codesake 0.0.1 → 0.15.1
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +2 -0
- data/History.md +40 -0
- data/README.md +25 -3
- data/Rakefile +22 -2
- data/bin/codesake +36 -0
- data/codesake.gemspec +3 -0
- data/features/codesake_complains_if_missing_target.feature +8 -0
- data/features/codesake_process_jsp_file.feature +88 -0
- data/features/codesake_process_text_file.feature +23 -0
- data/features/step_definition/codesake_steps.rb +164 -0
- data/features/support/env.rb +1 -0
- data/lib/codesake.rb +8 -3
- data/lib/codesake/cli.rb +90 -0
- data/lib/codesake/engine/core.rb +10 -0
- data/lib/codesake/engine/generic.rb +12 -0
- data/lib/codesake/engine/jsp.rb +165 -0
- data/lib/codesake/engine/text.rb +36 -0
- data/lib/codesake/kernel.rb +39 -0
- data/lib/codesake/utils/files.rb +25 -0
- data/lib/codesake/utils/secrets.rb +45 -0
- data/lib/codesake/version.rb +2 -1
- data/spec/cli_spec.rb +65 -0
- data/spec/engine_core_spec.rb +45 -0
- data/spec/file_utils_spec.rb +59 -0
- data/spec/jsp_engine_spec.rb +114 -0
- data/spec/kernel_spec.rb +63 -0
- data/spec/secrets_utils_spec.rb +79 -0
- data/spec/spec_helper.rb +3 -0
- data/spec/text_engine_spec.rb +72 -0
- metadata +92 -3
data/History.md
ADDED
@@ -0,0 +1,40 @@
|
|
1
|
+
|
2
|
+
0.15.1 / 2012-12-20
|
3
|
+
==================
|
4
|
+
|
5
|
+
* v0.15.1 for fixing typo
|
6
|
+
* Add History
|
7
|
+
|
8
|
+
0.15.0 / 2012-12-20
|
9
|
+
==================
|
10
|
+
|
11
|
+
* Improved -h output
|
12
|
+
* Jsp engine is now able to detect cookies in Jsp files...
|
13
|
+
* Adding -A, -C flag and the reflected xss scanning support
|
14
|
+
* Jsp files are scanned for secrets, import packages and attack entrypoints
|
15
|
+
* Added coverage e tmp
|
16
|
+
* Added cucumber for Jsp Engine
|
17
|
+
* First Codesake::Engine::Jsp scanning for imported packages
|
18
|
+
* Text processing output is green
|
19
|
+
* Working on analyse
|
20
|
+
* Added a Codesake::Engine::Core for all engine facilities
|
21
|
+
* Typo in test text
|
22
|
+
* Scenario from text file processing
|
23
|
+
* Improving scenario for text processing output
|
24
|
+
* Codesake::Engine::Text.is_txt? is now a class method
|
25
|
+
* Added a Codesake::Engine::Generic scanning engine Added some routine in Codesake::Kernel to detect a text file and choose the correct engine Add integration test for text file processing
|
26
|
+
* Adding Codesake::Kernel
|
27
|
+
* First cucumber scenario green. codesake now it's tested for missing target
|
28
|
+
* Adding cucumber and aruba
|
29
|
+
* Add a loop in the binary script...
|
30
|
+
* Changed Codesake::Cli for target building... now in a separate Hash
|
31
|
+
* v0.10
|
32
|
+
* All CLI checks are green now
|
33
|
+
* CLI parser improvements
|
34
|
+
* Changed scan to parse method name
|
35
|
+
* Fixed typo in test
|
36
|
+
* Now there is a Codesake::Utils::Secrets
|
37
|
+
* Working on secrests
|
38
|
+
* Text generic engine includes Secrets module
|
39
|
+
* refactoring and TDD utils, secrets and text generic engine
|
40
|
+
* Working defining TDD tests
|
data/README.md
CHANGED
@@ -1,6 +1,11 @@
|
|
1
|
-
#
|
1
|
+
# codesake
|
2
2
|
|
3
|
-
|
3
|
+
codesake is a security source code scanning engine. It's used as core engine in
|
4
|
+
[codesake.com](http://codesake.cokm) application security portal with a closed
|
5
|
+
knowledge base inside the web application itself.
|
6
|
+
|
7
|
+
codesake gem can be used in a security source code review to scan sources with
|
8
|
+
regular expressions in order to detect insecure software patterns.
|
4
9
|
|
5
10
|
## Installation
|
6
11
|
|
@@ -18,7 +23,24 @@ Or install it yourself as:
|
|
18
23
|
|
19
24
|
## Usage
|
20
25
|
|
21
|
-
|
26
|
+
To run codesake over a single file or a directory you simply specify the target
|
27
|
+
name as parameter on command line.
|
28
|
+
|
29
|
+
If you want to review a ruby source file named file1.rb, your command line will
|
30
|
+
be:
|
31
|
+
|
32
|
+
$ codesake file1.rb
|
33
|
+
|
34
|
+
|
35
|
+
## Known limitations
|
36
|
+
|
37
|
+
Known limitation for version 0.1x are:
|
38
|
+
|
39
|
+
* Only JSP, Plain text files are analysed
|
40
|
+
* If target is a directory or a glob file expression codesake will understand
|
41
|
+
it but it doesn't expand the file list
|
42
|
+
* codesake will use only stdout, stderr for output purposes
|
43
|
+
|
22
44
|
|
23
45
|
## Contributing
|
24
46
|
|
data/Rakefile
CHANGED
@@ -1,7 +1,27 @@
|
|
1
1
|
require "bundler/gem_tasks"
|
2
2
|
require "rspec/core/rake_task"
|
3
3
|
|
4
|
-
|
4
|
+
require 'cucumber'
|
5
|
+
require 'cucumber/rake/task'
|
5
6
|
|
6
|
-
|
7
|
+
Cucumber::Rake::Task.new(:features) do |t|
|
8
|
+
t.cucumber_opts = "features --format pretty -x"
|
9
|
+
t.fork = false
|
10
|
+
end
|
11
|
+
|
12
|
+
RSpec::Core::RakeTask.new do |t|
|
13
|
+
t.rspec_opts = ["--color"]
|
14
|
+
end
|
15
|
+
|
16
|
+
task :default => [ :spec, :features ]
|
7
17
|
task :test => :spec
|
18
|
+
|
19
|
+
|
20
|
+
# namespace :spec do
|
21
|
+
# desc "Run specs with RCov"
|
22
|
+
# RSpec::Core::RakeTask.new('simplecov') do |t|
|
23
|
+
# t.pattern = 'spec/**/*_spec.rb'
|
24
|
+
# t.simplecov = true
|
25
|
+
# t.simplecov_opts = ['--exclude', '\\/Library\\/Ruby']
|
26
|
+
# end
|
27
|
+
# end
|
data/bin/codesake
ADDED
@@ -0,0 +1,36 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# encoding: UTF-8
|
3
|
+
|
4
|
+
require 'codesake'
|
5
|
+
require 'rainbow'
|
6
|
+
|
7
|
+
trap("INT") { puts '['+'INTERRUPTED'.color(:red)+']'; exit -1 }
|
8
|
+
|
9
|
+
|
10
|
+
cli = Codesake::Cli.new
|
11
|
+
kernel = Codesake::Kernel.instance
|
12
|
+
|
13
|
+
options=cli.parse(ARGV)
|
14
|
+
puts "codesake v#{Codesake::VERSION} - (C) 2012 - paolo@armoredcode.com".color(:white) unless options[:version]
|
15
|
+
abort("codesake v#{Codesake::VERSION}") if options[:version]
|
16
|
+
abort("codesake: #{cli.error_message}".color(:red)) if cli.has_errors?
|
17
|
+
abort("codesake: missing targets".color(:red)) if cli.targets.nil?
|
18
|
+
|
19
|
+
cli.targets.each do |target|
|
20
|
+
puts "processing #{target[:target]}" if target[:valid]
|
21
|
+
$stderr.puts "can't find #{target[:target]}".color(:red) if ! target[:valid]
|
22
|
+
|
23
|
+
engine = kernel.choose_engine(target[:target], options)
|
24
|
+
if ! options[:keywords].nil?
|
25
|
+
options[:keywords].each do |key|
|
26
|
+
engine.add(key)
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
|
31
|
+
results = engine.analyse
|
32
|
+
results.each do |res|
|
33
|
+
$stdout.puts "#{res}"
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
data/codesake.gemspec
CHANGED
@@ -22,5 +22,8 @@ Gem::Specification.new do |gem|
|
|
22
22
|
gem.add_dependency('rainbow')
|
23
23
|
|
24
24
|
gem.add_development_dependency('rake')
|
25
|
+
gem.add_development_dependency('tomdoc')
|
25
26
|
gem.add_development_dependency('rspec')
|
27
|
+
gem.add_development_dependency('aruba')
|
28
|
+
gem.add_development_dependency('simplecov')
|
26
29
|
end
|
@@ -0,0 +1,8 @@
|
|
1
|
+
Feature: codesake complains if targets are missing
|
2
|
+
When executed codesake needs one or more target to analyse
|
3
|
+
|
4
|
+
Scenario: codesake complains if targets are missing
|
5
|
+
#Given an empty command line
|
6
|
+
When I run `bundle exec codesake`
|
7
|
+
Then the stderr should contain "missing targets"
|
8
|
+
|
@@ -0,0 +1,88 @@
|
|
1
|
+
@WORK_IN_PROGRESS
|
2
|
+
Feature: codesake process a jsp page
|
3
|
+
When a Jsp file is given as input, codesake analyses it with the
|
4
|
+
Codesake::Engine::Jsp engine for security issues.
|
5
|
+
|
6
|
+
When a Jsp file is analyzed the following information will be gathered:
|
7
|
+
* imported packages
|
8
|
+
* variable read from requests
|
9
|
+
* cookies created
|
10
|
+
* reserved keywords
|
11
|
+
|
12
|
+
Scenario: the file doesn't exists and codesake gives an error message
|
13
|
+
Given the file "/tmp/test.jsp" doesn't exist
|
14
|
+
When I successfully run `bundle exec codesake /tmp/test.jsp`
|
15
|
+
Then the stderr should contain "can't find /tmp/test.jsp"
|
16
|
+
|
17
|
+
Scenario: the file exists and codesake says it's going to process it
|
18
|
+
Given the jsp file "/tmp/existing.jsp" does exist
|
19
|
+
When I successfully run `bundle exec codesake /tmp/existing.jsp`
|
20
|
+
Then the stdout should contain "processing /tmp/existing.jsp"
|
21
|
+
|
22
|
+
Scenario: codesake processing the file finds the "request" keyword we threat as reserved
|
23
|
+
Given the jsp file "/tmp/existing.jsp" does exist
|
24
|
+
And we add "request" as reserved word
|
25
|
+
When I successfully run `bundle exec codesake /tmp/existing.jsp --add-keys request`
|
26
|
+
Then the stdout should contain "reserved keyword found: "request" (/tmp/existing.jsp@8)"
|
27
|
+
And the stdout should contain "reserved keyword found: "request" (/tmp/existing.jsp@24)"
|
28
|
+
And the stdout should contain "reserved keyword found: "request" (/tmp/existing.jsp@25)"
|
29
|
+
And the stdout should contain "reserved keyword found: "request" (/tmp/existing.jsp@26)"
|
30
|
+
And the stdout should contain "reserved keyword found: "request" (/tmp/existing.jsp@27)"
|
31
|
+
And the stdout should contain "reserved keyword found: "request" (/tmp/existing.jsp@28)"
|
32
|
+
And the stdout should contain "reserved keyword found: "request" (/tmp/existing.jsp@32)"
|
33
|
+
And the stdout should contain "reserved keyword found: "request" (/tmp/existing.jsp@44)"
|
34
|
+
And the stdout should contain "reserved keyword found: "request" (/tmp/existing.jsp@46)"
|
35
|
+
|
36
|
+
Scenario: codesake processing the file finds the imported packages
|
37
|
+
Given the jsp file "/tmp/existing.jsp" does exist
|
38
|
+
When I successfully run `bundle exec codesake /tmp/existing.jsp`
|
39
|
+
Then the stdout should contain "imported package found: \"com.codesake.test\""
|
40
|
+
|
41
|
+
Scenario: codesake processing the file finds attack entrypoints
|
42
|
+
Given the jsp file "/tmp/existing.jsp" does exist
|
43
|
+
When I successfully run `bundle exec codesake /tmp/existing.jsp`
|
44
|
+
Then the stdout should contain "attack entrypoint found: parameter \"message\" stored in \"message\" (/tmp/existing.jsp@32)"
|
45
|
+
|
46
|
+
Scenario: codesake processing the file finds potential reflected xss and it shows also suspiscious results
|
47
|
+
Given the jsp file "/tmp/existing.jsp" does exist
|
48
|
+
When I successfully run `bundle exec codesake /tmp/existing.jsp --all-vulnerabilities`
|
49
|
+
Then the stdout should contain "suspicious reflected xss found: "request.getContextPath()" (/tmp/existing.jsp@8)"
|
50
|
+
And the stdout should contain "suspicious reflected xss found: "request.getContextPath()" (/tmp/existing.jsp@24)"
|
51
|
+
And the stdout should contain "suspicious reflected xss found: "request.getContextPath()" (/tmp/existing.jsp@25)"
|
52
|
+
And the stdout should contain "suspicious reflected xss found: "request.getContextPath()" (/tmp/existing.jsp@26)"
|
53
|
+
And the stdout should contain "suspicious reflected xss found: "request.getContextPath()" (/tmp/existing.jsp@27)"
|
54
|
+
And the stdout should contain "suspicious reflected xss found: "request.getContextPath()" (/tmp/existing.jsp@28)"
|
55
|
+
And the stdout should contain "reflected xss found: "message" (/tmp/existing.jsp@36)"
|
56
|
+
And the stdout should contain "suspicious reflected xss found: "request.getContextPath()" (/tmp/existing.jsp@44)"
|
57
|
+
And the stdout should contain "suspicious reflected xss found: "request.getLocalName()" (/tmp/existing.jsp@46)"
|
58
|
+
|
59
|
+
Scenario: codesake processing the file finds potential reflected xss and it shows also suspiscious results (as default behaviour)
|
60
|
+
Given the jsp file "/tmp/existing.jsp" does exist
|
61
|
+
When I successfully run `bundle exec codesake /tmp/existing.jsp`
|
62
|
+
Then the stdout should contain "suspicious reflected xss found: "request.getContextPath()" (/tmp/existing.jsp@8)"
|
63
|
+
And the stdout should contain "suspicious reflected xss found: "request.getContextPath()" (/tmp/existing.jsp@24)"
|
64
|
+
And the stdout should contain "suspicious reflected xss found: "request.getContextPath()" (/tmp/existing.jsp@25)"
|
65
|
+
And the stdout should contain "suspicious reflected xss found: "request.getContextPath()" (/tmp/existing.jsp@26)"
|
66
|
+
And the stdout should contain "suspicious reflected xss found: "request.getContextPath()" (/tmp/existing.jsp@27)"
|
67
|
+
And the stdout should contain "suspicious reflected xss found: "request.getContextPath()" (/tmp/existing.jsp@28)"
|
68
|
+
And the stdout should contain "reflected xss found: "message" (/tmp/existing.jsp@36)"
|
69
|
+
And the stdout should contain "suspicious reflected xss found: "request.getContextPath()" (/tmp/existing.jsp@44)"
|
70
|
+
And the stdout should contain "suspicious reflected xss found: "request.getLocalName()" (/tmp/existing.jsp@46)"
|
71
|
+
|
72
|
+
|
73
|
+
|
74
|
+
Scenario: codesake processing the file finds potential reflected xss and it shows only confirmed results
|
75
|
+
Given the jsp file "/tmp/existing.jsp" does exist
|
76
|
+
When I successfully run `bundle exec codesake /tmp/existing.jsp --confirmed-vulnerabilities`
|
77
|
+
Then the stdout should contain "reflected xss found: "message" (/tmp/existing.jsp@36)"
|
78
|
+
|
79
|
+
Scenario: codesake processing the file finds cookies that are created by the page
|
80
|
+
Given the jsp file "/tmp/existing.jsp" with cookies does exist
|
81
|
+
When I successfully run `bundle exec codesake /tmp/existing.jsp`
|
82
|
+
Then the stdout should contain "cookie \"name\" found with value: \"a_value\" (/tmp/existing.jsp@51)"
|
83
|
+
And the stdout should contain "cookie \"second\" found with value: \"12\" (/tmp/existing.jsp@52)"
|
84
|
+
|
85
|
+
|
86
|
+
|
87
|
+
|
88
|
+
|
@@ -0,0 +1,23 @@
|
|
1
|
+
Feature: codesake process a plain text file
|
2
|
+
When a text file is given as input, codesake analyses it with the
|
3
|
+
Codesake::Engine::Text engine looking for reserved words.
|
4
|
+
|
5
|
+
The idea is that some sort of secrets are stored in documentation or text
|
6
|
+
files in the sources.
|
7
|
+
|
8
|
+
Scenario: the file doesn't exists and codesake gives an error message
|
9
|
+
Given the file "/tmp/test.txt" doesn't exist
|
10
|
+
When I successfully run `bundle exec codesake /tmp/test.txt`
|
11
|
+
Then the stderr should contain "can't find /tmp/test.txt"
|
12
|
+
|
13
|
+
Scenario: the file exists and codesake says it's going to process it
|
14
|
+
Given the text file "/tmp/existing.txt" does exist
|
15
|
+
When I successfully run `bundle exec codesake /tmp/existing.txt`
|
16
|
+
Then the stdout should contain "processing /tmp/existing.txt"
|
17
|
+
|
18
|
+
Scenario: the file exists and codesake says it contains a secrets word
|
19
|
+
Given the text file "/tmp/secrets.txt" does exist
|
20
|
+
When I successfully run `bundle exec codesake /tmp/secrets.txt`
|
21
|
+
Then the stdout should contain "reserved keyword found: "password" (/tmp/secrets.txt@5)"
|
22
|
+
And the stdout should contain "reserved keyword found: "secret" (/tmp/secrets.txt@17)"
|
23
|
+
And the stdout should contain "reserved keyword found: "password" (/tmp/secrets.txt@21)"
|
@@ -0,0 +1,164 @@
|
|
1
|
+
Given /^the file "([^"]*)" doesn't exist$/ do |file|
|
2
|
+
FileUtils.rm(file) if File.exists?(file)
|
3
|
+
end
|
4
|
+
|
5
|
+
Given /^the jsp file "(.*?)" does exist$/ do |file|
|
6
|
+
jsp_content =<<EOS
|
7
|
+
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
|
8
|
+
pageEncoding="ISO-8859-1"%>
|
9
|
+
<%@page import="com.codesake.test"%>
|
10
|
+
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
11
|
+
<html>
|
12
|
+
<head>
|
13
|
+
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
|
14
|
+
<link rel="stylesheet" type="text/CSS" href="<%=request.getContextPath()%>/css/style.css" />
|
15
|
+
<title>Hello World</title>
|
16
|
+
|
17
|
+
<script type="text/javascript">
|
18
|
+
function confirmSubmit(name) {
|
19
|
+
return alert("test here'"+ cacheName +"'");
|
20
|
+
}
|
21
|
+
|
22
|
+
</script>
|
23
|
+
|
24
|
+
</head>
|
25
|
+
<body>
|
26
|
+
|
27
|
+
<div id="header">
|
28
|
+
<h1>Hello World</h1>
|
29
|
+
|
30
|
+
<a href="<%=request.getContextPath()%>/jsp/link1.jsp">Link 1</a>
|
31
|
+
<a href="<%=request.getContextPath()%>/jsp/link2.jsp">Link 2</a>
|
32
|
+
<a href="<%=request.getContextPath()%>/jsp/link3.jsp">Link 3</a>
|
33
|
+
<a href="<%=request.getContextPath()%>/jsp/link4.jsp">Link 4</a>
|
34
|
+
<a href="<%=request.getContextPath()%>/servlet">servlet</a>
|
35
|
+
</div>
|
36
|
+
|
37
|
+
<%
|
38
|
+
String message = (String) request.getAttribute("message");
|
39
|
+
if(message != null)
|
40
|
+
{
|
41
|
+
%>
|
42
|
+
<h4 id="message"><%=message%></h4>
|
43
|
+
<% }
|
44
|
+
else
|
45
|
+
{
|
46
|
+
%>
|
47
|
+
<h4 id="message"></h4>
|
48
|
+
<% } %>
|
49
|
+
<div id="content">
|
50
|
+
<form action="<%=request.getContextPath()%>/postHandler" method="post">
|
51
|
+
<label for="message">message:</label>
|
52
|
+
<input type="text" name="message" id="message" size="40" value="<%=request.getLocalName()%>" />
|
53
|
+
<input type="submit" value="submit" onclick="javascript: return confirmSubmit('Clienti');" />
|
54
|
+
</form>
|
55
|
+
</div>
|
56
|
+
</body>
|
57
|
+
EOS
|
58
|
+
|
59
|
+
FileUtils.rm(file) if File.exists?(file)
|
60
|
+
File.open(file, "w") do |f|
|
61
|
+
f.write(jsp_content)
|
62
|
+
end
|
63
|
+
|
64
|
+
end
|
65
|
+
|
66
|
+
Given /^we add "(.*?)" as reserved word$/ do |key|
|
67
|
+
@keywords = key
|
68
|
+
end
|
69
|
+
|
70
|
+
Given /^the text file "([^"]*)" does exist$/ do |file|
|
71
|
+
FileUtils.rm(file) if File.exists?(file)
|
72
|
+
lorem_ipsum = <<EOS
|
73
|
+
Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh
|
74
|
+
euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim
|
75
|
+
ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl
|
76
|
+
ut aliquip ex ea commodo consequat. Duis splople autem vel eum iriure dolor in
|
77
|
+
hendrerit in vulputate velit esse password molestie consequat, vel illum dolore eu
|
78
|
+
feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui
|
79
|
+
blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla
|
80
|
+
facilisi.
|
81
|
+
|
82
|
+
Pellentesque at dolor non lectus sagittis semper. Donec quis mi. Duis eget
|
83
|
+
pede. Phasellus arcu tellus, ultricies id, consequat id, lobortis nec, diam.
|
84
|
+
Suspendisse sed nunc. Pellentesque id magna. Morbi interdum quam at est.
|
85
|
+
Maecenas eleifend mi in urna. Praesent et lectus ac nibh luctus viverra. In vel
|
86
|
+
dolor sed nibh sollicitudin tincidunt. Ut consequat nisi sit amet nibh. Nunc mi
|
87
|
+
tortor, tristique sit amet, rhoncus porta, malesuada elementum, nisi. Integer
|
88
|
+
vitae enim quis risus aliquet gravida. Curabitur vel lorem vel erat dapibus
|
89
|
+
lobortis. Donec secret dignissim tellus at arcu. Quisque molestie pulvinar sem.
|
90
|
+
|
91
|
+
Nulla magna neque, ullamcorper tempus, luctus eget, malesuada ut, velit. Morbi
|
92
|
+
felis. Praesent in purus at ipsum cursus posuere. Morbi bibendum facilisis
|
93
|
+
eros. Phasellus aliquam password sapien in erat. Praesent venenatis diam dignissim dui.
|
94
|
+
Praesent risus erat, iaculis ac, dapibus sed, imperdiet ac, erat. Nullam sed
|
95
|
+
ipsum. Phasellus non dolor. Donec ut elit.
|
96
|
+
EOS
|
97
|
+
|
98
|
+
File.open(file, "w") do |f|
|
99
|
+
f.write(lorem_ipsum)
|
100
|
+
end
|
101
|
+
end
|
102
|
+
|
103
|
+
Given /^the jsp file "(.*?)" with cookies does exist$/ do |file|
|
104
|
+
|
105
|
+
jsp_content =<<EOS
|
106
|
+
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
|
107
|
+
pageEncoding="ISO-8859-1"%>
|
108
|
+
<%@page import="com.codesake.test"%>
|
109
|
+
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
110
|
+
<html>
|
111
|
+
<head>
|
112
|
+
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
|
113
|
+
<link rel="stylesheet" type="text/CSS" href="<%=request.getContextPath()%>/css/style.css" />
|
114
|
+
<title>Hello World</title>
|
115
|
+
|
116
|
+
<script type="text/javascript">
|
117
|
+
function confirmSubmit(name) {
|
118
|
+
return alert("test here'"+ cacheName +"'");
|
119
|
+
}
|
120
|
+
|
121
|
+
</script>
|
122
|
+
|
123
|
+
</head>
|
124
|
+
<body>
|
125
|
+
|
126
|
+
<div id="header">
|
127
|
+
<h1>Hello World</h1>
|
128
|
+
|
129
|
+
<a href="<%=request.getContextPath()%>/jsp/link1.jsp">Link 1</a>
|
130
|
+
<a href="<%=request.getContextPath()%>/jsp/link2.jsp">Link 2</a>
|
131
|
+
<a href="<%=request.getContextPath()%>/jsp/link3.jsp">Link 3</a>
|
132
|
+
<a href="<%=request.getContextPath()%>/jsp/link4.jsp">Link 4</a>
|
133
|
+
<a href="<%=request.getContextPath()%>/servlet">servlet</a>
|
134
|
+
</div>
|
135
|
+
|
136
|
+
<%
|
137
|
+
String message = (String) request.getAttribute("message");
|
138
|
+
if(message != null)
|
139
|
+
{
|
140
|
+
%>
|
141
|
+
<h4 id="message"><%=message%></h4>
|
142
|
+
<% }
|
143
|
+
else
|
144
|
+
{
|
145
|
+
%>
|
146
|
+
<h4 id="message"></h4>
|
147
|
+
<% } %>
|
148
|
+
<div id="content">
|
149
|
+
<form action="<%=request.getContextPath()%>/postHandler" method="post">
|
150
|
+
<label for="message">message:</label>
|
151
|
+
<input type="text" name="message" id="message" size="40" value="<%=request.getLocalName()%>" />
|
152
|
+
<input type="submit" value="submit" onclick="javascript: return confirmSubmit('Clienti');" />
|
153
|
+
</form>
|
154
|
+
</div>
|
155
|
+
<%
|
156
|
+
Cookie c = new Cookie("name", "a_value")
|
157
|
+
Cookie cc = new Cookie("second", 12)
|
158
|
+
%>
|
159
|
+
</body>
|
160
|
+
EOS
|
161
|
+
File.open(file, "w") do |f|
|
162
|
+
f.write(jsp_content)
|
163
|
+
end
|
164
|
+
end
|