Bug 233466 [Webapp] Site redirection vulnerability in Eclipse Help Systemv20080528

author: Chris Goldthorpe 2008-05-28 23:33:27 +0000
committer: Chris Goldthorpe 2008-05-28 23:33:27 +0000
commit: c0737d393026f93351e2b5b7fff7aab78e4304e0 (patch)
tree: c4ca5a21ae477cc9703b8f779d2205b0f0400941
parent: e3bc010c41d35f13bdd761e2edd20dde25195a4a (diff)
download: eclipse.platform.ua-20080528.tar.gz
eclipse.platform.ua-20080528.tar.xz
eclipse.platform.ua-20080528.zip
6 files changed, 116 insertions, 4 deletions
diff --git a/org.eclipse.help.base/preferences.ini b/org.eclipse.help.base/preferences.ini
index 948559563..894d580b0 100644
--- a/org.eclipse.help.base/preferences.ini
+++ b/org.eclipse.help.base/preferences.ini
@@ -171,4 +171,11 @@ indexInstruction=true
 indexButton=true
 indexPlusMinus=true
 indexExpandAll=false
-highlight-on=true
-\ No newline at end of file
+highlight-on=true
+
+#########################
+# Infocenter Security
+#########################
+# Increases security  by preventing urls referencing external sites from being passed
+# in as the topic parameter. 
+restrictTopicParameter=true
+\ No newline at end of file
diff --git a/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/LayoutData.java b/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/LayoutData.java
index 44c47726f..926c5aefc 100644
--- a/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/LayoutData.java
+++ b/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/LayoutData.java
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2000, 2007 IBM Corporation and others.
+ * Copyright (c) 2000, 2008 IBM Corporation and others.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
  * which accompanies this distribution, and is available at
@@ -70,7 +70,10 @@ public class LayoutData extends RequestData {
 		else {
 			TocData tocData = new TocData(context, request, response);
 			String topic = tocData.getSelectedTopic();
-			return topic != null ? topic : UrlUtil.getHelpURL(preferences.getHelpHome());
+			if (topic == null || !UrlUtil.isValidTopicURL(topic)) {
+				return UrlUtil.getHelpURL(preferences.getHelpHome());
+			}
+			return  topic;
 		}
 	}
 
diff --git a/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/UrlUtil.java b/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/UrlUtil.java
index 9ed644921..4f0a065bf 100644
--- a/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/UrlUtil.java
+++ b/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/UrlUtil.java
@@ -142,6 +142,21 @@ public class UrlUtil {
 	}
 	
 	/**
+	 * Tests to see if this path is permitted in the topic parameter passed in a help URL
+	 * @param path the path passed as a ?topic parameter. May not be null.
+	 * @return true unless topic parameters are restricted and the path has a protocol specified
+	 */
+	public static boolean isValidTopicURL(String path) {
+		if (BaseHelpSystem.getMode() == BaseHelpSystem.MODE_INFOCENTER 
+				&& new WebappPreferences().isRestrictTopicParameter()) {
+		    if (path.indexOf("://") >= 0) {  //$NON-NLS-1$
+			    return false;
+		    }
+		}
+		return true;
+	}
+	
+	/**
 	 * Returns a path to the given topic in the form of child indexes. For
 	 * example, if the path points to the 3rd subtopic under the 2nd topic of
 	 * the 4th toc, it will return { 3, 1, 2 }.
diff --git a/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/WebappPreferences.java b/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/WebappPreferences.java
index 5c7e99f82..4db4c765b 100644
--- a/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/WebappPreferences.java
+++ b/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/WebappPreferences.java
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2000, 2007 IBM Corporation and others.
+ * Copyright (c) 2000, 2008 IBM Corporation and others.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
  * which accompanies this distribution, and is available at
@@ -128,4 +128,8 @@ public class WebappPreferences {
 		prefs.setValue("default_highlight", highlight); //$NON-NLS-1$
 	}
 	
+	public boolean isRestrictTopicParameter() {
+		return prefs.getBoolean("restrictTopicParameter"); //$NON-NLS-1$
+	}
+	
 }
diff --git a/org.eclipse.ua.tests/help/org/eclipse/ua/tests/help/webapp/AllWebappTests.java b/org.eclipse.ua.tests/help/org/eclipse/ua/tests/help/webapp/AllWebappTests.java
index 208e15c47..16b087196 100644
--- a/org.eclipse.ua.tests/help/org/eclipse/ua/tests/help/webapp/AllWebappTests.java
+++ b/org.eclipse.ua.tests/help/org/eclipse/ua/tests/help/webapp/AllWebappTests.java
@@ -30,6 +30,7 @@ public class AllWebappTests extends TestSuite {
 		suite.addTestSuite(FilterTest.class);
 		suite.addTestSuite(UrlUtilsTests.class);
 		suite.addTestSuite(LocaleTest.class);
+		suite.addTestSuite(RestrictedTopicParameter.class);
 		//$JUnit-END$
 		return suite;
 	}
diff --git a/org.eclipse.ua.tests/help/org/eclipse/ua/tests/help/webapp/RestrictedTopicParameter.java b/org.eclipse.ua.tests/help/org/eclipse/ua/tests/help/webapp/RestrictedTopicParameter.java
new file mode 100644
index 000000000..1a572e151
--- /dev/null
+++ b/org.eclipse.ua.tests/help/org/eclipse/ua/tests/help/webapp/RestrictedTopicParameter.java
@@ -0,0 +1,82 @@
+/*******************************************************************************
+ * Copyright (c) 2008 IBM Corporation and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ *     IBM Corporation - initial API and implementation
+ *******************************************************************************/
+
+package org.eclipse.ua.tests.help.webapp;
+
+import org.eclipse.help.internal.base.BaseHelpSystem;
+import org.eclipse.help.internal.base.HelpBasePlugin;
+import org.eclipse.help.internal.webapp.data.UrlUtil;
+
+import junit.framework.TestCase;
+
+/**
+ * Test for function which determines whether a topic path can be passed to the content frame
+ */
+
+public class RestrictedTopicParameter extends TestCase {
+	
+	private static final String RESTRICT_TOPIC = "restrictTopicParameter";
+	private boolean restrictTopic;
+	private int helpMode;
+	
+	protected void setUp() throws Exception {
+		restrictTopic = HelpBasePlugin.getDefault().getPluginPreferences().getBoolean(RESTRICT_TOPIC);
+		helpMode = BaseHelpSystem.getMode();
+	}
+	
+	protected void tearDown() throws Exception {
+		setRestrictTopic(restrictTopic);
+		BaseHelpSystem.setMode(helpMode);
+	}
+
+	private void setRestrictTopic(boolean isRestrict) {
+		HelpBasePlugin.getDefault().getPluginPreferences().setValue(RESTRICT_TOPIC, isRestrict);
+	}
+
+	public void testWorkbenchMode() {
+		BaseHelpSystem.setMode(BaseHelpSystem.MODE_WORKBENCH);
+		setRestrictTopic(true);
+		assertTrue(UrlUtil.isValidTopicURL("http://www.eclipse.org"));
+		assertTrue(UrlUtil.isValidTopicURL("https://www.eclipse.org"));
+		setRestrictTopic(false);
+		assertTrue(UrlUtil.isValidTopicURL("http://www.eclipse.org"));
+		assertTrue(UrlUtil.isValidTopicURL("https://www.eclipse.org"));
+	}
+	
+	public void testStandaloneMode() {
+		BaseHelpSystem.setMode(BaseHelpSystem.MODE_STANDALONE);
+		setRestrictTopic(true);
+		assertTrue(UrlUtil.isValidTopicURL("http://www.eclipse.org"));
+		assertTrue(UrlUtil.isValidTopicURL("https://www.eclipse.org"));
+		setRestrictTopic(false);
+		assertTrue(UrlUtil.isValidTopicURL("http://www.eclipse.org"));
+		assertTrue(UrlUtil.isValidTopicURL("https://www.eclipse.org"));
+	}
+
+	public void testInfocenterUnrestricted() {
+		BaseHelpSystem.setMode(BaseHelpSystem.MODE_INFOCENTER);
+		setRestrictTopic(false);
+		assertTrue(UrlUtil.isValidTopicURL("http://www.eclipse.org"));
+		assertTrue(UrlUtil.isValidTopicURL("https://www.eclipse.org"));
+		assertTrue(UrlUtil.isValidTopicURL("org.eclipse.platform.doc.user/reference/ref-43.htm"));
+	}
+	
+	public void testInfocenterResestricted() {
+		BaseHelpSystem.setMode(BaseHelpSystem.MODE_INFOCENTER);
+		setRestrictTopic(true);
+		assertFalse(UrlUtil.isValidTopicURL("http://www.eclipse.org"));
+		assertFalse(UrlUtil.isValidTopicURL("https://www.eclipse.org"));
+		assertFalse(UrlUtil.isValidTopicURL("HTTP://www.eclipse.org"));
+		assertFalse(UrlUtil.isValidTopicURL("file://somepath.html"));
+		assertTrue(UrlUtil.isValidTopicURL("org.eclipse.platform.doc.user/reference/ref-43.htm"));
+	}
+	
+}
author	Chris Goldthorpe	2008-05-28 23:33:27 +0000
committer	Chris Goldthorpe	2008-05-28 23:33:27 +0000
commit	c0737d393026f93351e2b5b7fff7aab78e4304e0 (patch)
tree	c4ca5a21ae477cc9703b8f779d2205b0f0400941
parent	e3bc010c41d35f13bdd761e2edd20dde25195a4a (diff)
download	eclipse.platform.ua-20080528.tar.gz eclipse.platform.ua-20080528.tar.xz eclipse.platform.ua-20080528.zip