scanners/zap/examples/demo-bodgeit-baseline-scan/findings.yaml
# SPDX-FileCopyrightText: the secureCodeBox authors
#
# SPDX-License-Identifier: Apache-2.0
[
{
"name": "Content Security Policy (CSP) Header Not Set",
"description": "Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.",
"category": "Content Security Policy (CSP) Header Not Set",
"location": "http://bodgeit.demo-targets.svc:8080",
"osi_layer": "APPLICATION",
"severity": "LOW",
"attributes":
{
"hostname": "bodgeit.demo-targets.svc",
"zap_confidence": "2",
"zap_count": "298",
"zap_solution": 'Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header, to achieve optimal browser support: "Content-Security-Policy" for Chrome 25+, Firefox 23+ and Safari 7+, "X-Content-Security-Policy" for Firefox 4.0+ and Internet Explorer 10+, and "X-WebKit-CSP" for Chrome 14+ and Safari 6+.',
"zap_otherinfo": null,
"zap_reference": "https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policyhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.htmlhttp://www.w3.org/TR/CSP/http://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.htmlhttp://www.html5rocks.com/en/tutorials/security/content-security-policy/http://caniuse.com/#feat=contentsecuritypolicyhttp://content-security-policy.com/",
"zap_cweid": "16",
"zap_wascid": "15",
"zap_riskcode": "1",
"zap_pluginid": "10038",
"zap_finding_urls":
[
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/tagplugin/choose.html",
"method": "GET",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/config/valve.html",
"method": "GET",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/jsp2/tagfiles/panel.jsp.html",
"method": "GET",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/config/loader.html",
"method": "GET",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/connectors.html",
"method": "GET",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/jsp2/simpletag/HelloWorldSimpleTag.java.html",
"method": "GET",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/apr.html",
"method": "GET",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/appdev/introduction.html",
"method": "GET",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/config/listeners.html",
"method": "GET",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/servlets/servlet/SessionExample",
"method": "POST",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/class-loader-howto.html",
"method": "GET",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/servlets/servlet/RequestParamExample",
"method": "POST",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/jsp2/jspx/textRotate.jspx.html",
"method": "GET",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/servlets/helloworld.html",
"method": "GET",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/sessions/carts.html",
"method": "GET",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/security-howto.html",
"method": "GET",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/jasper-howto.html",
"method": "GET",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/jsp2/misc/config.jsp.html",
"method": "GET",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/config/cluster-interceptor.html",
"method": "GET",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/config/index.html",
"method": "GET",
},
],
},
"id": "7e32d4f4-97e2-4d72-8aaf-cd3170096b85",
},
{
"name": "X-Frame-Options Header Not Set",
"description": "X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.",
"category": "X-Frame-Options Header Not Set",
"location": "http://bodgeit.demo-targets.svc:8080",
"osi_layer": "APPLICATION",
"severity": "MEDIUM",
"attributes":
{
"hostname": "bodgeit.demo-targets.svc",
"zap_confidence": "2",
"zap_count": "280",
"zap_solution": "Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. ALLOW-FROM allows specific websites to frame the web page in supported web browsers).",
"zap_otherinfo": null,
"zap_reference": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options",
"zap_cweid": "16",
"zap_wascid": "15",
"zap_riskcode": "2",
"zap_pluginid": "10020",
"zap_finding_urls":
[
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/rewrite.html",
"method": "GET",
"param": "X-Frame-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/funcspecs/mbean-names.html",
"method": "GET",
"param": "X-Frame-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/tribes/faq.html",
"method": "GET",
"param": "X-Frame-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/include/include.jsp.html",
"method": "GET",
"param": "X-Frame-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/config/cluster.html",
"method": "GET",
"param": "X-Frame-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/config/automatic-deployment.html",
"method": "GET",
"param": "X-Frame-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/colors/colors.html",
"method": "GET",
"param": "X-Frame-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/jsp2/tagfiles/hello.jsp",
"method": "GET",
"param": "X-Frame-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/jsp2/jspattribute/shuffle.jsp.html",
"method": "GET",
"param": "X-Frame-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/websocket/index.xhtml",
"method": "GET",
"param": "X-Frame-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/cluster-howto.html",
"method": "GET",
"param": "X-Frame-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/websocket/echo.xhtml",
"method": "GET",
"param": "X-Frame-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/jsptoserv/jts.html",
"method": "GET",
"param": "X-Frame-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/simpletag/foo.html",
"method": "GET",
"param": "X-Frame-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/jsp2/el/Functions.java.html",
"method": "GET",
"param": "X-Frame-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/tagplugin/choose.jsp",
"method": "GET",
"param": "X-Frame-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/tribes/interceptors.html",
"method": "GET",
"param": "X-Frame-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/funcspecs/fs-jndi-realm.html",
"method": "GET",
"param": "X-Frame-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/dates/date.html",
"method": "GET",
"param": "X-Frame-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/servlets/servlet/RequestHeaderExample",
"method": "GET",
"param": "X-Frame-Options",
},
],
},
"id": "81e0f441-e995-415e-a2fb-3888029538d3",
},
{
"name": 'Server Leaks Version Information via "Server" HTTP Response Header Field',
"description": 'The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.',
"category": 'Server Leaks Version Information via "Server" HTTP Response Header Field',
"location": "http://bodgeit.demo-targets.svc:8080",
"osi_layer": "APPLICATION",
"severity": "LOW",
"attributes":
{
"hostname": "bodgeit.demo-targets.svc",
"zap_confidence": "3",
"zap_count": "337",
"zap_solution": 'Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.',
"zap_otherinfo": null,
"zap_reference": "http://httpd.apache.org/docs/current/mod/core.html#servertokenshttp://msdn.microsoft.com/en-us/library/ff648552.aspx#ht_urlscan_007http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspxhttp://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html",
"zap_cweid": "200",
"zap_wascid": "13",
"zap_riskcode": "1",
"zap_pluginid": "10036",
"zap_finding_urls":
[
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/config/filter.html",
"method": "GET",
"evidence": "Apache-Coyote/1.1",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/num/numguess.jsp.html",
"method": "GET",
"evidence": "Apache-Coyote/1.1",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/jsp2/el/implicit-objects.html",
"method": "GET",
"evidence": "Apache-Coyote/1.1",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/cal/cal2.jsp.html",
"method": "GET",
"evidence": "Apache-Coyote/1.1",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/appdev/index.html",
"method": "GET",
"evidence": "Apache-Coyote/1.1",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/jsp2/simpletag/hello.html",
"method": "GET",
"evidence": "Apache-Coyote/1.1",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/jsp2/simpletag/book.jsp.html",
"method": "GET",
"evidence": "Apache-Coyote/1.1",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/jsp2/el/basic-comparisons.jsp.html",
"method": "GET",
"evidence": "Apache-Coyote/1.1",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/config/http.html",
"method": "GET",
"evidence": "Apache-Coyote/1.1",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/tribes/developers.html",
"method": "GET",
"evidence": "Apache-Coyote/1.1",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/maven-jars.html",
"method": "GET",
"evidence": "Apache-Coyote/1.1",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/config/service.html",
"method": "GET",
"evidence": "Apache-Coyote/1.1",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/mbeans-descriptors-howto.html",
"method": "GET",
"evidence": "Apache-Coyote/1.1",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/websocket/chat.xhtml",
"method": "GET",
"evidence": "Apache-Coyote/1.1",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/api/org/apache/catalina/Host.html",
"method": "GET",
"evidence": "Apache-Coyote/1.1",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/snp/snoop.jsp.html",
"method": "GET",
"evidence": "Apache-Coyote/1.1",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/jsp2/el/functions.jsp.html",
"method": "GET",
"evidence": "Apache-Coyote/1.1",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/jsp2/jspattribute/shuffle.html",
"method": "GET",
"evidence": "Apache-Coyote/1.1",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/tagplugin/foreach.jsp",
"method": "GET",
"evidence": "Apache-Coyote/1.1",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/funcspecs/fs-admin-objects.html",
"method": "GET",
"evidence": "Apache-Coyote/1.1",
},
],
},
"id": "bbd6f2df-c5b0-4f0e-aeed-11936f32b826",
},
{
"name": "Timestamp Disclosure - Unix",
"description": "A timestamp was disclosed by the application/web server - Unix",
"category": "Timestamp Disclosure - Unix",
"location": "http://bodgeit.demo-targets.svc:8080",
"osi_layer": "APPLICATION",
"severity": "INFORMATIONAL",
"attributes":
{
"hostname": "bodgeit.demo-targets.svc",
"zap_confidence": "1",
"zap_count": "51",
"zap_solution": "Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.",
"zap_otherinfo": "0000000039, which evaluates to: 1970-01-01 00:00:39",
"zap_reference": "http://projects.webappsec.org/w/page/13246936/Information%20Leakage",
"zap_cweid": "200",
"zap_wascid": "13",
"zap_riskcode": "0",
"zap_pluginid": "10096",
"zap_finding_urls":
[
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/architecture/startup/serverStartup.pdf",
"method": "GET",
"evidence": "0000000039",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/architecture/startup/serverStartup.pdf",
"method": "GET",
"evidence": "0000000008",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/architecture/startup/serverStartup.pdf",
"method": "GET",
"evidence": "0000014963",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/architecture/startup/serverStartup.pdf",
"method": "GET",
"evidence": "0000018373",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/snp/snoop.jsp",
"method": "GET",
"evidence": "20100101",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/architecture/startup/serverStartup.pdf",
"method": "GET",
"evidence": "0000000018",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/architecture/startup/serverStartup.pdf",
"method": "GET",
"evidence": "0000005503",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/architecture/startup/serverStartup.pdf",
"method": "GET",
"evidence": "0000000026",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/architecture/startup/serverStartup.pdf",
"method": "GET",
"evidence": "0000015294",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/architecture/startup/serverStartup.pdf",
"method": "GET",
"evidence": "0000016347",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/architecture/startup/serverStartup.pdf",
"method": "GET",
"evidence": "0000002280",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/architecture/startup/serverStartup.pdf",
"method": "GET",
"evidence": "0000043589",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/architecture/startup/serverStartup.pdf",
"method": "GET",
"evidence": "0000015448",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/architecture/startup/serverStartup.pdf",
"method": "GET",
"evidence": "0000007734",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/architecture/startup/serverStartup.pdf",
"method": "GET",
"evidence": "0000010013",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/manager-howto.html",
"method": "GET",
"evidence": "46800300",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/architecture/startup/serverStartup.pdf",
"method": "GET",
"evidence": "0000005214",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/architecture/startup/serverStartup.pdf",
"method": "GET",
"evidence": "0000043442",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/architecture/startup/serverStartup.pdf",
"method": "GET",
"evidence": "0000005368",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/architecture/startup/serverStartup.pdf",
"method": "GET",
"evidence": "0000000301",
},
],
},
"id": "322a8f55-aac1-4e2b-8ef5-1da7c9f89497",
},
{
"name": "Reverse Tabnabbing",
"description": 'At least one link on this page is vulnerable to Reverse tabnabbing as it uses a target attribute without using both of the "noopener" and "noreferrer" keywords in the "rel" attribute, which allows the target page to take control of this page.',
"category": "Reverse Tabnabbing",
"location": "http://bodgeit.demo-targets.svc:8080",
"osi_layer": "APPLICATION",
"severity": "MEDIUM",
"attributes":
{
"hostname": "bodgeit.demo-targets.svc",
"zap_confidence": "2",
"zap_count": "102",
"zap_solution": 'Do not use a target attribute, or if you have to then also add the attribute: rel="noopener noreferrer".',
"zap_otherinfo": null,
"zap_reference": "https://owasp.org/www-community/attacks/Reverse_Tabnabbinghttps://dev.to/ben/the-targetblank-vulnerability-by-examplehttps://mathiasbynens.github.io/rel-noopener/https://medium.com/@jitbit/target-blank-the-most-underestimated-vulnerability-ever-96e328301f4c",
"zap_cweid": null,
"zap_wascid": null,
"zap_riskcode": "2",
"zap_pluginid": "10108",
"zap_finding_urls":
[
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/class-loader-howto.html",
"method": "GET",
"evidence": '<a href="http://www.apache.org/" target="_blank"><img src="./images/asf-feather.png" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a>',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/virtual-hosting-howto.html",
"method": "GET",
"evidence": '<a href="http://www.apache.org/" target="_blank"><img src="./images/asf-feather.png" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a>',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/config/cluster-valve.html",
"method": "GET",
"evidence": '<a href="http://www.apache.org/" target="_blank"><img src="../images/asf-feather.png" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a>',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/windows-service-howto.html",
"method": "GET",
"evidence": '<a href="http://www.apache.org/" target="_blank"><img src="./images/asf-feather.png" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a>',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/config/cluster-manager.html",
"method": "GET",
"evidence": '<a href="http://www.apache.org/" target="_blank"><img src="../images/asf-feather.png" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a>',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/apr.html",
"method": "GET",
"evidence": '<a href="http://www.apache.org/" target="_blank"><img src="./images/asf-feather.png" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a>',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/connectors.html",
"method": "GET",
"evidence": '<a href="http://www.apache.org/" target="_blank"><img src="./images/asf-feather.png" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a>',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/security-howto.html",
"method": "GET",
"evidence": '<a href="http://www.apache.org/" target="_blank"><img src="./images/asf-feather.png" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a>',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/config/cluster-channel.html",
"method": "GET",
"evidence": '<a href="http://www.apache.org/" target="_blank"><img src="../images/asf-feather.png" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a>',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/jasper-howto.html",
"method": "GET",
"evidence": '<a href="http://www.apache.org/" target="_blank"><img src="./images/asf-feather.png" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a>',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/tribes/transport.html",
"method": "GET",
"evidence": '<a href="http://www.apache.org/" target="_blank"><img src="../images/asf-feather.png" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a>',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/tribes/status.html",
"method": "GET",
"evidence": '<a href="http://www.apache.org/" target="_blank"><img src="../images/asf-feather.png" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a>',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/appdev/processes.html",
"method": "GET",
"evidence": '<a href="http://www.apache.org/" target="_blank"><img src="../images/asf-feather.png" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a>',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/config/realm.html",
"method": "GET",
"evidence": '<a href="http://www.apache.org/" target="_blank"><img src="../images/asf-feather.png" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a>',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/funcspecs/index.html",
"method": "GET",
"evidence": '<a href="http://www.apache.org/" target="_blank"><img src="../images/asf-feather.png" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a>',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/building.html",
"method": "GET",
"evidence": '<a href="http://www.apache.org/" target="_blank"><img src="./images/asf-feather.png" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a>',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/tribes/introduction.html",
"method": "GET",
"evidence": '<a href="http://www.apache.org/" target="_blank"><img src="../images/asf-feather.png" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a>',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/config/systemprops.html",
"method": "GET",
"evidence": '<a href="http://www.apache.org/" target="_blank"><img src="../images/asf-feather.png" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a>',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/tribes/membership.html",
"method": "GET",
"evidence": '<a href="http://www.apache.org/" target="_blank"><img src="../images/asf-feather.png" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a>',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/config/cluster-deployer.html",
"method": "GET",
"evidence": '<a href="http://www.apache.org/" target="_blank"><img src="../images/asf-feather.png" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a>',
},
],
},
"id": "3c92d43d-c321-47bc-a75d-8823cb69a4b9",
},
{
"name": "X-Content-Type-Options Header Missing",
"description": "The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.",
"category": "X-Content-Type-Options Header Missing",
"location": "http://bodgeit.demo-targets.svc:8080",
"osi_layer": "APPLICATION",
"severity": "LOW",
"attributes":
{
"hostname": "bodgeit.demo-targets.svc",
"zap_confidence": "2",
"zap_count": "316",
"zap_solution": "Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.",
"zap_otherinfo": 'This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.At "High" threshold this scanner will not alert on client or server error responses.',
"zap_reference": "http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspxhttps://owasp.org/www-community/Security_Headers",
"zap_cweid": "16",
"zap_wascid": "15",
"zap_riskcode": "1",
"zap_pluginid": "10021",
"zap_finding_urls":
[
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/jsptoserv/jts.html",
"method": "GET",
"param": "X-Content-Type-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/config/automatic-deployment.html",
"method": "GET",
"param": "X-Content-Type-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/funcspecs/mbean-names.html",
"method": "GET",
"param": "X-Content-Type-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/include/include.jsp.html",
"method": "GET",
"param": "X-Content-Type-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/rewrite.html",
"method": "GET",
"param": "X-Content-Type-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/config/cluster.html",
"method": "GET",
"param": "X-Content-Type-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/jsp2/el/basic-arithmetic.jsp",
"method": "GET",
"param": "X-Content-Type-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/tomcat.png",
"method": "GET",
"param": "X-Content-Type-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/colors/colors.html",
"method": "GET",
"param": "X-Content-Type-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/images/asf-feather.png",
"method": "GET",
"param": "X-Content-Type-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/funcspecs/fs-admin-apps.html",
"method": "GET",
"param": "X-Content-Type-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/introduction.html",
"method": "GET",
"param": "X-Content-Type-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/tribes/faq.html",
"method": "GET",
"param": "X-Content-Type-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/servletapi/index.html",
"method": "GET",
"param": "X-Content-Type-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/jsp2/misc/dynamicattrs.jsp.html",
"method": "GET",
"param": "X-Content-Type-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/building.html",
"method": "GET",
"param": "X-Content-Type-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/jsp2/jspattribute/shuffle.jsp.html",
"method": "GET",
"param": "X-Content-Type-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/images/code.gif",
"method": "GET",
"param": "X-Content-Type-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/config/cluster-receiver.html",
"method": "GET",
"param": "X-Content-Type-Options",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/deployer-howto.html",
"method": "GET",
"param": "X-Content-Type-Options",
},
],
},
"id": "8843596f-ab70-4385-ad6d-604677c9014f",
},
{
"name": "Absence of Anti-CSRF Tokens",
"description": "No Anti-CSRF tokens were found in a HTML submission form.A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.CSRF attacks are effective in a number of situations, including: * The victim has an active session on the target site. * The victim is authenticated via HTTP auth on the target site. * The victim is on the same local network as the target site.CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.",
"category": "Absence of Anti-CSRF Tokens",
"location": "http://bodgeit.demo-targets.svc:8080",
"osi_layer": "APPLICATION",
"severity": "LOW",
"attributes":
{
"hostname": "bodgeit.demo-targets.svc",
"zap_confidence": "2",
"zap_count": "29",
"zap_solution": "Phase: Architecture and DesignUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.For example, use anti-CSRF packages such as the OWASP CSRFGuard.Phase: ImplementationEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.Phase: Architecture and DesignGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).Note that this can be bypassed using XSS.Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.Note that this can be bypassed using XSS.Use the ESAPI Session Management control.This control includes a component for CSRF.Do not use the GET method for any request that triggers a state change.Phase: ImplementationCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.",
"zap_otherinfo": 'No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret] was found in the following HTML form: [Form 1: "guess" ].',
"zap_reference": "http://projects.webappsec.org/Cross-Site-Request-Forgeryhttp://cwe.mitre.org/data/definitions/352.html",
"zap_cweid": "352",
"zap_wascid": "9",
"zap_riskcode": "1",
"zap_pluginid": "10202",
"zap_finding_urls":
[
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/num/numguess.jsp",
"method": "GET",
"evidence": "<form method=get>",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/servlets/servlet/SessionExample?dataname=foo&datavalue=bar",
"method": "GET",
"evidence": '<form action="SessionExample" method=GET>',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/sessions/carts.html",
"method": "GET",
"evidence": "<form type=POST action=carts.jsp>",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/cal/cal1.jsp?action=Submit&email=ZAP&name=ZAP",
"method": "GET",
"evidence": "<FORM METHOD=POST ACTION=cal1.jsp>",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/servlets/servlet/CookieExample",
"method": "POST",
"evidence": '<form action="CookieExample" method=POST>',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/servlets/servlet/SessionExample",
"method": "GET",
"evidence": '<form action="SessionExample" method=GET>',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/servlets/servlet/SessionExample?dataname=ZAP&datavalue=ZAP",
"method": "GET",
"evidence": '<form action="SessionExample" method=GET>',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/checkbox/check.html",
"method": "GET",
"evidence": "<FORM TYPE=POST ACTION=checkresult.jsp>",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/error/error.html",
"method": "GET",
"evidence": "<form method=get action=err.jsp>",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/sessions/carts.jsp?item=X-files+movie&submit=add",
"method": "GET",
"evidence": "<form type=POST action=carts.jsp>",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/jsp2/el/implicit-objects.jsp?foo=bar",
"method": "GET",
"evidence": '<form action="implicit-objects.jsp" method="GET">',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/security/protected/index.jsp",
"method": "GET",
"evidence": '<form method="POST" action=''j_security_check'' >',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/servlets/servlet/RequestParamExample",
"method": "POST",
"evidence": '<form action="RequestParamExample" method=POST>',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/jsp2/el/functions.jsp?foo=JSP+2.0",
"method": "GET",
"evidence": '<form action="functions.jsp" method="GET">',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/servlets/nonblocking/bytecounter.html",
"method": "GET",
"evidence": '<form method="POST" enctype="multipart/form-data" action="bytecounter" >',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/colors/colors.html",
"method": "GET",
"evidence": "<form method=GET action=colrs.jsp>",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/servlets/servlet/SessionExample",
"method": "GET",
"evidence": '<form action="SessionExample" method=POST>',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/cal/login.html",
"method": "GET",
"evidence": "<form method=GET action=cal1.jsp>",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/num/numguess.jsp?guess=ZAP",
"method": "GET",
"evidence": "<form method=get>",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/sessions/carts.jsp?item=X-files+movie&submit=remove",
"method": "GET",
"evidence": "<form type=POST action=carts.jsp>",
},
],
},
"id": "7e0751eb-ae31-4686-b0b5-53df0e00ea4b",
},
{
"name": "User Controllable HTML Element Attribute (Potential XSS)",
"description": "This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.",
"category": "User Controllable HTML Element Attribute (Potential XSS)",
"location": "http://bodgeit.demo-targets.svc:8080",
"osi_layer": "APPLICATION",
"severity": "INFORMATIONAL",
"attributes":
{
"hostname": "bodgeit.demo-targets.svc",
"zap_confidence": "1",
"zap_count": "7",
"zap_solution": "Validate all input and sanitize output it before writing to any HTML attributes.",
"zap_otherinfo": "User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:http://bodgeit.demo-targets.svc:8080/examples/jsp/colors/colrs.jsp?action=Hint&color1=ZAP&color2=ZAPappears to include user input in: a(n) [input] tag [value] attribute The user input found was:action=HintThe user-controlled value was:hint",
"zap_reference": "http://websecuritytool.codeplex.com/wikipage?title=Checks#user-controlled-html-attribute",
"zap_cweid": "20",
"zap_wascid": "20",
"zap_riskcode": "0",
"zap_pluginid": "10031",
"zap_finding_urls":
[
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/colors/colrs.jsp?action=Hint&color1=ZAP&color2=ZAP",
"method": "GET",
"param": "action",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/colors/colrs.jsp?action=Submit&color1=ZAP&color2=ZAP",
"method": "GET",
"param": "action",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/jsp2/el/functions.jsp?foo=JSP+2.0",
"method": "GET",
"param": "foo",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/jsp2/el/implicit-objects.jsp?foo=bar",
"method": "GET",
"param": "foo",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/sessions/carts.jsp?item=X-files+movie&submit=remove",
"method": "GET",
"param": "submit",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/colors/colrs.jsp?action=Submit&color1=ZAP&color2=ZAP",
"method": "GET",
"param": "action",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/sessions/carts.jsp?item=X-files+movie&submit=add",
"method": "GET",
"param": "submit",
},
],
},
"id": "1139b86b-5eb2-4ef9-b5f3-24beeedafbf2",
},
{
"name": "Private IP Disclosure",
"description": "A private IP (such as 10.x.x.x, 172.x.x.x, 192.168.x.x) or an Amazon EC2 private hostname (for example, ip-10-0-56-78) has been found in the HTTP response body. This information might be helpful for further attacks targeting internal systems.",
"category": "Private IP Disclosure",
"location": "http://bodgeit.demo-targets.svc:8080",
"osi_layer": "APPLICATION",
"severity": "LOW",
"attributes":
{
"hostname": "bodgeit.demo-targets.svc",
"zap_confidence": "2",
"zap_count": "4",
"zap_solution": "Remove the private IP address from the HTTP response body. For comments, use JSP/ASP/PHP comment instead of HTML/JavaScript comment which can be seen by client browsers.",
"zap_otherinfo": "10.1.20.26",
"zap_reference": "https://tools.ietf.org/html/rfc1918",
"zap_cweid": "200",
"zap_wascid": "13",
"zap_riskcode": "1",
"zap_pluginid": "2",
"zap_finding_urls":
[
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/servlets/servlet/RequestInfoExample",
"method": "GET",
"evidence": "10.1.20.26",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/snp/snoop.jsp",
"method": "GET",
"evidence": "10.1.20.26",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/config/filter.html",
"method": "GET",
"evidence": "192.168.0.10",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/monitoring.html",
"method": "GET",
"evidence": "192.168.1.75",
},
],
},
"id": "32b8e793-7258-4e6b-bc60-f13ab05dc489",
},
{
"name": "Application Error Disclosure",
"description": "This page contains an error/warning message that may disclose sensitive information like the location of the file that produced the unhandled exception. This information can be used to launch further attacks against the web application. The alert could be a false positive if the error message is found inside a documentation page.",
"category": "Application Error Disclosure",
"location": "http://bodgeit.demo-targets.svc:8080",
"osi_layer": "APPLICATION",
"severity": "MEDIUM",
"attributes":
{
"hostname": "bodgeit.demo-targets.svc",
"zap_confidence": "2",
"zap_count": "5",
"zap_solution": "Review the source code of this page. Implement custom error pages. Consider implementing a mechanism to provide a unique error reference/identifier to the client (browser) while logging the details on the server side and not exposing them to the user.",
"zap_otherinfo": null,
"zap_reference": null,
"zap_cweid": "200",
"zap_wascid": "13",
"zap_riskcode": "2",
"zap_pluginid": "90022",
"zap_finding_urls":
[
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/jndi-resources-howto.html",
"method": "GET",
"evidence": "JDBC Driver",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/manager-howto.html",
"method": "GET",
"evidence": "java.lang.NumberFormatException: For input string:",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/jndi-datasource-examples-howto.html",
"method": "GET",
"evidence": "JDBC Driver",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/config/listeners.html",
"method": "GET",
"evidence": "JDBC Driver",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/config/valve.html",
"method": "GET",
"evidence": "Error Report",
},
],
},
"id": "13184616-ff12-4785-8c31-1c9d9d11942a",
},
{
"name": "Modern Web Application",
"description": "The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.",
"category": "Modern Web Application",
"location": "http://bodgeit.demo-targets.svc:8080",
"osi_layer": "APPLICATION",
"severity": "INFORMATIONAL",
"attributes":
{
"hostname": "bodgeit.demo-targets.svc",
"zap_confidence": "2",
"zap_count": "4",
"zap_solution": "This is an informational alert and so no changes are required.",
"zap_otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application.",
"zap_reference": null,
"zap_cweid": null,
"zap_wascid": null,
"zap_riskcode": "0",
"zap_pluginid": "10109",
"zap_finding_urls":
[
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/websocket/echo.xhtml",
"method": "GET",
"evidence": "<script type=\"application/javascript\"><![CDATA[\n \"use strict\";\n\n var ws = null;\n\n function setConnected(connected) {\n document.getElementById('connect').disabled = connected;\n document.getElementById('disconnect').disabled = !connected;\n document.getElementById('echo').disabled = !connected;\n }\n\n function connect() {\n var target = document.getElementById('target').value;\n if (target == '') {\n alert('Please select server side connection implementation.');\n return;\n }\n if ('WebSocket' in window) {\n ws = new WebSocket(target);\n } else if ('MozWebSocket' in window) {\n ws = new MozWebSocket(target);\n } else {\n alert('WebSocket is not supported by this browser.');\n return;\n }\n ws.onopen = function () {\n setConnected(true);\n log('Info: WebSocket connection opened.');\n };\n ws.onmessage = function (event) {\n log('Received: ' + event.data);\n };\n ws.onclose = function (event) {\n setConnected(false);\n log('Info: WebSocket connection closed, Code: ' + event.code + (event.reason == \"\" ? \"\" : \", Reason: \" + event.reason));\n };\n }\n\n function disconnect() {\n if (ws != null) {\n ws.close();\n ws = null;\n }\n setConnected(false);\n }\n\n function echo() {\n if (ws != null) {\n var message = document.getElementById('message').value;\n log('Sent: ' + message);\n ws.send(message);\n } else {\n alert('WebSocket connection not established, please connect.');\n }\n }\n\n function updateTarget(target) {\n if (window.location.protocol == 'http:') {\n document.getElementById('target').value = 'ws://' + window.location.host + target;\n } else {\n document.getElementById('target').value = 'wss://' + window.location.host + target;\n }\n }\n\n function log(message) {\n var console = document.getElementById('console');\n var p = document.createElement('p');\n p.style.wordWrap = 'break-word';\n p.appendChild(document.createTextNode(message));\n console.appendChild(p);\n while (console.childNodes.length > 25) {\n console.removeChild(console.firstChild);\n }\n console.scrollTop = console.scrollHeight;\n }\n\n\n document.addEventListener(\"DOMContentLoaded\", function() {\n // Remove elements with \"noscript\" class - <noscript> is not allowed in XHTML\n var noscripts = document.getElementsByClassName(\"noscript\");\n for (var i = 0; i < noscripts.length; i++) {\n noscripts[i].parentNode.removeChild(noscripts[i]);\n }\n }, false);\n ]]></script>",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/websocket/drawboard.xhtml",
"method": "GET",
"evidence": "<script type=\"application/javascript\"><![CDATA[\n \"use strict\";\n\n (function() {\n\n document.addEventListener(\"DOMContentLoaded\", function() {\n // Remove elements with \"noscript\" class - <noscript> is not\n // allowed in XHTML\n var noscripts = document.getElementsByClassName(\"noscript\");\n for (var i = 0; i < noscripts.length; i++) {\n noscripts[i].parentNode.removeChild(noscripts[i]);\n }\n\n // Add script for expand content.\n var expandElements = document.getElementsByClassName(\"expand\");\n for (var ixx = 0; ixx < expandElements.length; ixx++) {\n (function(el) {\n var expandContent = document.getElementById(el.getAttribute(\"data-content-id\"));\n expandContent.style.display = \"none\";\n var arrow = document.createTextNode(\"◢ \");\n var arrowSpan = document.createElement(\"span\");\n arrowSpan.appendChild(arrow);\n\n var link = document.createElement(\"a\");\n link.setAttribute(\"href\", \"#!\");\n while (el.firstChild != null) {\n link.appendChild(el.removeChild(el.firstChild));\n }\n el.appendChild(arrowSpan);\n el.appendChild(link);\n\n var textSpan = document.createElement(\"span\");\n textSpan.setAttribute(\"style\", \"font-weight: normal;\");\n textSpan.appendChild(document.createTextNode(\" (click to expand)\"));\n el.appendChild(textSpan);\n\n\n var visible = true;\n\n var switchExpand = function() {\n visible = !visible;\n expandContent.style.display = visible ? \"block\" : \"none\";\n arrowSpan.style.color = visible ? \"#000\" : \"#888\";\n return false;\n };\n\n link.onclick = switchExpand;\n switchExpand();\n\n })(expandElements[ixx]);\n }\n\n\n var Console = {};\n\n Console.log = (function() {\n var consoleContainer =\n document.getElementById(\"console-container\");\n var console = document.createElement(\"div\");\n console.setAttribute(\"id\", \"console\");\n consoleContainer.appendChild(console);\n\n return function(message) {\n var p = document.createElement('p');\n p.style.wordWrap = \"break-word\";\n p.appendChild(document.createTextNode(message));\n console.appendChild(p);\n while (console.childNodes.length > 25) {\n console.removeChild(console.firstChild);\n }\n console.scrollTop = console.scrollHeight;\n }\n })();\n\n\n function Room(drawContainer) {\n\n /* A pausable event forwarder that can be used to pause and\n * resume handling of events (e.g. when we need to wait\n * for a Image's load event before we can process further\n * WebSocket messages).\n * The object's callFunction(func) should be called from an\n * event handler and give the function to handle the event as\n * argument.\n * Call pauseProcessing() to suspend event forwarding and\n * resumeProcessing() to resume it.\n */\n function PausableEventForwarder() {\n\n var pauseProcessing = false;\n // Queue for buffering functions to be called.\n var functionQueue = [];\n\n this.callFunction = function(func) {\n // If message processing is paused, we push it\n // into the queue - otherwise we process it directly.\n if (pauseProcessing) {\n functionQueue.push(func);\n } else {\n func();\n }\n };\n\n this.pauseProcessing = function() {\n pauseProcessing = true;\n };\n\n this.resumeProcessing = function() {\n pauseProcessing = false;\n\n // Process all queued functions until some handler calls\n // pauseProcessing() again.\n while (functionQueue.length > 0 && !pauseProcessing) {\n var func = functionQueue.pop();\n func();\n }\n };\n }\n\n // The WebSocket object.\n var socket;\n // ID of the timer which sends ping messages.\n var pingTimerId;\n\n var isStarted = false;\n var playerCount = 0;\n\n // An array of PathIdContainer objects that the server\n // did not yet handle.\n // They are ordered by id (ascending).\n var pathsNotHandled = [];\n\n var nextMsgId = 1;\n\n var canvasDisplay = document.createElement(\"canvas\");\n var canvasBackground = document.createElement(\"canvas\");\n var canvasServerImage = document.createElement(\"canvas\");\n var canvasArray = [canvasDisplay, canvasBackground,\n canvasServerImage];\n canvasDisplay.addEventListener(\"mousedown\", function(e) {\n // Prevent default mouse event to prevent browsers from marking text\n // (and Chrome from displaying the \"text\" cursor).\n e.preventDefault();\n }, false);\n\n var labelPlayerCount = document.createTextNode(\"0\");\n var optionContainer = document.createElement(\"div\");\n\n\n var canvasDisplayCtx = canvasDisplay.getContext(\"2d\");\n var canvasBackgroundCtx = canvasBackground.getContext(\"2d\");\n var canvasServerImageCtx = canvasServerImage.getContext(\"2d\");\n var canvasMouseMoveHandler;\n var canvasMouseDownHandler;\n\n var isActive = false;\n var mouseInWindow = false;\n var mouseDown = false;\n var currentMouseX = 0, currentMouseY = 0;\n var currentPreviewPath = null;\n\n var availableColors = [];\n var currentColorIndex;\n var colorContainers;\n var previewTransparency = 0.65;\n\n var availableThicknesses = [2, 3, 6, 10, 16, 28, 50];\n var currentThicknessIndex;\n var thicknessContainers;\n\n var availableDrawTypes = [\n { name: \"Brush\", id: 1, continuous: true },\n { name: \"Line\", id: 2, continuous: false },\n { name: \"Rectangle\", id: 3, continuous: false },\n { name: \"Ellipse\", id: 4, continuous: false }\n ];\n var currentDrawTypeIndex;\n var drawTypeContainers;\n\n\n var labelContainer = document.getElementById(\"labelContainer\");\n var placeholder = document.createElement(\"div\");\n placeholder.appendChild(document.createTextNode(\"Loading... \"));\n var progressElem = document.createElement(\"progress\");\n placeholder.appendChild(progressElem);\n\n labelContainer.appendChild(placeholder);\n\n function rgb(color) {\n return \"rgba(\" + color[0] + \",\" + color[1] + \",\"\n + color[2] + \",\" + color[3] + \")\";\n }\n\n function PathIdContainer(path, id) {\n this.path = path;\n this.id = id;\n }\n\n function Path(type, color, thickness, x1, y1, x2, y2, lastInChain) {\n this.type = type;\n this.color = color;\n this.thickness = thickness;\n this.x1 = x1;\n this.y1 = y1;\n this.x2 = x2;\n this.y2 = y2;\n this.lastInChain = lastInChain;\n\n function ellipse(ctx, x, y, w, h) {\n /* Drawing a ellipse cannot be done directly in a\n * CanvasRenderingContext2D - we need to use drawArc()\n * in conjunction with scaling the context so that we\n * get the needed proportion.\n */\n ctx.save();\n\n // Translate and scale the context so that we can draw\n // an arc at (0, 0) with a radius of 1.\n ctx.translate(x + w / 2, y + h / 2);\n ctx.scale(w / 2, h / 2);\n\n ctx.beginPath();\n ctx.arc(0, 0, 1, 0, Math.PI * 2, false);\n\n ctx.restore();\n }\n\n this.draw = function(ctx) {\n ctx.beginPath();\n ctx.lineCap = \"round\";\n ctx.lineWidth = thickness;\n var style = rgb(color);\n ctx.strokeStyle = style;\n\n if (x1 == x2 && y1 == y2) {\n // Always draw as arc to meet the behavior\n // in Java2D.\n ctx.fillStyle = style;\n ctx.arc(x1, y1, thickness / 2.0, 0,\n Math.PI * 2.0, false);\n ctx.fill();\n } else {\n if (type == 1 || type == 2) {\n // Draw a line.\n ctx.moveTo(x1, y1);\n ctx.lineTo(x2, y2);\n ctx.stroke();\n } else if (type == 3) {\n // Draw a rectangle.\n if (x1 == x2 || y1 == y2) {\n // Draw as line\n ctx.moveTo(x1, y1);\n ctx.lineTo(x2, y2);\n ctx.stroke();\n } else {\n ctx.strokeRect(x1, y1, x2 - x1, y2 - y1);\n }\n } else if (type == 4) {\n // Draw a ellipse.\n ellipse(ctx, x1, y1, x2 - x1, y2 - y1);\n ctx.closePath();\n ctx.stroke();\n }\n }\n };\n }\n\n\n function connect() {\n var host = (window.location.protocol == \"https:\"\n ? \"wss://\" : \"ws://\") + window.location.host\n + \"/examples/websocket/drawboard\";\n socket = new WebSocket(host);\n\n /* Use a pausable event forwarder.\n * This is needed when we load an Image object with data\n * from a previous message, because we must wait until the\n * Image's load event it raised before we can use it (and\n * in the meantime the socket.message event could be\n * raised).\n * Therefore we need this pausable event handler to handle\n * e.g. socket.onmessage and socket.onclose.\n */\n var eventForwarder = new PausableEventForwarder();\n\n socket.onopen = function () {\n // Socket has opened. Now wait for the server to\n // send us the initial packet.\n Console.log(\"WebSocket connection opened.\");\n\n // Set up a timer for pong messages.\n pingTimerId = window.setInterval(function() {\n socket.send(\"0\");\n }, 30000);\n };\n\n socket.onclose = function () {\n eventForwarder.callFunction(function() {\n Console.log(\"WebSocket connection closed.\");\n disableControls();\n\n // Disable pong timer.\n window.clearInterval(pingTimerId);\n });\n };\n\n // Handles an incoming Websocket message.\n var handleOnMessage = function(message) {\n\n // Split joined message and process them\n // invidividually.\n var messages = message.data.split(\";\");\n for (var msgArrIdx = 0; msgArrIdx < messages.length;\n msgArrIdx++) {\n var msg = messages[msgArrIdx];\n var type = msg.substring(0, 1);\n\n if (type == \"0\") {\n // Error message.\n var error = msg.substring(1);\n // Log it to the console and show an alert.\n Console.log(\"Error: \" + error);\n alert(error);\n\n } else {\n if (!isStarted) {\n if (type == \"2\") {\n // Initial message. It contains the\n // number of players.\n // After this message we will receive\n // a binary message containing the current\n // room image as PNG.\n playerCount = parseInt(msg.substring(1));\n\n refreshPlayerCount();\n\n // The next message will be a binary\n // message containing the room images\n // as PNG. Therefore we temporarily swap\n // the message handler.\n var originalHandler = handleOnMessage;\n handleOnMessage = function(message) {\n // First, we restore the original handler.\n handleOnMessage = originalHandler;\n\n // Read the image.\n var blob = message.data;\n // Create new blob with correct MIME type.\n blob = new Blob([blob], {type : \"image/png\"});\n\n var url = URL.createObjectURL(blob);\n\n var img = new Image();\n\n // We must wait until the onload event is\n // raised until we can draw the image onto\n // the canvas.\n // Therefore we need to pause the event\n // forwarder until the image is loaded.\n eventForwarder.pauseProcessing();\n\n img.onload = function() {\n\n // Release the object URL.\n URL.revokeObjectURL(url);\n\n // Set the canvases to the correct size.\n for (var i = 0; i < canvasArray.length; i++) {\n canvasArray[i].width = img.width;\n canvasArray[i].height = img.height;\n }\n\n // Now draw the image on the last canvas.\n canvasServerImageCtx.clearRect(0, 0,\n canvasServerImage.width,\n canvasServerImage.height);\n canvasServerImageCtx.drawImage(img, 0, 0);\n\n // Draw it on the background canvas.\n canvasBackgroundCtx.drawImage(canvasServerImage,\n 0, 0);\n\n isStarted = true;\n startControls();\n\n // Refresh the display canvas.\n refreshDisplayCanvas();\n\n\n // Finally, resume the event forwarder.\n eventForwarder.resumeProcessing();\n };\n\n img.src = url;\n };\n }\n } else {\n if (type == \"3\") {\n // The number of players in this room changed.\n var playerAdded = msg.substring(1) == \"+\";\n playerCount += playerAdded ? 1 : -1;\n refreshPlayerCount();\n\n Console.log(\"Player \" + (playerAdded\n ? \"joined.\" : \"left.\"));\n\n } else if (type == \"1\") {\n // We received a new DrawMessage.\n var maxLastHandledId = -1;\n var drawMessages = msg.substring(1).split(\"|\");\n for (var i = 0; i < drawMessages.length; i++) {\n var elements = drawMessages[i].split(\",\");\n var lastHandledId = parseInt(elements[0]);\n maxLastHandledId = Math.max(maxLastHandledId,\n lastHandledId);\n\n var path = new Path(\n parseInt(elements[1]),\n [parseInt(elements[2]),\n parseInt(elements[3]),\n parseInt(elements[4]),\n parseInt(elements[5]) / 255.0],\n parseFloat(elements[6]),\n parseFloat(elements[7]),\n parseFloat(elements[8]),\n parseFloat(elements[9]),\n parseFloat(elements[10]),\n elements[11] != \"0\");\n\n // Draw the path onto the last canvas.\n path.draw(canvasServerImageCtx);\n }\n\n // Draw the last canvas onto the background one.\n canvasBackgroundCtx.drawImage(canvasServerImage,\n 0, 0);\n\n // Now go through the pathsNotHandled array and\n // remove the paths that were already handled by\n // the server.\n while (pathsNotHandled.length > 0\n && pathsNotHandled[0].id <= maxLastHandledId)\n pathsNotHandled.shift();\n\n // Now me must draw the remaining paths onto\n // the background canvas.\n for (var i = 0; i < pathsNotHandled.length; i++) {\n pathsNotHandled[i].path.draw(canvasBackgroundCtx);\n }\n\n refreshDisplayCanvas();\n }\n }\n }\n }\n };\n\n socket.onmessage = function(message) {\n eventForwarder.callFunction(function() {\n handleOnMessage(message);\n });\n };\n\n }\n\n\n function refreshPlayerCount() {\n labelPlayerCount.nodeValue = String(playerCount);\n }\n\n function refreshDisplayCanvas() {\n if (!isActive) { // Don't draw a curser when not active.\n return;\n }\n\n canvasDisplayCtx.drawImage(canvasBackground, 0, 0);\n if (currentPreviewPath != null) {\n // Draw the preview path.\n currentPreviewPath.draw(canvasDisplayCtx);\n\n } else if (mouseInWindow && !mouseDown) {\n canvasDisplayCtx.beginPath();\n var color = availableColors[currentColorIndex].slice(0);\n color[3] = previewTransparency;\n canvasDisplayCtx.fillStyle = rgb(color);\n\n canvasDisplayCtx.arc(currentMouseX, currentMouseY,\n availableThicknesses[currentThicknessIndex] / 2,\n 0, Math.PI * 2.0, true);\n canvasDisplayCtx.fill();\n }\n\n }\n\n function startControls() {\n isActive = true;\n\n labelContainer.removeChild(placeholder);\n placeholder = undefined;\n\n labelContainer.appendChild(\n document.createTextNode(\"Number of Players: \"));\n labelContainer.appendChild(labelPlayerCount);\n\n\n drawContainer.style.display = \"block\";\n drawContainer.appendChild(canvasDisplay);\n\n drawContainer.appendChild(optionContainer);\n\n canvasMouseDownHandler = function(e) {\n if (e.button == 0) {\n currentMouseX = e.pageX - canvasDisplay.offsetLeft;\n currentMouseY = e.pageY - canvasDisplay.offsetTop;\n\n mouseDown = true;\n canvasMouseMoveHandler(e);\n\n } else if (mouseDown) {\n // Cancel drawing.\n mouseDown = false;\n currentPreviewPath = null;\n\n currentMouseX = e.pageX - canvasDisplay.offsetLeft;\n currentMouseY = e.pageY - canvasDisplay.offsetTop;\n\n refreshDisplayCanvas();\n }\n };\n canvasDisplay.addEventListener(\"mousedown\", canvasMouseDownHandler, false);\n\n canvasMouseMoveHandler = function(e) {\n var mouseX = e.pageX - canvasDisplay.offsetLeft;\n var mouseY = e.pageY - canvasDisplay.offsetTop;\n\n if (mouseDown) {\n var drawType = availableDrawTypes[currentDrawTypeIndex];\n\n if (drawType.continuous) {\n\n var path = new Path(drawType.id,\n availableColors[currentColorIndex],\n availableThicknesses[currentThicknessIndex],\n currentMouseX, currentMouseY, mouseX,\n mouseY, false);\n // Draw it on the background canvas.\n path.draw(canvasBackgroundCtx);\n\n // Send it to the sever.\n pushPath(path);\n\n // Refresh old coordinates\n currentMouseX = mouseX;\n currentMouseY = mouseY;\n\n } else {\n // Create a new preview path.\n var color = availableColors[currentColorIndex].slice(0);\n color[3] = previewTransparency;\n currentPreviewPath = new Path(drawType.id,\n color,\n availableThicknesses[currentThicknessIndex],\n currentMouseX, currentMouseY, mouseX,\n mouseY, false);\n }\n\n refreshDisplayCanvas();\n } else {\n currentMouseX = mouseX;\n currentMouseY = mouseY;\n\n if (mouseInWindow) {\n refreshDisplayCanvas();\n }\n }\n\n };\n document.addEventListener(\"mousemove\", canvasMouseMoveHandler, false);\n\n document.addEventListener(\"mouseup\", function(e) {\n if (e.button == 0) {\n if (mouseDown) {\n mouseDown = false;\n currentPreviewPath = null;\n\n var mouseX = e.pageX - canvasDisplay.offsetLeft;\n var mouseY = e.pageY - canvasDisplay.offsetTop;\n var drawType = availableDrawTypes[currentDrawTypeIndex];\n\n var path = new Path(drawType.id, availableColors[currentColorIndex],\n availableThicknesses[currentThicknessIndex],\n currentMouseX, currentMouseY, mouseX,\n mouseY, true);\n // Draw it on the background canvas.\n path.draw(canvasBackgroundCtx);\n\n // Send it to the sever.\n pushPath(path);\n\n // Refresh old coordinates\n currentMouseX = mouseX;\n currentMouseY = mouseY;\n\n refreshDisplayCanvas();\n }\n }\n }, false);\n\n canvasDisplay.addEventListener(\"mouseout\", function(e) {\n mouseInWindow = false;\n refreshDisplayCanvas();\n }, false);\n\n canvasDisplay.addEventListener(\"mousemove\", function(e) {\n if (!mouseInWindow) {\n mouseInWindow = true;\n refreshDisplayCanvas();\n }\n }, false);\n\n\n // Create color and thickness controls.\n var colorContainersBox = document.createElement(\"div\");\n colorContainersBox.setAttribute(\"style\",\n \"margin: 4px; border: 1px solid #bbb; border-radius: 3px;\");\n optionContainer.appendChild(colorContainersBox);\n\n colorContainers = new Array(3 * 3 * 3);\n for (var i = 0; i < colorContainers.length; i++) {\n var colorContainer = colorContainers[i] =\n document.createElement(\"div\");\n var color = availableColors[i] =\n [\n Math.floor((i % 3) * 255 / 2),\n Math.floor((Math.floor(i / 3) % 3) * 255 / 2),\n Math.floor((Math.floor(i / (3 * 3)) % 3) * 255 / 2),\n 1.0\n ];\n colorContainer.setAttribute(\"style\",\n \"margin: 3px; width: 18px; height: 18px; \"\n + \"float: left; background-color: \" + rgb(color));\n colorContainer.style.border = '2px solid #000';\n colorContainer.addEventListener(\"mousedown\", (function(ix) {\n return function() {\n setColor(ix);\n };\n })(i), false);\n\n colorContainersBox.appendChild(colorContainer);\n }\n\n var divClearLeft = document.createElement(\"div\");\n divClearLeft.setAttribute(\"style\", \"clear: left;\");\n colorContainersBox.appendChild(divClearLeft);\n\n\n var drawTypeContainersBox = document.createElement(\"div\");\n drawTypeContainersBox.setAttribute(\"style\",\n \"float: right; margin-right: 3px; margin-top: 1px;\");\n optionContainer.appendChild(drawTypeContainersBox);\n\n drawTypeContainers = new Array(availableDrawTypes.length);\n for (var i = 0; i < drawTypeContainers.length; i++) {\n var drawTypeContainer = drawTypeContainers[i] =\n document.createElement(\"div\");\n drawTypeContainer.setAttribute(\"style\",\n \"text-align: center; margin: 3px; padding: 0 3px;\"\n + \"height: 18px; float: left;\");\n drawTypeContainer.style.border = \"2px solid #000\";\n drawTypeContainer.appendChild(document.createTextNode(\n String(availableDrawTypes[i].name)));\n drawTypeContainer.addEventListener(\"mousedown\", (function(ix) {\n return function() {\n setDrawType(ix);\n };\n })(i), false);\n\n drawTypeContainersBox.appendChild(drawTypeContainer);\n }\n\n\n var thicknessContainersBox = document.createElement(\"div\");\n thicknessContainersBox.setAttribute(\"style\",\n \"margin: 3px; border: 1px solid #bbb; border-radius: 3px;\");\n optionContainer.appendChild(thicknessContainersBox);\n\n thicknessContainers = new Array(availableThicknesses.length);\n for (var i = 0; i < thicknessContainers.length; i++) {\n var thicknessContainer = thicknessContainers[i] =\n document.createElement(\"div\");\n thicknessContainer.setAttribute(\"style\",\n \"text-align: center; margin: 3px; width: 18px; \"\n + \"height: 18px; float: left;\");\n thicknessContainer.style.border = \"2px solid #000\";\n thicknessContainer.appendChild(document.createTextNode(\n String(availableThicknesses[i])));\n thicknessContainer.addEventListener(\"mousedown\", (function(ix) {\n return function() {\n setThickness(ix);\n };\n })(i), false);\n\n thicknessContainersBox.appendChild(thicknessContainer);\n }\n\n\n divClearLeft = document.createElement(\"div\");\n divClearLeft.setAttribute(\"style\", \"clear: left;\");\n thicknessContainersBox.appendChild(divClearLeft);\n\n\n setColor(0);\n setThickness(0);\n setDrawType(0);\n\n }\n\n function disableControls() {\n document.removeEventListener(\"mousedown\", canvasMouseDownHandler);\n document.removeEventListener(\"mousemove\", canvasMouseMoveHandler);\n mouseInWindow = false;\n refreshDisplayCanvas();\n\n isActive = false;\n }\n\n function pushPath(path) {\n\n // Push it into the pathsNotHandled array.\n var container = new PathIdContainer(path, nextMsgId++);\n pathsNotHandled.push(container);\n\n // Send the path to the server.\n var message = container.id + \"|\" + path.type + \",\"\n + path.color[0] + \",\" + path.color[1] + \",\"\n + path.color[2] + \",\"\n + Math.round(path.color[3] * 255.0) + \",\"\n + path.thickness + \",\" + path.x1 + \",\"\n + path.y1 + \",\" + path.x2 + \",\" + path.y2 + \",\"\n + (path.lastInChain ? \"1\" : \"0\");\n\n socket.send(\"1\" + message);\n }\n\n function setThickness(thicknessIndex) {\n if (typeof currentThicknessIndex !== \"undefined\")\n thicknessContainers[currentThicknessIndex]\n .style.borderColor = \"#000\";\n currentThicknessIndex = thicknessIndex;\n thicknessContainers[currentThicknessIndex]\n .style.borderColor = \"#d08\";\n }\n\n function setColor(colorIndex) {\n if (typeof currentColorIndex !== \"undefined\")\n colorContainers[currentColorIndex]\n .style.borderColor = \"#000\";\n currentColorIndex = colorIndex;\n colorContainers[currentColorIndex]\n .style.borderColor = \"#d08\";\n }\n\n function setDrawType(drawTypeIndex) {\n if (typeof currentDrawTypeIndex !== \"undefined\")\n drawTypeContainers[currentDrawTypeIndex]\n .style.borderColor = \"#000\";\n currentDrawTypeIndex = drawTypeIndex;\n drawTypeContainers[currentDrawTypeIndex]\n .style.borderColor = \"#d08\";\n }\n\n\n connect();\n\n }\n\n\n // Initialize the room\n var room = new Room(document.getElementById(\"drawContainer\"));\n\n\n }, false);\n\n })();\n ]]></script>",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/websocket/snake.xhtml",
"method": "GET",
"evidence": "<script type=\"application/javascript\"><![CDATA[\n \"use strict\";\n\n var Game = {};\n\n Game.fps = 30;\n Game.socket = null;\n Game.nextFrame = null;\n Game.interval = null;\n Game.direction = 'none';\n Game.gridSize = 10;\n\n function Snake() {\n this.snakeBody = [];\n this.color = null;\n }\n\n Snake.prototype.draw = function(context) {\n for (var id in this.snakeBody) {\n context.fillStyle = this.color;\n context.fillRect(this.snakeBody[id].x, this.snakeBody[id].y, Game.gridSize, Game.gridSize);\n }\n };\n\n Game.initialize = function() {\n this.entities = [];\n var canvas = document.getElementById('playground');\n if (!canvas.getContext) {\n Console.log('Error: 2d canvas not supported by this browser.');\n return;\n }\n this.context = canvas.getContext('2d');\n window.addEventListener('keydown', function (e) {\n var code = e.keyCode;\n if (code > 36 && code < 41) {\n switch (code) {\n case 37:\n if (Game.direction != 'east') Game.setDirection('west');\n break;\n case 38:\n if (Game.direction != 'south') Game.setDirection('north');\n break;\n case 39:\n if (Game.direction != 'west') Game.setDirection('east');\n break;\n case 40:\n if (Game.direction != 'north') Game.setDirection('south');\n break;\n }\n }\n }, false);\n if (window.location.protocol == 'http:') {\n Game.connect('ws://' + window.location.host + '/examples/websocket/snake');\n } else {\n Game.connect('wss://' + window.location.host + '/examples/websocket/snake');\n }\n };\n\n Game.setDirection = function(direction) {\n Game.direction = direction;\n Game.socket.send(direction);\n Console.log('Sent: Direction ' + direction);\n };\n\n Game.startGameLoop = function() {\n if (window.webkitRequestAnimationFrame) {\n Game.nextFrame = function () {\n webkitRequestAnimationFrame(Game.run);\n };\n } else if (window.mozRequestAnimationFrame) {\n Game.nextFrame = function () {\n mozRequestAnimationFrame(Game.run);\n };\n } else {\n Game.interval = setInterval(Game.run, 1000 / Game.fps);\n }\n if (Game.nextFrame != null) {\n Game.nextFrame();\n }\n };\n\n Game.stopGameLoop = function () {\n Game.nextFrame = null;\n if (Game.interval != null) {\n clearInterval(Game.interval);\n }\n };\n\n Game.draw = function() {\n this.context.clearRect(0, 0, 640, 480);\n for (var id in this.entities) {\n this.entities[id].draw(this.context);\n }\n };\n\n Game.addSnake = function(id, color) {\n Game.entities[id] = new Snake();\n Game.entities[id].color = color;\n };\n\n Game.updateSnake = function(id, snakeBody) {\n if (typeof Game.entities[id] != \"undefined\") {\n Game.entities[id].snakeBody = snakeBody;\n }\n };\n\n Game.removeSnake = function(id) {\n Game.entities[id] = null;\n // Force GC.\n delete Game.entities[id];\n };\n\n Game.run = (function() {\n var skipTicks = 1000 / Game.fps, nextGameTick = (new Date).getTime();\n\n return function() {\n while ((new Date).getTime() > nextGameTick) {\n nextGameTick += skipTicks;\n }\n Game.draw();\n if (Game.nextFrame != null) {\n Game.nextFrame();\n }\n };\n })();\n\n Game.connect = (function(host) {\n if ('WebSocket' in window) {\n Game.socket = new WebSocket(host);\n } else if ('MozWebSocket' in window) {\n Game.socket = new MozWebSocket(host);\n } else {\n Console.log('Error: WebSocket is not supported by this browser.');\n return;\n }\n\n Game.socket.onopen = function () {\n // Socket open.. start the game loop.\n Console.log('Info: WebSocket connection opened.');\n Console.log('Info: Press an arrow key to begin.');\n Game.startGameLoop();\n setInterval(function() {\n // Prevent server read timeout.\n Game.socket.send('ping');\n }, 5000);\n };\n\n Game.socket.onclose = function () {\n Console.log('Info: WebSocket closed.');\n Game.stopGameLoop();\n };\n\n Game.socket.onmessage = function (message) {\n var packet = JSON.parse(message.data);\n switch (packet.type) {\n case 'update':\n for (var i = 0; i < packet.data.length; i++) {\n Game.updateSnake(packet.data[i].id, packet.data[i].body);\n }\n break;\n case 'join':\n for (var j = 0; j < packet.data.length; j++) {\n Game.addSnake(packet.data[j].id, packet.data[j].color);\n }\n break;\n case 'leave':\n Game.removeSnake(packet.id);\n break;\n case 'dead':\n Console.log('Info: Your snake is dead, bad luck!');\n Game.direction = 'none';\n break;\n case 'kill':\n Console.log('Info: Head shot!');\n break;\n }\n };\n });\n\n var Console = {};\n\n Console.log = (function(message) {\n var console = document.getElementById('console');\n var p = document.createElement('p');\n p.style.wordWrap = 'break-word';\n p.innerHTML = message;\n console.appendChild(p);\n while (console.childNodes.length > 25) {\n console.removeChild(console.firstChild);\n }\n console.scrollTop = console.scrollHeight;\n });\n\n Game.initialize();\n\n\n document.addEventListener(\"DOMContentLoaded\", function() {\n // Remove elements with \"noscript\" class - <noscript> is not allowed in XHTML\n var noscripts = document.getElementsByClassName(\"noscript\");\n for (var i = 0; i < noscripts.length; i++) {\n noscripts[i].parentNode.removeChild(noscripts[i]);\n }\n }, false);\n\n ]]></script>",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/websocket/chat.xhtml",
"method": "GET",
"evidence": "<script type=\"application/javascript\"><![CDATA[\n \"use strict\";\n\n var Chat = {};\n\n Chat.socket = null;\n\n Chat.connect = (function(host) {\n if ('WebSocket' in window) {\n Chat.socket = new WebSocket(host);\n } else if ('MozWebSocket' in window) {\n Chat.socket = new MozWebSocket(host);\n } else {\n Console.log('Error: WebSocket is not supported by this browser.');\n return;\n }\n\n Chat.socket.onopen = function () {\n Console.log('Info: WebSocket connection opened.');\n document.getElementById('chat').onkeydown = function(event) {\n if (event.keyCode == 13) {\n Chat.sendMessage();\n }\n };\n };\n\n Chat.socket.onclose = function () {\n document.getElementById('chat').onkeydown = null;\n Console.log('Info: WebSocket closed.');\n };\n\n Chat.socket.onmessage = function (message) {\n Console.log(message.data);\n };\n });\n\n Chat.initialize = function() {\n if (window.location.protocol == 'http:') {\n Chat.connect('ws://' + window.location.host + '/examples/websocket/chat');\n } else {\n Chat.connect('wss://' + window.location.host + '/examples/websocket/chat');\n }\n };\n\n Chat.sendMessage = (function() {\n var message = document.getElementById('chat').value;\n if (message != '') {\n Chat.socket.send(message);\n document.getElementById('chat').value = '';\n }\n });\n\n var Console = {};\n\n Console.log = (function(message) {\n var console = document.getElementById('console');\n var p = document.createElement('p');\n p.style.wordWrap = 'break-word';\n p.innerHTML = message;\n console.appendChild(p);\n while (console.childNodes.length > 25) {\n console.removeChild(console.firstChild);\n }\n console.scrollTop = console.scrollHeight;\n });\n\n Chat.initialize();\n\n\n document.addEventListener(\"DOMContentLoaded\", function() {\n // Remove elements with \"noscript\" class - <noscript> is not allowed in XHTML\n var noscripts = document.getElementsByClassName(\"noscript\");\n for (var i = 0; i < noscripts.length; i++) {\n noscripts[i].parentNode.removeChild(noscripts[i]);\n }\n }, false);\n\n ]]></script>",
},
],
},
"id": "d6dc3899-b3fc-46cd-b544-590badef18fc",
},
{
"name": "Weak Authentication Method",
"description": "HTTP basic or digest authentication has been used over an unsecured connection. The credentials can be read and then reused by someone with access to the network.",
"category": "Weak Authentication Method",
"location": "http://bodgeit.demo-targets.svc:8080",
"osi_layer": "APPLICATION",
"severity": "MEDIUM",
"attributes":
{
"hostname": "bodgeit.demo-targets.svc",
"zap_confidence": "2",
"zap_count": "3",
"zap_solution": "Protect the connection using HTTPS or use a stronger authentication mechanism",
"zap_otherinfo": null,
"zap_reference": "https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html",
"zap_cweid": "326",
"zap_wascid": "4",
"zap_riskcode": "2",
"zap_pluginid": "10105",
"zap_finding_urls":
[
{
"uri": "http://bodgeit.demo-targets.svc:8080/manager/html",
"method": "GET",
"evidence": 'WWW-Authenticate: Basic realm="Tomcat Manager Application"',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/manager/status",
"method": "GET",
"evidence": 'WWW-Authenticate: Basic realm="Tomcat Manager Application"',
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/host-manager/html",
"method": "GET",
"evidence": 'WWW-Authenticate: Basic realm="Tomcat Host Manager Application"',
},
],
},
"id": "ed7e142a-ea90-4cff-9bfa-214eb99fdf91",
},
{
"name": "Content-Type Header Missing",
"description": "The Content-Type header was either missing or empty.",
"category": "Content-Type Header Missing",
"location": "http://bodgeit.demo-targets.svc:8080",
"osi_layer": "APPLICATION",
"severity": "INFORMATIONAL",
"attributes":
{
"hostname": "bodgeit.demo-targets.svc",
"zap_confidence": "2",
"zap_count": "2",
"zap_solution": "Ensure each page is setting the specific and appropriate content-type value for the content being delivered.",
"zap_otherinfo": null,
"zap_reference": "http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx",
"zap_cweid": "345",
"zap_wascid": "12",
"zap_riskcode": "0",
"zap_pluginid": "10019",
"zap_finding_urls":
[
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/appdev/sample/sample.war",
"method": "GET",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/async/async2",
"method": "GET",
},
],
},
"id": "e56b88b8-68cd-4b11-b826-208126850a87",
},
{
"name": "Cookie Without SameSite Attribute",
"description": "A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.",
"category": "Cookie Without SameSite Attribute",
"location": "http://bodgeit.demo-targets.svc:8080",
"osi_layer": "APPLICATION",
"severity": "LOW",
"attributes":
{
"hostname": "bodgeit.demo-targets.svc",
"zap_confidence": "2",
"zap_count": "4",
"zap_solution": "Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.",
"zap_otherinfo": null,
"zap_reference": "https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site",
"zap_cweid": "16",
"zap_wascid": "13",
"zap_riskcode": "1",
"zap_pluginid": "10054",
"zap_finding_urls":
[
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/security/protected/index.jsp",
"method": "GET",
"param": "JSESSIONID",
"evidence": "Set-Cookie: JSESSIONID",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/jsp2/el/basic-arithmetic.jsp",
"method": "GET",
"param": "JSESSIONID",
"evidence": "Set-Cookie: JSESSIONID",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/jsp2/el/basic-comparisons.jsp",
"method": "GET",
"param": "JSESSIONID",
"evidence": "Set-Cookie: JSESSIONID",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/servlets/servlet/CookieExample",
"method": "POST",
"param": "ZAP",
"evidence": "Set-Cookie: ZAP",
},
],
},
"id": "fcbdde04-17da-482c-9c68-e9a3b8cdf1fb",
},
{
"name": "Cookie Poisoning",
"description": "This check looks at user-supplied input in query string parameters and POST data to identify where cookie parameters might be controlled. This is called a cookie poisoning attack, and becomes exploitable when an attacker can manipulate the cookie in various ways. In some cases this will not be exploitable, however, allowing URL parameters to set cookie values is generally considered a bug.",
"category": "Cookie Poisoning",
"location": "http://bodgeit.demo-targets.svc:8080",
"osi_layer": "APPLICATION",
"severity": "INFORMATIONAL",
"attributes":
{
"hostname": "bodgeit.demo-targets.svc",
"zap_confidence": "1",
"zap_count": "2",
"zap_solution": "Do not allow user input to control cookie names and values. If some query string parameters must be set in cookie values, be sure to filter out semicolon's that can serve as name/value pair delimiters.",
"zap_otherinfo": "An attacker may be able to poison cookie values through POST parameters. To test if this is a more serious issue, you should try resending that request as a GET, with the POST parameter included as a query string parameter. For example: http://nottrusted.com/page?value=maliciousInput.This was identified at:http://bodgeit.demo-targets.svc:8080/examples/servlets/servlet/CookieExampleUser-input was found in the following cookie:ZAP=ZAP; Path=/examples/The user input was:cookievalue=ZAP",
"zap_reference": "http://websecuritytool.codeplex.com/wikipage?title=Checks#user-controlled-cookie",
"zap_cweid": "20",
"zap_wascid": "20",
"zap_riskcode": "0",
"zap_pluginid": "10029",
"zap_finding_urls":
[
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/servlets/servlet/CookieExample",
"method": "POST",
"param": "cookievalue",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/servlets/servlet/CookieExample",
"method": "POST",
"param": "cookiename",
},
],
},
"id": "f548884e-276e-4631-a32d-1ee3a803e031",
},
{
"name": "Information Disclosure - Suspicious Comments",
"description": "The response appears to contain suspicious comments which may help an attacker. Note: Matches made within script blocks or files are against the entire content not only comments.",
"category": "Information Disclosure - Suspicious Comments",
"location": "http://bodgeit.demo-targets.svc:8080",
"osi_layer": "APPLICATION",
"severity": "INFORMATIONAL",
"attributes":
{
"hostname": "bodgeit.demo-targets.svc",
"zap_confidence": "1",
"zap_count": "5",
"zap_solution": "Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.",
"zap_otherinfo": "The following comment/snippet was identified via the pattern: \\bADMIN\\b \"use strict\"; // Enable strict mode (function() { var thisScript = document.currentScript; if (!thisScript) { // Workaround for IE var scripts = document.getElementsByTagName(\"script\"); thisScript = scripts[scripts.length - 1]; } document.addEventListener(\"DOMContentLoaded\", (function() { var commentsDiv = document.getElementById(\"comments_thread\"); var commentsShortname = \"tomcat\"; var commentsIdentifier = \"http://tomcat.apache.org/\" + thisScript.getAttribute(\"data-comments-identifier\") + \".html\"; (function(w, d) { if (w.location.hostname.toLowerCase() == \"tomcat.apache.org\") { var s = d.createElement(\"script\"); s.type = \"application/javascript\"; s.async = true; s.src = \"https://comments.apache.org/show_comments.lua?site=\" + encodeURIComponent(commentsShortname) + \"&page=\" + encodeURIComponent(commentsIdentifier); d.head.appendChild(s); } else { commentsDiv.appendChild(d.createTextNode(\"Comments are disabled for this page at the moment.\")); } })(window, document); }), false); })(); ",
"zap_reference": null,
"zap_cweid": "200",
"zap_wascid": "13",
"zap_riskcode": "0",
"zap_pluginid": "10027",
"zap_finding_urls":
[
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/funcspecs/fs-admin-opers.html",
"method": "GET",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/websocket/drawboard.xhtml",
"method": "GET",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/funcspecs/fs-admin-objects.html",
"method": "GET",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/websocket/echo.xhtml",
"method": "GET",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/funcspecs/fs-admin-apps.html",
"method": "GET",
},
],
},
"id": "3d9212bf-54d8-4be4-8c47-18c7f006dee7",
},
{
"name": "Cookie No HttpOnly Flag",
"description": "A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.",
"category": "Cookie No HttpOnly Flag",
"location": "http://bodgeit.demo-targets.svc:8080",
"osi_layer": "APPLICATION",
"severity": "LOW",
"attributes":
{
"hostname": "bodgeit.demo-targets.svc",
"zap_confidence": "2",
"zap_count": "1",
"zap_solution": "Ensure that the HttpOnly flag is set for all cookies.",
"zap_otherinfo": null,
"zap_reference": "https://owasp.org/www-community/HttpOnly",
"zap_cweid": "16",
"zap_wascid": "13",
"zap_riskcode": "1",
"zap_pluginid": "10010",
"zap_finding_urls":
[
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/servlets/servlet/CookieExample",
"method": "POST",
"param": "ZAP",
"evidence": "Set-Cookie: ZAP",
},
],
},
"id": "7854eea8-b291-4273-ab3a-4ada6ba472f2",
},
{
"name": "Information Disclosure - Suspicious Comments",
"description": "The response appears to contain suspicious comments which may help an attacker. Note: Matches made within script blocks or files are against the entire content not only comments.",
"category": "Information Disclosure - Suspicious Comments",
"location": "http://bodgeit.demo-targets.svc:8080",
"osi_layer": "APPLICATION",
"severity": "INFORMATIONAL",
"attributes":
{
"hostname": "bodgeit.demo-targets.svc",
"zap_confidence": "2",
"zap_count": "2",
"zap_solution": "Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.",
"zap_otherinfo": "The following comment/snippet was identified via the pattern: \\bADMINISTRATOR\\b String constants used within your application, which can be customized by the system administrator who is installing your application. The values actually assigned to these parameters can be retrieved in a servlet or JSP page by calling: String value = getServletContext().getInitParameter(\"name\"); where \"name\" matches the element of one of these initialization parameters. You can define any number of context initialization parameters, including zero. -->The following comment/snippet was identified via the pattern: \\bWHERE\\b your web application, including initialization parameters. With Tomcat, you can also send requests to servlets not listed here with a request like this: http://localhost:8080/{context-path}/servlet/{classname} but this usage is not guaranteed to be portable. It also makes relative references to images and other resources required by your servlet more complicated, so defining all of your servlets (and defining a mapping to them with a servlet-mapping element) is recommended. Servlet initialization parameters can be retrieved in a servlet or JSP page by calling: String value = getServletConfig().getInitParameter(\"name\"); where \"name\" matches the element of one of these initialization parameters. You can define any number of servlets, including zero. -->The following comment/snippet was identified via the pattern: \\bFROM\\b in minutes. From a servlet or JSP page, you can modify the timeout for a particular session dynamically by using HttpSession.getMaxInactiveInterval(). -->",
"zap_reference": null,
"zap_cweid": "200",
"zap_wascid": "13",
"zap_riskcode": "0",
"zap_pluginid": "10027",
"zap_finding_urls":
[
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/appdev/web.xml.txt",
"method": "GET",
},
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/appdev/build.xml.txt",
"method": "GET",
},
],
},
"id": "dbf95dc8-8a08-43a6-86c7-e34e892410d4",
},
{
"name": "Application Error Disclosure",
"description": "This page contains an error/warning message that may disclose sensitive information like the location of the file that produced the unhandled exception. This information can be used to launch further attacks against the web application. The alert could be a false positive if the error message is found inside a documentation page.",
"category": "Application Error Disclosure",
"location": "http://bodgeit.demo-targets.svc:8080",
"osi_layer": "APPLICATION",
"severity": "LOW",
"attributes":
{
"hostname": "bodgeit.demo-targets.svc",
"zap_confidence": "2",
"zap_count": "1",
"zap_solution": "Review the source code of this page. Implement custom error pages. Consider implementing a mechanism to provide a unique error reference/identifier to the client (browser) while logging the details on the server side and not exposing them to the user.",
"zap_otherinfo": null,
"zap_reference": null,
"zap_cweid": "200",
"zap_wascid": "13",
"zap_riskcode": "1",
"zap_pluginid": "90022",
"zap_finding_urls":
[
{
"uri": "http://bodgeit.demo-targets.svc:8080/examples/jsp/error/err.jsp?name=bmw328i&submit=Submit",
"method": "GET",
"evidence": "HTTP/1.1 500 Internal Server Error",
},
],
},
"id": "bfe66cec-6da6-474c-933e-683c2c9fffbf",
},
{
"name": "Information Disclosure - Debug Error Messages",
"description": "The response appeared to contain common error messages returned by platforms such as ASP.NET, and Web-servers such as IIS and Apache. You can configure the list of common debug messages.",
"category": "Information Disclosure - Debug Error Messages",
"location": "http://bodgeit.demo-targets.svc:8080",
"osi_layer": "APPLICATION",
"severity": "LOW",
"attributes":
{
"hostname": "bodgeit.demo-targets.svc",
"zap_confidence": "2",
"zap_count": "1",
"zap_solution": "Disable debugging messages before pushing to production.",
"zap_otherinfo": null,
"zap_reference": null,
"zap_cweid": "200",
"zap_wascid": "13",
"zap_riskcode": "1",
"zap_pluginid": "10023",
"zap_finding_urls":
[
{
"uri": "http://bodgeit.demo-targets.svc:8080/docs/changelog.html",
"method": "GET",
"evidence": "internal server error",
},
],
},
"id": "325de9a9-63f3-4ec1-a6aa-fd0e1eeae7c4",
},
]