echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

filter logging

Browse Source
This commit is contained in:
zzz
2014-07-26 12:18:35 +00:00
parent 4746d9eb80
commit f0dd09cf9c
2 changed files with 16 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
apps/jetty/java/src/net/i2p/servlet/filters/XSSRequestWrapper.java
View File

@ -7,6 +7,9 @@ import javax.servlet.http.HttpServletRequestWrapper;
//import org.owasp.esapi.ESAPI; //import org.owasp.esapi.ESAPI;
import net.i2p.I2PAppContext;
import net.i2p.util.Log;
public class XSSRequestWrapper extends HttpServletRequestWrapper { public class XSSRequestWrapper extends HttpServletRequestWrapper {
// Adapted from https://owasp-esapi-java.googlecode.com/svn/trunk/configuration/esapi/ESAPI.properties // Adapted from https://owasp-esapi-java.googlecode.com/svn/trunk/configuration/esapi/ESAPI.properties
private static Pattern parameterValuePattern = Pattern.compile("^[a-zA-Z0-9.,:\\-\\/+=@_ \r\n]*$"); private static Pattern parameterValuePattern = Pattern.compile("^[a-zA-Z0-9.,:\\-\\/+=@_ \r\n]*$");
@ -36,14 +39,23 @@ public class XSSRequestWrapper extends HttpServletRequestWrapper {
@Override @Override
public String getParameter(String parameter) { public String getParameter(String parameter) {
String value = super.getParameter(parameter); String value = super.getParameter(parameter);
String rv = stripXSS(value, parameterValuePattern);
return stripXSS(value, parameterValuePattern); if (value != null && rv == null) {
Log log = I2PAppContext.getGlobalContext().logManager().getLog(XSSRequestWrapper.class);
log.logAlways(Log.WARN, "URL \"" + getServletPath() + "\" Stripped param \"" + parameter + "\" : \"" + value + '"');
}
return rv;
} }
@Override @Override
public String getHeader(String name) { public String getHeader(String name) {
String value = super.getHeader(name); String value = super.getHeader(name);
return stripXSS(value, headerValuePattern); String rv = stripXSS(value, headerValuePattern);
if (value != null && rv == null) {
Log log = I2PAppContext.getGlobalContext().logManager().getLog(XSSRequestWrapper.class);
log.logAlways(Log.WARN, "URL \"" + getServletPath() + "\" Stripped header \"" + name + "\" : \"" + value + '"');
}
return rv;
} }
private String stripXSS(String value, Pattern whitelistPattern) { private String stripXSS(String value, Pattern whitelistPattern) {

2
router/java/src/net/i2p/router/RouterVersion.java
View File

@ -18,7 +18,7 @@ public class RouterVersion {
/** deprecated */ /** deprecated */
public final static String ID = "Monotone"; public final static String ID = "Monotone";
public final static String VERSION = CoreVersion.VERSION; public final static String VERSION = CoreVersion.VERSION;
public final static long BUILD = 21; public final static long BUILD = 22;
/** for example "-test" */ /** for example "-test" */
public final static String EXTRA = "-rc"; public final static String EXTRA = "-rc";