u30c7\u30c3\u30c9\u30ed\u30c3\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002
-msg.note.sql.injection=(i) \u30d1\u30b9\u30ef\u30fc\u30c9\u306b ' OR '1'='1 \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4ed6\u306e\u30e6\u30fc\u30b6\u30fc\u306e\u60c5\u5831\u304c\u8868\u793a\u3067\u304d\u307e\u3059\u3002
-msg.note.ldap.injection=(i) \u540d\u524d\u306b *)(|(objectClass=*\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u306b aaaaaaa) \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4ed6\u306e\u30e6\u30fc\u30b6\u30fc\u306e\u60c5\u5831\u304c\u8868\u793a\u3067\u304d\u307e\u3059\u3002
-msg.note.mail.header.injection=(i) \u30d6\u30e9\u30a6\u30b6\u306e\u958b\u767a\u8005\u30e2\u30fc\u30c9\u3067\u4ef6\u540d\u3092textarea\u306b\u5909\u66f4\u3057\u3001\u300c[\u4efb\u610f\u4ef6\u540d][\u6539\u884c]Bcc: [\u4efb\u610f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9]\u300d\u3092\u5165\u529b\u3057\u3066\u9001\u4fe1\u3059\u308b\u3068\u3001[\u4efb\u610f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9]\u306b\u30e1\u30fc\u30eb\u3092\u9001\u4fe1\u3067\u304d\u307e\u3059\u3002
-msg.note.mojibake=(i) \u540d\u524d\u306b\u65e5\u672c\u8a9e\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5316\u3051\u304c\u767a\u751f\u3057\u307e\u3059\u3002
-msg.note.null.byte.injection=(i) \u30d0\u30fc\u30b8\u30e7\u30f31.7.0_40\u3088\u308a\u524d\u306eJava\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u3001\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u306b fileName=../WEB-INF/web.xml%00 \u3092\u4ed8\u52a0\u3059\u308b\u3068\u3001web.xml\u306e\u5185\u5bb9\u3092\u542b\u3080\u30d5\u30a1\u30a4\u30eb\u304c\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3067\u304d\u307e\u3059\u3002
-msg.note.slow.regular.expression=(i) \u6587\u5b57\u5217\u306b aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042 \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u69cb\u6587\u89e3\u6790\u306b\u6570\u5341\u79d2\u304b\u308a\u307e\u3059\u3002
 \
+msg.note.sql.injection=\u30d1\u30b9\u30ef\u30fc\u30c9\u306b ' OR '1'='1 \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4ed6\u306e\u30e6\u30fc\u30b6\u30fc\u306e\u60c5\u5831\u304c\u8868\u793a\u3067\u304d\u307e\u3059\u3002
+msg.note.ldap.injection=\u540d\u524d\u306b *)(|(objectClass=*\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u306b aaaaaaa) \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4ed6\u306e\u30e6\u30fc\u30b6\u30fc\u306e\u60c5\u5831\u304c\u8868\u793a\u3067\u304d\u307e\u3059\u3002
+msg.note.mail.header.injection=\u30d6\u30e9\u30a6\u30b6\u306e\u958b\u767a\u8005\u30e2\u30fc\u30c9\u3067\u4ef6\u540d\u3092textarea\u306b\u5909\u66f4\u3057\u3001\u300c[\u4efb\u610f\u4ef6\u540d][\u6539\u884c]Bcc: [\u4efb\u610f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9]\u300d\u3092\u5165\u529b\u3057\u3066\u9001\u4fe1\u3059\u308b\u3068\u3001[\u4efb\u610f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9]\u306b\u30e1\u30fc\u30eb\u3092\u9001\u4fe1\u3067\u304d\u307e\u3059\u3002
+msg.note.mojibake=\u540d\u524d\u306b\u65e5\u672c\u8a9e\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5316\u3051\u304c\u767a\u751f\u3057\u307e\u3059\u3002
+msg.note.null.byte.injection=\u30d0\u30fc\u30b8\u30e7\u30f31.7.0_40\u3088\u308a\u524d\u306eJava\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u3001\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u306b fileName=../WEB-INF/web.xml%00 \u3092\u4ed8\u52a0\u3059\u308b\u3068\u3001web.xml\u306e\u5185\u5bb9\u3092\u542b\u3080\u30d5\u30a1\u30a4\u30eb\u304c\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3067\u304d\u307e\u3059\u3002
+msg.note.slow.regular.expression=\u6587\u5b57\u5217\u306b aaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042 \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u69cb\u6587\u89e3\u6790\u306b\u6570\u5341\u79d2\u304b\u308a\u307e\u3059\u3002
 \
      \u6587\u5b57\u5217\u306b aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\u3042 \u3092\u5165\u529b\u3059\u308b\u3068...
-msg.note.slow.string.plus.operation=(i) +(\u30d7\u30e9\u30b9)\u6f14\u7b97\u5b50\u3067\u6587\u5b57\u5217\u3092\u9023\u7d50\u3057\u3066\u3044\u308b\u305f\u3081\u3001\u5927\u304d\u306a\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5217\u751f\u6210\u306b\u6570\u5341\u79d2\u304b\u308a\u307e\u3059\u3002
-msg.note.open.redirect=(i) \u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u306b goto=[\u60aa\u610f\u306e\u3042\u308b\u30b5\u30a4\u30c8\u306eURL] \u3092\u4ed8\u52a0\u3059\u308b\u3068\u3001\u30c1\u30a7\u30c3\u30af\u305b\u305a\u306b\u60aa\u610f\u306e\u3042\u308b\u30b5\u30a4\u30c8\u306eURL\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3057\u307e\u3059\u3002
-msg.note.unintended.file.disclosure=(i) \u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30ea\u30b9\u30c6\u30a3\u30f3\u30b0\u304c\u6a5f\u80fd\u3057\u3066\u3044\u308b\u5834\u5408\u3001http://localhost:8080/uid/\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u3001\u305d\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u5185\u306e\u30d5\u30a1\u30a4\u30eb\u4e00\u89a7\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002\
+msg.note.slow.string.plus.operation=+(\u30d7\u30e9\u30b9)\u6f14\u7b97\u5b50\u3067\u6587\u5b57\u5217\u3092\u9023\u7d50\u3057\u3066\u3044\u308b\u305f\u3081\u3001\u5927\u304d\u306a\u6587\u5b57\u6570\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5217\u751f\u6210\u306b\u6570\u5341\u79d2\u304b\u308a\u307e\u3059\u3002
+msg.note.open.redirect=\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u306b goto=[\u60aa\u610f\u306e\u3042\u308b\u30b5\u30a4\u30c8\u306eURL] \u3092\u4ed8\u52a0\u3059\u308b\u3068\u3001\u30c1\u30a7\u30c3\u30af\u305b\u305a\u306b\u60aa\u610f\u306e\u3042\u308b\u30b5\u30a4\u30c8\u306eURL\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3057\u307e\u3059\u3002
+msg.note.oome.finally.thrown=\u753b\u9762\u3092\u30ed\u30fc\u30c9\u3057\u7d9a\u3051\u308b\u3068\u3001\u6700\u7d42\u7684\u306bOutOfMemoryError\u304c\u30b9\u30ed\u30fc\u3055\u308c\u307e\u3059\u3002
+msg.note.unintended.file.disclosure=\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30ea\u30b9\u30c6\u30a3\u30f3\u30b0\u304c\u6a5f\u80fd\u3057\u3066\u3044\u308b\u5834\u5408\u3001http://localhost:8080/uid/\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u3001\u305d\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u5185\u306e\u30d5\u30a1\u30a4\u30eb\u4e00\u89a7\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002\
 \u3055\u3089\u306bhttp://localhost:8080/uid/adminpassword.txt\u306b\u8a18\u8f09\u3055\u308c\u305f\u30a2\u30ab\u30a6\u30f3\u30c8\u3067\u30ed\u30b0\u30a4\u30f3\u3059\u308b\u3068\u3001http://localhost:8080/uid/serverinfo.jsp\u3078\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002
-msg.note.unrestricted.ext.upload=(i) <% System.exit(0); %> \u3068\u66f8\u3044\u305fJSP\u30d5\u30a1\u30a4\u30eb(\u30d5\u30a1\u30a4\u30eb\u540d\uff1aexit.jsp)\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u3066\u3001http://localhost:8080/uploadFiles/exit.jsp\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u3001\
+msg.note.unrestricted.ext.upload=<% System.exit(0); %> \u3068\u66f8\u3044\u305fJSP\u30d5\u30a1\u30a4\u30eb(\u30d5\u30a1\u30a4\u30eb\u540d\uff1aexit.jsp)\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u3066\u3001http://localhost:8080/uploadFiles/exit.jsp\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u3001\
  JavaVM\u304c\u5f37\u5236\u7d42\u4e86\u3057\u307e\u3059\u3002
-msg.note.unrestricted.size.upload=(i) \u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u53ef\u80fd\u306a\u30d5\u30a1\u30a4\u30eb\u30b5\u30a4\u30ba\u306e\u5236\u9650\u304c\u7121\u3044\u305f\u3081\u3001DoS\u653b\u6483\u306a\u3069\u306b\u5bfe\u3057\u3066\u8106\u5f31\u3067\u3059\u3002
-msg.note.verbose.errror.message=(i) \u3053\u306e\u753b\u9762\u3067\u306e\u8a8d\u8a3c\u30a8\u30e9\u30fc\u306e\u30e1\u30c3\u30bb\u30fc\u30b8\u306f\u8a73\u7d30\u904e\u304e\u308b\u305f\u3081\u3001\u30ed\u30b0\u30a4\u30f3\u53ef\u80fd\u306a\u30a2\u30ab\u30a6\u30f3\u30c8\u304c\u63a8\u6e2c\u3057\u3084\u3059\u304f\u306a\u3063\u3066\u3044\u307e\u3059\u3002
-msg.note.xee=(i) \u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u30ea\u30bd\u30fc\u30b9\u3092\u6d6a\u8cbb\u3057\u307e\u3059\u3002
-msg.note.xss=(i) \u540d\u524d\u306b >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30bb\u30c3\u30b7\u30e7\u30f3ID\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002
-msg.note.xxe.step1=(i) \u3053\u306e\u30b5\u30fc\u30d0\u30fc\u304b\u3089\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308bWeb\u30b5\u30fc\u30d0\u30fc\u306b\u6b21\u306eDTD\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u4f8b) http://attacker.site/vulnerable.dtd
+msg.note.unrestricted.size.upload=\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u53ef\u80fd\u306a\u30d5\u30a1\u30a4\u30eb\u30b5\u30a4\u30ba\u306e\u5236\u9650\u304c\u7121\u3044\u305f\u3081\u3001DoS\u653b\u6483\u306a\u3069\u306b\u5bfe\u3057\u3066\u8106\u5f31\u3067\u3059\u3002
+msg.note.verbose.errror.message=\u3053\u306e\u753b\u9762\u3067\u306e\u8a8d\u8a3c\u30a8\u30e9\u30fc\u306e\u30e1\u30c3\u30bb\u30fc\u30b8\u306f\u8a73\u7d30\u904e\u304e\u308b\u305f\u3081\u3001\u30ed\u30b0\u30a4\u30f3\u53ef\u80fd\u306a\u30a2\u30ab\u30a6\u30f3\u30c8\u304c\u63a8\u6e2c\u3057\u3084\u3059\u304f\u306a\u3063\u3066\u3044\u307e\u3059\u3002
+msg.note.xee=\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u30ea\u30bd\u30fc\u30b9\u3092\u6d6a\u8cbb\u3057\u307e\u3059\u3002
+msg.note.xss=\u540d\u524d\u306b >tpircs/<;)eikooc.tnemucod(trela>tpIrcs< \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30bb\u30c3\u30b7\u30e7\u30f3ID\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002
+msg.note.xxe.step1=\u3053\u306e\u30b5\u30fc\u30d0\u30fc\u304b\u3089\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308bWeb\u30b5\u30fc\u30d0\u30fc\u306b\u6b21\u306eDTD\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u4f8b) http://attacker.site/vulnerable.dtd
 msg.note.xxe.step2=\u6b21\u306b\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u30fc\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u30d5\u30a1\u30a4\u30eb(/etc/passwd)\u304c\u8868\u793a\u3067\u304d\u307e\u3059\u3002
 msg.not.exist=\u30e6\u30fc\u30b6\u30fc\u304c\u5b58\u5728\u3057\u307e\u305b\u3093\u3002
 msg.not.image.file=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u3002
@@ -121,8 +120,7 @@ msg.passwd.changed=\u30d1\u30b9\u30ef\u30fc\u30c9\u306f\u6b63\u5e38\u306b\u5909\
 msg.passwd.change.failed=\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u5909\u66f4\u306b\u5931\u6557\u3057\u307e\u3057\u305f\u3002
 msg.passwd.is.too.short=\u30d1\u30b9\u30ef\u30fc\u30c9\u306f8\u6841\u4ee5\u4e0a\u306b\u3057\u3066\u4e0b\u3055\u3044\u3002
 msg.password.not.match=\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u4e00\u81f4\u3057\u307e\u305b\u3093\u3002
-msg.permgen.space.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001Permanent\u9818\u57df\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002

 \
-(i) \u753b\u9762\u3092\u30ed\u30fc\u30c9\u3057\u7d9a\u3051\u308b\u3068\u3001\u6700\u7d42\u7684\u306bOutOfMemoryError\u304c\u30b9\u30ed\u30fc\u3055\u308c\u307e\u3059\u3002
+msg.permgen.space.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001Permanent\u9818\u57df\u306e\u30e1\u30e2\u30ea\u30ea\u30fc\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002
 msg.question.reach.the.moon=0.1mm\u306e\u539a\u3055\u306e\u7d19\u3092\u4f55\u56de\u6298\u308a\u305f\u305f\u3080\u3068\u3001\u5730\u7403\u304b\u3089\u6708\u306e\u8ddd\u96e2(384,400 km)\u306b\u5230\u9054\u3059\u308b\u3067\u3057\u3087\u3046\u304b\uff1f
 msg.reverse.color=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u8272\u53cd\u8ee2\u3092\u884c\u3046\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002
 msg.reverse.color.complete=\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306e\u8272\u53cd\u8ee2\u304c\u5b8c\u4e86\u3057\u307e\u3057\u305f\u3002
diff --git a/src/main/webapp/dfi/includable.jsp b/src/main/webapp/dfi/includable.jsp
index f21e9334..f9185c6f 100644
--- a/src/main/webapp/dfi/includable.jsp
+++ b/src/main/webapp/dfi/includable.jsp
@@ -55,9 +55,10 @@
 			
 		

 	
-	

+