Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace the logging logic with SLF4J #30 #32

Closed
wants to merge 280 commits into from
Closed

Replace the logging logic with SLF4J #30 #32

wants to merge 280 commits into from

Conversation

Matthajus
Copy link
Contributor

Replace the logging logic with SLF4J #30

SPoint42 and others added 30 commits December 17, 2015 16:21
@SPoint42
code cleanup
ccad966
@aramrami
Merge pull request #47 from SPoint42/master
d93746b 
Some code cleanup
@aramrami
Merge pull request #38 from 40rn05lyv/onload-defect
3c05a9f 
#30 IE9+ fix for frames
@aramrami
Merge pull request #37 from 40rn05lyv/action-defect
1233992 
#27 fixed
@aramrami
Merge pull request #36 from 40rn05lyv/unload-defect-(small-change)
b608078 
#28 unload defect (small fix)
@aramrami
Merge pull request #35 from 40rn05lyv/eclipse-config
aa6ca64 
Eclipse configuration
@aramrami
Merge pull request #22 from hsn10/domain-origin
9692058 
Patch for custom domain Origin.
@aramrami
Merge pull request #23 from hsn10/wrong-cfg-classname
dcc5815 
Fix default class name for configuration factory
@aramrami
Merge pull request #33 from 40rn05lyv/oldjs-defect
a494d4d 
#25 issue
@ayomawdb
Fix element misses happening due to form injection
cc6ca56
Resolve issue where redirect with a fragment is invalid after appendi…
619f45e 
…ng token

Description:
location is tokenized on '#'. If a fragment exists, it is re-added back to location. Tokenization returns at most 2 substrings. Only the first '#' found in location is the index for tokenization, e.g. /myPath#myFragment#blah becomes [0] /myPath [1] myFragment#blah. Any '#' in the URL prior to fragment should have been encoded as '%23'.
@CesarPantoja
Small bugfixes in properties and tags
8aa395b 
- tag.jsp was using tags with hyphens.
- On the properties, there was a space after the value in
injectIntoAttributes, causing it to not be reconised correctly
@venosov
tokenname and tokenvalue tags fixed
918ac7a
@cxzero
Fix: only display analyzing object if it is a protected object to be …
7096e69 
…analyzed
Added in finally block for fromFileStream and toFileStream
b269319
@itsallvoodoo
Added finally block and comment to copy()
e34e1d5 
Ensuring streams are closed within finally
Fixed improperly formatted max-age Cache-Control config
92cff5e
@yuri1969
Remove underscore from token name
126fb99 
Token name is used as HTTP header field name. Header field name containing an underscore can cause HTTP proxies to drop the header.
@aramrami
Merge pull request #72 from itsallvoodoo/cachecontrol
4aae769 
Fixed improperly formatted max-age Cache-Control config
@aramrami
Merge pull request #74 from yuri1969/master
f2ed08e 
Remove underscore from token name
@aramrami
Merge pull request #69 from cxzzero/master
b911905 
Fix: only display log message saying "[...] CsrfGuard analyzing request [...] "if it is a protected object indeed
@aramrami
Merge pull request #71 from itsallvoodoo/itsallvoodoo-streams
41533dd 
Properly closing streams within finally block
@aramrami
Merge pull request #65 from venosov/master
bfd8157 
tokenname and tokenvalue tags fixed
@aramrami
Merge pull request #60 from eduong/master
4f43d69 
Resolve issue where redirect with a fragment is invalid after appendi…
@aramrami
Merge pull request #59 from ayomawdb/master
9e26fc1 
Fix element misses happening due to form injection
@mmedjahed
75 : If ajax is disabled, the javascript token injection don't work
a7c199a
@skotfred
Updates to JavaScript servlet to allow for unprotected file extensions
7eeb684 
based on configuration.
@skotfred
Added the missing &&
aea39db
@skotfred
Added commented out example values for
76c1f8c 
org.owasp.csrfguard.JavascriptServlet.UnprotectedExtensions
comparing x-requested-with header with value injected in js
8e615c5
forgedhallpass and others added 24 commits August 12, 2021 16:44
@forgedhallpass
Merge pull request #20 from alexhatz05/check_if_enabled_before_inject…
e5bf53c 
…ing_with_tag

Check that CSRFGuard is enabled before injecting tokens with JSP Tags…
@alexhatz05
Re-order modifiers to be compliant with JAVA convention.
60335c9
@alexhatz05
Use diamond operator to reduce verbosity.
d5f322e
@alexhatz05
Re-order modifiers to comply with Java convention.
617abef
@alexhatz05
Revert "Use diamond operator to reduce verbosity."
573568a 
This reverts commit d5f322e
@forgedhallpass
Merge pull request #22 from alexhatz05/resolve-code-smells
aab4182 
Minor reordering of `static` and `final` modifier orders
@forgedhallpass
[maven-release-plugin] prepare release 4.0.1
127bf3c
@forgedhallpass
[maven-release-plugin] prepare for next development iteration
26d5184
@forgedhallpass
#15 Documentation: csrfguard.properties improvement
771ed4b 
* fixing a typo in the documentation
* syncing the test Owasp.CsrfGuard.properties file with the production one
@forgedhallpass
Added extra information on how to set up the environment and perform …
42dbf43 
…a release.
@forgedhallpass
Modified the test application to enable testing for CSRF against a se…
99db849 
…rver endpoint.
@forgedhallpass
Apply log message sanitization where missing, to prevent forging logs…
438074d 
… + minor code cleanup
@forgedhallpass
Added option to create an executable JAR file for the Test JSP applic…
fade4cf 
…ation with an embedded Tomcat, so that it could be shared with testers in cases when they have problems with building the application locally. Skipped by default.
@forgedhallpass
Added filter in the test package to enable CORS for testing purposes.
11d57c7
@forgedhallpass
Minor bugfix in the JavaScriptServlet, when trying to send error afte…
8b6ba83 
…r the response has been committed.
@forgedhallpass
Preventing to serve the CSRF JavaScript logic if the referer pattern …
894892c 
…has a non-default value and the requester did not send a referer header.
@forgedhallpass
Updated the mailing list address.
c26e78e
@forgedhallpass
Minor change to adapt a message to the previous log sanitization logic.
8195b83
@forgedhallpass
Minor typo fixes
717712d
@forgedhallpass
Fixed the test CounterServlet endpoint to "mimic" authentication by:
15d4df8 
 * assign counter values to sessions
 * discard requests that do not have an associated session
@forgedhallpass
Added some code to simulate CSRF attacks against the /counter endpoint.
2716e14
@aramrami
Update index.md
a92d4dc
@aramrami
Update index.md
b77f245
@forgedhallpass
Minor documentation fixes.
0bb4ffd
@forgedhallpass
Copy link
Member

@Matthajus you are trying to merge the master branch into release/3.1.0. This is not what you want, so please correct it.

@forgedhallpass forgedhallpass self-requested a review October 8, 2021 15:33
forgedhallpass
forgedhallpass requested changes Oct 8, 2021
View reviewed changes
Copy link
Member

@forgedhallpass forgedhallpass left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't want to merge the master into release/3.1.0

@forgedhallpass
Copy link
Member

Replaced by #33

@github-pages github-pages bot temporarily deployed to github-pages October 14, 2021 13:51 Inactive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@forgedhallpass forgedhallpass forgedhallpass requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.