Bug 320967 - [Test][Security] Tests for security related bugs

11 files changed, 380 insertions, 0 deletions

diff --git a/org.eclipse.ua.tests/data/help/jsp/b233466remote.html b/org.eclipse.ua.tests/data/help/jsp/b233466remote.html
new file mode 100644
index 000000000..3ba8c917b
--- /dev/null
+++ b/org.eclipse.ua.tests/data/help/jsp/b233466remote.html
@@ -0,0 +1,32 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+
+<html>
+<head>
+	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+	<title>Bug 233466 -  [Webapp][Security] Site redirection vulnerability in Eclipse Help System</title>
+    <script language="JavaScript" src="server.js"></script>
+	<script language="JavaScript">
+	    function loadhandler() {
+            showHelpPath();
+            patchAnchors();
+        }
+
+	</script>
+</head>
+
+<body onload = "loadhandler()">
+<h1>Bug 233466 -  [Webapp][Security] Site redirection vulnerability in Eclipse Help System</h1>
+
+<h3 id="path"></h3>
+
+To reproduce open help in an external browser ((The bug reproduces on both IE and Firefox)
+<br>
+Right on the link below and open in a new window. If the help frames are displayed and eclipse.org
+is opened in the content frame the test is failing.
+<br>
+<a href = "../../../../../index.jsp?topic=http://www.eclipse.org
+" >Open link in a new window </a>
+</p>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/org.eclipse.ua.tests/data/help/jsp/b317055remote.html b/org.eclipse.ua.tests/data/help/jsp/b317055remote.html
new file mode 100644
index 000000000..6db264197
--- /dev/null
+++ b/org.eclipse.ua.tests/data/help/jsp/b317055remote.html
@@ -0,0 +1,29 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+
+<html>
+<head>
+	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+	<title>Bug 317055 -  [Webapp][Security] URLEncode url requests from local users</title>
+	<script language="JavaScript" src="server.js"></script>
+	<script language="JavaScript">
+	    function loadhandler() {
+            showHelpPath();
+            patchAnchors();
+        }
+
+	</script>
+</head>
+
+<body onload = "loadhandler()">
+<h1> Bug 317055 -  [Webapp][Security] URLEncode url requests from local users</h1>
+
+<h3 id="path"></h3>
+To reproduce open help in an external browser ((The bug reproduces on both IE and Firefox)
+<br>
+Right on the link below and open in a new window. If an alert containing cookie values such as JSESSIONID shows the test is failing.
+<p>
+<a href = "../../../../&quot;+alert(document.cookie)+&quot;.html" > Open this link in a new window </a>
+</p>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/org.eclipse.ua.tests/data/help/jsp/b320547remote.html b/org.eclipse.ua.tests/data/help/jsp/b320547remote.html
new file mode 100644
index 000000000..7dd5351b4
--- /dev/null
+++ b/org.eclipse.ua.tests/data/help/jsp/b320547remote.html
@@ -0,0 +1,32 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+
+<html>
+<head>
+	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+	<title> Bug 320547 -  [Webapp][Security] Misuse of /topic/file</title>
+	<script language="JavaScript" src="server.js"></script>
+	<script language="JavaScript">
+	    function loadhandler() {
+            showHelpPath();
+            patchAnchors();
+        }
+
+	</script>
+</head>
+
+<body onload = "loadhandler()">
+<h1> Bug 320547 -  [Webapp][Security] Misuse of /topic/file</h1>
+
+<h3 id="path"></h3>
+</h3>
+
+This bug is workbench only and Windows only so should be tested on the Eclipse 
+workbench on Windows.
+<br>
+Click on the link below: if a list of directory filenames shows the test is failing.
+<p>
+<a href = "../../../../file:/c:/" > Click here </a>
+</p>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/org.eclipse.ua.tests/data/help/jsp/b320548remote.html b/org.eclipse.ua.tests/data/help/jsp/b320548remote.html
new file mode 100644
index 000000000..202a2bd26
--- /dev/null
+++ b/org.eclipse.ua.tests/data/help/jsp/b320548remote.html
@@ -0,0 +1,39 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+
+<html>
+<head>
+	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+	<title>Bug 320548 -  [Webapp][Security] Ability to read files not in bundles</title>
+	<script language="JavaScript" src="server.js"></script>
+	<script language="JavaScript">
+	    function loadhandler() {
+            showHelpPath();
+            patchAnchors();
+        }
+
+	</script>
+</head>
+
+<body onload = "loadhandler()">
+<h1> Bug 320548 -  [Webapp][Security] Ability to read files not in bundles</h1>
+
+<h3 id="path">
+</h3>
+This bug is Windows only so should be tested on the Eclipse 
+workbench on Windows. Note that if none of the plug-ins listed below
+is present in the product the failure will not occur, however that does
+not mean that the bug is not present.
+<ol>
+<li>Create a file C:\temp.txt containing the text "Temp file".</li>
+<li>Now click on each of the links below, if any causes the line "Temp File" to be displayed 
+it means the bug is present.
+</ul>
+<br>
+<a href = "../../../../org.eclipse.ui.intro.universal/..\..\..\..\..\..\..\..\temp.txt" >D1 org.eclipse.ui.intro.universal</a>
+<br>
+<a href = "../../../../org.eclipse.platform/..\..\..\..\..\..\..\..\..\temp.txt" >D2 org.eclipse.ui.platform</a>
+<br>
+<a href = "../../../../org.eclipse.ui.workbench.compatibility/..\..\..\..\..\..\..\..\..\temp.txt" >D3 org.eclipse.ui.workbench.compatibility</a>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/org.eclipse.ua.tests/data/help/jsp/getlocation.html b/org.eclipse.ua.tests/data/help/jsp/getlocation.html
new file mode 100644
index 000000000..add4da26e
--- /dev/null
+++ b/org.eclipse.ua.tests/data/help/jsp/getlocation.html
@@ -0,0 +1,101 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+
+<html>
+<head>
+	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+	<title>Enter remote host url</title>
+<script language="JavaScript">
+
+function doSubmit() {
+    var url = document.getElementById("url").value;
+    setCookie(encodeURIComponent(url));  
+}
+
+function loadHandler() {
+    document.getElementById("url").value = getHelpPath();
+}
+
+function testURL() {  
+    var url = document.getElementById("url").value;
+    setCookie(encodeURIComponent(url));  
+    window.open(url + "index.jsp");
+}
+
+
+function testThis() {
+    var thisURL = document.location.href;
+    var index = thisURL.indexOf('topic/');
+    if (index > 0) {
+        thisURL = thisURL.substr(0, index);
+    }
+    document.getElementById("url").value = thisURL;
+    setCookie(encodeURIComponent(thisURL));  
+}
+
+var defaultName = "http://help.eclipse.org/helios/";
+
+function getHelpPath() {
+    var path = getCookie();
+    if (path !== null) return decodeURIComponent(path);
+    return defaultName;
+}
+
+function getCookie() {
+	var nameEquals = "server=";
+	var cookies = document.cookie.split(";");
+	for (var i=0;i<cookies.length;++i) {
+		var cookie = cookies[i];
+		if (cookie.charAt(0) == ' ') {
+			cookie = cookie.substring(1, cookie.length);
+		}
+		if (cookie.indexOf(nameEquals) == 0) {
+			return cookie.substring(nameEquals.length, cookie.length);
+		}
+	}
+	return null;
+}
+
+function setCookie(value) {
+	var date = new Date();
+	date.setTime(date.getTime()+(365*24*60*60*1000));
+	document.cookie = "server=" + value + "; expires=" + date.toGMTString();
+}
+
+</script>
+
+</head>
+
+<body onload = "loadHandler()" >
+<h1>Enter host url</h1>
+
+This step sets the infocenter to be tested for security flaws. A remote infocenter
+can be tested by entering its URL.
+
+<form onsubmit="doSubmit();return false;">
+    Enter the url of the remote help system up to the context path.
+    <br>
+    Example: http://host:80/help/
+    <br>
+    <input type="text" id="url" name="url" 
+		    value='' maxlength=256 style="width:400px">
+	<table>
+		<tr id="buttonsTable"><td >
+  			<table cellspacing=0 cellpadding=0 border=0 style="background:transparent;">
+				<tr>		   
+					<td>
+						<button id="test" type="button"  onclick="testURL()" >Save and Test</button>
+					</td>  
+					<td>
+						<button id="test" type="button"  onclick="testThis()" >Test this server</button>
+					</td>
+					<td>
+						<button type="submit" id="ok">Save</button>
+					</td>
+				</tr>
+  			</table>
+		</td></tr>
+	</table>
+</form>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/org.eclipse.ua.tests/data/help/jsp/local.html b/org.eclipse.ua.tests/data/help/jsp/local.html
new file mode 100644
index 000000000..49aa0906e
--- /dev/null
+++ b/org.eclipse.ua.tests/data/help/jsp/local.html
@@ -0,0 +1,16 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+
+<html>
+<head>
+	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+	<title>Tests for this help system</title>
+</head>
+
+<body>
+<h1>Tests for this help system</h1>
+
+The tests in this section will test the help system used to display this page. If you wish to test
+a help server which does not have these tests installed that can be done using the tests for remote sites.
+
+</body>
+</html>
\ No newline at end of file
diff --git a/org.eclipse.ua.tests/data/help/jsp/remote.html b/org.eclipse.ua.tests/data/help/jsp/remote.html
new file mode 100644
index 000000000..78d846425
--- /dev/null
+++ b/org.eclipse.ua.tests/data/help/jsp/remote.html
@@ -0,0 +1,18 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+
+<html>
+<head>
+	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+	<title>Tests for Remote Sites</title>
+</head>
+
+<body>
+<h1>Tests for Remote Sites</h1>
+
+These tests allow you to run the security tests on any help server even if that help system does not
+have the tests installed. To test a remote help site first open the page "Setup help path" and enter 
+the path of the remote site. Be sure to hit OK. After that each of the pages will contain links which 
+will test the site whose path you entered.
+
+</body>
+</html>
\ No newline at end of file
diff --git a/org.eclipse.ua.tests/data/help/jsp/server.js b/org.eclipse.ua.tests/data/help/jsp/server.js
new file mode 100644
index 000000000..5b1fd51ce
--- /dev/null
+++ b/org.eclipse.ua.tests/data/help/jsp/server.js
@@ -0,0 +1,45 @@
+
+var defaultName = "http://help.eclipse.org/helios/";
+
+function getHelpPath() {
+    var path = getCookie();
+    if (path !== null) return decodeURIComponent(path);
+    return defaultName;
+}
+
+function showHelpPath() {
+    var pathNode = document.getElementById("path");
+    var pathValue=document.createTextNode("Testing help system: " + getHelpPath() + "index.jsp");
+    pathNode.appendChild(pathValue);
+}
+
+// Patches every anchor in a page
+function patchAnchors() {
+    var doclinks = document.getElementsByTagName("a");
+    for (var i = 0; i < doclinks.length; i++) {
+        var slash = doclinks[i].href.indexOf('/', 8);
+        slash = doclinks[i].href.indexOf('/', slash + 1);
+        doclinks[i].href = getHelpPath() + doclinks[i].href.substring(slash + 1);
+    }
+}
+
+function getCookie() {
+	var nameEquals = "server=";
+	var cookies = document.cookie.split(";");
+	for (var i=0;i<cookies.length;++i) {
+		var cookie = cookies[i];
+		if (cookie.charAt(0) == ' ') {
+			cookie = cookie.substring(1, cookie.length);
+		}
+		if (cookie.indexOf(nameEquals) == 0) {
+			return cookie.substring(nameEquals.length, cookie.length);
+		}
+	}
+	return null;
+}
+
+function setCookie(value) {
+	var date = new Date();
+	date.setTime(date.getTime()+(365*24*60*60*1000));
+	document.cookie = "server=" + value + "; expires=" + date.toGMTString();
+}
\ No newline at end of file
diff --git a/org.eclipse.ua.tests/data/help/jsp/toc.xml b/org.eclipse.ua.tests/data/help/jsp/toc.xml
new file mode 100644
index 000000000..6b8bb1621
--- /dev/null
+++ b/org.eclipse.ua.tests/data/help/jsp/toc.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<toc label="JSP tests" link_to="data/help/toc/root.xml#content" topic="data/help/jsp/remote.html">
+    <topic label="JSP tests">
+    <topic href="data/help/jsp/getlocation.html" label="Setup help path">
+    </topic>
+    <topic href="data/help/jsp/b233466remote.html" label="A - Bug 233466">
+    </topic>
+    <topic href="data/help/jsp/b317055remote.html" label="B - Bug 317055">
+    </topic>
+    <topic href="data/help/jsp/b320547remote.html" label="C - Bug 320547">
+    </topic>
+    <topic href="data/help/jsp/b320548remote.html" label="D - Bug 320548">
+    </topic>
+    <topic href="data/help/jsp/xssremote.html" label="O - other tests">
+    </topic>
+    </topic>
+</toc>
diff --git a/org.eclipse.ua.tests/data/help/jsp/xssremote.html b/org.eclipse.ua.tests/data/help/jsp/xssremote.html
new file mode 100644
index 000000000..117cb42cf
--- /dev/null
+++ b/org.eclipse.ua.tests/data/help/jsp/xssremote.html
@@ -0,0 +1,50 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+
+<html>
+<head>
+	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+	<title>XSS bugs</title>
+	<script language="JavaScript" src="server.js"></script>
+	<script language="JavaScript">
+	    function loadhandler() {
+            showHelpPath();
+            patchAnchors();
+        }
+
+	</script>
+</head>
+
+<body onload = "loadhandler()">
+<h1>Other JSP bugs</h1>
+
+<h3 id="path"></h3>
+
+This bug can be tested on an infocenter or in Workbench mode.
+<br>
+Click on each of the links in turn, if any cause a message dialog or new window or tab to open that is a symptom of an xss bug.
+If you see an warning in the browser that it has modified the site to prevent cross site scripting
+that is also a problem.
+<br>
+<a href = "../../../../../advanced/search.jsp?searchWord=&maxHits=500&workingSet=All%20topics%27/%3E%3Cscript%3Ealert%2842752%29%3C/script%3E" >
+Link X1</a>
+<br>
+<a href = "../../../../../advanced/search.jsp?searchWord=%3E%22%27%3E%3Cscript%3Ealert%283854%29%3C/script%3E&maxHits=%3E%22%27%3E%3Cscript%3Ealert%283854%29%3C/script%3E&workingSet=%3E%22%27%3E%3Cscript%3Ealert%283854%29%3C/script%3E" >
+Link X2</a>
+<br>
+<a href = "../../../../../advanced/workingSet.jsp?operation=add%22/%3E%27;%3C/script%3E%3Cscript%3Ealert%2853827%29%3C/script%3E&workingSet=" >
+Link X3</a>
+<br>
+<a href = "../../../../../basic/searchView.jsp?searchWord=%27/%3E%3Cscript%3Ealert%2851887%29%3C/script%3E&maxHits=500&scopedSearch=true" >
+Link X4</a>
+<br>
+<a href = "../../../../../basic/searchView.jsp?searchWord=%3E%22%27%3E%3Cscript%3Ealert%2850929%29%3C/script%3E&maxHits=%3E%22%27%3E%3Cscript%3Ealert%2850929%29%3C/script%3E&scopedSearch=%3E%22%27%3E%3Cscript%3Ealert%2850929%29%3C/script%3E" >
+Link X5</a>
+<br>
+<a href = "../../../../../advanced/search.jsp?searchWord=&maxHits=500&workingSet=<script>window.open('http://www.eclipse.org/')</script>" >
+Link X6</a>
+<br>
+<a href = "../../../../../index.jsp?'onload='alert(0)">
+Link X7</a>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/org.eclipse.ua.tests/plugin.xml b/org.eclipse.ua.tests/plugin.xml
index 5e0b7780f..3579ac3fb 100644
--- a/org.eclipse.ua.tests/plugin.xml
+++ b/org.eclipse.ua.tests/plugin.xml
@@ -456,6 +456,7 @@
        <toc file="data/help/search/toc3.xml" extradir="data/help/search/extraDir2"/>
        <toc file="data/help/search/toc4.xml" extradir="data/help/search/extraDir3"/>
        <toc file="data/help/index/toc.xml"/>
+       <toc file="data/help/jsp/toc.xml"/>
        <toc file="non_junit/toc.xml"/>
        <tocIcon
              id="org.eclipse.ua.tests.openOnly"