From e29856a004af71513a84ceadb4d5f5c047358e43 Mon Sep 17 00:00:00 2001 From: Kohei Tamura Date: Tue, 14 Mar 2017 18:09:43 +0900 Subject: [PATCH] Add feature of information disclosure --- .../core/filters/AuthenticationFilter.java | 4 +- src/main/webapp/{jsp => dfi}/includable.jsp | 9 +++-- .../webapp/{html => dfi}/style_bootstrap.html | 0 .../{html => dfi}/style_google_mdl.html | 0 .../{html => dfi}/style_materialize.html | 0 src/main/webapp/index.jsp | 4 +- src/main/webapp/udc/adminpassword.txt | 4 ++ src/main/webapp/udc/clientinfo.jsp | 14 +++++++ src/main/webapp/udc/serverinfo.jsp | 37 +++++++++++++++++++ .../easybuggy/EmbeddedJettyServer.java | 2 +- 10 files changed, 66 insertions(+), 8 deletions(-) rename src/main/webapp/{jsp => dfi}/includable.jsp (79%) rename src/main/webapp/{html => dfi}/style_bootstrap.html (100%) rename src/main/webapp/{html => dfi}/style_google_mdl.html (100%) rename src/main/webapp/{html => dfi}/style_materialize.html (100%) create mode 100644 src/main/webapp/udc/adminpassword.txt create mode 100644 src/main/webapp/udc/clientinfo.jsp create mode 100644 src/main/webapp/udc/serverinfo.jsp diff --git a/src/main/java/org/t246osslab/easybuggy/core/filters/AuthenticationFilter.java b/src/main/java/org/t246osslab/easybuggy/core/filters/AuthenticationFilter.java index 85e58a6b..c9b9b41f 100644 --- a/src/main/java/org/t246osslab/easybuggy/core/filters/AuthenticationFilter.java +++ b/src/main/java/org/t246osslab/easybuggy/core/filters/AuthenticationFilter.java @@ -13,6 +13,8 @@ import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import sun.util.logging.resources.logging; + /** * Servlet Filter for authentication */ @@ -38,7 +40,7 @@ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) HttpServletResponse response = (HttpServletResponse) res; String target = request.getRequestURI(); - if (target.startsWith("/admins")) { + if (target.startsWith("/admins") || target.equals("/udc/serverinfo.jsp")) { /* Login (authentication) is needed to access admin pages (under /admins). */ String loginType = request.getParameter("logintype"); diff --git a/src/main/webapp/jsp/includable.jsp b/src/main/webapp/dfi/includable.jsp similarity index 79% rename from src/main/webapp/jsp/includable.jsp rename to src/main/webapp/dfi/includable.jsp index 29d9eec1..1aa30e60 100644 --- a/src/main/webapp/jsp/includable.jsp +++ b/src/main/webapp/dfi/includable.jsp @@ -1,6 +1,7 @@ <%@ page pageEncoding="UTF-8"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%> +<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%> @@ -11,7 +12,7 @@ EasyBuggy - + " /> @@ -39,17 +40,17 @@

  • - :

  • - :

  • - :

    • diff --git a/src/main/webapp/html/style_bootstrap.html b/src/main/webapp/dfi/style_bootstrap.html similarity index 100% rename from src/main/webapp/html/style_bootstrap.html rename to src/main/webapp/dfi/style_bootstrap.html diff --git a/src/main/webapp/html/style_google_mdl.html b/src/main/webapp/dfi/style_google_mdl.html similarity index 100% rename from src/main/webapp/html/style_google_mdl.html rename to src/main/webapp/dfi/style_google_mdl.html diff --git a/src/main/webapp/html/style_materialize.html b/src/main/webapp/dfi/style_materialize.html similarity index 100% rename from src/main/webapp/html/style_materialize.html rename to src/main/webapp/dfi/style_materialize.html diff --git a/src/main/webapp/index.jsp b/src/main/webapp/index.jsp index 2cda9df9..99146d5f 100644 --- a/src/main/webapp/index.jsp +++ b/src/main/webapp/index.jsp @@ -10,7 +10,7 @@ EasyBuggy - +
    @@ -160,7 +160,7 @@

  • - :

    • diff --git a/src/main/webapp/udc/adminpassword.txt b/src/main/webapp/udc/adminpassword.txt new file mode 100644 index 00000000..bac05917 --- /dev/null +++ b/src/main/webapp/udc/adminpassword.txt @@ -0,0 +1,4 @@ +Mark, password +David, p@s2w0rd +Peter, pa33word +James, pathwood diff --git a/src/main/webapp/udc/clientinfo.jsp b/src/main/webapp/udc/clientinfo.jsp new file mode 100644 index 00000000..0a54b7e1 --- /dev/null +++ b/src/main/webapp/udc/clientinfo.jsp @@ -0,0 +1,14 @@ + +<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> + + +EasyBuggy + + + +
      +

    • User-Agent: <%=request.getHeader("user-agent")%>

      • +

    • Accept-Language: <%=request.getHeader("Accept-Language")%>

      • +
    + + \ No newline at end of file diff --git a/src/main/webapp/udc/serverinfo.jsp b/src/main/webapp/udc/serverinfo.jsp new file mode 100644 index 00000000..9212ee5d --- /dev/null +++ b/src/main/webapp/udc/serverinfo.jsp @@ -0,0 +1,37 @@ +<%@ page pageEncoding="UTF-8"%> +<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> +<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%> +<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%> + + + + +<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> + + +EasyBuggy + + + +
    +<% request.setAttribute("systemProperties", java.lang.System.getProperties()); %> + + + + + + + + + + + +
    KeyValue
    + + + +
    + + \ No newline at end of file diff --git a/src/test/java/org/t246osslab/easybuggy/EmbeddedJettyServer.java b/src/test/java/org/t246osslab/easybuggy/EmbeddedJettyServer.java index 9e4ed050..0a912b7b 100644 --- a/src/test/java/org/t246osslab/easybuggy/EmbeddedJettyServer.java +++ b/src/test/java/org/t246osslab/easybuggy/EmbeddedJettyServer.java @@ -32,9 +32,9 @@ public static void main(String[] args) throws Exception { context.setConfigurations(new Configuration[] { new AnnotationConfiguration(), new WebXmlConfiguration(), new WebInfConfiguration(), new TagLibConfiguration(), new PlusConfiguration(), new MetaInfConfiguration(), new FragmentConfiguration(), new EnvConfiguration() }); - context.setContextPath("/"); context.setParentLoaderPriority(true); + //context.setInitParameter("org.eclipse.jetty.servlet.Default.dirAllowed", "false"); server.setHandler(context); server.start(); server.dump(System.err);