Thiết kế website giá rẻ

Question

I encountered an OWASP issue. The error displayed in the logs is:

And :

The ‘timeout’ parameter is declared for the page /identification.jsp in the ‘owasp.xml’ file:

<page name="/identification.jsp">
    <parameter name="fw3_autonomous">
        <default/>
    </parameter>
    <parameter name="ajax-call">
        <default/>
    </parameter>
    <parameter name="language">
        <default/>
    </parameter>
    <parameter name="issuer">
        <default/>
    </parameter>
    <parameter name="user">
        <default/>
    </parameter>
    <parameter name="timeout">
        <default/>
    </parameter>
    <parameter name="message">
        <default/>
    </parameter>
    <parameter name="password">
        <default/>
    </parameter>
    <parameter name="test">
        <default/>
    </parameter>
</page>

<page name="/EXXON/identification.jsp">
    <parameter name="timeout">
        <default/>
    </parameter>
    <parameter name="fw3_autonomous">
        <default/>
    </parameter>
    <parameter name="ajax-call">
        <default/>
    </parameter>
</page><page name="/EXXON/identification.jsp">
    <parameter name="timeout">
        <default/>
    </parameter>
    <parameter name="fw3_autonomous">
        <default/>
    </parameter>
    <parameter name="ajax-call">
        <default/>
    </parameter>
</page>

I think the problem comes from the redirection in this function, because the last message displayed in the log before the error is in this method:

PageRedirect init(HttpServletRequest request, HttpServletResponse response, PageContext pageContext,
        HttpSession session, ServletContext application, JspWriter out, ServletConfig config, Object page)
        throws ServletException, java.io.IOException, java.lang.Exception {
    PageRedirect redirect = null;
    /* <a-zone id="init"> */
    pageContext.removeAttribute("nameParamCardFromAccount", PageContext.SESSION_SCOPE);
    pageContext.removeAttribute("valeurParamCardFromAccount", PageContext.SESSION_SCOPE);

    // Insert your call to the middle here to initialize the form
    String ASIA = (String) session.getAttribute("ASIA");
    if (ASIA != null) {
        exxonMgr.util.ExxonUtilities.trace("DEBUG", "JSP/cardDetail/init",
                "ASIA est présent dans la session, redirection vers identification.jsp avec timeout=1");
        redirect = new PageRedirect("/EXXON/identification.jsp?timeout=1", pageContext);

        System.out.println("Valeur de redirect : " + redirect);
        return redirect;
    }

    exxonMgr.User user = null;
    user = (exxonMgr.User) pageContext.getAttribute("user", PageContext.SESSION_SCOPE);
    if (user == null) {
        exxonMgr.util.ExxonUtilities.trace("DEBUG", "JSP/cardDetail/init",
                "Aucun utilisateur trouvé dans la session, redirection vers identification.jsp avec timeout=1");

        redirect = new PageRedirect("/EXXON/identification.jsp?timeout=1", pageContext);
        System.out.println("Valeur de redirect : " + redirect);
        return redirect;
    } else {
        if (!(user.getProfil_card().equals("1"))) {
            exxonMgr.util.ExxonUtilities.trace("DEBUG", "JSP/cardDetail/init",
                    "Profil de l'utilisateur non valide, redirection vers home.jsp");

            redirect = new PageRedirect("/EXXON/home.jsp", pageContext);
        }
    }

    User myUser = (User) session.getAttribute("user");
    String myNum = (String) request.getParameter("numcarte");

    Card[] maCard = (Card[]) session.getAttribute("myCard");

    int reponse = -1;
    boolean cardFound = false;
    for (int i = 0; i < maCard.length; i++) {
        System.out.println(maCard[i].getNum_carte());
        if (myNum != null && myNum.equals(maCard[i].getNum_carte())) {
            cardFound = true;
            System.out.println("Carte trouvée : " + myNum);
            break;

        }
    }

    if (cardFound) {
        exxonMgr.util.ExxonUtilities.trace("DEBUG", "JSP/cardDetail/init", "Récupération  des données de la carte");
        // On va chercher les infos de la carte uniquement si on l'avait deja en session
        reponse = RecupData.recupCARD(myNum, myUser, session, application);
    } else {
        System.out.println("Carte non trouvée, redirection vers DefaultErrorPage.jsp.");
        redirect = new PageRedirect("DefaultErrorPage.jsp", pageContext);
        String message = "JVEMCBLK001";
        redirect.addParameter("message", message);
        exxonMgr.util.ExxonUtilities.trace("DEBUG", "JSP/cardDetail/init", "message=[" + message + "]");
    }

    //int reponse= RecupData.recupCARD( myNum,  myUser , session , application );
    if (cardFound && reponse == 0) {
        DetailCard myCard = (DetailCard) session.getAttribute("detailcard");
        exxonMgr.util.ExxonUtilities.trace("DEBUG", "JSP/cardDetail/init",
                "codeRet = " + myCard.getCodret() + " code Msg = " + myCard.getCodmsg());

        //code retour 3 -> pas de balance initialisée pour les clients prepaid
        if (!myCard.getCodret().equals("0") && !myCard.getCodret().equals("3")) {
            if (myCard.getCodret().equals("1") || myCard.getCodret().equals("2") || myCard.getCodret().equals("9")) {
                System.out.println("Redirection vers cardsList.jsp");
                redirect = new PageRedirect("./cardsList.jsp", pageContext);
                String message = "JVEDCARD" + myCard.getCodret() + myCard.getCodmsg();
                redirect.addParameter("message", message);
                exxonMgr.util.ExxonUtilities.trace("DEBUG", "JSP/cardDetail/init", "message=[" + message + "]");
            } else {
                System.out.println("Redirection vers DefaultErrorPage.jsp avec message : JVEDEFAULT");
                redirect = new PageRedirect("./DefaultErrorPage.jsp", pageContext);
                redirect.addParameter("message", "JVEDEFAULT");
                //              return redirect;
            }
        } else {
            System.out.println("Données de la carte récupérées avec succès. Code retour : " + myCard.getCodret());

            if (myCard.getStatus().equals("1")) {
                myCard.card_stop_date = null;
            }
            request.setAttribute("myUser", myUser);
            // forcage des 0 en debut de numéro de carte
            Long LNumCarte = new Long(myCard.getNum_carte());
            pageContext.setAttribute("formNumCarte", LNumCarte.toString(), PageContext.PAGE_SCOPE);
            //myCard.setNum_carte(LNumCarte.toString());
            request.setAttribute("myCard", myCard);
            String pageAppel = (String) pageContext.getAttribute("pageAppel", PageContext.SESSION_SCOPE);
            exxonMgr.util.ExxonUtilities.trace("DEBUG", "JSP/cardDetail/init", "page de depart : [" + pageAppel + "]");
            request.setAttribute("pageAppel", pageAppel);

        }
    } else if (redirect == null) {
        redirect = new PageRedirect("DefaultErrorPage.jsp", pageContext);
        String message = "JVEDCARD004";
        redirect.addParameter("message", message);
        exxonMgr.util.ExxonUtilities.trace("DEBUG", "JSP/cardDetail/init", "message=[" + message + "]");
    } else {
        // Rien a faire car le redirect est valorise carte non trouve
    }

    exxonMgr.CardListData cardListData = null;
    cardListData = (exxonMgr.CardListData) pageContext.getAttribute("cardListData", PageContext.SESSION_SCOPE);
    if (cardListData != null) {
        cardListData.setStatut("99");
    }
    /* </a-zone> */
    return redirect;
}

This is the first time I’m working with the OWASP concept, and I’m not sure how to configure the OWASP parameters.

Can someone help me, please?

Thiết kế website giá rẻ

Danh mục

Parameter in a page hasn’t been found in the config