Janusec
diff --git a/Diff for: ‎gateway/gateway_response.go
+1-1 b/Diff for: ‎gateway/gateway_response.go
+1-1
diff --git a/Diff for: ‎gateway/waf_block.go
+3-3 b/Diff for: ‎gateway/waf_block.go
+3-3
diff --git a/Diff for: ‎gateway/waf_captcha.go
+2-1 b/Diff for: ‎gateway/waf_captcha.go
+2-1
diff --git a/Diff for: ‎static/janusec-admin/assets/images/favicon.ico
1.58 KB b/Diff for: ‎static/janusec-admin/assets/images/favicon.ico
1.58 KB
diff --git a/Diff for: ‎static/janusec-admin/assets/images/gateway2.png
-72 KB b/Diff for: ‎static/janusec-admin/assets/images/gateway2.png
-72 KB
diff --git a/Diff for: ‎static/janusec-admin/assets/images/logo.png
-965 Bytes b/Diff for: ‎static/janusec-admin/assets/images/logo.png
-965 Bytes
diff --git a/Diff for: ‎static/janusec-admin/favicon.ico
1.58 KB b/Diff for: ‎static/janusec-admin/favicon.ico
1.58 KB
diff --git a/Diff for: ‎static/janusec-admin/index.html
+6-3 b/Diff for: ‎static/janusec-admin/index.html
+6-3
diff --git a/Diff for: ‎static/janusec-admin/main-es2015.3d249a116c0e53e1af34.js renamed to ‎static/janusec-admin/main-es2015.9b510fd27c80e2436f66.js
+1-1 b/Diff for: ‎static/janusec-admin/main-es2015.3d249a116c0e53e1af34.js renamed to ‎static/janusec-admin/main-es2015.9b510fd27c80e2436f66.js
+1-1
diff --git a/Diff for: ‎static/janusec-admin/main-es5.3d249a116c0e53e1af34.js renamed to ‎static/janusec-admin/main-es5.9b510fd27c80e2436f66.js
+1-1 b/Diff for: ‎static/janusec-admin/main-es5.3d249a116c0e53e1af34.js renamed to ‎static/janusec-admin/main-es5.9b510fd27c80e2436f66.js
+1-1
@@ -83,7 +83,7 @@ func rewriteResponse(resp *http.Response) (err error) {
 				vulnName, _ := firewall.VulnMap.Load(policy.VulnID)
 				hitInfo := &models.HitInfo{TypeID: 2, PolicyID: policy.ID, VulnName: vulnName.(string)}
 				go firewall.LogGroupHitRequest(r, app.ID, srcIP, policy)
-				blockContent := GenerateBlockConcent(hitInfo)
+				blockContent := GenerateBlockContent(hitInfo)
 				resp.StatusCode = 403
 				resp.Body = io.NopCloser(bytes.NewBuffer(blockContent))
 				resp.ContentLength = int64(len(blockContent))
 
@@ -31,15 +31,15 @@ func GenerateBlockPage(w http.ResponseWriter, hitInfo *models.HitInfo) {
 	}
 }
 
-// GenerateBlockConcent ...
-func GenerateBlockConcent(hitInfo *models.HitInfo) []byte {
+// GenerateBlockContent ...
+func GenerateBlockContent(hitInfo *models.HitInfo) []byte {
 	if tmplBlockResp == nil {
 		tmplBlockResp, _ = template.New("blockResp").Parse(data.NodeSetting.BlockHTML)
 	}
 	buf := &bytes.Buffer{}
 	err := tmplBlockResp.Execute(buf, hitInfo)
 	if err != nil {
-		utils.DebugPrintln("GenerateBlockConcent tmpl.Execute error", err)
+		utils.DebugPrintln("GenerateBlockContent tmpl.Execute error", err)
 	}
 	return buf.Bytes()
 }
@@ -8,6 +8,7 @@
 package gateway
 
 import (
+	"html"
 	"net/http"
 	"sync"
 	"text/template"
@@ -32,7 +33,7 @@ const (
 // ShowCaptchaHandlerFunc ...
 func ShowCaptchaHandlerFunc(w http.ResponseWriter, r *http.Request) {
 	go ClearExpiredCapthchaHitInfo()
-	id := r.FormValue("id")
+	id := html.EscapeString(r.FormValue("id"))
 	captchaContext := models.CaptchaContext{CaptchaId: captcha.New(), ClientID: id}
 	if err := formTemplate.Execute(w, &captchaContext); err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 
@@ -1,14 +1,17 @@
 <!doctype html>
 <html lang="en">
+
 <head><base href="/janusec-admin/">
   <meta charset="utf-8">
-  <title>JANUSEC</title>
+  <title>Janusec Application Gateway</title>
   <meta name="viewport" content="width=device-width, initial-scale=1">
   <meta http-equiv="Content-Security-Policy" content="img-src 'self' data:;" />
   <link href="/janusec-admin/assets/material-icons/material-icons.css" rel="stylesheet">
   <link rel="icon" type="image/x-icon" href="favicon.ico">
 <link rel="stylesheet" href="/janusec-admin/styles.5b315bea3caf382abdf2.css"></head>
+
 <body>
   <app-root></app-root>
- <script src="/janusec-admin/runtime-es2015.871528d607deca2f7955.js" type="module"></script><script src="/janusec-admin/runtime-es5.871528d607deca2f7955.js" nomodule defer></script><script src="/janusec-admin/polyfills-es5.aa2ca4297f425c58cd1c.js" nomodule defer></script><script src="/janusec-admin/polyfills-es2015.bf3b0982128d918baf6a.js" type="module"></script><script src="/janusec-admin/main-es2015.3d249a116c0e53e1af34.js" type="module"></script><script src="/janusec-admin/main-es5.3d249a116c0e53e1af34.js" nomodule defer></script></body>
-</html>
+<script src="/janusec-admin/runtime-es2015.871528d607deca2f7955.js" type="module"></script><script src="/janusec-admin/runtime-es5.871528d607deca2f7955.js" nomodule defer></script><script src="/janusec-admin/polyfills-es5.aa2ca4297f425c58cd1c.js" nomodule defer></script><script src="/janusec-admin/polyfills-es2015.bf3b0982128d918baf6a.js" type="module"></script><script src="/janusec-admin/main-es2015.9b510fd27c80e2436f66.js" type="module"></script><script src="/janusec-admin/main-es5.9b510fd27c80e2436f66.js" nomodule defer></script></body>
+
+</html>
Original file line number	Diff line number	Diff line change
`@@ -31,15 +31,15 @@ func GenerateBlockPage(w http.ResponseWriter, hitInfo *models.HitInfo) {`
`31`	`31`	`}`
`32`	`32`	`}`
`33`	`33`
`34`		`-// GenerateBlockConcent ...`
`35`		`-func GenerateBlockConcent(hitInfo *models.HitInfo) []byte {`
	`34`	`+// GenerateBlockContent ...`
	`35`	`+func GenerateBlockContent(hitInfo *models.HitInfo) []byte {`
`36`	`36`	`if tmplBlockResp == nil {`
`37`	`37`	`tmplBlockResp, _ = template.New("blockResp").Parse(data.NodeSetting.BlockHTML)`
`38`	`38`	`}`
`39`	`39`	`buf := &bytes.Buffer{}`
`40`	`40`	`err := tmplBlockResp.Execute(buf, hitInfo)`
`41`	`41`	`if err != nil {`
`42`		`- utils.DebugPrintln("GenerateBlockConcent tmpl.Execute error", err)`
	`42`	`+ utils.DebugPrintln("GenerateBlockContent tmpl.Execute error", err)`
`43`	`43`	`}`
`44`	`44`	`return buf.Bytes()`
`45`	`45`	`}`