From aed14ba34de61d8e794c6e87772b15bdb2ca89f4 Mon Sep 17 00:00:00 2001
From: Maxim Thomas <maxim.thomas@gmail.com>
Date: Thu, 30 May 2024 18:48:28 +0300
Subject: [PATCH] [#754] Restore the Version servlet without the vulnerability
 (#757)

* Remove the Version button

* Restore the Version servlet without the vulnerability
---
 .../console/version/VersionServlet.java       |  69 ++---------
 .../src/main/webapp/WEB-INF/web.xml           |   2 -
 .../taglib/masthead/CCPrimaryMastheadTag.java |   1 +
 .../src/main/webapp/WEB-INF/jsp/Version.jsp   | 117 ++++++++++++++++++
 .../com_sun_web_ui/jsp/version/Version.jsp    | 113 -----------------
 5 files changed, 125 insertions(+), 177 deletions(-)
 create mode 100644 openam-server-only/src/main/webapp/WEB-INF/jsp/Version.jsp
 delete mode 100644 openam-server-only/src/main/webapp/com_sun_web_ui/jsp/version/Version.jsp

diff --git a/openam-console/src/main/java/com/sun/identity/console/version/VersionServlet.java b/openam-console/src/main/java/com/sun/identity/console/version/VersionServlet.java
index 8ede699ae5..46b805e951 100644
--- a/openam-console/src/main/java/com/sun/identity/console/version/VersionServlet.java
+++ b/openam-console/src/main/java/com/sun/identity/console/version/VersionServlet.java
@@ -26,74 +26,19 @@
  */
 /**
  * Portions Copyrighted 2012 ForgeRock AS
+ * Portions Copyrighted 2024 3A Systems LLC
  */
 package com.sun.identity.console.version;
 
-import com.iplanet.jato.CompleteRequestException;
-import com.iplanet.jato.RequestContext;
-import com.iplanet.jato.RequestContextImpl;
-import com.iplanet.jato.ViewBeanManager;
-import com.iplanet.jato.view.ViewBean;
-import com.sun.identity.console.base.AMViewBeanBase;
-import java.io.IOException;
 import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
 
-public class VersionServlet extends
-    com.sun.web.ui.servlet.version.VersionServlet {
-
-    @Override
-    protected void initializeRequestContext(RequestContext requestContext) {
-        super.initializeRequestContext(requestContext);
-
-        ViewBeanManager viewBeanManager =
-            new ViewBeanManager(requestContext,
-            getPackageName(VersionServlet.class.getName()));
-        ((RequestContextImpl) requestContext).setViewBeanManager(
-            viewBeanManager);
-    }
-
-    @Override
-    protected void onRequestHandlerNotFound(
-        RequestContext requestContext,
-        String handlerName) throws ServletException {
-        AMViewBeanBase.debug.error("VersionServlet.onRequestHandlerNotFound: " +
-            handlerName);
-    }
-
-    @Override
-    protected void onRequestHandlerNotSpecified(RequestContext requestContext)
-        throws ServletException {
-        AMViewBeanBase.debug.error(
-            "VersionServlet.onRequestHandlerNotSpecified");
-    }
-
-    @Override
-    protected void onUncaughtException(
-        RequestContext requestContext,
-        Exception e) throws ServletException, IOException {
-        HttpServletRequest httpRequest = (HttpServletRequest) requestContext.getRequest();
-        AMViewBeanBase.debug.error("VersionServlet.onUncaughtException", e);
-        String redirectUrl = VersionViewBean.getCurrentURL(httpRequest) +
-            "/base/AMUncaughtException";
-        requestContext.getResponse().sendRedirect(redirectUrl);
-    }
-
-    @Override
-    protected void onPageSessionDeserializationException(
-            RequestContext requestContext,
-            ViewBean viewBean,
-            Exception e)
-            throws ServletException, IOException {
-        HttpServletRequest httpRequest = (HttpServletRequest) requestContext.getRequest();
-        AMViewBeanBase.debug.error("VersionServlet.onUncaughtException", e);
-        String redirectUrl = VersionViewBean.getCurrentURL(httpRequest)
-                + "/base/AMInvalidURL";
-        requestContext.getResponse().sendRedirect(redirectUrl);
-        throw new CompleteRequestException();
-    }
+public class VersionServlet extends HttpServlet {
 
-    @Override
-    protected void onSessionTimeout(RequestContext requestContext) throws ServletException {
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        request.getRequestDispatcher("/WEB-INF/jsp/Version.jsp").forward(request, response);
     }
 }
diff --git a/openam-console/src/main/webapp/WEB-INF/web.xml b/openam-console/src/main/webapp/WEB-INF/web.xml
index 9b27e16ca3..5725f6d1d8 100644
--- a/openam-console/src/main/webapp/WEB-INF/web.xml
+++ b/openam-console/src/main/webapp/WEB-INF/web.xml
@@ -176,12 +176,10 @@
         <servlet-name>AgentConfigurationServlet</servlet-name>
         <url-pattern>/agentconfig/*</url-pattern>
     </servlet-mapping>
-<!--      
     <servlet-mapping>
         <servlet-name>VersionServlet</servlet-name>
         <url-pattern>/ccversion/*</url-pattern>
     </servlet-mapping>
--->    
     <servlet-mapping>
         <servlet-name>FSServlet</servlet-name>
         <url-pattern>/federation/*</url-pattern>
diff --git a/openam-core/src/main/java/org/forgerock/openam/console/ui/taglib/masthead/CCPrimaryMastheadTag.java b/openam-core/src/main/java/org/forgerock/openam/console/ui/taglib/masthead/CCPrimaryMastheadTag.java
index 3058315d16..8fcff5db2a 100644
--- a/openam-core/src/main/java/org/forgerock/openam/console/ui/taglib/masthead/CCPrimaryMastheadTag.java
+++ b/openam-core/src/main/java/org/forgerock/openam/console/ui/taglib/masthead/CCPrimaryMastheadTag.java
@@ -21,6 +21,7 @@
  * your own identifying information:
  * "Portions Copyrighted [year] [name of copyright owner]"
  *
+ * Portions Copyrighted 2024 3A Systems LLC
  */  
 package org.forgerock.openam.console.ui.taglib.masthead;
 
diff --git a/openam-server-only/src/main/webapp/WEB-INF/jsp/Version.jsp b/openam-server-only/src/main/webapp/WEB-INF/jsp/Version.jsp
new file mode 100644
index 0000000000..0e852bd71f
--- /dev/null
+++ b/openam-server-only/src/main/webapp/WEB-INF/jsp/Version.jsp
@@ -0,0 +1,117 @@
+<%--
+   DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+
+   Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
+
+   The contents of this file are subject to the terms
+   of the Common Development and Distribution License
+   (the License). You may not use this file except in
+   compliance with the License.
+
+   You can obtain a copy of the License at
+   https://opensso.dev.java.net/public/CDDLv1.0.html or
+   opensso/legal/CDDLv1.0.txt
+   See the License for the specific language governing
+   permission and limitations under the License.
+
+   When distributing Covered Code, include this CDDL
+   Header Notice in each file and include the License file
+   at opensso/legal/CDDLv1.0.txt.
+   If applicable, add the following below the CDDL Header,
+   with the fields enclosed by brackets [] replaced by
+   your own identifying information:
+   "Portions Copyrighted [year] [name of copyright owner]"
+
+   $Id: Version.jsp,v 1.1 2009/08/05 20:15:51 veiming Exp $
+
+   Portions Copyrighted 2011-2016 ForgeRock AS.
+   Portions Copyrighted 2024 3A Systems LLC.
+--%>
+
+<%@ page import="com.sun.web.ui.common.CCI18N" %>
+<%@ page import="java.net.URLEncoder" %>
+<%@ page import="java.util.MissingResourceException" %>
+<%@ page import="java.util.ResourceBundle" %>
+<%@ page import="org.owasp.esapi.ESAPI" %>
+
+
+<%
+
+    ResourceBundle resourceBundle;
+    try {
+        resourceBundle = ResourceBundle.getBundle("com.sun.web.ui.resources.Resources", request.getLocale());
+    } catch (MissingResourceException mr) {
+        resourceBundle = ResourceBundle.getBundle("com.sun.web.ui.resources.Resources");
+    }
+
+    String windowTitle = resourceBundle.getString("masthead.versionWindowTitle");
+    // Get query parameters.
+    String productNameSrc = (request.getParameter("productNameSrc") != null)
+            ? request.getParameter("productNameSrc") : "";
+    String versionFile = (request.getParameter("versionFile") != null)
+            ? request.getParameter("versionFile") : "";
+
+    windowTitle = ESAPI.encoder().encodeForHTML(windowTitle);
+
+    String productNameHeight =
+            (request.getParameter("productNameHeight") != null)
+                    ? request.getParameter("productNameHeight") : "";
+    String productNameWidth =
+            (request.getParameter("productNameWidth") != null)
+                    ? request.getParameter("productNameWidth") : "";
+
+    // Create masthead frame URL.
+    StringBuilder buffer =
+            new StringBuilder(request.getContextPath())
+                    .append("/ccversion/Masthead.jsp?");
+
+    buffer.append("productNameSrc=")
+            .append(URLEncoder.encode(productNameSrc, CCI18N.UTF8_ENCODING))
+            .append("&amp;versionFile=")
+            .append(URLEncoder.encode(versionFile, CCI18N.UTF8_ENCODING))
+            .append("&amp;productNameHeight=")
+            .append(URLEncoder.encode(productNameHeight, CCI18N.UTF8_ENCODING))
+            .append("&amp;productNameWidth=")
+            .append(URLEncoder.encode(productNameWidth, CCI18N.UTF8_ENCODING));
+%>
+
+<html>
+<title><%=windowTitle %></title>
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <meta name="Copyright" content="Copyright &copy; 2011-2016 ForgeRock AS, 2024, 3A Systems LLC. All Rights Reserved.">
+    <link rel="stylesheet" type="text/css" href="<%= request.getContextPath() + "/com_sun_web_ui/css/css_ns6up.css"%>" />
+</head>
+
+<body style="margin: 0;">
+<div style="display: flex; flex-direction: column; height: 100%">
+    <div class="VrsMstBdy" style="margin: 8px; flex: 0 1 auto;">
+        <table width="100%" border="0" cellpadding="0" cellspacing="0" title="">
+            <tbody>
+            <tr>
+                <td class="VrsPrdTd">
+                    <div class="VrsPrdDiv">
+                        <img src="<%= request.getContextPath()%>/console/images/PrimaryProductName.png" alt="" border="0" height="" width="">
+                    </div>
+                </td>
+                <td class="VrsLgoTd"><img src="<%= request.getContextPath()%>/com_sun_web_ui/images/version/javalogo-color.gif" width="31" height="55" alt="Java(TM) Logo"></td>
+            </tr>
+            </tbody>
+        </table>
+    </div>
+    <div class="VrsBtnBdy" style="display: flex; flex-direction: column; flex: 1 1  auto; align-self: stretch;">
+        <div class="VrsBtnBdy" style="flex: 1 1  auto; align-self: stretch;">
+            <iframe width="100%" style="border: none;"  src="<%= request.getContextPath() + "/base/Version" %>" name="mainFrame" id="mainFrame" title="Content Frame"></iframe>
+        </div>
+        <div class="VrsBtnBdy VrsBtnAryDiv" style="margin-block-end: 1em;">
+            <input name="ButtonFrame.Close" type="submit" class="Btn1"
+                   value="Close" onclick="javascript: window.close(); return false;"
+                   onmouseover="if (this.disabled==0) this.className='Btn1Hov'; if (this.disabled==0) this.className='Btn1Hov';if (this.disabled==0) this.className='Btn1Hov';if (this.disabled==0) this.className='Btn1Hov'"
+                   onmouseout="if (this.disabled==0) this.className='Btn1';if (this.disabled==0) this.className='Btn1';if (this.disabled==0) this.className='Btn1';if (this.disabled==0) this.className='Btn1'"
+                   onblur="if (this.disabled==0) this.className='Btn1';if (this.disabled==0) this.className='Btn1';if (this.disabled==0) this.className='Btn1';if (this.disabled==0) this.className='Btn1'"
+                   onfocus="if (this.disabled==0) this.className='Btn1Hov';javascript: if (this.disabled==0) this.className='Btn1Hov';if (this.disabled==0) this.className='Btn1Hov';if (this.disabled==0) this.className='Btn1Hov'" />
+        </div>
+    </div>
+</div>
+</body>
+</html>
diff --git a/openam-server-only/src/main/webapp/com_sun_web_ui/jsp/version/Version.jsp b/openam-server-only/src/main/webapp/com_sun_web_ui/jsp/version/Version.jsp
deleted file mode 100644
index 8184dfe02a..0000000000
--- a/openam-server-only/src/main/webapp/com_sun_web_ui/jsp/version/Version.jsp
+++ /dev/null
@@ -1,113 +0,0 @@
-<%--
-   DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
-
-   Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
-
-   The contents of this file are subject to the terms
-   of the Common Development and Distribution License
-   (the License). You may not use this file except in
-   compliance with the License.
-
-   You can obtain a copy of the License at
-   https://opensso.dev.java.net/public/CDDLv1.0.html or
-   opensso/legal/CDDLv1.0.txt
-   See the License for the specific language governing
-   permission and limitations under the License.
-
-   When distributing Covered Code, include this CDDL
-   Header Notice in each file and include the License file
-   at opensso/legal/CDDLv1.0.txt.
-   If applicable, add the following below the CDDL Header,
-   with the fields enclosed by brackets [] replaced by
-   your own identifying information:
-   "Portions Copyrighted [year] [name of copyright owner]"
-
-   $Id: Version.jsp,v 1.1 2009/08/05 20:15:51 veiming Exp $
-
-   Portions Copyrighted 2011-2016 ForgeRock AS.
---%>
-
-<%@ page language="java" %>
-<%@taglib uri="/WEB-INF/tld/com_iplanet_jato/jato.tld" prefix="jato" %>
-<%@taglib uri="/WEB-INF/tld/com_sun_web_ui/cc.tld" prefix="cc" %>
-
-<%@ page import="com.sun.web.ui.common.CCI18N" %>
-<%@ page import="com.sun.web.ui.common.CCSystem" %>
-<%@ page import="com.sun.identity.console.version.VersionViewBean" %>
-<%@ page import="java.net.URLEncoder" %>
-<%@ page import="java.util.MissingResourceException" %>
-<%@ page import="java.util.ResourceBundle" %>
-
-
-<%
-
-   ResourceBundle resourceBundle;
-   try {
-        resourceBundle = ResourceBundle.getBundle("com.sun.web.ui.resources.Resources", request.getLocale());
-   } catch (MissingResourceException mr) {
-        resourceBundle = ResourceBundle.getBundle("com.sun.web.ui.resources.Resources");
-   }
-
-    String windowTitle = resourceBundle.getString("masthead.versionWindowTitle");
-    // Get query parameters.
-    String productNameSrc = (request.getParameter("productNameSrc") != null)
-	? request.getParameter("productNameSrc") : "";
-    String versionFile = (request.getParameter("versionFile") != null)
-	? request.getParameter("versionFile") : "";
-
-    windowTitle = VersionViewBean.escapeHTML(windowTitle);
-
-    String productNameHeight =
-	(request.getParameter("productNameHeight") != null)
-        ? request.getParameter("productNameHeight") : "";
-    String productNameWidth =
-	(request.getParameter("productNameWidth") != null)
-        ? request.getParameter("productNameWidth") : "";
-
-    // Create button frame URL.
-    StringBuilder buttonBuffer =
-        new StringBuilder(request.getContextPath())
-        .append("/ccversion/ButtonFrame");
-
-    // Create masthead frame URL.
-    StringBuilder buffer =
-        new StringBuilder(request.getContextPath())
-        .append("/ccversion/Masthead.jsp?");
-
-    buffer.append("productNameSrc=")
-        .append(URLEncoder.encode(productNameSrc, CCI18N.UTF8_ENCODING))
-        .append("&amp;versionFile=")
-	.append(URLEncoder.encode(versionFile, CCI18N.UTF8_ENCODING))
-	.append("&amp;productNameHeight=")
-        .append(URLEncoder.encode(productNameHeight, CCI18N.UTF8_ENCODING))
-        .append("&amp;productNameWidth=")
-        .append(URLEncoder.encode(productNameWidth, CCI18N.UTF8_ENCODING));
-%>
-
-<jato:useViewBean className="com.sun.identity.console.version.VersionViewBean">
-
-<html>
-<title><%=windowTitle %></title>
-<head>
-  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-  <meta name="Copyright" content="Copyright &copy; 2010-2016, ForgeRock AS. All Rights Reserved.">
-  <cc:stylesheet />
-</head>
-
-<cc:i18nbundle id="bundle"
- baseName="com.sun.web.ui.resources.Resources"/>
-
-<frameset rows="110,*,60" frameborder="no" border="0" framespacing="0">
-  <frame src="<%=buffer.toString() %>" name="topFrame" scrolling="no" noresize="noresize" id="topFrame" title="Masthead Frame">
-  <frame src="<%= request.getContextPath() + "/base/Version" %>" name="mainFrame" id="mainFrame" title="Content Frame">
-  <frame src="<%=buttonBuffer.toString() %>" name="buttonFrame" scrolling="no" noresize="noresize" id="bottomFrame" title="Button Frame">
-  <noframes>
-    <body>
-      <p><cc:text name="Text" bundleID="bundle" /></p>
-    </body>
-  </noframes>
-</frameset>
-
-</html>
-
-</jato:useViewBean>