From ad6afeaaeb0d47eeb2a81b7925b0686ef186fe12 Mon Sep 17 00:00:00 2001 From: ghidra1 Date: Tue, 18 Oct 2022 13:47:55 -0400 Subject: [PATCH] GP-2716 corrected HTML vulnerability in Graph Service label rendering --- .../graph/visualization/AttributedToolTipInfo.java | 10 +++++----- .../graph/visualization/DefaultGraphRenderer.java | 10 ++++++++-- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/Ghidra/Features/GraphServices/src/main/java/ghidra/graph/visualization/AttributedToolTipInfo.java b/Ghidra/Features/GraphServices/src/main/java/ghidra/graph/visualization/AttributedToolTipInfo.java index 5d7374c168..836083393d 100644 --- a/Ghidra/Features/GraphServices/src/main/java/ghidra/graph/visualization/AttributedToolTipInfo.java +++ b/Ghidra/Features/GraphServices/src/main/java/ghidra/graph/visualization/AttributedToolTipInfo.java @@ -25,12 +25,12 @@ import javax.swing.JToolTip; import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.lang3.StringUtils; -import org.apache.commons.text.StringEscapeUtils; import com.google.common.base.Splitter; import ghidra.graph.viewer.popup.ToolTipInfo; import ghidra.service.graph.*; +import ghidra.util.HTMLUtilities; /** * Generates tool tips for an {@link AttributedVertex} or {@link AttributedEdge} in @@ -94,7 +94,8 @@ public class AttributedToolTipInfo extends ToolTipInfo { String vertexType = vertex.getVertexType(); buf.append("

"); - buf.append(vertex.getName()); + String escapedText = HTMLUtilities.toLiteralHTML(vertex.getName(), 80); + buf.append(escapedText); if (vertexType != null) { buf.append("
"); buf.append("Type:  " + vertexType); @@ -125,9 +126,8 @@ public class AttributedToolTipInfo extends ToolTipInfo { } buf.append(key); buf.append(": "); - String value = entry.getValue(); - value = StringEscapeUtils.escapeHtml4(value); - String split = String.join("
", Splitter.on('\n').split(value)); + String escapedText = HTMLUtilities.toLiteralHTML(entry.getValue(), 80); + String split = String.join("
", Splitter.on('\n').split(escapedText)); split = split.replaceAll("\\s", " "); buf.append(split); buf.append("
"); diff --git a/Ghidra/Features/GraphServices/src/main/java/ghidra/graph/visualization/DefaultGraphRenderer.java b/Ghidra/Features/GraphServices/src/main/java/ghidra/graph/visualization/DefaultGraphRenderer.java index 3ecb684cb5..a4bf465f4b 100644 --- a/Ghidra/Features/GraphServices/src/main/java/ghidra/graph/visualization/DefaultGraphRenderer.java +++ b/Ghidra/Features/GraphServices/src/main/java/ghidra/graph/visualization/DefaultGraphRenderer.java @@ -39,6 +39,7 @@ import org.jungrapht.visualization.util.RectangleUtils; import generic.util.image.ImageUtils; import ghidra.service.graph.*; +import ghidra.util.HTMLUtilities; /** * Handles the rendering of graphs for the {@link DefaultGraphDisplay} @@ -101,6 +102,10 @@ public class DefaultGraphRenderer implements GraphRenderer { iconCache.clear(); } + private String getVertexRenderedLabel(AttributedVertex v) { + return HTMLUtilities.toLiteralHTML(v.toString(), 80); + } + @Override public void initializeViewer(VisualizationViewer viewer) { @@ -134,7 +139,7 @@ public class DefaultGraphRenderer implements GraphRenderer { viewer.setInitialDimensionFunction(InitialDimensionFunction .builder(renderContext.getVertexShapeFunction().andThen(toRectangle)) .build()); - renderContext.setVertexLabelFunction(Object::toString); + renderContext.setVertexLabelFunction(this::getVertexRenderedLabel); GraphLabelPosition labelPosition = options.getLabelPosition(); renderContext.setVertexLabelPosition(getJungraphTPosition(labelPosition)); @@ -318,7 +323,8 @@ public class DefaultGraphRenderer implements GraphRenderer { // on the swing thread Font font = options.getFont(); label.setFont(font); - label.setText(vertexName); + String escapedText = HTMLUtilities.toLiteralHTML(vertexName, 80); + label.setText(escapedText); Dimension labelSize = label.getPreferredSize(); // make sure the the vertexName doesn't make the icon ridiculously big