AbstractViewState.java example

Explorer

deface-master
- src
  - com
    - trustwave
      - deface
        Deface.java
        gui
        DefaceGUI.java
        utils
        ObjectDeserizer.java
        ObjectDumper.java
        WriteBehindStateWriter.java
        viewstate
        TreeCrawlAction.java
        ViewStateWrapper.java
        viewstate_old
        AbstractViewState.java
        Mojarra_1_2_14.java
        Mojarra_2_0_2.java
        MyFaces_1_1_7.java
        MyFaces_1_2_8.java
        Version.java
        ViewStateFactory.java
  - org
    - apache
      - shale
        test
        el
        AbstractELResolver.java
        FacesImplicitObjectELResolver.java
        FacesPropertyResolverChainWrapper.java
        FacesResourceBundleELResolver.java
        FacesScopedAttributeELResolver.java
        FacesVariableResolverChainWrapper.java
        MockELContext.java
        MockExpressionFactory.java
        MockFunctionMapper.java
        MockMethodExpression.java
        MockValueExpression.java
        MockVariableMapper.java
        MockVariableValueExpression.java
        mock
        MockActionListener.java
        MockApplication.java
        MockApplication12.java
        MockApplicationFactory.java
        MockApplicationMap.java
        MockEnumeration.java
        MockExternalContext.java
        MockExternalContext12.java
        MockFacesContext.java
        MockFacesContext12.java
        MockFacesContextFactory.java
        MockHttpServletRequest.java
        MockHttpServletResponse.java
        MockHttpSession.java
        MockLifecycle.java
        MockLifecycleFactory.java
        MockMethodBinding.java
        MockNavigationHandler.java
        MockPrincipal.java
        MockPrintWriter.java
        MockPropertyResolver.java
        MockRenderKit.java
        MockRenderKitFactory.java
        MockRequestMap.java
        MockResponseWriter.java
        MockServlet.java
        MockServletConfig.java
        MockServletContext.java
        MockServletOutputStream.java
        MockSessionMap.java
        MockStateManager.java
        MockValueBinding.java
        MockVariableResolver.java
        MockViewHandler.java

/*******************************************************************************
 * Copyright (c) 2010 Trustwave Holdings, Inc.
 *******************************************************************************/

package com.trustwave.deface.viewstate_old;
//package com.trustwave.deface.viewstate;
//
//import java.io.ByteArrayInputStream;
//import java.io.IOException;
//import java.io.InputStream;
//import java.io.ObjectInputStream;
//import java.util.zip.GZIPInputStream;
//
//import javax.faces.FactoryFinder;
//import javax.faces.application.Application;
//import javax.faces.application.StateManager;
//import javax.faces.application.ViewHandler;
//import javax.faces.component.UIViewRoot;
//import javax.faces.context.ExternalContext;
//import javax.faces.context.FacesContext;
//import javax.faces.context.ResponseWriter;
//import javax.faces.lifecycle.Lifecycle;
//import javax.faces.render.RenderKit;
//import javax.faces.render.RenderKitFactory;
//import javax.servlet.ServletContext;
//import javax.servlet.http.HttpServletRequest;
//import javax.servlet.http.HttpServletResponse;
//
//import org.apache.commons.codec.binary.Base64InputStream;
//import org.apache.shale.test.mock.MockApplication;
//import org.apache.shale.test.mock.MockExternalContext;
//import org.apache.shale.test.mock.MockFacesContext;
//import org.apache.shale.test.mock.MockHttpServletRequest;
//import org.apache.shale.test.mock.MockHttpServletResponse;
//import org.apache.shale.test.mock.MockLifecycle;
//import org.apache.shale.test.mock.MockServletContext;
//
//import com.trustwave.deface.utils.ObjectDumper;
//import com.trustwave.deface.utils.WriteBehindStateWriter;
//
//public abstract class AbstractViewState
//{
////	protected final Version version;
//	protected boolean compressViewState;
//	protected final FacesContext facesContext;
//	protected final ExternalContext externalContext;
//	protected final ServletContext servletContext;
//	protected final HttpServletRequest request;
//	protected final HttpServletResponse response;
//	protected final Lifecycle lifecycle;
//	protected final UIViewRoot viewRoot;
//	protected final Application application;
////	protected final URLClassLoader classLoader;
//	protected final String rawViewState;
//	protected final WriteBehindStateWriter stateWriter;
//	
////	protected AbstractViewState(Version version, String viewState)
//	protected AbstractViewState(String viewState)
//	{
//		initializeFactories();
////		this.version = version;
//		this.rawViewState = viewState;
//
////		classLoader = initializeClassLoader();
//		
//		servletContext = createMockServletContext();
//		request = createMockHttpServletRequest();
//		response = createMockHttpServletResponse();
//		application = createMockApplication();
//		externalContext = createMockExternalContext();
//		facesContext = createMockFacesContext();
//		stateWriter = createWriteBehindStateWriter();
//		lifecycle = createMockLifecycle();
//		viewRoot = getViewHandler().restoreView(facesContext, getViewStateParamName());
//		facesContext.setViewRoot(viewRoot);
//	}
//
//	protected abstract ViewHandler getViewHandler();
//	protected abstract void initializeFactories();
////	protected abstract String[] getRequiredClasses();
//	protected abstract StateManager getStateManager();
//	protected abstract String getViewStateParamName();
//
//	public abstract String serializeToString(); 
//	public abstract void insertXSSPoC();
//	public abstract void insertSessionVarsPoC();
//
//	
////	private URLClassLoader initializeClassLoader()
////	{
////		URLClassLoader loader = null;
////		try
////		{
////			loader = (URLClassLoader)ClassLoader.getSystemClassLoader();
////			Class sysclass = URLClassLoader.class;
////			try 
////			{
////				Method method = sysclass.getDeclaredMethod("addURL", new Class[]{URL.class});
////				method.setAccessible(true);
////				method.invoke(loader, new Object[]{ getJarURL() });
////			} 
////			catch (Exception e) 
////			{
////				System.err.println("Failed to set class path: " + e.getLocalizedMessage());
////				e.printStackTrace();
////				System.exit(1);
////			}
////			
////			
//////			loader = new URLClassLoader(getJarURLs());
////			for (String className: getRequiredClasses())
////			{
////				loader.loadClass(className);
////			}
////		}
//////		catch (MalformedURLException e)
//////		{
//////			System.err.println("Failed to load JavaServer Faces jar: " + e.getLocalizedMessage());
//////			e.printStackTrace();
//////			System.exit(1);
//////		}
////		catch (ClassNotFoundException e)
////		{
////			System.err.println("Failed to load JavaServer Faces jar: " + e.getLocalizedMessage());
////			e.printStackTrace();
////			System.exit(1);
////		}
////		return loader;
////	}
//	
//	
//	protected MockLifecycle createMockLifecycle()
//	{
//		return new MockLifecycle();
//	}
//	
//	protected MockFacesContext createMockFacesContext()
//	{
//		MockFacesContext mfc = new MockFacesContext(externalContext);
//		((MockFacesContext) mfc).setApplication(application);
////		Field defaultFacesContext;
////		try
////		{
////			defaultFacesContext = FacesContext.class.getDeclaredField("defaultFacesContext");
////			defaultFacesContext.setAccessible(true);
////			defaultFacesContext.set(mfc, mfc);
////		}
////		catch (SecurityException e)
////		{
////			System.err.println("Problem creating FacesContext: " + e.getLocalizedMessage());
////			e.printStackTrace();
////			System.exit(1);
////		}
////		catch (NoSuchFieldException e)
////		{
////			System.err.println("Problem creating FacesContext: " + e.getLocalizedMessage());
////			e.printStackTrace();
////			System.exit(1);
////		}
////		catch (IllegalArgumentException e)
////		{
////			System.err.println("Problem creating FacesContext: " + e.getLocalizedMessage());
////			e.printStackTrace();
////			System.exit(1);
////		}
////		catch (IllegalAccessException e)
////		{
////			System.err.println("Problem creating FacesContext: " + e.getLocalizedMessage());
////			e.printStackTrace();
////			System.exit(1);
////		}
//
//		mfc.getApplication().setViewHandler(getViewHandler());
//		mfc.getApplication().setStateManager(getStateManager());
//		return mfc;
//	}
//	
//	protected WriteBehindStateWriter createWriteBehindStateWriter()
//	{
//		RenderKitFactory renderFactory = (RenderKitFactory) FactoryFinder.getFactory(FactoryFinder.RENDER_KIT_FACTORY);
//		RenderKit renderKit = renderFactory.getRenderKit(facesContext, RenderKitFactory.HTML_BASIC_RENDER_KIT);
//		WriteBehindStateWriter wbsw = new WriteBehindStateWriter(facesContext, 100000);
//		ResponseWriter newWriter = renderKit.createResponseWriter(wbsw, "text/html", null);
//		facesContext.setResponseWriter(newWriter);
//		return wbsw;
//	}
//	
//	@SuppressWarnings("unchecked")
//	protected MockExternalContext createMockExternalContext()
//	{
//		MockExternalContext ec = new MockExternalContext(servletContext, request, response);
//		ec.getRequestParameterMap().put(getViewStateParamName(), rawViewState);;
//		return ec;
//	}
//	
//	protected MockApplication createMockApplication()
//	{
//		return new MockApplication();
//	}
//	
//	protected MockHttpServletResponse createMockHttpServletResponse()
//	{
//		return new MockHttpServletResponse();
//	}
//	
//	protected MockHttpServletRequest createMockHttpServletRequest()
//	{
//		MockHttpServletRequest r =  new MockHttpServletRequest();
//		((MockHttpServletRequest) r).addParameter(getViewStateParamName(), rawViewState);
//		return r;
//	}
//	
//	protected MockServletContext createMockServletContext()
//	{
//		MockServletContext msc = new MockServletContext();
//		((MockServletContext) msc).addInitParameter(StateManager.STATE_SAVING_METHOD_PARAM_NAME, 
//				StateManager.STATE_SAVING_METHOD_CLIENT);
//		return msc;
//	}
//	
////	@SuppressWarnings("deprecation")
////	protected URL getJarURL() throws MalformedURLException
////	{
////		String facesLib = Deface.facesLibDir + version.getDirectory();
////		return  new File(facesLib).toURL();
////	}
////	
////	protected Object instantiate(String className)
////	{
////		Object o = null;
////		try
////		{
////			Class c = classLoader.loadClass(className);
////			o = c.newInstance();
////		}
////		catch (ClassNotFoundException e)
////		{
////			System.err.println(className + " not found: " + e.getLocalizedMessage());
////			e.printStackTrace();
////			System.exit(1);
////		}
////		catch (InstantiationException e)
////		{
////			System.err.println(className + " not found: " + e.getLocalizedMessage());
////			e.printStackTrace();
////			System.exit(1);
////		}
////		catch (IllegalAccessException e)
////		{
////			System.err.println(className + " not found: " + e.getLocalizedMessage());
////			e.printStackTrace();
////			System.exit(1);
////		}
////		
////		return o;
////	}
//
//	
//	public String generateServerSideTextTree()
//	{
//		return ObjectDumper.dumpObject(viewRoot, false);
//	}
//	
//	public String generateRawTextTree()
//	{
//		StringBuffer buffer = new StringBuffer();
//		ObjectInputStream ois;
//		try
//		{
//			ois = initInputStream(this.rawViewState);
//			try 
//			{
//				long stateTime = ois.readLong();
//				buffer.append("State time stamp: " + stateTime + "\n\n");
//			} 
//			catch (IOException ioe) 
//			{
//				// no state time
//			}
//			
//			buffer.append("Structure object: \n" + ObjectDumper.dumpObject(ois.readObject(), false) + "\n\n");
//			buffer.append("State object: \n" + ObjectDumper.dumpObject(ois.readObject(), false));
//		}
//		catch (IOException e)
//		{
//			buffer.append("Problem reading view state: " + e.getLocalizedMessage());
//		}
//		catch (ClassNotFoundException e)
//		{
//			buffer.append("Class not found in view state: " + e.getLocalizedMessage());
//		}
//		
//		return buffer.toString();
//	}
//	
//	private ObjectInputStream initInputStream(String stateString) throws IOException
//	{
//		InputStream bis = null;
//		ObjectInputStream os = null;
//		bis = new GZIPInputStream(new Base64InputStream(new ByteArrayInputStream(stateString.getBytes())));
//		os = new ObjectInputStream(bis);
//		try
//		{
//			Object structure = os.readObject();
//		} 
//		catch (Exception ioe) 
//		{
//			// assume input stream is not GZIP compressed)
//			bis = new Base64InputStream(new ByteArrayInputStream(stateString.getBytes()));
//			os = new ObjectInputStream(bis);
//		}
//		return os;
//	}
//	
////	static void xssTheView(UIComponentBase component) {
////	for (UIComponentBase child : component.getChildren().toArray(
////			new UIComponentBase[0])) {
////		xssTheView(child);
////		if (child instanceof HtmlForm) {
////			((HtmlForm) child).setOnmouseover("alert('hi')");
////		}
////
////		else if (child instanceof HtmlCommandLink) {
////			((HtmlCommandLink) child).setOnmouseover("alert('hi')");
////		}
////
////		else if (child instanceof HtmlGraphicImage) {
////			((HtmlGraphicImage) child).setOnmouseover("alert('hi')");
////		}
////
////		else if (child instanceof HtmlPanelGrid) {
////			((HtmlPanelGrid) child).setOnmouseover("alert('hi')");
////		}
////
////		else {
////			System.err.println("Unknown type");
////		}
////	}
////}
//}