I'm trying to log into facebook, I'm new to this so I hope you can give me some pointers.
I'm trying spring social, because is the only one I found with a complete example, which logs in successfully, but it doesn't delete the cookie once I log out(even when I tried to set the cookie max age to 0).
So please can anyone tell me how to fix this or maybe a better(or easier) way to do this [log in]?
I thank your help in advance
I doubt that setting the max age to 0 will work in this case. Try to use method removeCookie from the class UserCookieGenerator instead - https://github.com/SpringSource/spring-social-samples/commit/431be39b3132ed8f5e2ebe377515f7da20c8ef17#diff-5
Hope it helps
Related
I'm trying to make the SwaggerUi interface not ask for authorization every time I boot.
I tried to enter in my Configure class:
.authorizeRequests().antMatchers("/actuator/**","/mypath/**").permitAll()
and
.authorizeRequests().antMatchers("/mypath/**").permitAll()
but without success.
Actuator on the other hand works fine without authorization with this code structure
Thanks everyone for a possible answer!
The basic problem is that even in the Sprinc-doc documentation they put you the case that you entered too. In order to make the code work you have to enter multiple permissions, one for each path. In your case it will have to be something like this:
.authorizeRequests().antMatchers("/actuator/**","/v2/**","/mypath/**","/swagger.yml","/anypath/").permitAll()
Try this:
.authorizeRequests().antMatchers("/swagger-ui/**").permitAll()
Then just go here:
http://localhost:[YOUR PORT]/swagger-ui/
p.s Don't forget the / at the end of the URL :)
I am using FME to get output from the following: https://coronavirus.data.gov.uk/developers-guide
I am just a beginner and is first time I want to write this up. To generate an Output URL from this with the relevant columns, can anyone explain what I need to get the request URL. I am using GET as the HTTP method
An example of a url i get some data out of is - https://soa.smext.faa.gov/asws/api/airport/status/SFO
But when i try with the links below which i tested does not get any output https://api.coronavirus.data.gov.uk/v1/data?filters=areaType=nation;areaName=england&structure=%7B%22name%22:%22areaName%22%7D
https://api.coronavirus.data.gov.uk//v1/data?filters=areaType=nation;areaName=england&structure={"date":"date","areaName":"areaName","areaCode":"areaCode","newCasesByPublishDate":"2020-07-07","cumCasesByPublishDate":"2020-08-08","newDeathsByDeathDate":"2020-02-06","cumDeathsByDeathDate":"2020-06-09"}
This is a better link for you to try out.
https://api.coronavirus.data.gov.uk/v1/data?filters=areaType=nation;areaName=england&structure={%22date%22:%22date%22,%22areaName%22:%22areaName%22,%22areaCode%22:%22areaCode%22,%22newCasesByPublishDate%22:%22newCasesByPublishDate%22,%22cumCasesByPublishDate%22:%22cumCasesByPublishDate%22,%22newDeaths28DaysByDeathDate%22:%22newDeaths28DaysByDeathDate%22}
Took me a while to suss it out.
I am trying to allow slashes in my Path:
#Path("/user/{login}/points")
by using this solution so it becomes:
#Path("/user/{login : .+}/points")
but it will not work anytime a user names their account e.g
test/points
because only "test" will be passed. It works fine with test/test or any other login not ending with /points.
I have no idea how should I solve this. I need it as String param and it's set by user.
Thanks for any help!
Looks like I found the solution myself with a little help of #YCF_L (sadly he deleted his comment).
Solution:
#Path("/user/{login : .+(?=\\/points)}")
I am working on an android app which helps the user login. The site which I want to login is this
I have been now searching for 2 days straight but haven't found myself any answer as to what all I should post.
The problem that I am facing is what all parameters should I post ? I have tried every possible combination of hidden and non-hidden and also tried with cookies.
It would be really kind of you if you could give me the list of the parameters that I should include in my request.
As of now , this is my code
Document docl = Jsoup.connect("http://erp.mitpune.com/AdminLogin.aspx")
.data("__VIEWSTATE","/wEPDwUINDA4MDU2ODdkZGYVkCI+Zarbu9B42es/RUu7ZNbD")
.data("txtPassword","*******")
.data("__LASTFOCUS","")
.data("__EVENTTARGET","")
.data("__EVENTARGUMENT","")
.data("__VIEWSTATE","/wEPDwUINDA4MDU2ODdkZGYVkCI+Zarbu9B42es/RUu7ZNbD")
.data("__VIEWSTATEGENERATOR","B8B84CAE")
.data("hdnMsg","")
.data("txtUserId","********")
.data("btnLogin","Login")
.method(Connection.Method.POST).post();
I am using jsoup,on android studio, but just the list would help me a lot.
Thanks in advance
txtUserId and txtPassword
posted to Adminlogin.aspx
inside form1
so form1.txtUserId and form1.txtPassword
This is a quick output of data variables by Fiddler Chrome Extension
ScriptManager1: UpdatePanel1|btnLogin
__ASYNCPOST: true
__EVENTARGUMENT:
__EVENTTARGET: btnLogin
__LASTFOCUS:
__VIEWSTATE: /wEPDwUINDA4MDU2ODdkZGYVkCI+Zarbu9B42es/RUu7ZNbD
__VIEWSTATEGENERATOR: B8B84CAE
hdnMsg:
txtPassword: sasasa
txtUserId: jajas
Seems like _ASYNCPOST and ScriptManager1 are not in your post variables .
I am using Fortify SCA to find the security issues in my application (as a university homework). I have encountered some 'Log Forging' issues which I am not able to get rid off.
Basically, I log some values that come as user input from a web interface:
logger.warn("current id not valid - " + bean.getRecordId()));
and Fortify reports this as a log forging issue, because the getRecordId() returns an user input.
I have followed this article, and I am replacing the 'new line' with space, but the issue is still reported
logger.warn("current id not valid - " + Util.replaceNewLine(bean.getRecordId()));
Can anyone suggest a way to fix this issue?
I know this was already answered, but I thought an example would be nice :)
<?xml version="1.0" encoding="UTF-8"?>
<RulePack xmlns="xmlns://www.fortifysoftware.com/schema/rules">
<RulePackID>D82118B1-BBAE-4047-9066-5FC821E16456</RulePackID>
<SKU>SKU-Validated-Log-Forging</SKU>
<Name><![CDATA[Validated-Log-Forging]]></Name>
<Version>1.0</Version>
<Description><![CDATA[Validated-Log-Forging]]></Description>
<Rules version="3.14">
<RuleDefinitions>
<DataflowCleanseRule formatVersion="3.14" language="java">
<RuleID>DDAB5D73-8CF6-45E0-888C-EEEFBEFF2CD5</RuleID>
<TaintFlags>+VALIDATED_LOG_FORGING</TaintFlags>
<FunctionIdentifier>
<NamespaceName>
<Pattern/>
</NamespaceName>
<ClassName>
<Pattern>Util</Pattern>
</ClassName>
<FunctionName>
<Pattern>replaceNewLine</Pattern>
</FunctionName>
<ApplyTo implements="true" overrides="true" extends="true"/>
</FunctionIdentifier>
<OutArguments>return</OutArguments>
</DataflowCleanseRule>
</RuleDefinitions>
</Rules>
</RulePack>
Alina, I'm actually the author of the article you used to solve your log injection issue. Hope it was helpful.
Vitaly is correct with regards to Fortify. You'll need to build what Fortify calls a "custom rule".
It will likely be a dataflow cleanse rule. A basic example can be found here: http://www.cigital.com/newsletter/2009-11-tips.php. If you own Fortify, there should be a custom rule writing guide in your product documentation.
I don't know what the taint flag you'll use is, but it would look something like "-LOG_FORGING". You would essentially write a rule to remove the log forging "taint" whenever data is passed through your utility method. Fortify will them assume that any data passed through there is now safe to be written to a log, and will not cause log forging.
You need to mark your replaceNewLine as sanitiser in Fortify (if I remember correctly) and it will stop reporting the issue.
You can actually create a new rule from a particular method.
Navigate to the function on the right side of audit workbench after you've done a scan.
Find your sanitizing method and right click on it.
You can generate a rule from it. What you want is a general DataflowCleanseRule.
I just did this based on the xml someone posted above. You can save the rule as a .xml file.
When updating your scan you can pass the -rule argument and point at the .xml file.