Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Improved JavaScript and Java screening function

3 views
Skip to first unread message

Carl V Claunch

unread,
May 4, 1996, 3:00:00 AM5/4/96
to

Thanks to the feedback of several users of the patch I had previously
developed against the http-gw component of TIS's fwtk, I have developed
version 2, which improves the screening protection further.

The complete patch kit, including documentation and a test-bed useful for
passing sample or collected HTML thru the screener offline, can be found at
http://www.hdshq.com/fixes/fwtk/welcome.html

Users of the original (version 1) patch can simply apply the following
context diff using patch, and be brought up to version 2 level. If you do
not have version 1 installed please fetch the compressed tar archive
javablok.tar.Z from the URL above.


*** http-gw.c.orig Fri May 3 15:47:16 1996
--- http-gw.c Fri May 3 15:42:52 1996
***************
*** 12,17
*
* 22-Aug-1994 Started to add the Gopher+ stuff. (pjc)
* 15-Mar-1996 Added screening for Java, JavaScript. (ca...@hdshq.com)
*/
static char RcsId[] = "$Header: http-gw.c,v 1.8 94/10/11 11:04:34 pjc Exp $";

--- 12,18 -----
*
* 22-Aug-1994 Started to add the Gopher+ stuff. (pjc)
* 15-Mar-1996 Added screening for Java, JavaScript. (ca...@hdshq.com)
+ * 3-May-1996 Improved screening for Java, JavaScript. (ca...@hdshq.com)
*/
static char RcsId[] = "$Header: http-gw.c,v 1.8 94/10/11 11:04:34 pjc Exp $";

***************
*** 21,26

extern int nojava;
extern int nojavascript;

static void do_logging()
{ char *proto = "GOPHER";

--- 22,28 -----

extern int nojava;
extern int nojavascript;
+ void seek_and_destroy();

static void do_logging()
{ char *proto = "GOPHER";
***************
*** 1186,1191
syslog(LLEV,"content-type=%s", &go_request[13]);
}
}else if( !strncasecmp(go_request, "location:", 9) ){
if( (rem_type&TYPE_PROXYCLIENT)==0){
p = strchr(go_request, ':');
p++;

--- 1188,1194 -----
syslog(LLEV,"content-type=%s", &go_request[13]);
}
}else if( !strncasecmp(go_request, "location:", 9) ){
+ if (nojavascript) seek_and_destroy(go_request);
if( (rem_type&TYPE_PROXYCLIENT)==0){
p = strchr(go_request, ':');
p++;
***************
*** 1907,1912
IN_TAG, /* inside <....> */
IN_BEGIN_COMMENT, /* inside <! . . . > */
IN_COMMENTS, /* inside <!-- . . . -- -- . . . --> */
IN_ELEMENT, /* inside first word of tag */
IN_WS_1, /* whitespace before attribute name */
IN_ATTRIBUTE, /* inside <.. xxx [= yyy] > */

--- 1910,1916 -----
IN_TAG, /* inside <....> */
IN_BEGIN_COMMENT, /* inside <! . . . > */
IN_COMMENTS, /* inside <!-- . . . -- -- . . . --> */
+ IN_END_COMMENT, /* looking for closing > */
IN_ELEMENT, /* inside first word of tag */
IN_WS_1, /* whitespace before attribute name */
IN_ATTRIBUTE, /* inside <.. xxx [= yyy] > */
***************
*** 2232,2237
!strcasecmp(attribute,"action"))
trans_anchor(attribute,value,protocol);

/* Quote at end removed to avoid double write*/
p = value + strlen(value) - 1;
if ((*p == '"') || (*p == '\'')) *p = 0;

--- 2236,2250 -----
!strcasecmp(attribute,"action"))
trans_anchor(attribute,value,protocol);

+ /* we look for the <META HTTP-EQUIV..CONTENT= and
+ rewrite any javascript: URL */
+ if ( nojavascript
+ &&
+ (!strcasecmp(element,"meta"))
+ &&
+ (!strcasecmp(attribute,"content")))
+ seek_and_destroy(value);
+
/* Quote at end removed to avoid double write*/
p = value + strlen(value) - 1;
if ((*p == '"') || (*p == '\'')) *p = 0;
***************
*** 2265,2271
switch (ch) {
case '-':
if (prev == '-') {
! state = IN_BEGIN_COMMENT;
ch = 0;
}
break;

--- 2278,2284 -----
switch (ch) {
case '-':
if (prev == '-') {
! state = IN_END_COMMENT;
ch = 0;
}
break;
***************
*** 2275,2280
}
break;

default:
break;
}

--- 2288,2314 -----
}
break;

+ case IN_END_COMMENT:
+ switch (ch) {
+ case '>':
+ state = IN_BODY;
+ break;
+
+ case ' ':
+ case '\n':
+ case '\t':
+ case '\r':
+ case '-':
+ ch = 0;
+ break;
+
+ default:
+ state = IN_COMMENTS;
+ ch = 0;
+ break;
+ }
+ break;
+
default:
break;
}
***************
*** 2513,2518
/* if handled by plug-gw, prefix p to URL */
oldurl = maybe_plug_it(value);

/* match and remove URLs we are restricting */
if( filter_anchor(attribute, oldurl)){
sprintf(newurl,"filtered://-removed-");

--- 2547,2556 -----
/* if handled by plug-gw, prefix p to URL */
oldurl = maybe_plug_it(value);

+ /* remove javascript: URLs if we are screening */
+ if ( nojavascript && !strncasecmp(oldurl,"javascript:",11)) {
+ sprintf(newurl,"filtered://-removed-");
+
/* match and remove URLs we are restricting */
} else if( filter_anchor(attribute, oldurl)){
sprintf(newurl,"filtered://-removed-");
***************
*** 2514,2520
oldurl = maybe_plug_it(value);

/* match and remove URLs we are restricting */
! if( filter_anchor(attribute, oldurl)){
sprintf(newurl,"filtered://-removed-");

/* internal use URLs should not be modified */

--- 2552,2558 -----
sprintf(newurl,"filtered://-removed-");

/* match and remove URLs we are restricting */
! } else if( filter_anchor(attribute, oldurl)){
sprintf(newurl,"filtered://-removed-");

/* internal use URLs should not be modified */
***************
*** 2702,2705
forward_file(sockfd, rem_path, rem_server);
}
return 0;
}

--- 2740,2767 -----
forward_file(sockfd, rem_path, rem_server);
}
return 0;
+ }
+
+ /* This routine will seek through a string looking for a javascript:
+ substring. It will replace that with filterfwtk: so it becomes
+ non-functional. This is only called when screening for javascript */
+ void
+ seek_and_destroy(jScan)
+ char *jScan;
+ {
+ char jTest[12];
+ char jChar;
+ char *jEnd;
+
+ jEnd = jScan + strlen(jScan);
+ while(jChar = *(jScan++)) {
+ if (((jChar == 'j') || (jChar == 'J')) && ((jEnd-jScan)>9)) {
+ strncpy(jTest,jScan-1,11);
+ *(jTest+11) = 0;
+ if (!strncasecmp(jTest,"javascript:",11)) {
+ memmove(jScan-1,"filterfwtk:",11);
+ break;
+ }
+ }
+ }
}

0 new messages