This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch 3.3.x-fixes in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 576b9b55ff80b118bc16c33df755ae518ba5f13e Author: Colm O hEigeartaigh <[email protected]> AuthorDate: Fri Dec 18 06:58:23 2020 +0000 Fixing issue with multiple forward slashes in services listing stylesheetPath (cherry picked from commit 1cf50e500c9f0d2ccbfc16f2a6b49de1bd9e7445) --- .../servicelist/FormattedServiceListWriter.java | 2 + .../FormattedServiceListWriterTest.java | 65 ++++++++++++++++++++++ 2 files changed, 67 insertions(+) diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/FormattedServiceListWriter.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/FormattedServiceListWriter.java index 9cc2cb4..1084ce2 100644 --- a/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/FormattedServiceListWriter.java +++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/FormattedServiceListWriter.java @@ -43,6 +43,8 @@ public class FormattedServiceListWriter implements ServiceListWriter { boolean showForeignContexts, Bus bus) { this.styleSheetPath = StringEscapeUtils.escapeHtml4(styleSheetPath); + // Strip multiple forward slashes from the start of the styleSheePath to prevent CSS injection attacks + this.styleSheetPath = this.styleSheetPath.replaceFirst("(/)+", "/"); this.title = title; this.showForeignContexts = showForeignContexts; this.bus = bus; diff --git a/rt/transports/http/src/test/java/org/apache/cxf/transport/servlet/servicelist/FormattedServiceListWriterTest.java b/rt/transports/http/src/test/java/org/apache/cxf/transport/servlet/servicelist/FormattedServiceListWriterTest.java new file mode 100644 index 0000000..1f9b7f2 --- /dev/null +++ b/rt/transports/http/src/test/java/org/apache/cxf/transport/servlet/servicelist/FormattedServiceListWriterTest.java @@ -0,0 +1,65 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.transport.servlet.servicelist; + +import java.io.PrintWriter; +import java.io.StringWriter; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.transport.AbstractDestination; + +import org.junit.Test; + +import static org.junit.Assert.assertTrue; + +public class FormattedServiceListWriterTest { + + @Test + public void testWriteServiceList() throws Exception { + Bus bus = BusFactory.getDefaultBus(true); + String styleSheetPath = "/app/services/?stylesheet=1"; + FormattedServiceListWriter writer = + new FormattedServiceListWriter(styleSheetPath, + "CXF services", false, bus); + + StringWriter sw = new StringWriter(); + writer.writeServiceList(new PrintWriter(sw), "/path", new AbstractDestination[0], new AbstractDestination[0]); + + assertTrue(sw.toString().contains("href=\"" + styleSheetPath + "\"")); + bus.shutdown(false); + } + + @Test + public void testStripMultipleForwardSlashes() throws Exception { + Bus bus = BusFactory.getDefaultBus(true); + String styleSheetPath = "////app/services/?stylesheet=1"; + FormattedServiceListWriter writer = + new FormattedServiceListWriter(styleSheetPath, + "CXF services", false, bus); + + StringWriter sw = new StringWriter(); + writer.writeServiceList(new PrintWriter(sw), "/path", new AbstractDestination[0], new AbstractDestination[0]); + + String desiredStyleSheetPath = "/app/services/?stylesheet=1"; + assertTrue(sw.toString().contains("href=\"" + desiredStyleSheetPath + "\"")); + bus.shutdown(false); + } + +}
