Download
Getting Started
Members
Projects
Community
Marketplace
Events
Planet Eclipse
Newsletter
Videos
Participate
Report a Bug
Forums
Mailing Lists
Wiki
IRC
How to Contribute
Working Groups
Automotive
Internet of Things
LocationTech
Long-Term Support
PolarSys
Science
OpenMDM
More
Community
Marketplace
Events
Planet Eclipse
Newsletter
Videos
Participate
Report a Bug
Forums
Mailing Lists
Wiki
IRC
How to Contribute
Working Groups
Automotive
Internet of Things
LocationTech
Long-Term Support
PolarSys
Science
OpenMDM
Toggle navigation
Bugzilla – Attachment 189216 Details for
Bug 320967
[Test][Security] Tests for security related bugs
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
Terms of Use
|
Copyright Agent
[patch]
Patch version 5
patch320967v5.txt (text/plain), 16.28 KB, created by
Chris Goldthorpe
on 2011-02-17 14:08:22 EST
(
hide
)
Description:
Patch version 5
Filename:
MIME Type:
Creator:
Chris Goldthorpe
Created:
2011-02-17 14:08:22 EST
Size:
16.28 KB
patch
obsolete
>### Eclipse Workspace Patch 1.0 >#P org.eclipse.ua.tests >Index: data/help/jsp/b233466remote.html >=================================================================== >RCS file: data/help/jsp/b233466remote.html >diff -N data/help/jsp/b233466remote.html >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ data/help/jsp/b233466remote.html 1 Jan 1970 00:00:00 -0000 >@@ -0,0 +1,32 @@ >+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> >+ >+<html> >+<head> >+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> >+ <title>Bug 233466 - [Webapp][Security] Site redirection vulnerability in Eclipse Help System</title> >+ <script language="JavaScript" src="server.js"></script> >+ <script language="JavaScript"> >+ function loadhandler() { >+ showHelpPath(); >+ patchAnchors(); >+ } >+ >+ </script> >+</head> >+ >+<body onload = "loadhandler()"> >+<h1>Bug 233466 - [Webapp][Security] Site redirection vulnerability in Eclipse Help System</h1> >+ >+<h3 id="path"></h3> >+ >+To reproduce open help in an external browser ((The bug reproduces on both IE and Firefox) >+<br> >+Right on the link below and open in a new window. If the help frames are displayed and eclipse.org >+is opened in the content frame the test is failing. >+<br> >+<a href = "../../../../../index.jsp?topic=http://www.eclipse.org >+" >Open link in a new window </a> >+</p> >+ >+</body> >+</html> >\ No newline at end of file >Index: data/help/jsp/b317055remote.html >=================================================================== >RCS file: data/help/jsp/b317055remote.html >diff -N data/help/jsp/b317055remote.html >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ data/help/jsp/b317055remote.html 1 Jan 1970 00:00:00 -0000 >@@ -0,0 +1,29 @@ >+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> >+ >+<html> >+<head> >+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> >+ <title>Bug 317055 - [Webapp][Security] URLEncode url requests from local users</title> >+ <script language="JavaScript" src="server.js"></script> >+ <script language="JavaScript"> >+ function loadhandler() { >+ showHelpPath(); >+ patchAnchors(); >+ } >+ >+ </script> >+</head> >+ >+<body onload = "loadhandler()"> >+<h1> Bug 317055 - [Webapp][Security] URLEncode url requests from local users</h1> >+ >+<h3 id="path"></h3> >+To reproduce open help in an external browser ((The bug reproduces on both IE and Firefox) >+<br> >+Right on the link below and open in a new window. If an alert containing cookie values such as JSESSIONID shows the test is failing. >+<p> >+<a href = "../../../../"+alert(document.cookie)+".html" > Open this link in a new window </a> >+</p> >+ >+</body> >+</html> >\ No newline at end of file >Index: data/help/jsp/b320547remote.html >=================================================================== >RCS file: data/help/jsp/b320547remote.html >diff -N data/help/jsp/b320547remote.html >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ data/help/jsp/b320547remote.html 1 Jan 1970 00:00:00 -0000 >@@ -0,0 +1,32 @@ >+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> >+ >+<html> >+<head> >+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> >+ <title> Bug 320547 - [Webapp][Security] Misuse of /topic/file</title> >+ <script language="JavaScript" src="server.js"></script> >+ <script language="JavaScript"> >+ function loadhandler() { >+ showHelpPath(); >+ patchAnchors(); >+ } >+ >+ </script> >+</head> >+ >+<body onload = "loadhandler()"> >+<h1> Bug 320547 - [Webapp][Security] Misuse of /topic/file</h1> >+ >+<h3 id="path"></h3> >+</h3> >+ >+This bug is workbench only and Windows only so should be tested on the Eclipse >+workbench on Windows. >+<br> >+Click on the link below: if a list of directory filenames shows the test is failing. >+<p> >+<a href = "../../../../file:/c:/" > Click here </a> >+</p> >+ >+</body> >+</html> >\ No newline at end of file >Index: data/help/jsp/b320548remote.html >=================================================================== >RCS file: data/help/jsp/b320548remote.html >diff -N data/help/jsp/b320548remote.html >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ data/help/jsp/b320548remote.html 1 Jan 1970 00:00:00 -0000 >@@ -0,0 +1,39 @@ >+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> >+ >+<html> >+<head> >+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> >+ <title>Bug 320548 - [Webapp][Security] Ability to read files not in bundles</title> >+ <script language="JavaScript" src="server.js"></script> >+ <script language="JavaScript"> >+ function loadhandler() { >+ showHelpPath(); >+ patchAnchors(); >+ } >+ >+ </script> >+</head> >+ >+<body onload = "loadhandler()"> >+<h1> Bug 320548 - [Webapp][Security] Ability to read files not in bundles</h1> >+ >+<h3 id="path"> >+</h3> >+This bug is Windows only so should be tested on the Eclipse >+workbench on Windows. Note that if none of the plug-ins listed below >+is present in the product the failure will not occur, however that does >+not mean that the bug is not present. >+<ol> >+<li>Create a file C:\temp.txt containing the text "Temp file".</li> >+<li>Now click on each of the links below, if any causes the line "Temp File" to be displayed >+it means the bug is present. >+</ul> >+<br> >+<a href = "../../../../org.eclipse.ui.intro.universal/..\..\..\..\..\..\..\..\temp.txt" >D1 org.eclipse.ui.intro.universal</a> >+<br> >+<a href = "../../../../org.eclipse.platform/..\..\..\..\..\..\..\..\..\temp.txt" >D2 org.eclipse.ui.platform</a> >+<br> >+<a href = "../../../../org.eclipse.ui.workbench.compatibility/..\..\..\..\..\..\..\..\..\temp.txt" >D3 org.eclipse.ui.workbench.compatibility</a> >+ >+</body> >+</html> >\ No newline at end of file >Index: data/help/jsp/getlocation.html >=================================================================== >RCS file: data/help/jsp/getlocation.html >diff -N data/help/jsp/getlocation.html >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ data/help/jsp/getlocation.html 1 Jan 1970 00:00:00 -0000 >@@ -0,0 +1,101 @@ >+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> >+ >+<html> >+<head> >+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> >+ <title>Enter remote host url</title> >+<script language="JavaScript"> >+ >+function doSubmit() { >+ var url = document.getElementById("url").value; >+ setCookie(encodeURIComponent(url)); >+} >+ >+function loadHandler() { >+ document.getElementById("url").value = getHelpPath(); >+} >+ >+function testURL() { >+ var url = document.getElementById("url").value; >+ setCookie(encodeURIComponent(url)); >+ window.open(url + "index.jsp"); >+} >+ >+ >+function testThis() { >+ var thisURL = document.location.href; >+ var index = thisURL.indexOf('topic/'); >+ if (index > 0) { >+ thisURL = thisURL.substr(0, index); >+ } >+ document.getElementById("url").value = thisURL; >+ setCookie(encodeURIComponent(thisURL)); >+} >+ >+var defaultName = "http://help.eclipse.org/helios/"; >+ >+function getHelpPath() { >+ var path = getCookie(); >+ if (path !== null) return decodeURIComponent(path); >+ return defaultName; >+} >+ >+function getCookie() { >+ var nameEquals = "server="; >+ var cookies = document.cookie.split(";"); >+ for (var i=0;i<cookies.length;++i) { >+ var cookie = cookies[i]; >+ if (cookie.charAt(0) == ' ') { >+ cookie = cookie.substring(1, cookie.length); >+ } >+ if (cookie.indexOf(nameEquals) == 0) { >+ return cookie.substring(nameEquals.length, cookie.length); >+ } >+ } >+ return null; >+} >+ >+function setCookie(value) { >+ var date = new Date(); >+ date.setTime(date.getTime()+(365*24*60*60*1000)); >+ document.cookie = "server=" + value + "; expires=" + date.toGMTString(); >+} >+ >+</script> >+ >+</head> >+ >+<body onload = "loadHandler()" > >+<h1>Enter host url</h1> >+ >+This step sets the infocenter to be tested for security flaws. A remote infocenter >+can be tested by entering its URL. >+ >+<form onsubmit="doSubmit();return false;"> >+ Enter the url of the remote help system up to the context path. >+ <br> >+ Example: http://host:80/help/ >+ <br> >+ <input type="text" id="url" name="url" >+ value='' maxlength=256 style="width:400px"> >+ <table> >+ <tr id="buttonsTable"><td > >+ <table cellspacing=0 cellpadding=0 border=0 style="background:transparent;"> >+ <tr> >+ <td> >+ <button id="test" type="button" onclick="testURL()" >Save and Test</button> >+ </td> >+ <td> >+ <button id="test" type="button" onclick="testThis()" >Test this server</button> >+ </td> >+ <td> >+ <button type="submit" id="ok">Save</button> >+ </td> >+ </tr> >+ </table> >+ </td></tr> >+ </table> >+</form> >+ >+</body> >+</html> >\ No newline at end of file >Index: data/help/jsp/local.html >=================================================================== >RCS file: data/help/jsp/local.html >diff -N data/help/jsp/local.html >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ data/help/jsp/local.html 1 Jan 1970 00:00:00 -0000 >@@ -0,0 +1,16 @@ >+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> >+ >+<html> >+<head> >+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> >+ <title>Tests for this help system</title> >+</head> >+ >+<body> >+<h1>Tests for this help system</h1> >+ >+The tests in this section will test the help system used to display this page. If you wish to test >+a help server which does not have these tests installed that can be done using the tests for remote sites. >+ >+</body> >+</html> >\ No newline at end of file >Index: data/help/jsp/remote.html >=================================================================== >RCS file: data/help/jsp/remote.html >diff -N data/help/jsp/remote.html >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ data/help/jsp/remote.html 1 Jan 1970 00:00:00 -0000 >@@ -0,0 +1,18 @@ >+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> >+ >+<html> >+<head> >+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> >+ <title>Tests for Remote Sites</title> >+</head> >+ >+<body> >+<h1>Tests for Remote Sites</h1> >+ >+These tests allow you to run the security tests on any help server even if that help system does not >+have the tests installed. To test a remote help site first open the page "Setup help path" and enter >+the path of the remote site. Be sure to hit OK. After that each of the pages will contain links which >+will test the site whose path you entered. >+ >+</body> >+</html> >\ No newline at end of file >Index: data/help/jsp/server.js >=================================================================== >RCS file: data/help/jsp/server.js >diff -N data/help/jsp/server.js >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ data/help/jsp/server.js 1 Jan 1970 00:00:00 -0000 >@@ -0,0 +1,45 @@ >+ >+var defaultName = "http://help.eclipse.org/helios/"; >+ >+function getHelpPath() { >+ var path = getCookie(); >+ if (path !== null) return decodeURIComponent(path); >+ return defaultName; >+} >+ >+function showHelpPath() { >+ var pathNode = document.getElementById("path"); >+ var pathValue=document.createTextNode("Testing help system: " + getHelpPath() + "index.jsp"); >+ pathNode.appendChild(pathValue); >+} >+ >+// Patches every anchor in a page >+function patchAnchors() { >+ var doclinks = document.getElementsByTagName("a"); >+ for (var i = 0; i < doclinks.length; i++) { >+ var slash = doclinks[i].href.indexOf('/', 8); >+ slash = doclinks[i].href.indexOf('/', slash + 1); >+ doclinks[i].href = getHelpPath() + doclinks[i].href.substring(slash + 1); >+ } >+} >+ >+function getCookie() { >+ var nameEquals = "server="; >+ var cookies = document.cookie.split(";"); >+ for (var i=0;i<cookies.length;++i) { >+ var cookie = cookies[i]; >+ if (cookie.charAt(0) == ' ') { >+ cookie = cookie.substring(1, cookie.length); >+ } >+ if (cookie.indexOf(nameEquals) == 0) { >+ return cookie.substring(nameEquals.length, cookie.length); >+ } >+ } >+ return null; >+} >+ >+function setCookie(value) { >+ var date = new Date(); >+ date.setTime(date.getTime()+(365*24*60*60*1000)); >+ document.cookie = "server=" + value + "; expires=" + date.toGMTString(); >+} >\ No newline at end of file >Index: data/help/jsp/toc.xml >=================================================================== >RCS file: data/help/jsp/toc.xml >diff -N data/help/jsp/toc.xml >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ data/help/jsp/toc.xml 1 Jan 1970 00:00:00 -0000 >@@ -0,0 +1,17 @@ >+<?xml version="1.0" encoding="UTF-8"?> >+<toc label="JSP tests" link_to="data/help/toc/root.xml#content" topic="data/help/jsp/remote.html"> >+ <topic label="JSP tests"> >+ <topic href="data/help/jsp/getlocation.html" label="Setup help path"> >+ </topic> >+ <topic href="data/help/jsp/b233466remote.html" label="A - Bug 233466"> >+ </topic> >+ <topic href="data/help/jsp/b317055remote.html" label="B - Bug 317055"> >+ </topic> >+ <topic href="data/help/jsp/b320547remote.html" label="C - Bug 320547"> >+ </topic> >+ <topic href="data/help/jsp/b320548remote.html" label="D - Bug 320548"> >+ </topic> >+ <topic href="data/help/jsp/xssremote.html" label="O - other tests"> >+ </topic> >+ </topic> >+</toc> >Index: data/help/jsp/xssremote.html >=================================================================== >RCS file: data/help/jsp/xssremote.html >diff -N data/help/jsp/xssremote.html >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ data/help/jsp/xssremote.html 1 Jan 1970 00:00:00 -0000 >@@ -0,0 +1,50 @@ >+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> >+ >+<html> >+<head> >+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> >+ <title>XSS bugs</title> >+ <script language="JavaScript" src="server.js"></script> >+ <script language="JavaScript"> >+ function loadhandler() { >+ showHelpPath(); >+ patchAnchors(); >+ } >+ >+ </script> >+</head> >+ >+<body onload = "loadhandler()"> >+<h1>Other JSP bugs</h1> >+ >+<h3 id="path"></h3> >+ >+This bug can be tested on an infocenter or in Workbench mode. >+<br> >+Click on each of the links in turn, if any cause a message dialog or new window or tab to open that is a symptom of an xss bug. >+If you see an warning in the browser that it has modified the site to prevent cross site scripting >+that is also a problem. >+<br> >+<a href = "../../../../../advanced/search.jsp?searchWord=&maxHits=500&workingSet=All%20topics%27/%3E%3Cscript%3Ealert%2842752%29%3C/script%3E" > >+Link X1</a> >+<br> >+<a href = "../../../../../advanced/search.jsp?searchWord=%3E%22%27%3E%3Cscript%3Ealert%283854%29%3C/script%3E&maxHits=%3E%22%27%3E%3Cscript%3Ealert%283854%29%3C/script%3E&workingSet=%3E%22%27%3E%3Cscript%3Ealert%283854%29%3C/script%3E" > >+Link X2</a> >+<br> >+<a href = "../../../../../advanced/workingSet.jsp?operation=add%22/%3E%27;%3C/script%3E%3Cscript%3Ealert%2853827%29%3C/script%3E&workingSet=" > >+Link X3</a> >+<br> >+<a href = "../../../../../basic/searchView.jsp?searchWord=%27/%3E%3Cscript%3Ealert%2851887%29%3C/script%3E&maxHits=500&scopedSearch=true" > >+Link X4</a> >+<br> >+<a href = "../../../../../basic/searchView.jsp?searchWord=%3E%22%27%3E%3Cscript%3Ealert%2850929%29%3C/script%3E&maxHits=%3E%22%27%3E%3Cscript%3Ealert%2850929%29%3C/script%3E&scopedSearch=%3E%22%27%3E%3Cscript%3Ealert%2850929%29%3C/script%3E" > >+Link X5</a> >+<br> >+<a href = "../../../../../advanced/search.jsp?searchWord=&maxHits=500&workingSet=<script>window.open('http://www.eclipse.org/')</script>" > >+Link X6</a> >+<br> >+<a href = "../../../../../index.jsp?'onload='alert(0)"> >+Link X7</a> >+ >+</body> >+</html> >\ No newline at end of file >Index: plugin.xml >=================================================================== >RCS file: /cvsroot/eclipse/org.eclipse.ua.tests/plugin.xml,v >retrieving revision 1.62 >diff -u -r1.62 plugin.xml >--- plugin.xml 17 Jun 2010 18:35:47 -0000 1.62 >+++ plugin.xml 17 Feb 2011 19:07:26 -0000 >@@ -456,6 +456,7 @@ > <toc file="data/help/search/toc3.xml" extradir="data/help/search/extraDir2"/> > <toc file="data/help/search/toc4.xml" extradir="data/help/search/extraDir3"/> > <toc file="data/help/index/toc.xml"/> >+ <toc file="data/help/jsp/toc.xml"/> > <toc file="non_junit/toc.xml"/> > <tocIcon > id="org.eclipse.ua.tests.openOnly"
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 320967
:
175283
|
175339
|
175432
|
184968
| 189216