diff options
author | Chris Goldthorpe | 2011-02-17 19:20:03 +0000 |
---|---|---|
committer | Chris Goldthorpe | 2011-02-17 19:20:03 +0000 |
commit | 865c2c13caec172be0d88564a65763e4e4e6a483 (patch) | |
tree | 1e0d39c1c5cc4a941e7ee78061862bc2b5f699fc /org.eclipse.ua.tests | |
parent | de54f9e97aa2a876c2c317bfcd354cedd647e0ef (diff) | |
download | eclipse.platform.ua-865c2c13caec172be0d88564a65763e4e4e6a483.tar.gz eclipse.platform.ua-865c2c13caec172be0d88564a65763e4e4e6a483.tar.xz eclipse.platform.ua-865c2c13caec172be0d88564a65763e4e4e6a483.zip |
Bug 320967 - [Test][Security] Tests for security related bugs
Diffstat (limited to 'org.eclipse.ua.tests')
-rw-r--r-- | org.eclipse.ua.tests/data/help/jsp/b233466remote.html | 32 | ||||
-rw-r--r-- | org.eclipse.ua.tests/data/help/jsp/b317055remote.html | 29 | ||||
-rw-r--r-- | org.eclipse.ua.tests/data/help/jsp/b320547remote.html | 32 | ||||
-rw-r--r-- | org.eclipse.ua.tests/data/help/jsp/b320548remote.html | 39 | ||||
-rw-r--r-- | org.eclipse.ua.tests/data/help/jsp/getlocation.html | 101 | ||||
-rw-r--r-- | org.eclipse.ua.tests/data/help/jsp/local.html | 16 | ||||
-rw-r--r-- | org.eclipse.ua.tests/data/help/jsp/remote.html | 18 | ||||
-rw-r--r-- | org.eclipse.ua.tests/data/help/jsp/server.js | 45 | ||||
-rw-r--r-- | org.eclipse.ua.tests/data/help/jsp/toc.xml | 17 | ||||
-rw-r--r-- | org.eclipse.ua.tests/data/help/jsp/xssremote.html | 50 | ||||
-rw-r--r-- | org.eclipse.ua.tests/plugin.xml | 1 |
11 files changed, 380 insertions, 0 deletions
diff --git a/org.eclipse.ua.tests/data/help/jsp/b233466remote.html b/org.eclipse.ua.tests/data/help/jsp/b233466remote.html new file mode 100644 index 000000000..3ba8c917b --- /dev/null +++ b/org.eclipse.ua.tests/data/help/jsp/b233466remote.html @@ -0,0 +1,32 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> + +<html> +<head> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> + <title>Bug 233466 - [Webapp][Security] Site redirection vulnerability in Eclipse Help System</title> + <script language="JavaScript" src="server.js"></script> + <script language="JavaScript"> + function loadhandler() { + showHelpPath(); + patchAnchors(); + } + + </script> +</head> + +<body onload = "loadhandler()"> +<h1>Bug 233466 - [Webapp][Security] Site redirection vulnerability in Eclipse Help System</h1> + +<h3 id="path"></h3> + +To reproduce open help in an external browser ((The bug reproduces on both IE and Firefox) +<br> +Right on the link below and open in a new window. If the help frames are displayed and eclipse.org +is opened in the content frame the test is failing. +<br> +<a href = "../../../../../index.jsp?topic=http://www.eclipse.org +" >Open link in a new window </a> +</p> + +</body> +</html>
\ No newline at end of file diff --git a/org.eclipse.ua.tests/data/help/jsp/b317055remote.html b/org.eclipse.ua.tests/data/help/jsp/b317055remote.html new file mode 100644 index 000000000..6db264197 --- /dev/null +++ b/org.eclipse.ua.tests/data/help/jsp/b317055remote.html @@ -0,0 +1,29 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> + +<html> +<head> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> + <title>Bug 317055 - [Webapp][Security] URLEncode url requests from local users</title> + <script language="JavaScript" src="server.js"></script> + <script language="JavaScript"> + function loadhandler() { + showHelpPath(); + patchAnchors(); + } + + </script> +</head> + +<body onload = "loadhandler()"> +<h1> Bug 317055 - [Webapp][Security] URLEncode url requests from local users</h1> + +<h3 id="path"></h3> +To reproduce open help in an external browser ((The bug reproduces on both IE and Firefox) +<br> +Right on the link below and open in a new window. If an alert containing cookie values such as JSESSIONID shows the test is failing. +<p> +<a href = "../../../../"+alert(document.cookie)+".html" > Open this link in a new window </a> +</p> + +</body> +</html>
\ No newline at end of file diff --git a/org.eclipse.ua.tests/data/help/jsp/b320547remote.html b/org.eclipse.ua.tests/data/help/jsp/b320547remote.html new file mode 100644 index 000000000..7dd5351b4 --- /dev/null +++ b/org.eclipse.ua.tests/data/help/jsp/b320547remote.html @@ -0,0 +1,32 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> + +<html> +<head> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> + <title> Bug 320547 - [Webapp][Security] Misuse of /topic/file</title> + <script language="JavaScript" src="server.js"></script> + <script language="JavaScript"> + function loadhandler() { + showHelpPath(); + patchAnchors(); + } + + </script> +</head> + +<body onload = "loadhandler()"> +<h1> Bug 320547 - [Webapp][Security] Misuse of /topic/file</h1> + +<h3 id="path"></h3> +</h3> + +This bug is workbench only and Windows only so should be tested on the Eclipse +workbench on Windows. +<br> +Click on the link below: if a list of directory filenames shows the test is failing. +<p> +<a href = "../../../../file:/c:/" > Click here </a> +</p> + +</body> +</html>
\ No newline at end of file diff --git a/org.eclipse.ua.tests/data/help/jsp/b320548remote.html b/org.eclipse.ua.tests/data/help/jsp/b320548remote.html new file mode 100644 index 000000000..202a2bd26 --- /dev/null +++ b/org.eclipse.ua.tests/data/help/jsp/b320548remote.html @@ -0,0 +1,39 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> + +<html> +<head> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> + <title>Bug 320548 - [Webapp][Security] Ability to read files not in bundles</title> + <script language="JavaScript" src="server.js"></script> + <script language="JavaScript"> + function loadhandler() { + showHelpPath(); + patchAnchors(); + } + + </script> +</head> + +<body onload = "loadhandler()"> +<h1> Bug 320548 - [Webapp][Security] Ability to read files not in bundles</h1> + +<h3 id="path"> +</h3> +This bug is Windows only so should be tested on the Eclipse +workbench on Windows. Note that if none of the plug-ins listed below +is present in the product the failure will not occur, however that does +not mean that the bug is not present. +<ol> +<li>Create a file C:\temp.txt containing the text "Temp file".</li> +<li>Now click on each of the links below, if any causes the line "Temp File" to be displayed +it means the bug is present. +</ul> +<br> +<a href = "../../../../org.eclipse.ui.intro.universal/..\..\..\..\..\..\..\..\temp.txt" >D1 org.eclipse.ui.intro.universal</a> +<br> +<a href = "../../../../org.eclipse.platform/..\..\..\..\..\..\..\..\..\temp.txt" >D2 org.eclipse.ui.platform</a> +<br> +<a href = "../../../../org.eclipse.ui.workbench.compatibility/..\..\..\..\..\..\..\..\..\temp.txt" >D3 org.eclipse.ui.workbench.compatibility</a> + +</body> +</html>
\ No newline at end of file diff --git a/org.eclipse.ua.tests/data/help/jsp/getlocation.html b/org.eclipse.ua.tests/data/help/jsp/getlocation.html new file mode 100644 index 000000000..add4da26e --- /dev/null +++ b/org.eclipse.ua.tests/data/help/jsp/getlocation.html @@ -0,0 +1,101 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> + +<html> +<head> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> + <title>Enter remote host url</title> +<script language="JavaScript"> + +function doSubmit() { + var url = document.getElementById("url").value; + setCookie(encodeURIComponent(url)); +} + +function loadHandler() { + document.getElementById("url").value = getHelpPath(); +} + +function testURL() { + var url = document.getElementById("url").value; + setCookie(encodeURIComponent(url)); + window.open(url + "index.jsp"); +} + + +function testThis() { + var thisURL = document.location.href; + var index = thisURL.indexOf('topic/'); + if (index > 0) { + thisURL = thisURL.substr(0, index); + } + document.getElementById("url").value = thisURL; + setCookie(encodeURIComponent(thisURL)); +} + +var defaultName = "http://help.eclipse.org/helios/"; + +function getHelpPath() { + var path = getCookie(); + if (path !== null) return decodeURIComponent(path); + return defaultName; +} + +function getCookie() { + var nameEquals = "server="; + var cookies = document.cookie.split(";"); + for (var i=0;i<cookies.length;++i) { + var cookie = cookies[i]; + if (cookie.charAt(0) == ' ') { + cookie = cookie.substring(1, cookie.length); + } + if (cookie.indexOf(nameEquals) == 0) { + return cookie.substring(nameEquals.length, cookie.length); + } + } + return null; +} + +function setCookie(value) { + var date = new Date(); + date.setTime(date.getTime()+(365*24*60*60*1000)); + document.cookie = "server=" + value + "; expires=" + date.toGMTString(); +} + +</script> + +</head> + +<body onload = "loadHandler()" > +<h1>Enter host url</h1> + +This step sets the infocenter to be tested for security flaws. A remote infocenter +can be tested by entering its URL. + +<form onsubmit="doSubmit();return false;"> + Enter the url of the remote help system up to the context path. + <br> + Example: http://host:80/help/ + <br> + <input type="text" id="url" name="url" + value='' maxlength=256 style="width:400px"> + <table> + <tr id="buttonsTable"><td > + <table cellspacing=0 cellpadding=0 border=0 style="background:transparent;"> + <tr> + <td> + <button id="test" type="button" onclick="testURL()" >Save and Test</button> + </td> + <td> + <button id="test" type="button" onclick="testThis()" >Test this server</button> + </td> + <td> + <button type="submit" id="ok">Save</button> + </td> + </tr> + </table> + </td></tr> + </table> +</form> + +</body> +</html>
\ No newline at end of file diff --git a/org.eclipse.ua.tests/data/help/jsp/local.html b/org.eclipse.ua.tests/data/help/jsp/local.html new file mode 100644 index 000000000..49aa0906e --- /dev/null +++ b/org.eclipse.ua.tests/data/help/jsp/local.html @@ -0,0 +1,16 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> + +<html> +<head> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> + <title>Tests for this help system</title> +</head> + +<body> +<h1>Tests for this help system</h1> + +The tests in this section will test the help system used to display this page. If you wish to test +a help server which does not have these tests installed that can be done using the tests for remote sites. + +</body> +</html>
\ No newline at end of file diff --git a/org.eclipse.ua.tests/data/help/jsp/remote.html b/org.eclipse.ua.tests/data/help/jsp/remote.html new file mode 100644 index 000000000..78d846425 --- /dev/null +++ b/org.eclipse.ua.tests/data/help/jsp/remote.html @@ -0,0 +1,18 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> + +<html> +<head> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> + <title>Tests for Remote Sites</title> +</head> + +<body> +<h1>Tests for Remote Sites</h1> + +These tests allow you to run the security tests on any help server even if that help system does not +have the tests installed. To test a remote help site first open the page "Setup help path" and enter +the path of the remote site. Be sure to hit OK. After that each of the pages will contain links which +will test the site whose path you entered. + +</body> +</html>
\ No newline at end of file diff --git a/org.eclipse.ua.tests/data/help/jsp/server.js b/org.eclipse.ua.tests/data/help/jsp/server.js new file mode 100644 index 000000000..5b1fd51ce --- /dev/null +++ b/org.eclipse.ua.tests/data/help/jsp/server.js @@ -0,0 +1,45 @@ + +var defaultName = "http://help.eclipse.org/helios/"; + +function getHelpPath() { + var path = getCookie(); + if (path !== null) return decodeURIComponent(path); + return defaultName; +} + +function showHelpPath() { + var pathNode = document.getElementById("path"); + var pathValue=document.createTextNode("Testing help system: " + getHelpPath() + "index.jsp"); + pathNode.appendChild(pathValue); +} + +// Patches every anchor in a page +function patchAnchors() { + var doclinks = document.getElementsByTagName("a"); + for (var i = 0; i < doclinks.length; i++) { + var slash = doclinks[i].href.indexOf('/', 8); + slash = doclinks[i].href.indexOf('/', slash + 1); + doclinks[i].href = getHelpPath() + doclinks[i].href.substring(slash + 1); + } +} + +function getCookie() { + var nameEquals = "server="; + var cookies = document.cookie.split(";"); + for (var i=0;i<cookies.length;++i) { + var cookie = cookies[i]; + if (cookie.charAt(0) == ' ') { + cookie = cookie.substring(1, cookie.length); + } + if (cookie.indexOf(nameEquals) == 0) { + return cookie.substring(nameEquals.length, cookie.length); + } + } + return null; +} + +function setCookie(value) { + var date = new Date(); + date.setTime(date.getTime()+(365*24*60*60*1000)); + document.cookie = "server=" + value + "; expires=" + date.toGMTString(); +}
\ No newline at end of file diff --git a/org.eclipse.ua.tests/data/help/jsp/toc.xml b/org.eclipse.ua.tests/data/help/jsp/toc.xml new file mode 100644 index 000000000..6b8bb1621 --- /dev/null +++ b/org.eclipse.ua.tests/data/help/jsp/toc.xml @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8"?> +<toc label="JSP tests" link_to="data/help/toc/root.xml#content" topic="data/help/jsp/remote.html"> + <topic label="JSP tests"> + <topic href="data/help/jsp/getlocation.html" label="Setup help path"> + </topic> + <topic href="data/help/jsp/b233466remote.html" label="A - Bug 233466"> + </topic> + <topic href="data/help/jsp/b317055remote.html" label="B - Bug 317055"> + </topic> + <topic href="data/help/jsp/b320547remote.html" label="C - Bug 320547"> + </topic> + <topic href="data/help/jsp/b320548remote.html" label="D - Bug 320548"> + </topic> + <topic href="data/help/jsp/xssremote.html" label="O - other tests"> + </topic> + </topic> +</toc> diff --git a/org.eclipse.ua.tests/data/help/jsp/xssremote.html b/org.eclipse.ua.tests/data/help/jsp/xssremote.html new file mode 100644 index 000000000..117cb42cf --- /dev/null +++ b/org.eclipse.ua.tests/data/help/jsp/xssremote.html @@ -0,0 +1,50 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> + +<html> +<head> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> + <title>XSS bugs</title> + <script language="JavaScript" src="server.js"></script> + <script language="JavaScript"> + function loadhandler() { + showHelpPath(); + patchAnchors(); + } + + </script> +</head> + +<body onload = "loadhandler()"> +<h1>Other JSP bugs</h1> + +<h3 id="path"></h3> + +This bug can be tested on an infocenter or in Workbench mode. +<br> +Click on each of the links in turn, if any cause a message dialog or new window or tab to open that is a symptom of an xss bug. +If you see an warning in the browser that it has modified the site to prevent cross site scripting +that is also a problem. +<br> +<a href = "../../../../../advanced/search.jsp?searchWord=&maxHits=500&workingSet=All%20topics%27/%3E%3Cscript%3Ealert%2842752%29%3C/script%3E" > +Link X1</a> +<br> +<a href = "../../../../../advanced/search.jsp?searchWord=%3E%22%27%3E%3Cscript%3Ealert%283854%29%3C/script%3E&maxHits=%3E%22%27%3E%3Cscript%3Ealert%283854%29%3C/script%3E&workingSet=%3E%22%27%3E%3Cscript%3Ealert%283854%29%3C/script%3E" > +Link X2</a> +<br> +<a href = "../../../../../advanced/workingSet.jsp?operation=add%22/%3E%27;%3C/script%3E%3Cscript%3Ealert%2853827%29%3C/script%3E&workingSet=" > +Link X3</a> +<br> +<a href = "../../../../../basic/searchView.jsp?searchWord=%27/%3E%3Cscript%3Ealert%2851887%29%3C/script%3E&maxHits=500&scopedSearch=true" > +Link X4</a> +<br> +<a href = "../../../../../basic/searchView.jsp?searchWord=%3E%22%27%3E%3Cscript%3Ealert%2850929%29%3C/script%3E&maxHits=%3E%22%27%3E%3Cscript%3Ealert%2850929%29%3C/script%3E&scopedSearch=%3E%22%27%3E%3Cscript%3Ealert%2850929%29%3C/script%3E" > +Link X5</a> +<br> +<a href = "../../../../../advanced/search.jsp?searchWord=&maxHits=500&workingSet=<script>window.open('http://www.eclipse.org/')</script>" > +Link X6</a> +<br> +<a href = "../../../../../index.jsp?'onload='alert(0)"> +Link X7</a> + +</body> +</html>
\ No newline at end of file diff --git a/org.eclipse.ua.tests/plugin.xml b/org.eclipse.ua.tests/plugin.xml index 5e0b7780f..3579ac3fb 100644 --- a/org.eclipse.ua.tests/plugin.xml +++ b/org.eclipse.ua.tests/plugin.xml @@ -456,6 +456,7 @@ <toc file="data/help/search/toc3.xml" extradir="data/help/search/extraDir2"/> <toc file="data/help/search/toc4.xml" extradir="data/help/search/extraDir3"/> <toc file="data/help/index/toc.xml"/> + <toc file="data/help/jsp/toc.xml"/> <toc file="non_junit/toc.xml"/> <tocIcon id="org.eclipse.ua.tests.openOnly" |