CSRF protection for project and recon commands

2019-10-14 14:04:38 +01:00 · 2019-10-14 14:04:38 +01:00 · 3559eeb11f
commit 3559eeb11f
parent a340c137d0
31 changed files with 256 additions and 47 deletions
--- a/main/src/com/google/refine/commands/Command.java
+++ b/main/src/com/google/refine/commands/Command.java
@ -240,6 +240,21 @@ public abstract class Command {
        throw new ServletException("Can't find CSRF token: missing or bad URL parameter");
    }
    /**
     * Checks the validity of a CSRF token, without reading the whole POST body.
     * Useful when we need to control how the POST body is read (for instance if it
     * contains files).
     */
    protected boolean hasValidCSRFTokenAsGET(HttpServletRequest request) {
        if (request == null) {
            throw new IllegalArgumentException("parameter 'request' should not be null");
        }
    	Properties options = ParsingUtilities.parseUrlParameters(request);
        String token = options.getProperty("csrf_token");
        return token != null && csrfFactory.validToken(token);
    }
    protected static class HistoryEntryResponse {
        @JsonProperty("code")
        protected String getCode() { return "ok"; }
--- a/main/src/com/google/refine/commands/importing/ImportingControllerCommand.java
+++ b/main/src/com/google/refine/commands/importing/ImportingControllerCommand.java
@ -56,7 +56,7 @@ public class ImportingControllerCommand extends Command {
    @Override
    public void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
-    	if(!checkCSRF(request)) {
+    	if(!hasValidCSRFTokenAsGET(request)) {
    		respondCSRFError(response);
    		return;
    	}
@ -96,14 +96,4 @@ public class ImportingControllerCommand extends Command {
        }
        return null;
    }
    /**
     * Checks the validity of a CSRF token, without reading the whole POST body.
     * See above for details.
     */
    private boolean checkCSRF(HttpServletRequest request) {
    	Properties options = ParsingUtilities.parseUrlParameters(request);
        String token = options.getProperty("csrf_token");
        return token != null && csrfFactory.validToken(token);
    }
 }
--- a/main/src/com/google/refine/commands/project/CreateProjectCommand.java
+++ b/main/src/com/google/refine/commands/project/CreateProjectCommand.java
@ -64,6 +64,10 @@ public class CreateProjectCommand extends Command {
    @Override
    public void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
    	if(!hasValidCSRFTokenAsGET(request)) {
    		respondCSRFError(response);
    		return;
    	}
        ProjectManager.singleton.setBusy(true);
        try {
--- a/main/src/com/google/refine/commands/project/DeleteProjectCommand.java
+++ b/main/src/com/google/refine/commands/project/DeleteProjectCommand.java
@ -49,6 +49,11 @@ public class DeleteProjectCommand extends Command {
    @Override
    public void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
    	if(!hasValidCSRFToken(request)) {
    		respondCSRFError(response);
    		return;
    	}
        response.setHeader("Content-Type", "application/json");
        try {
            long projectID = Long.parseLong(request.getParameter("project"));
--- a/main/src/com/google/refine/commands/project/ExportProjectCommand.java
+++ b/main/src/com/google/refine/commands/project/ExportProjectCommand.java
@ -46,6 +46,10 @@ import com.google.refine.io.FileProjectManager;
 import com.google.refine.model.Project;
 public class ExportProjectCommand extends Command {
 	/**
 	 * This command uses POST but is left CSRF-unprotected as it does not incur a state change.
 	 */
    @Override
    public void doPost(HttpServletRequest request, HttpServletResponse response)
--- a/main/src/com/google/refine/commands/project/ExportRowsCommand.java
+++ b/main/src/com/google/refine/commands/project/ExportRowsCommand.java
@ -61,6 +61,10 @@ import com.google.refine.model.Project;
 public class ExportRowsCommand extends Command {
    private  static final Logger logger = LoggerFactory.getLogger("ExportRowsCommand");
 	/**
 	 * This command uses POST but is left CSRF-unprotected as it does not incur a state change.
 	 */
    @SuppressWarnings("unchecked")
    static public Properties getRequestParameters(HttpServletRequest request) {
--- a/main/src/com/google/refine/commands/project/GetModelsCommand.java
+++ b/main/src/com/google/refine/commands/project/GetModelsCommand.java
@ -55,6 +55,11 @@ import com.google.refine.model.Project;
 import com.google.refine.model.RecordModel;
 public class GetModelsCommand extends Command {
 	/**
 	 * This command uses POST but is left CSRF-unprotected as it does not incur a state change.
 	 */
    @Override
    public void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
--- a/main/src/com/google/refine/commands/project/ImportProjectCommand.java
+++ b/main/src/com/google/refine/commands/project/ImportProjectCommand.java
@ -63,6 +63,10 @@ public class ImportProjectCommand extends Command {
    @Override
    public void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
    	if(!hasValidCSRFTokenAsGET(request)) {
    		respondCSRFError(response);
    		return;
    	}
        ProjectManager.singleton.setBusy(true);
        try {
--- a/main/src/com/google/refine/commands/project/RenameProjectCommand.java
+++ b/main/src/com/google/refine/commands/project/RenameProjectCommand.java
@ -46,7 +46,11 @@ public class RenameProjectCommand extends Command {
    @Override
    public void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
-        
+    	if(!hasValidCSRFToken(request)) {
    		respondCSRFError(response);
    		return;
    	}
        try {
            String name = request.getParameter("name");
            ProjectMetadata pm = getProjectMetadata(request);
--- a/main/src/com/google/refine/commands/project/SetProjectMetadataCommand.java
+++ b/main/src/com/google/refine/commands/project/SetProjectMetadataCommand.java
@ -41,6 +41,10 @@ public class SetProjectMetadataCommand extends Command {
    @Override
    public void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
    	if(!hasValidCSRFToken(request)) {
    		respondCSRFError(response);
    		return;
    	}
        Project project = request.getParameter("project") != null ? getProject(request) : null;
        String metaName = request.getParameter("name");
--- a/main/src/com/google/refine/commands/project/SetProjectTagsCommand.java
+++ b/main/src/com/google/refine/commands/project/SetProjectTagsCommand.java
@ -43,6 +43,11 @@ public class SetProjectTagsCommand extends Command {
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
  	  if(!hasValidCSRFToken(request)) {
  		 respondCSRFError(response);
 		 return;
  	  }
 	  response.setHeader("Content-Type", "application/json");
 	  Project project;
--- a/main/src/com/google/refine/commands/recon/GuessTypesOfColumnCommand.java
+++ b/main/src/com/google/refine/commands/recon/GuessTypesOfColumnCommand.java
@ -93,6 +93,10 @@ public class GuessTypesOfColumnCommand extends Command {
    @Override
    public void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
    	if(!hasValidCSRFToken(request)) {
    		respondCSRFError(response);
    		return;
    	}
        try {
            Project project = getProject(request);
--- a/main/src/com/google/refine/commands/recon/PreviewExtendDataCommand.java
+++ b/main/src/com/google/refine/commands/recon/PreviewExtendDataCommand.java
@ -79,6 +79,10 @@ public class PreviewExtendDataCommand extends Command {
    @Override
    public void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
    	if(!hasValidCSRFToken(request)) {
    		respondCSRFError(response);
    		return;
    	}
        try {
            Project project = getProject(request);
--- a/main/src/com/google/refine/commands/recon/ReconClearOneCellCommand.java
+++ b/main/src/com/google/refine/commands/recon/ReconClearOneCellCommand.java
@ -75,6 +75,10 @@ public class ReconClearOneCellCommand extends Command {
    @Override
    public void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
    	if(!hasValidCSRFToken(request)) {
    		respondCSRFError(response);
    		return;
    	}
        try {
            Project project = getProject(request);
--- a/main/src/com/google/refine/commands/recon/ReconJudgeOneCellCommand.java
+++ b/main/src/com/google/refine/commands/recon/ReconJudgeOneCellCommand.java
@ -59,6 +59,10 @@ public class ReconJudgeOneCellCommand extends Command {
    @Override
    public void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
    	if(!hasValidCSRFToken(request)) {
    		respondCSRFError(response);
    		return;
    	}
        try {
            request.setCharacterEncoding("UTF-8");
--- a/main/tests/server/src/com/google/refine/commands/project/ImportProjectCommandTests.java
+++ b/main/tests/server/src/com/google/refine/commands/project/ImportProjectCommandTests.java
@ -0,0 +1,24 @@
 package com.google.refine.commands.project;
 import com.google.refine.commands.CommandTestBase;
 import java.io.IOException;
 import javax.servlet.ServletException;
 import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.Test;
 public class ImportProjectCommandTests extends CommandTestBase {
 	@BeforeMethod
 	public void setUpCommand() {
 		command = new ImportProjectCommand();
 	}
 	@Test
 	public void testCSRFProtection() throws ServletException, IOException {
 		command.doPost(request, response);
 		assertCSRFCheckFailed();
 	}
 }
--- a/main/tests/server/src/com/google/refine/commands/project/RenameProjectCommandTests.java
+++ b/main/tests/server/src/com/google/refine/commands/project/RenameProjectCommandTests.java
@ -0,0 +1,23 @@
 package com.google.refine.commands.project;
 import com.google.refine.commands.CommandTestBase;
 import java.io.IOException;
 import javax.servlet.ServletException;
 import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.Test;
 public class RenameProjectCommandTests extends CommandTestBase {
 	@BeforeMethod
 	public void setUpCommand() {
 		command = new RenameProjectCommand();
 	}
 	@Test
 	public void testCSRFProtection() throws ServletException, IOException {
 		command.doPost(request, response);
 		assertCSRFCheckFailed();
 	}
 }
--- a/main/tests/server/src/com/google/refine/commands/project/SetProjectMetadataCommandTests.java
+++ b/main/tests/server/src/com/google/refine/commands/project/SetProjectMetadataCommandTests.java
@ -58,6 +58,7 @@ import com.fasterxml.jackson.databind.node.ObjectNode;
 import com.google.refine.ProjectManager;
 import com.google.refine.ProjectMetadata;
 import com.google.refine.RefineTest;
 import com.google.refine.commands.Command;
 import com.google.refine.commands.project.SetProjectMetadataCommand;
 import com.google.refine.model.Project;
 import com.google.refine.util.ParsingUtilities;
@ -101,6 +102,7 @@ public class SetProjectMetadataCommandTests extends RefineTest {
        // mock dependencies
        when(request.getParameter("project")).thenReturn(PROJECT_ID);
        when(request.getParameter("csrf_token")).thenReturn(Command.csrfFactory.getFreshToken());
        when(projMan.getProject(anyLong())).thenReturn(proj);
        when(proj.getMetadata()).thenReturn(metadata);
--- a/main/tests/server/src/com/google/refine/commands/project/SetProjectTagsCommandTests.java
+++ b/main/tests/server/src/com/google/refine/commands/project/SetProjectTagsCommandTests.java
@ -0,0 +1,23 @@
 package com.google.refine.commands.project;
 import com.google.refine.commands.CommandTestBase;
 import java.io.IOException;
 import javax.servlet.ServletException;
 import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.Test;
 public class SetProjectTagsCommandTests extends CommandTestBase {
 	@BeforeMethod
 	public void setUpCommand() {
 		command = new SetProjectTagsCommand();
 	}
 	@Test
 	public void testCSRFProtection() throws ServletException, IOException {
 		command.doPost(request, response);
 		assertCSRFCheckFailed();
 	}
 }
--- a/main/tests/server/src/com/google/refine/commands/recon/GuessTypesOfColumnCommandTests.java
+++ b/main/tests/server/src/com/google/refine/commands/recon/GuessTypesOfColumnCommandTests.java
@ -0,0 +1,23 @@
 package com.google.refine.commands.recon;
 import com.google.refine.commands.CommandTestBase;
 import java.io.IOException;
 import javax.servlet.ServletException;
 import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.Test;
 public class GuessTypesOfColumnCommandTests extends CommandTestBase {
 	@BeforeMethod
 	public void setUpCommand() {
 		command = new GuessTypesOfColumnCommand();
 	}
 	@Test
 	public void testCSRFProtection() throws ServletException, IOException {
 		command.doPost(request, response);
 		assertCSRFCheckFailed();
 	}
 }
--- a/main/tests/server/src/com/google/refine/commands/recon/PreviewExtendDataCommandTests.java
+++ b/main/tests/server/src/com/google/refine/commands/recon/PreviewExtendDataCommandTests.java
@ -0,0 +1,23 @@
 package com.google.refine.commands.recon;
 import com.google.refine.commands.CommandTestBase;
 import java.io.IOException;
 import javax.servlet.ServletException;
 import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.Test;
 public class PreviewExtendDataCommandTests extends CommandTestBase {
 	@BeforeMethod
 	public void setUpCommand() {
 		command = new PreviewExtendDataCommand();
 	}
 	@Test
 	public void testCSRFProtection() throws ServletException, IOException {
 		command.doPost(request, response);
 		assertCSRFCheckFailed();
 	}
 }
--- a/main/tests/server/src/com/google/refine/commands/recon/ReconClearOneCellCommandTests.java
+++ b/main/tests/server/src/com/google/refine/commands/recon/ReconClearOneCellCommandTests.java
@ -0,0 +1,24 @@
 package com.google.refine.commands.recon;
 import com.google.refine.commands.CommandTestBase;
 import java.io.IOException;
 import javax.servlet.ServletException;
 import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.Test;
 public class ReconClearOneCellCommandTests extends CommandTestBase {
 	@BeforeMethod
 	public void setUpCommand() {
 		command = new ReconClearOneCellCommand();
 	}
 	@Test
 	public void testCSRFProtection() throws ServletException, IOException {
 		command.doPost(request, response);
 		assertCSRFCheckFailed();
 	}
 }
--- a/main/tests/server/src/com/google/refine/commands/recon/ReconJudgeOneCellCommandTest.java
+++ b/main/tests/server/src/com/google/refine/commands/recon/ReconJudgeOneCellCommandTest.java
@ -82,6 +82,7 @@ public class ReconJudgeOneCellCommandTest extends RefineTest {
        response = mock(HttpServletResponse.class);
        when(request.getParameter("project")).thenReturn(String.valueOf(project.id));
        when(request.getParameter("csrf_token")).thenReturn(Command.csrfFactory.getFreshToken());
        writer = mock(PrintWriter.class);
        try {
--- a/main/webapp/modules/core/MOD-INF/controller.js
+++ b/main/webapp/modules/core/MOD-INF/controller.js
@ -69,7 +69,7 @@ function registerCommands() {
  RS.registerCommand(module, "get-project-metadata", new Packages.com.google.refine.commands.project.GetProjectMetadataCommand());
  RS.registerCommand(module, "get-all-project-metadata", new Packages.com.google.refine.commands.workspace.GetAllProjectMetadataCommand());
-  RS.registerCommand(module, "set-metaData", new Packages.com.google.refine.commands.project.SetProjectMetadataCommand());
+  RS.registerCommand(module, "set-project-metadata", new Packages.com.google.refine.commands.project.SetProjectMetadataCommand());
  RS.registerCommand(module, "get-all-project-tags", new Packages.com.google.refine.commands.workspace.GetAllProjectTagsCommand());
  RS.registerCommand(module, "set-project-tags", new Packages.com.google.refine.commands.project.SetProjectTagsCommand());
--- a/main/webapp/modules/core/scripts/dialogs/extend-data-preview-dialog.js
+++ b/main/webapp/modules/core/scripts/dialogs/extend-data-preview-dialog.js
@ -185,7 +185,7 @@ ExtendReconciledDataPreviewDialog.prototype._update = function() {
    this._elmts.previewContainer.empty();
  } else {
    // otherwise, refresh the preview
-    $.post(
+    Refine.postCSRF(
        "command/core/preview-extend-data?" + $.param(params),
        {
        rowIndices: JSON.stringify(this._rowIndices),
@ -194,10 +194,10 @@ ExtendReconciledDataPreviewDialog.prototype._update = function() {
        function(data) {
        self._renderPreview(data);
        },
-        "json"
+        "json",
-    ).fail(function(data) {
+        function(data) {
-        alert($.i18n('core-views/internal-err'));
+           alert($.i18n('core-views/internal-err'));
-    });
+        });
  }
 };
--- a/main/webapp/modules/core/scripts/index.js
+++ b/main/webapp/modules/core/scripts/index.js
@ -53,11 +53,14 @@ Refine.wrapCSRF = function(onCSRF) {
 // Performs a POST request where an additional CSRF token
 // is supplied in the POST data. The arguments match those
 // of $.post().
-Refine.postCSRF = function(url, data, success, dataType) {
+Refine.postCSRF = function(url, data, success, dataType, failCallback) {
-   Refine.wrapCSRF(function(token) {
+   return Refine.wrapCSRF(function(token) {
      var fullData = data || {};
      fullData['csrf_token'] = token;
-      $.post(url, fullData, success, dataType);
+      var req = $.post(url, fullData, success, dataType);
      if (failCallback !== undefined) {
         req.fail(failCallback);
      }
   });
 };
--- a/main/webapp/modules/core/scripts/index/edit-metadata-dialog.js
+++ b/main/webapp/modules/core/scripts/index/edit-metadata-dialog.js
@ -31,16 +31,16 @@ function EditMetadataDialog(metaData, targetRowElem) {
              if (newTags !== null) {
                  $(td1).text(newTags);
                  metaData[key] = newTags;
-                  $.ajax({
+                  Refine.postCSRF(
-                      type : "POST",
+                      "command/core/set-project-tags",
-                      url : "command/core/set-project-tags",
+                      {
                      data : {
                          "project" : project,
                          "old" : oldTags,
                          "new" : newTags
                      },
-                      dataType : "json",
+                      function(data) {},
-                  });
+                      "json"
                  );
              }
              Refine.OpenProjectUI.refreshProject(targetRowElem, metaData, project);
@ -58,8 +58,8 @@ function EditMetadataDialog(metaData, targetRowElem) {
            if (newValue !== null) {
              $(td1).text(newValue);
              metaData[key] = newValue;
-              $.post(
+              Refine.postCSRF(
-                "command/core/set-metaData",
+                "command/core/set-project-metadata",
                {
                  project : project,
                  name : key,
--- a/main/webapp/modules/core/scripts/index/import-project-ui.js
+++ b/main/webapp/modules/core/scripts/index/import-project-ui.js
@ -33,6 +33,10 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 Refine.ImportProjectUI = function(elmt) {
  elmt.html(DOM.loadHTML("core", "scripts/index/import-project-ui.html"));
  Refine.wrapCSRF(function(token) {
     elem.attr('action', "command/core/import-project?" + $.param({ csrf_token: token});
  });
  this._elmt = elmt;
  this._elmts = DOM.bind(elmt);
--- a/main/webapp/modules/core/scripts/index/open-project-ui.js
+++ b/main/webapp/modules/core/scripts/index/open-project-ui.js
@ -221,18 +221,17 @@ Refine.OpenProjectUI.prototype._renderProjects = function(data) {
      .html("<img src='images/close.png' />")
      .click(function() {
        if (window.confirm($.i18n('core-index-open/del-body') + project.name + "\"?")) {
-          $.ajax({
+          Refine.postCSRF(
-            type: "POST",
+            "command/core/delete-project",
-            url: "command/core/delete-project",
+            { "project" : project.id },
-            data: { "project" : project.id },
+            function (data) {
            dataType: "json",
            success: function (data) {
              if (data && typeof data.code != 'undefined' && data.code == "ok") {
                Refine.TagsManager.allProjectTags = [];
                self._buildTagsAndFetchProjects();
              }
-            }
+            },
-          });
+            "json"
          );
        }
        return false;
      }).appendTo(
--- a/main/webapp/modules/core/scripts/project.js
+++ b/main/webapp/modules/core/scripts/project.js
@ -216,20 +216,19 @@ Refine._renameProject = function() {
    return;
  }
-  $.ajax({
+  Refine.postCSRF(
-    type: "POST",
+    "command/core/rename-project",
-    url: "command/core/rename-project",
+    { "project" : theProject.id, "name" : name },
-    data: { "project" : theProject.id, "name" : name },
+    function (data) {
    dataType: "json",
    success: function (data) {
      if (data && typeof data.code != "undefined" && data.code == "ok") {
        theProject.metadata.name = name;
        Refine.setTitle();
      } else {
        alert($.i18n('core-index/error-rename')+" " + data.message);
      }
-    }
+    },
-  });
+    "json"
  );
 };
 /*
--- a/main/webapp/modules/core/scripts/reconciliation/standard-service-panel.js
+++ b/main/webapp/modules/core/scripts/reconciliation/standard-service-panel.js
@ -44,7 +44,7 @@ ReconStandardServicePanel.prototype._guessTypes = function(f) {
  var self = this;
  var dismissBusy = DialogSystem.showBusy();
-  $.post(
+  Refine.postCSRF(
    "command/core/guess-types-of-column?" + $.param({
      project: theProject.id, 
      columnName: this._column.name,
@ -74,7 +74,8 @@ ReconStandardServicePanel.prototype._guessTypes = function(f) {
      dismissBusy();
      f();
-    }
+    },
    "json"
  );
 };