Skip to content

Commit

Permalink
#2116 XSS Vulnerabilities in 2.8:
Browse files Browse the repository at this point in the history
- Fixed reports;
- Added dwr converters: XssDataPointBeanConverter, XssDataPointVoConverter;
- Refactor points context in Meta Data Sources, Scripts, Reports, created functions: ScriptPointsContext, ReportPointsContext
  • Loading branch information
Limraj committed Nov 14, 2024
1 parent 5e8686d commit 6a0ead1
Show file tree
Hide file tree
Showing 13 changed files with 471 additions and 369 deletions.
7 changes: 6 additions & 1 deletion WebContent/WEB-INF/dwr.xml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@
<init>
<converter id="localizableMessage" class="com.serotonin.web.dwr.LocalizableMessageConverter"/>
<converter id="protocolVersionConverter" class="com.serotonin.mango.web.dwr.ProtocolVersionConverter"/>
<converter id="xssDataPointVoConverter" class="com.serotonin.mango.web.dwr.XssDataPointVoConverter"/>
<converter id="xssDataPointBeanConverter" class="com.serotonin.mango.web.dwr.XssDataPointBeanConverter"/>
</init>

<allow>
Expand Down Expand Up @@ -153,9 +155,12 @@
<convert converter="bean" match="com.serotonin.mango.vo.publish.pachube.*"/>
<convert converter="bean" match="com.serotonin.mango.vo.publish.persistent.*"/>
<convert converter="bean" match="com.serotonin.mango.vo.report.*"/>
<convert converter="bean" match="com.serotonin.mango.vo.DataPointVO">
<convert converter="xssDataPointVoConverter" match="com.serotonin.mango.vo.DataPointVO">
<param name="include" value="id,xid,name,extendedName,dataSourceId,enabled,dataTypeMessage,pointLocator"/>
</convert>
<convert converter="xssDataPointBeanConverter" match="com.serotonin.mango.web.dwr.beans.DataPointBean">
<param name="include" value="id,xid,name,settable,dataType,dataTypeMessage,chartColour"/>
</convert>
<convert converter="bean" match="com.serotonin.mango.vo.User">
<param name="include" value="id,username,email,phone,admin,disabled,receiveAlarmEmails,receiveOwnAuditEvents,dataSourcePermissions,dataPointPermissions,userProfile,homeUrl,hideMenu,theme,firstName,lastName,enableFullScreen,hideShortcutDisableFullScreen"/>
</convert>
Expand Down
1 change: 0 additions & 1 deletion WebContent/WEB-INF/jsp/dataSourceEdit.jsp
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,6 @@
if (currentPoint)
stopImageFader("editImg"+ currentPoint.id);
escapePoints(points);
dwr.util.removeAllRows("pointsList");
dwr.util.addRows("pointsList", points, pointListColumnFunctions, pointListOptions);
}
Expand Down
114 changes: 6 additions & 108 deletions WebContent/WEB-INF/jsp/dataSourceEdit/editMeta.jsp
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@

<script type="text/javascript">
var pointsArray = new Array();
var contextArray = new Array();
var scriptPointsContext;
function initImpl() {
<c:forEach items="${userPoints}" var="dp">
Expand Down Expand Up @@ -68,10 +68,7 @@
}
function editPointCBImpl(locator) {
contextArray.length = 0;
for (var i=0; i<locator.context.length; i++)
addToContextArray(locator.context[i].key, locator.context[i].value);
writeContextArray();
this.scriptPointsContext = new ScriptPointsContext(locator.context, pointsArray);
$set("script", locator.script);
$set("dataTypeId", locator.dataTypeId);
Expand All @@ -86,7 +83,7 @@
}
function savePointImpl(locator) {
locator.context = createContextArray();
locator.context = this.scriptPointsContext.convertToSave();
locator.script = $get("script");
locator.dataTypeId = $get("dataTypeId");
locator.settable = $get("settable");
Expand All @@ -97,109 +94,10 @@
DataSourceEditDwr.saveMetaPointLocator(currentPoint.id, $get("xid"), $get("name"), locator, savePointCB);
}
function addPointToContext() {
var pointId = $get("allPointsList");
addToContextArray(pointId, "p"+ pointId);
writeContextArray();
}
function addToContextArray(pointId, scriptVarName) {
var data = getElement(pointsArray, pointId);
if (data) {
// Missing names imply that the point was deleted, so ignore.
contextArray[contextArray.length] = {
pointId : pointId,
pointName : data.name,
xid : data.xid,
pointType : data.type,
scriptVarName : scriptVarName
};
}
}
function removeFromContextArray(pointId) {
for (var i=contextArray.length-1; i>=0; i--) {
if (contextArray[i].pointId == pointId)
contextArray.splice(i, 1);
}
writeContextArray();
}
function writeContextArray() {
dwr.util.removeAllRows("contextTable");
if (contextArray.length == 0) {
show($("contextTableEmpty"));
hide($("contextTableHeaders"));
}
else {
hide($("contextTableEmpty"));
show($("contextTableHeaders"));
dwr.util.addRows("contextTable", contextArray,
[
function(data) { return "<span>" + data.pointName + "</span>" },
function(data) { return "<span>" + data.xid + "</span>"; },
function(data) { return data.pointType; },
function(data) {
return "<input type='text' value='"+ escapeHtml(data.scriptVarName) +"' class='formShort' "+
"onblur='updateScriptVarName("+ data.pointId +", this.value)'/>";
},
function(data) {
return "<img src='images/bullet_delete.png' class='ptr' "+
"onclick='removeFromContextArray("+ data.pointId +")'/>";
}
],
{
rowCreator:function(options) {
var tr = document.createElement("tr");
tr.className = "smRow"+ (options.rowIndex % 2 == 0 ? "" : "Alt");
return tr;
}
});
}
updatePointsList();
}
function updatePointsList() {
dwr.util.removeAllOptions("allPointsList");
var availPoints = new Array();
for (var i=0; i<pointsArray.length; i++) {
var found = false;
for (var j=0; j<contextArray.length; j++) {
if (contextArray[j].pointId == pointsArray[i].id) {
found = true;
break;
}
}
if (!found) {
availPoints[availPoints.length] = pointsArray[i];
}
}
dwr.util.addOptions("allPointsList", availPoints, "id", "name");
jQuery("#allPointsList").trigger('chosen:updated');
}
function updateScriptVarName(pointId, scriptVarName) {
for (var i=contextArray.length-1; i>=0; i--) {
if (contextArray[i].pointId == pointId)
contextArray[i].scriptVarName = scriptVarName;
}
}
function validateScript() {
hideContextualMessages("pointProperties");
DataSourceEditDwr.validateScript($get("script"), createContextArray(), $get("dataTypeId"), validateScriptCB);
}
function createContextArray() {
var context = new Array();
for (var i=0; i<contextArray.length; i++) {
context[context.length] = {
key : contextArray[i].pointId,
value : contextArray[i].scriptVarName
};
}
return context;
DataSourceEditDwr.validateScript($get("script"), this.scriptPointsContext.convertToSave(), $get("dataTypeId"), validateScriptCB);
}
function validateScriptCB(response) {
Expand Down Expand Up @@ -242,7 +140,7 @@
<td class="formLabelRequired"><spring:message code="dsEdit.meta.scriptContext"/></td>
<td class="formField">
<select id="allPointsList"></select>
<tag:img png="add" onclick="addPointToContext();" title="common.add"/>
<tag:img png="add" onclick="scriptPointsContext.addPointToContext();" title="common.add"/>

<table cellspacing="1" id="contextContainer">
<tbody id="contextTableEmpty" style="display:none;">
Expand Down
Loading

0 comments on commit 6a0ead1

Please sign in to comment.