Download
Getting Started
Members
Projects
Community
Marketplace
Events
Planet Eclipse
Newsletter
Videos
Participate
Report a Bug
Forums
Mailing Lists
Wiki
IRC
How to Contribute
Working Groups
Automotive
Internet of Things
LocationTech
Long-Term Support
PolarSys
Science
OpenMDM
More
Community
Marketplace
Events
Planet Eclipse
Newsletter
Videos
Participate
Report a Bug
Forums
Mailing Lists
Wiki
IRC
How to Contribute
Working Groups
Automotive
Internet of Things
LocationTech
Long-Term Support
PolarSys
Science
OpenMDM
Toggle navigation
Bugzilla – Attachment 102517 Details for
Bug 233466
[Webapp][Security] Site redirection vulnerability in Eclipse Help System
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
Terms of Use
|
Copyright Agent
Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read
this important communication.
[patch]
Patch version 2
patch233466A.txt (text/plain), 8.94 KB, created by
Chris Goldthorpe
on 2008-05-28 16:54:15 EDT
(
hide
)
Description:
Patch version 2
Filename:
MIME Type:
Creator:
Chris Goldthorpe
Created:
2008-05-28 16:54:15 EDT
Size:
8.94 KB
patch
obsolete
>### Eclipse Workspace Patch 1.0 >#P org.eclipse.help.webapp >Index: src/org/eclipse/help/internal/webapp/data/LayoutData.java >=================================================================== >RCS file: /cvsroot/eclipse/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/LayoutData.java,v >retrieving revision 1.4 >diff -u -r1.4 LayoutData.java >--- src/org/eclipse/help/internal/webapp/data/LayoutData.java 7 Mar 2008 01:06:11 -0000 1.4 >+++ src/org/eclipse/help/internal/webapp/data/LayoutData.java 28 May 2008 20:46:29 -0000 >@@ -1,5 +1,5 @@ > /******************************************************************************* >- * Copyright (c) 2000, 2007 IBM Corporation and others. >+ * Copyright (c) 2000, 2008 IBM Corporation and others. > * All rights reserved. This program and the accompanying materials > * are made available under the terms of the Eclipse Public License v1.0 > * which accompanies this distribution, and is available at >@@ -70,7 +70,10 @@ > else { > TocData tocData = new TocData(context, request, response); > String topic = tocData.getSelectedTopic(); >- return topic != null ? topic : UrlUtil.getHelpURL(preferences.getHelpHome()); >+ if (topic == null || !UrlUtil.isValidTopicURL(topic)) { >+ return UrlUtil.getHelpURL(preferences.getHelpHome()); >+ } >+ return topic; > } > } > >Index: src/org/eclipse/help/internal/webapp/data/UrlUtil.java >=================================================================== >RCS file: /cvsroot/eclipse/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/UrlUtil.java,v >retrieving revision 1.8 >diff -u -r1.8 UrlUtil.java >--- src/org/eclipse/help/internal/webapp/data/UrlUtil.java 21 May 2008 21:34:33 -0000 1.8 >+++ src/org/eclipse/help/internal/webapp/data/UrlUtil.java 28 May 2008 20:46:29 -0000 >@@ -142,6 +142,21 @@ > } > > /** >+ * Tests to see if this path is permitted in the topic parameter passed in a help URL >+ * @param path the path passed as a ?topic parameter. May not be null. >+ * @return true unless topic parameters are restricted and the path has a protocol specified >+ */ >+ public static boolean isValidTopicURL(String path) { >+ if (BaseHelpSystem.getMode() == BaseHelpSystem.MODE_INFOCENTER >+ && new WebappPreferences().isRestrictTopicParameter()) { >+ if (path.indexOf("://") >= 0) { //$NON-NLS-1$ >+ return false; >+ } >+ } >+ return true; >+ } >+ >+ /** > * Returns a path to the given topic in the form of child indexes. For > * example, if the path points to the 3rd subtopic under the 2nd topic of > * the 4th toc, it will return { 3, 1, 2 }. >Index: src/org/eclipse/help/internal/webapp/data/WebappPreferences.java >=================================================================== >RCS file: /cvsroot/eclipse/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/WebappPreferences.java,v >retrieving revision 1.6 >diff -u -r1.6 WebappPreferences.java >--- src/org/eclipse/help/internal/webapp/data/WebappPreferences.java 19 Nov 2007 22:34:46 -0000 1.6 >+++ src/org/eclipse/help/internal/webapp/data/WebappPreferences.java 28 May 2008 20:46:29 -0000 >@@ -1,5 +1,5 @@ > /******************************************************************************* >- * Copyright (c) 2000, 2007 IBM Corporation and others. >+ * Copyright (c) 2000, 2008 IBM Corporation and others. > * All rights reserved. This program and the accompanying materials > * are made available under the terms of the Eclipse Public License v1.0 > * which accompanies this distribution, and is available at >@@ -128,4 +128,8 @@ > prefs.setValue("default_highlight", highlight); //$NON-NLS-1$ > } > >+ public boolean isRestrictTopicParameter() { >+ return prefs.getBoolean("restrictTopicParameter"); //$NON-NLS-1$ >+ } >+ > } >#P org.eclipse.help.base >Index: preferences.ini >=================================================================== >RCS file: /cvsroot/eclipse/org.eclipse.help.base/preferences.ini,v >retrieving revision 1.34 >diff -u -r1.34 preferences.ini >--- preferences.ini 28 Apr 2008 21:07:54 -0000 1.34 >+++ preferences.ini 28 May 2008 20:46:30 -0000 >@@ -171,4 +171,11 @@ > indexButton=true > indexPlusMinus=true > indexExpandAll=false >-highlight-on=true >\ No newline at end of file >+highlight-on=true >+ >+######################### >+# Infocenter Security >+######################### >+# Increases security by preventing urls referencing external sites from being passed >+# in as the topic parameter. >+restrictTopicParameter=true >\ No newline at end of file >#P org.eclipse.ua.tests >Index: help/org/eclipse/ua/tests/help/webapp/AllWebappTests.java >=================================================================== >RCS file: /cvsroot/eclipse/org.eclipse.ua.tests/help/org/eclipse/ua/tests/help/webapp/AllWebappTests.java,v >retrieving revision 1.5 >diff -u -r1.5 AllWebappTests.java >--- help/org/eclipse/ua/tests/help/webapp/AllWebappTests.java 24 Mar 2008 21:42:05 -0000 1.5 >+++ help/org/eclipse/ua/tests/help/webapp/AllWebappTests.java 28 May 2008 20:46:31 -0000 >@@ -30,6 +30,7 @@ > suite.addTestSuite(FilterTest.class); > suite.addTestSuite(UrlUtilsTests.class); > suite.addTestSuite(LocaleTest.class); >+ suite.addTestSuite(RestrictedTopicParameter.class); > //$JUnit-END$ > return suite; > } >Index: help/org/eclipse/ua/tests/help/webapp/RestrictedTopicParameter.java >=================================================================== >RCS file: help/org/eclipse/ua/tests/help/webapp/RestrictedTopicParameter.java >diff -N help/org/eclipse/ua/tests/help/webapp/RestrictedTopicParameter.java >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ help/org/eclipse/ua/tests/help/webapp/RestrictedTopicParameter.java 1 Jan 1970 00:00:00 -0000 >@@ -0,0 +1,82 @@ >+/******************************************************************************* >+ * Copyright (c) 2008 IBM Corporation and others. >+ * All rights reserved. This program and the accompanying materials >+ * are made available under the terms of the Eclipse Public License v1.0 >+ * which accompanies this distribution, and is available at >+ * http://www.eclipse.org/legal/epl-v10.html >+ * >+ * Contributors: >+ * IBM Corporation - initial API and implementation >+ *******************************************************************************/ >+ >+package org.eclipse.ua.tests.help.webapp; >+ >+import org.eclipse.help.internal.base.BaseHelpSystem; >+import org.eclipse.help.internal.base.HelpBasePlugin; >+import org.eclipse.help.internal.webapp.data.UrlUtil; >+ >+import junit.framework.TestCase; >+ >+/** >+ * Test for function which determines whether a topic path can be passed to the content frame >+ */ >+ >+public class RestrictedTopicParameter extends TestCase { >+ >+ private static final String RESTRICT_TOPIC = "restrictTopicParameter"; >+ private boolean restrictTopic; >+ private int helpMode; >+ >+ protected void setUp() throws Exception { >+ restrictTopic = HelpBasePlugin.getDefault().getPluginPreferences().getBoolean(RESTRICT_TOPIC); >+ helpMode = BaseHelpSystem.getMode(); >+ } >+ >+ protected void tearDown() throws Exception { >+ setRestrictTopic(restrictTopic); >+ BaseHelpSystem.setMode(helpMode); >+ } >+ >+ private void setRestrictTopic(boolean isRestrict) { >+ HelpBasePlugin.getDefault().getPluginPreferences().setValue(RESTRICT_TOPIC, isRestrict); >+ } >+ >+ public void testWorkbenchMode() { >+ BaseHelpSystem.setMode(BaseHelpSystem.MODE_WORKBENCH); >+ setRestrictTopic(true); >+ assertTrue(UrlUtil.isValidTopicURL("http://www.eclipse.org")); >+ assertTrue(UrlUtil.isValidTopicURL("https://www.eclipse.org")); >+ setRestrictTopic(false); >+ assertTrue(UrlUtil.isValidTopicURL("http://www.eclipse.org")); >+ assertTrue(UrlUtil.isValidTopicURL("https://www.eclipse.org")); >+ } >+ >+ public void testStandaloneMode() { >+ BaseHelpSystem.setMode(BaseHelpSystem.MODE_STANDALONE); >+ setRestrictTopic(true); >+ assertTrue(UrlUtil.isValidTopicURL("http://www.eclipse.org")); >+ assertTrue(UrlUtil.isValidTopicURL("https://www.eclipse.org")); >+ setRestrictTopic(false); >+ assertTrue(UrlUtil.isValidTopicURL("http://www.eclipse.org")); >+ assertTrue(UrlUtil.isValidTopicURL("https://www.eclipse.org")); >+ } >+ >+ public void testInfocenterUnrestricted() { >+ BaseHelpSystem.setMode(BaseHelpSystem.MODE_INFOCENTER); >+ setRestrictTopic(false); >+ assertTrue(UrlUtil.isValidTopicURL("http://www.eclipse.org")); >+ assertTrue(UrlUtil.isValidTopicURL("https://www.eclipse.org")); >+ assertTrue(UrlUtil.isValidTopicURL("org.eclipse.platform.doc.user/reference/ref-43.htm")); >+ } >+ >+ public void testInfocenterResestricted() { >+ BaseHelpSystem.setMode(BaseHelpSystem.MODE_INFOCENTER); >+ setRestrictTopic(true); >+ assertFalse(UrlUtil.isValidTopicURL("http://www.eclipse.org")); >+ assertFalse(UrlUtil.isValidTopicURL("https://www.eclipse.org")); >+ assertFalse(UrlUtil.isValidTopicURL("HTTP://www.eclipse.org")); >+ assertFalse(UrlUtil.isValidTopicURL("file://somepath.html")); >+ assertTrue(UrlUtil.isValidTopicURL("org.eclipse.platform.doc.user/reference/ref-43.htm")); >+ } >+ >+}
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 233466
:
102421
| 102517