This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Struts XSLT Viewer"

From OWASP
Jump to: navigation, search
m (Moved page into the right category. See Java space page for me details. Content has not been reviewed in this edit.)
 
(One intermediate revision by the same user not shown)
(No difference)

Latest revision as of 21:52, 10 November 2017

Here is a quick'n'dirty xslt transformations to quickly visualize Struts config files (very useful on security audits)

Dinis note: Java guys, please edit and link to the correct place

sample_struts.xml


<?xml version="1.0" encoding="ISO-8859-1" ?>
<?xml-stylesheet type="text/xsl" href="strutsBasicMapping.xslt"?>

<!-- general USER mappings -->
<struts-config>
</struts-config>

strutsBasicMapping.xslt


 <?xml version="1.0" encoding="UTF-8"?>
 <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:xs="http://www.w3.org/2001/XMLSchema">
	<xsl:output version="1.0" encoding="utf-8" omit-xml-declaration="no" indent="no" media-type="text/html"/>
	<xsl:template match="/struts-config">
		<html>
			<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
			<head>
				<style>
						body { font-family: Arial; font-size: 14 } 
						b  { font-family: Arial;}
						a { text-decoration: none}
						i { font-family: verdana}
						td { font-family: Arial; font-size: 11 } 
						li { font-family: Arial; font-size: 11 } 
						.td_small_font { font-family: Arial; font-size: 11 }
						.td_LHS_Menu { font-family: Arial; font-size: 11; font-weight: bold; color: white; text-decoration: none}
						.title { font-family: Arial; font-size: 22} 
						.smallItalic { font-family: verdana; font-size: 08; font-weight: normal;} 
			</style>
			</head>

			<body>
				<h1>
					<span style="font-family:@Arial Unicode MS; font-weight:bold; ">struts-config Basic Mappings</span>
				</h1>
				<br/>
				<h2>Form Beans</h2>
				<table border="1">
					<tbody>
						<tr bgcolor="navy">
							<td>
								<span style="color:#FFFFFF; font-family:@Arial Unicode MS; font-weight:bold; ">Form Bean name</span>
							</td>
							<td>
								<span style="color:#FFFFFF; font-family:@Arial Unicode MS; font-weight:bold; ">Form Bean properties</span>
							</td>
						</tr>						
						<xsl:for-each select="form-beans/form-bean">
						  <tr>	
							<td valign="top">
								<b><xsl:value-of select="@name"/></b>
							</td>
							<td>
								<ul><xsl:for-each select="form-property">
									<li>
										<b><xsl:value-of select="@name"/></b>
										: <xsl:value-of select="@type"/>
										<xsl:if test="count(@initial)>0">
										 	(initial = <xsl:value-of select="@initial"/>)
										</xsl:if>
									</li>
								</xsl:for-each></ul>
							</td>						
						  </tr>
						</xsl:for-each>
					</tbody>
				</table>
				<br/>
				<h2> global-forwards</h2>
				<table border="1" width="100%">
					<tbody>
						<tr bgcolor="navy">
							<td>
								<span style="color:#FFFFFF; font-family:@Arial Unicode MS; font-weight:bold; ">name</span>
							</td>
							<td>
								<span style="color:#FFFFFF; font-family:@Arial Unicode MS; font-weight:bold; ">path</span>
							</td>
							<td>
								<span style="color:#FFFFFF; font-family:@Arial Unicode MS; font-weight:bold; ">redirect</span>
							</td>
						</tr>
						
						<xsl:for-each select="global-forwards/forward">
						  <tr>	
							<td valign="top">
								<b><xsl:value-of select="@name"/></b>
							</td>								
							<td valign="top">
								<xsl:value-of select="@path"/>
							</td>								
							<td valign="top">
								<xsl:value-of select="@redirect"/>
							</td>								

						  </tr>
						</xsl:for-each>
					</tbody>
				</table>
				<br/>
				<h2>action-mappings</h2>
				<table border="1">
					<tbody>
						<tr bgcolor="navy">
							<td>
								<span style="color:#FFFFFF; font-family:@Arial Unicode MS; font-weight:bold; ">path</span>
							</td>
							<td>
								<span style="color:#FFFFFF; font-family:@Arial Unicode MS; font-weight:bold; ">name</span>
							</td>
							<td>
								<span style="color:#FFFFFF; font-family:@Arial Unicode MS; font-weight:bold; ">validate</span>
							</td>
							<td>
								<span style="color:#FFFFFF; font-family:@Arial Unicode MS; font-weight:bold; ">parameter</span>
							</td>
							<td>
								<span style="color:#FFFFFF; font-family:@Arial Unicode MS; font-weight:bold; ">type</span>
							</td>
							<td>
								<span style="color:#FFFFFF; font-family:@Arial Unicode MS; font-weight:bold; ">scope</span>
							</td>
							<td>
								<span style="color:#FFFFFF; font-family:@Arial Unicode MS; font-weight:bold; ">Forward</span>
							</td>
						</tr>
						
						<xsl:for-each select="action-mappings/action">
						  <tr>	
							<td valign="top">
								<b><xsl:value-of select="@path"/></b>
							</td>
							<td valign="top">
								<b><xsl:value-of select="@name"/></b>
							</td>
							<td valign="top">
								<b><xsl:value-of select="@validate"/></b>
							</td>
							<td valign="top">
								<b><xsl:value-of select="@parameter"/></b>
							</td>
							<td valign="top">
								<b><xsl:value-of select="@type"/></b>
							</td>
							<td valign="top">
								<b><xsl:value-of select="@scope"/></b>
							</td>
							<td>
								<ul><xsl:for-each select="forward">
									<li>
										<b><xsl:value-of select="@name"/></b>
										: <xsl:value-of select="@path"/> : <xsl:value-of select="@redirect"/> 
									</li>
								</xsl:for-each></ul>
							</td>						
						  </tr>
						</xsl:for-each>
					</tbody>
				</table>
			</body>
		</html>
	</xsl:template>
</xsl:stylesheet>