Mercurial > hg > release > icedtea-web-1.6

changeset 1249:0fabdba696d8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
application-library-allowable-codebase dialog made available for unsigned apps
author Jiri Vanek <jvanek@redhat.com>
date Mon, 07 Sep 2015 17:35:05 +0200
parents bf0ba14741fb
children 1edbea84a8b6
files ChangeLog netx/net/sourceforge/jnlp/resources/Messages.properties netx/net/sourceforge/jnlp/resources/Messages_cs.properties netx/net/sourceforge/jnlp/resources/Messages_de.properties netx/net/sourceforge/jnlp/resources/Messages_pl.properties netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java tests/netx/unit/net/sourceforge/jnlp/runtime/ManifestAttributesCheckerTest.java
diffstat 7 files changed, 139 insertions(+), 23 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Tue Sep 01 10:15:51 2015 -0400
+++ b/ChangeLog	Mon Sep 07 17:35:05 2015 +0200
@@ -1,3 +1,22 @@
+2015-09-01  Jiri Vanek  <jvanek@redhat.com>
+
+	application-library-allowable-codebase dialog made available for unsigned apps
+	* netx/net/sourceforge/jnlp/resources/Messages.properties: (ALACAMissingMainTitle)
+	added warning about possible consequences of  resources out of docbase.
+	(ALACAMatchingMainTitle) the red higlights changed to green and added calming
+	words about it.
+	* netx/net/sourceforge/jnlp/resources/Messages_cs.properties: same
+	* netx/net/sourceforge/jnlp/resources/Messages_de.properties: same
+	* netx/net/sourceforge/jnlp/resources/Messages_pl.properties: adapted to red
+	to green recoloring
+	* netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java:
+	(checkApplicationLibraryAllowableCodebaseAttribute) removed  return for in case
+	of unsigned app. Fixed check for all matching resources against codebase and docbase
+	If app is unsigned, then value in manifest is ignored. Missing alaca required
+	also in low security mode
+	* tests/netx/unit/net/sourceforge/jnlp/runtime/ManifestAttributesCheckerTest.java:
+	new file to test stripDocbase.
+
 2015-09-01  Andrew Azores  <aazores@redhat.com>
 
 	Add -defaultfile switch to PolicyEditor
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties	Tue Sep 01 10:15:51 2015 -0400
+++ b/netx/net/sourceforge/jnlp/resources/Messages.properties	Mon Sep 07 17:35:05 2015 +0200
@@ -80,7 +80,7 @@
 ALACAMissingMainTitle=The application <span color=''red''> {0} </span> \
 from <span color=''red''> {1} </span> uses resources from the following remote locations: \
 {2} \
-Are you sure you want to run this application?
+Be very careful when application is loading from different space then you expect. Are you sure you want to run this application?
 ALACAMissingInfo=For more information see:<br/>\
 <a href="http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#app_library"> \
 JAR File Manifest Attributes</a> <br/> \
@@ -88,9 +88,9 @@
 Preventing the Repurposing of an Application</a>
 
 # matching Application-Library-Allowable-Codebase dialogue
-ALACAMatchingMainTitle=The application <span color=''red''> {0} </span> \
-from <span color=''red''> {1} </span> uses resources from the following remote locations:<br/>{2} <br/> \
-Are you sure you want to run this application?
+ALACAMatchingMainTitle=The application <span color=''green''> {0} </span> \
+from <span color=''green''> {1} </span> uses resources from the following remote locations:<br/>{2} <br/> \
+They looks ok. Are you sure you want to run this application?
 ALACAMatchingInfo=For more information you can visit:<br/>\
 <a href="http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#app_library"> \
 JAR File Manifest Attributes</a> <br/> \
--- a/netx/net/sourceforge/jnlp/resources/Messages_cs.properties	Tue Sep 01 10:15:51 2015 -0400
+++ b/netx/net/sourceforge/jnlp/resources/Messages_cs.properties	Mon Sep 07 17:35:05 2015 +0200
@@ -71,11 +71,11 @@
 MissingPermissionsInfo=Chcete-li z\u00edskat v\u00edce informac\u00ed, nav\u0161tivte n\u00e1sleduj\u00edc\u00ed weby:<br/><a href="http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#permissions"> JAR File Manifest Attributes</a> <br/> a <br/> <a href="http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/no_redeploy.html"> Preventing the repurposing of Applications</a>.
 
 # missing Application-Library-Allowable-Codebase dialogue
-ALACAMissingMainTitle=Aplikace <span color="red"> {0} </span> z <span color="red"> {1} </span> pou\u017e\u00edv\u00e1 zdroje z n\u00e1sleduj\u00edc\u00edch vzd\u00e1len\u00fdch um\u00edst\u011bn\u00ed:{2}. Ur\u010dit\u011b chcete spustit tuto aplikaci?
+ALACAMissingMainTitle=Aplikace <span color="red"> {0} </span> z <span color="red"> {1} </span> pou\u017e\u00edv\u00e1 zdroje z n\u00e1sleduj\u00edc\u00edch vzd\u00e1len\u00fdch um\u00edst\u011bn\u00ed:{2}. Bu\u010fte velmi opatrn\u00ed pokud jde o k\u00f3d z neo\u010dek\u00e1van destinace. Ur\u010dit\u011b chcete spustit tuto aplikaci?
 ALACAMissingInfo=Chcete-li z\u00edskat v\u00edce informac\u00ed, nav\u0161tivte n\u00e1sleduj\u00edc\u00ed weby:<br/><a href="http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#app_library"> JAR File Manifest Attributes</a> <br/> a <br/> <a href="http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/no_redeploy.html"> Preventing the Repurposing of an Applications</a>.
 
 # matching Application-Library-Allowable-Codebase dialogue
-ALACAMatchingMainTitle=Aplikace <span color="red"> {0} </span> z <span color="red"> {1} </span> pou\u017e\u00edv\u00e1 zdroje z n\u00e1sleduj\u00edc\u00edch vzd\u00e1len\u00fdch um\u00edst\u011bn\u00ed:<br/>{2}.<br/> Ur\u010dit\u011b chcete spustit tuto aplikaci?
+ALACAMatchingMainTitle=Aplikace <span color="green"> {0} </span> z <span color="green"> {1} </span> pou\u017e\u00edv\u00e1 zdroje z n\u00e1sleduj\u00edc\u00edch vzd\u00e1len\u00fdch um\u00edst\u011bn\u00ed:<br/>{2}.<br/> Zdroje se zdaj\u00ed v po\u0159\u00e1dku. Chcete spustit tuto aplikaci?
 ALACAMatchingInfo=Chcete-li z\u00edskat v\u00edce informac\u00ed, nav\u0161tivte n\u00e1sleduj\u00edc\u00ed weby:<br/><a href="http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#app_library"> JAR File Manifest Attributes</a> <br/> a <br/> <a href="http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/no_redeploy.html"> Preventing the repurposing of Applications</a>
 
 MACDisabledMessage=Kontroly atribut\u016f v manifestu jsou vypnut\u00e9.
--- a/netx/net/sourceforge/jnlp/resources/Messages_de.properties	Tue Sep 01 10:15:51 2015 -0400
+++ b/netx/net/sourceforge/jnlp/resources/Messages_de.properties	Mon Sep 07 17:35:05 2015 +0200
@@ -75,10 +75,10 @@
 Preventing the Repurposing of an Application</a>
 
 # matching Application-Library-Allowable-Codebase dialogue
-ALACAMatchingMainTitle=Die Anwendung \u201e<span color=\"red\">{0}</span>\u201c \
-mit der Codebasis \u201e<span color="red">{1}</span>\u201c l\u00e4dt die folgenden Ressourcen von einer fremden Dom\u00e4ne:<br/>\
+ALACAMatchingMainTitle=Die Anwendung \u201e<span color=\"green\">{0}</span>\u201c \
+mit der Codebasis \u201e<span color="green">{1}</span>\u201c l\u00e4dt die folgenden Ressourcen von einer fremden Dom\u00e4ne:<br/>\
 {2}<br/>\
-Soll diese Anwendung wirklich ausgef\u00fchrt werden?
+Es ist richtig. Soll diese Anwendung wirklich ausgef\u00fchrt werden?
 ALACAMatchingInfo=Um weitere Informationen zu erhalten siehe:<br/>\
 <a href="http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#app_library">\
 JAR File Manifest Attributes</a><br/>\
--- a/netx/net/sourceforge/jnlp/resources/Messages_pl.properties	Tue Sep 01 10:15:51 2015 -0400
+++ b/netx/net/sourceforge/jnlp/resources/Messages_pl.properties	Mon Sep 07 17:35:05 2015 +0200
@@ -74,8 +74,8 @@
 Preventing the Repurposing of an Application</a>
 
 # matching Application-Library-Allowable-Codebase dialogue
-ALACAMatchingMainTitle=Aplikacja \u201e<span color="red">{0}</span>\u201d \
-z \u201e<span color="red">{1}</span>\u201d pobiera zasoby z nast\u0119puj\u0105cych obcych lokalizacji:<br/>\
+ALACAMatchingMainTitle=Aplikacja \u201e<span color="green">{0}</span>\u201d \
+z \u201e<span color="green">{1}</span>\u201d pobiera zasoby z nast\u0119puj\u0105cych obcych lokalizacji:<br/>\
 {2}<br/>\
 Czy na pewno chcesz uruchomi\u0107 t\u0105 aplikacj\u0119?
 ALACAMatchingInfo=Wi\u0119cej informacji uzyskasz na:<br/>\
--- a/netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java	Tue Sep 01 10:15:51 2015 -0400
+++ b/netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java	Mon Sep 07 17:35:05 2015 +0200
@@ -36,6 +36,7 @@
  */
 package net.sourceforge.jnlp.runtime;
 
+import java.net.MalformedURLException;
 import java.net.URL;
 import java.util.ArrayList;
 import java.util.HashSet;
@@ -332,9 +333,6 @@
     }
 
     private void checkApplicationLibraryAllowableCodebaseAttribute() throws LaunchException {
-        if (signing == SigningState.NONE) {
-            return; /*when app is not signed at all, then skip this check*/
-        }
         //conditions
         URL codebase = file.getCodeBase();
         URL documentBase = null;
@@ -386,18 +384,30 @@
             return;
         }
 
-        if (usedUrls.size() == 1) {
-            if (UrlUtils.equalsIgnoreLastSlash(usedUrls.toArray(new URL[0])[0], codebase)
-                    && UrlUtils.equalsIgnoreLastSlash(usedUrls.toArray(new URL[0])[0], documentBase)) {
-                //all resoources are from codebase or document base. it is ok to proceeed.
-                OutputController.getLogger().log("All applications resources (" + usedUrls.toArray(new URL[0])[0] + ") are from codebas/documentbase " + codebase + "/" + documentBase + ", skipping Application-Library-Allowable-Codebase Attribute check.");
-                return;
+        boolean allOk = true;
+        for (URL u : usedUrls) {
+            if (UrlUtils.equalsIgnoreLastSlash(u, codebase)
+                    && UrlUtils.equalsIgnoreLastSlash(u, stripDocbase(documentBase))) {
+                OutputController.getLogger().log("OK - "+u.toExternalForm()+" is from codebase/docbase.");
+            } else {
+                allOk = false;
+                OutputController.getLogger().log("Warning! "+u.toExternalForm()+" is NOT from codebase/docbase.");
             }
         }
-
-        ClasspathMatchers att = file.getManifestsAttributes().getApplicationLibraryAllowableCodebase();
+        if (allOk) {
+            //all resoources are from codebase or document base. it is ok to proceeed.
+            OutputController.getLogger().log("All applications resources (" + usedUrls.toArray(new URL[0])[0] + ") are from codebas/documentbase " + codebase + "/" + documentBase + ", skipping Application-Library-Allowable-Codebase Attribute check.");
+            return;
+        }
+        
+        ClasspathMatchers att = null;
+        if (signing == SigningState.NONE) {
+            //for unsigned app we are ignoring value in manifesdt (may be faked)
+        } else {
+            att = file.getManifestsAttributes().getApplicationLibraryAllowableCodebase();
+        }
         if (att == null) {
-            final boolean userApproved = isLowSecurity() || SecurityDialogs.showMissingALACAttributePanel(file.getTitle(), documentBase, usedUrls);
+            final boolean userApproved = SecurityDialogs.showMissingALACAttributePanel(file.getTitle(), documentBase, usedUrls);
             if (!userApproved) {
                 throw new LaunchException("The application uses non-codebase resources, has no Application-Library-Allowable-Codebase Attribute, and was blocked from running by the user");
             } else {
@@ -420,4 +430,26 @@
             OutputController.getLogger().log("The application uses non-codebase resources, which do match its Application-Library-Allowable-Codebase Attribute, and was allowed to run by the user or user's security settings.");
         }
     }
+    
+    //package private for testing
+    //not perfect but ok for usecase
+    static URL stripDocbase(URL documentBase) {
+        String s = documentBase.toExternalForm();
+        if (s.endsWith("/") || s.endsWith("\\")) {
+            return documentBase;
+        }
+        int i1 = s.lastIndexOf("/");
+        int i2 = s.lastIndexOf("\\");
+        int i = Math.max(i1, i2);
+        if (i <= 8 || i >= s.length()) {
+            return documentBase;
+        }
+        s = s.substring(0, i+1);
+        try {
+            documentBase = new URL(s);
+        } catch (MalformedURLException ex) {
+            OutputController.getLogger().log(ex);
+        }
+        return documentBase;
+    }
 }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/netx/unit/net/sourceforge/jnlp/runtime/ManifestAttributesCheckerTest.java	Mon Sep 07 17:35:05 2015 +0200
@@ -0,0 +1,65 @@
+/* 
+ Copyright (C) 2013 Red Hat, Inc.
+
+ This file is part of IcedTea.
+
+ IcedTea is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, version 2.
+
+ IcedTea is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with IcedTea; see the file COPYING.  If not, write to
+ the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ 02110-1301 USA.
+
+ Linking this library statically or dynamically with other modules is
+ making a combined work based on this library.  Thus, the terms and
+ conditions of the GNU General Public License cover the whole
+ combination.
+
+ As a special exception, the copyright holders of this library give you
+ permission to link this library with independent modules to produce an
+ executable, regardless of the license terms of these independent
+ modules, and to copy and distribute the resulting executable under
+ terms of your choice, provided that you also meet, for each linked
+ independent module, the terms and conditions of the license of that
+ module.  An independent module is a module which is not derived from
+ or based on this library.  If you modify this library, you may extend
+ this exception to your version of the library, but you are not
+ obligated to do so.  If you do not wish to do so, delete this
+ exception statement from your version.
+ */
+package net.sourceforge.jnlp.runtime;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class ManifestAttributesCheckerTest {
+
+    @Test
+    public void stripDocbaseTest() throws Exception {
+        tryTest("http://aaa.bb/ccc/file.html", "http://aaa.bb/ccc/");
+        tryTest("http://aaa.bb/ccc/file.html/", "http://aaa.bb/ccc/file.html/");
+        tryTest("http://aaa.bb/ccc/dir/", "http://aaa.bb/ccc/dir/");
+        tryTest("http://aaa.bb/ccc/dir", "http://aaa.bb/ccc/");
+        tryTest("http://aaa.bb/ccc/", "http://aaa.bb/ccc/");
+        tryTest("http://aaa.bb/ccc", "http://aaa.bb/");
+        tryTest("http://aaa.bb/", "http://aaa.bb/");
+        tryTest("http://aaa.bb", "http://aaa.bb");
+    }
+
+    private static void tryTest(String src, String expected) throws MalformedURLException {
+        URL s = new URL(src);
+        URL q = ManifestAttributesChecker.stripDocbase(s);
+        //junit is failing for me on url.equls(url)...
+        Assert.assertEquals(expected, q.toExternalForm());
+    }
+
+}