gAudit - fix a few access control and XSS vulnerabilities

JavaGoogle App EngineGoogleDocument Object ModelWeb.xml

Key Information

Register
Submit
The challenge is finished.

Challenge Overview

https://github.com/cloudspokes/google-gAudit��

Address the following:

  1. The POST action implemented in ProcessorServlet (line 390 shown of the master branch) checks if a user's session has timed out, but doesn't redirect to the login page if the user isn't logged in at all (doesn't handle ELSE��condition)
  2. The web.xml security-constraint element doesn't contain the auth-constraint/role-name elements, which are needed to restrict access to the application from unauthenticated users.
  3. Address all the following XSS issues by properly escaping values before adding to the DOM:
FIlename, line number, code snippet (line number may be off slightly, so look for the snippet)

User-added image��

REVIEW STYLE:

Final Review:

Community Review Board

Approval:

User Sign-Off

SHARE:

ID: 30037509