Fix issue #7. Localize client and server information page

k-tamura · Aug 29, 2017 · 37baa11 · 37baa11
1 parent 1098b6e
commit 37baa11
Show file tree

Hide file tree

Showing 8 changed files with 518 additions and 444 deletions.
diff --git a/src/main/java/org/t246osslab/easybuggy4sb/controller/ServerInfoController.java b/src/main/java/org/t246osslab/easybuggy4sb/controller/ServerInfoController.java
diff --git a/.../java/org/t246osslab/easybuggy4sb/vulnerabilities/UnintendedFileDisclosureController.java b/.../java/org/t246osslab/easybuggy4sb/vulnerabilities/UnintendedFileDisclosureController.java
@@ -0,0 +1,71 @@
+package org.t246osslab.easybuggy4sb.vulnerabilities;
+
+import java.io.IOException;
+import java.util.Locale;
+import java.util.Properties;
+
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.commons.io.IOUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.MessageSource;
+import org.springframework.context.NoSuchMessageException;
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+public class UnintendedFileDisclosureController {
+
+    private static final Logger log = LoggerFactory.getLogger(UnintendedFileDisclosureController.class);
+
+    @Autowired
+    MessageSource msg;
+
+    @RequestMapping(value = "/clientinfo")
+    public void clientinfo(HttpServletResponse res, Locale locale) throws IOException {
+        Resource resource = new ClassPathResource("/templates/clientinfo.html");
+        String htmlString = IOUtils.toString(resource.getInputStream());
+        htmlString = repacLocalizedString(htmlString, locale);
+        res.getWriter().write(htmlString);
+    }
+
+    @RequestMapping(value = "/serverinfo")
+    public void serverinfo(HttpSession ses, HttpServletResponse res, Locale locale) throws IOException {
+        StringBuilder sb = new StringBuilder();
+        Properties properties = System.getProperties();
+        for (Object key : properties.keySet()) {
+            Object value = properties.get(key);
+            sb.append("<tr><td>" + key + "</td><td>" + value + "</td></tr>");
+        }
+        Resource resource = new ClassPathResource("/templates/serverinfo.html");
+        String htmlString = IOUtils.toString(resource.getInputStream());
+        htmlString = htmlString.replace("<!-- [REPLACE:@UserId] -->", (String) ses.getAttribute("userid"));
+        htmlString = htmlString.replace("<!-- [REPLACE:@Contents] -->", sb.toString());
+        htmlString = repacLocalizedString(htmlString, locale);
+        res.getWriter().write(htmlString);
+    }
+
+    private String repacLocalizedString(String htmlString, Locale locale) {
+        while (true) {
+            int startIndex = htmlString.indexOf("<!-- [REPLACE:");
+            int endIndex = htmlString.indexOf("] -->");
+            if (startIndex < 0 || endIndex < 0) {
+                break;
+            }
+            String keyString = htmlString.substring(startIndex + 14, endIndex);
+            try {
+                htmlString = htmlString.replace("<!-- [REPLACE:" + keyString + "] -->",
+                        msg.getMessage(keyString, null, locale));
+            } catch (NoSuchMessageException e) {
+                log.warn("{} is not defined in message.properties", keyString, e);
+                break;
+            }
+        }
+        return htmlString;
+    }
+}
diff --git a/src/main/resources/messages.properties b/src/main/resources/messages.properties
@@ -132,9 +132,11 @@ description.send.mail=You can send a mail to the site administrator.
 label.access.time=Access Time
 label.available.characters=Available Characters
 label.attach.file=Attach File
+label.browser=Browser
 label.calculate=Calculate
 label.capitalized.string=Capitalized String
 label.character.count=Character Count
+label.code=Code
 label.content=Content
 label.current.date=Current Date
 label.current.thread.count=Current Thread Count
@@ -146,6 +148,7 @@ label.history.back=Back
 label.ip.address=IP Address
 label.json.string=JSON String
 label.key=Key
+label.language=Language
 label.login=Log in
 label.login.user.id=Login User ID
 label.logout=Log out
@@ -160,6 +163,7 @@ label.memory.peak.usage=Peak Memory Usage
 label.memory.collection.usage=Collection Usage
 label.metaspace=Metaspace
 label.permgen.space=PermGen space
+label.platform=Platform
 label.name=Name
 label.numbers=Numbers
 label.obelus=/
@@ -187,8 +191,10 @@ label.timezone.use.daylight.time=Useing DST
 label.update=Update
 label.upload=Upload
 label.uppercase.characters=Uppercase Characters
+label.user.agent=User Agent
 label.user.id=User ID
 label.value=Value
+label.version=Version
 label.your.name=Your Name
 label.your.mail=Your Mail Address
 msg.account.locked=Your account is locked out because the number of login failures exceeds 10 times.