This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Struts XSLT Viewer

From OWASP
Revision as of 13:00, 1 December 2015 by Imifos (talk | contribs) (fixing category)

Jump to: navigation, search

Here is a quick'n'dirty xslt transformations to quickly visualize Struts config files (very useful on security audits)

Dinis note: Java guys, please edit and link to the correct place

sample_struts.xml


<?xml version="1.0" encoding="ISO-8859-1" ?>
<?xml-stylesheet type="text/xsl" href="strutsBasicMapping.xslt"?>

<!-- general USER mappings -->
<struts-config>
</struts-config>

strutsBasicMapping.xslt


 <?xml version="1.0" encoding="UTF-8"?>
 <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:xs="http://www.w3.org/2001/XMLSchema">
	<xsl:output version="1.0" encoding="utf-8" omit-xml-declaration="no" indent="no" media-type="text/html"/>
	<xsl:template match="/struts-config">
		<html>
			<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
			<head>
				<style>
						body { font-family: Arial; font-size: 14 } 
						b  { font-family: Arial;}
						a { text-decoration: none}
						i { font-family: verdana}
						td { font-family: Arial; font-size: 11 } 
						li { font-family: Arial; font-size: 11 } 
						.td_small_font { font-family: Arial; font-size: 11 }
						.td_LHS_Menu { font-family: Arial; font-size: 11; font-weight: bold; color: white; text-decoration: none}
						.title { font-family: Arial; font-size: 22} 
						.smallItalic { font-family: verdana; font-size: 08; font-weight: normal;} 
			</style>
			</head>

			<body>
				<h1>
					<span style="font-family:@Arial Unicode MS; font-weight:bold; ">struts-config Basic Mappings</span>
				</h1>
				<br/>
				<h2>Form Beans</h2>
				<table border="1">
					<tbody>
						<tr bgcolor="navy">
							<td>
								<span style="color:#FFFFFF; font-family:@Arial Unicode MS; font-weight:bold; ">Form Bean name</span>
							</td>
							<td>
								<span style="color:#FFFFFF; font-family:@Arial Unicode MS; font-weight:bold; ">Form Bean properties</span>
							</td>
						</tr>						
						<xsl:for-each select="form-beans/form-bean">
						  <tr>	
							<td valign="top">
								<b><xsl:value-of select="@name"/></b>
							</td>
							<td>
								<ul><xsl:for-each select="form-property">
									<li>
										<b><xsl:value-of select="@name"/></b>
										: <xsl:value-of select="@type"/>
										<xsl:if test="count(@initial)>0">
										 	(initial = <xsl:value-of select="@initial"/>)
										</xsl:if>
									</li>
								</xsl:for-each></ul>
							</td>						
						  </tr>
						</xsl:for-each>
					</tbody>
				</table>
				<br/>
				<h2> global-forwards</h2>
				<table border="1" width="100%">
					<tbody>
						<tr bgcolor="navy">
							<td>
								<span style="color:#FFFFFF; font-family:@Arial Unicode MS; font-weight:bold; ">name</span>
							</td>
							<td>
								<span style="color:#FFFFFF; font-family:@Arial Unicode MS; font-weight:bold; ">path</span>
							</td>
							<td>
								<span style="color:#FFFFFF; font-family:@Arial Unicode MS; font-weight:bold; ">redirect</span>
							</td>
						</tr>
						
						<xsl:for-each select="global-forwards/forward">
						  <tr>	
							<td valign="top">
								<b><xsl:value-of select="@name"/></b>
							</td>								
							<td valign="top">
								<xsl:value-of select="@path"/>
							</td>								
							<td valign="top">
								<xsl:value-of select="@redirect"/>
							</td>								

						  </tr>
						</xsl:for-each>
					</tbody>
				</table>
				<br/>
				<h2>action-mappings</h2>
				<table border="1">
					<tbody>
						<tr bgcolor="navy">
							<td>
								<span style="color:#FFFFFF; font-family:@Arial Unicode MS; font-weight:bold; ">path</span>
							</td>
							<td>
								<span style="color:#FFFFFF; font-family:@Arial Unicode MS; font-weight:bold; ">name</span>
							</td>
							<td>
								<span style="color:#FFFFFF; font-family:@Arial Unicode MS; font-weight:bold; ">validate</span>
							</td>
							<td>
								<span style="color:#FFFFFF; font-family:@Arial Unicode MS; font-weight:bold; ">parameter</span>
							</td>
							<td>
								<span style="color:#FFFFFF; font-family:@Arial Unicode MS; font-weight:bold; ">type</span>
							</td>
							<td>
								<span style="color:#FFFFFF; font-family:@Arial Unicode MS; font-weight:bold; ">scope</span>
							</td>
							<td>
								<span style="color:#FFFFFF; font-family:@Arial Unicode MS; font-weight:bold; ">Forward</span>
							</td>
						</tr>
						
						<xsl:for-each select="action-mappings/action">
						  <tr>	
							<td valign="top">
								<b><xsl:value-of select="@path"/></b>
							</td>
							<td valign="top">
								<b><xsl:value-of select="@name"/></b>
							</td>
							<td valign="top">
								<b><xsl:value-of select="@validate"/></b>
							</td>
							<td valign="top">
								<b><xsl:value-of select="@parameter"/></b>
							</td>
							<td valign="top">
								<b><xsl:value-of select="@type"/></b>
							</td>
							<td valign="top">
								<b><xsl:value-of select="@scope"/></b>
							</td>
							<td>
								<ul><xsl:for-each select="forward">
									<li>
										<b><xsl:value-of select="@name"/></b>
										: <xsl:value-of select="@path"/> : <xsl:value-of select="@redirect"/> 
									</li>
								</xsl:for-each></ul>
							</td>						
						  </tr>
						</xsl:for-each>
					</tbody>
				</table>
			</body>
		</html>
	</xsl:template>
</xsl:stylesheet>