You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ud...@apache.org on 2016/10/19 19:59:44 UTC
[16/50] [abbrv] incubator-geode git commit: GEODE-1532: Fix Pulse
Clickjacking vuln.
GEODE-1532: Fix Pulse Clickjacking vuln.
* Removed firefox driver dependency
* This closes #256
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/a78fa753
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/a78fa753
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/a78fa753
Branch: refs/heads/feature/GEODE-1874
Commit: a78fa7537dfd656521649d57245ecd7fa05b2d31
Parents: 6054e00
Author: Jared Stewart <js...@pivotal.io>
Authored: Mon Oct 10 18:48:01 2016 -0700
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Wed Oct 12 09:52:40 2016 -0700
----------------------------------------------------------------------
geode-pulse/build.gradle | 1 -
geode-pulse/src/main/webapp/WEB-INF/spring-security.xml | 5 +++++
.../geode/tools/pulse/testbed/driver/PulseUITest.java | 11 +++++++++--
3 files changed, 14 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a78fa753/geode-pulse/build.gradle
----------------------------------------------------------------------
diff --git a/geode-pulse/build.gradle b/geode-pulse/build.gradle
index ef29ab3..3d19dea 100755
--- a/geode-pulse/build.gradle
+++ b/geode-pulse/build.gradle
@@ -73,7 +73,6 @@ dependencies {
exclude module: 'selenium-java' //by artifact name
}
- testCompile 'org.seleniumhq.selenium:selenium-firefox-driver:' + project.'selenium.version'
testCompile 'org.seleniumhq.selenium:selenium-api:' + project.'selenium.version'
testCompile 'org.seleniumhq.selenium:selenium-remote-driver:' + project.'selenium.version'
testCompile 'org.seleniumhq.selenium:selenium-support:' + project.'selenium.version'
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a78fa753/geode-pulse/src/main/webapp/WEB-INF/spring-security.xml
----------------------------------------------------------------------
diff --git a/geode-pulse/src/main/webapp/WEB-INF/spring-security.xml b/geode-pulse/src/main/webapp/WEB-INF/spring-security.xml
index b4fccf0..2842f64 100644
--- a/geode-pulse/src/main/webapp/WEB-INF/spring-security.xml
+++ b/geode-pulse/src/main/webapp/WEB-INF/spring-security.xml
@@ -47,6 +47,11 @@
<form-login login-page="/Login.html"
authentication-failure-handler-ref="authenticationFailureHandler"
default-target-url="/clusterDetail.html" />
+ <headers>
+ <frame-options policy="DENY" />
+ <content-type-options />
+ <xss-protection enabled="true" block="true" />
+ </headers>
<logout logout-url="/pulse/clusterLogout" success-handler-ref="customLogoutSuccessHandler"/>
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a78fa753/geode-pulse/src/test/java/org/apache/geode/tools/pulse/testbed/driver/PulseUITest.java
----------------------------------------------------------------------
diff --git a/geode-pulse/src/test/java/org/apache/geode/tools/pulse/testbed/driver/PulseUITest.java b/geode-pulse/src/test/java/org/apache/geode/tools/pulse/testbed/driver/PulseUITest.java
index ced298b..5a02edc 100644
--- a/geode-pulse/src/test/java/org/apache/geode/tools/pulse/testbed/driver/PulseUITest.java
+++ b/geode-pulse/src/test/java/org/apache/geode/tools/pulse/testbed/driver/PulseUITest.java
@@ -31,7 +31,8 @@ import org.junit.experimental.categories.Category;
import org.openqa.selenium.By;
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.WebElement;
-import org.openqa.selenium.firefox.FirefoxDriver;
+import org.openqa.selenium.phantomjs.PhantomJSDriver;
+import org.openqa.selenium.remote.DesiredCapabilities;
import org.openqa.selenium.support.ui.ExpectedCondition;
import org.openqa.selenium.support.ui.WebDriverWait;
@@ -77,7 +78,13 @@ public class PulseUITest {
pulseURL = "http://" + host + ":" + port + context;
Thread.sleep(1000); //wait till tomcat settles down
- driver = new FirefoxDriver();
+
+ DesiredCapabilities capabilities = new DesiredCapabilities();
+ capabilities.setJavascriptEnabled(true);
+ capabilities.setCapability("takesScreenshot", true);
+ capabilities.setCapability("phantomjs.page.settings.userAgent", "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:16.0) Gecko/20121026 Firefox/16.0");
+
+ driver = new PhantomJSDriver(capabilities);
driver.manage().window().maximize();//required to make all elements visible
Thread.sleep(5000); //wait till pulse starts polling threads...