Hi,
My customer checks my source code with Checkmarx and found Vulnerabilities
in Diamond theme files (version 4.1.0 jakarta):
You can see the part of the report taken from Checkmarx from:
https://drive.google.com/file/d/1PB9_xk ... sp=sharing
Do you have some fix for these Vulnerabilities or at least some comment/explanation, so I can explain to my customer, if this are not Vulnerabilities ... because you deal with them in "such and such manner".
Regards,
Saso
Vulnerabilities in Diamond theme files
Forum rules
Please note that response time for technical support is within 3-5 business days.
Please note that response time for technical support is within 3-5 business days.
Hi,
Thank you very much for the file you sent.
Prism.js is a third-party application that we use to display our demos, so you can remove it and use it without any issues.
We will also be working on the problems found in the layouts and will keep you informed.
Thank you for your notification and your report.
Best Regards,
Thank you very much for the file you sent.
Prism.js is a third-party application that we use to display our demos, so you can remove it and use it without any issues.
We will also be working on the problems found in the layouts and will keep you informed.
Thank you for your notification and your report.
Best Regards,
Thank you very much for the response and the solution for Prism.js.
Do you have any idea when other problems will be resolved or at least explained (so I can ask my customer to consider these problems with lower severity and allow installation). Is this matter of 2 weeks or 2 months?
Regards,
Saso
Do you have any idea when other problems will be resolved or at least explained (so I can ask my customer to consider these problems with lower severity and allow installation). Is this matter of 2 weeks or 2 months?
Regards,
Saso
Hi again,
We have started working on the issues with the layout. Additionally, the diamond template is currently being updated. I can assure you that once the update is complete, the related issues will be resolved. We will solve the problem without causing much delay for your customers.
Thank you very much for your interest.
Best Regards,
Olgu
We have started working on the issues with the layout. Additionally, the diamond template is currently being updated. I can assure you that once the update is complete, the related issues will be resolved. We will solve the problem without causing much delay for your customers.
Thank you very much for your interest.
Best Regards,
Olgu
Hello!
Our customer also uses Checkermarx to test java code.
We would like to use Primefaces JSF with Diamond theme so I would like to know how far are you with the resolution of this issue.
Do you use the same javascript libraries also in other themes?
Best regards,
Borut
Our customer also uses Checkermarx to test java code.
We would like to use Primefaces JSF with Diamond theme so I would like to know how far are you with the resolution of this issue.
Do you use the same javascript libraries also in other themes?
Best regards,
Borut
-
- Posts: 5281
- Joined: 29 Jun 2013, 12:38
Hi,
Thanks a lot for the report! I have carefully reviewed all the issues.
As mentioned above, we use prism.js only to show our codes in preview mode. So you don't need to add prism.js to your own project.
All about 'attr' are the methods we use to show our theme change. You may not need this either. You can implement different structures to make a theme change as in the config menu.
I fixed the 'cookie' related ones. Please try the following layout.js.
Thanks a lot for the report! I have carefully reviewed all the issues.
As mentioned above, we use prism.js only to show our codes in preview mode. So you don't need to add prism.js to your own project.
All about 'attr' are the methods we use to show our theme change. You may not need this either. You can implement different structures to make a theme change as in the config menu.
I fixed the 'cookie' related ones. Please try the following layout.js.
Code: Select all
/**
* PrimeFaces Diamond Layout
*/
PrimeFaces.widget.Diamond = PrimeFaces.widget.BaseWidget.extend({
init: function (cfg) {
this._super(cfg);
this.wrapper = $(document.body).children('.layout-wrapper');
this.contentWrapper = this.wrapper.children('.layout-content-wrapper');
this.topbar = this.contentWrapper.find('.layout-topbar');
this.menuButton = this.topbar.find('> .topbar-left > .menu-button');
this.sidebar = this.wrapper.children('.layout-sidebar');
this.sidebarRight = this.wrapper.children('.layout-sidebar-right');
this.menu = this.jq;
this.menuContainer = this.sidebar.children('.layout-menu-container');
this.menulinks = this.menu.find('a');
this.layoutSearch = this.wrapper.children('.layout-search');
this.layoutSearchContainer = this.layoutSearch.children('.search-container');
this.layoutSearchInput = this.layoutSearchContainer.find('input:first');
this.topbarMenu = this.topbar.find('.topbar-right > .topbar-menu');
this.topbarItems = this.topbarMenu.children('li');
this.topbarLinks = this.topbarItems.children('a');
this.configButton = $('#layout-config-button');
this.configurator = this.wrapper.children('.layout-config');
this.mask = this.wrapper.children('.layout-mask');
this.restoreMenuState();
this._bindEvents();
this.topbarMenuClick = false;
this.menuClick = false;
this.searchClick = false;
this.sidebarRightClick = false;
this.menuActive = false;
this.configClicked = false;
},
_bindEvents: function () {
var $this = this;
this.sidebar.off('click.menu').on('click.menu', function () {
$this.menuClick = true;
});
this.sidebarRight.off('click.menu').on('click.menu', function () {
$this.sidebarRightClick = true;
});
this.menuButton.off('click.menu').on('click.menu', function (e) {
$this.menuClick = true;
if ($this.isMobile()) {
$this.wrapper.toggleClass('layout-mobile-active');
$(document.body).toggleClass('blocked-scroll');
}
else {
if ($this.isStaticMenu()) {
$this.wrapper.toggleClass('layout-static-inactive');
$this.saveStaticMenuState();
}
else {
$this.wrapper.toggleClass('layout-overlay-active');
}
}
e.preventDefault();
});
this.layoutSearchContainer.off('click').on('click', function(e) {
$this.searchClick = true;
});
this.layoutSearchInput.off('keydown.search').on('keydown.search', function() {
var key = event.which;
//escape, tab and enter
if (key === 27 || key === 9 || key === 13) {
$this.hideSearch();
}
});
this.menu.find('> li').off('mouseenter.menu').on('mouseenter.menu', function(e) {
if (($this.isSlimMenu()) && $this.menuActive) {
var item = $(this);
if (!item.hasClass('active-menuitem')) {
$this.menu.find('.active-menuitem').removeClass('active-menuitem');
item.find('.fade-in-right').removeClass('fade-in-right');
item.addClass('active-menuitem');
}
}
});
this.menulinks.off('click.menu').on('click.menu', function (e) {
var link = $(this),
item = link.parent('li'),
submenu = item.children('ul');
if ($this.isSlimMenu()) {
submenu.css('display','');
if (item.hasClass('active-menuitem')) {
if (submenu.length) {
e.preventDefault();
}
if (item.parent().is($this.jq)) {
$this.menuActive = false;
submenu.addClass('fade-out-right');
setTimeout(function () {
item.removeClass('active-menuitem');
submenu.removeClass('fade-out-right').addClass('fade-in-right');
}, 350);
}
else {
item.removeClass('active-menuitem');
e.preventDefault();
}
}
else {
if (submenu.length) {
e.preventDefault();
}
if (item.parent().is($this.jq)) {
$this.menuActive = true;
submenu.addClass('fade-in-right');
item.addClass('active-menuitem');
}
else {
item.siblings('.active-menuitem').removeClass('active-menuitem');
item.addClass('active-menuitem');
}
}
}
else {
if (submenu.length) {
if (item.hasClass('active-menuitem')) {
submenu.slideUp(400, function() {
item.removeClass('active-menuitem');
});
}
else {
$this.deactivateItems(item.siblings());
$this.activate(item);
}
e.preventDefault();
}
else {
link.addClass('active-route');
$this.menu.find('.active-route').removeClass('active-route');
localStorage.setItem('diamond_menu_scroll_state', link.attr('href') + ',' + $this.menuContainer.scrollTop());
}
}
});
this.topbarLinks.off('click.topbar').on('click.topbar', function (e) {
var link = $(this),
item = link.parent(),
submenu = link.next();
$this.topbarMenuClick = true;
item.siblings('.active-menuitem').removeClass('active-menuitem');
if (submenu.length) {
if (item.hasClass('active-menuitem')) {
$this.hideTopBarSubMenu(item);
}
else {
item.addClass('active-menuitem');
submenu.addClass('fade-in-up');
}
}
if (item.hasClass('search-item')) {
$this.searchClick = true;
$this.layoutSearch.addClass('layout-search-active');
$this.layoutSearchInput.trigger('focus');
}
else if (item.hasClass('right-sidebar-item')) {
$this.sidebarRightClick = true;
$this.sidebarRight.addClass('layout-sidebar-right-active');
}
});
this.configButton.off('click.configbutton').on('click.configbutton', function(e) {
$this.configurator.toggleClass('layout-config-active');
$this.configClicked = true;
});
this.configurator.off('click.config').on('click.config', function() {
$this.configClicked = true;
});
$(document.body).off('click.layout').on('click.layout', function () {
if (!$this.menuClick) {
$this.wrapper.removeClass('layout-overlay-active layout-mobile-active');
$(document.body).removeClass('blocked-scroll');
if ($this.isSlimMenu()) {
var activeRootItem = $this.menu.children('.active-menuitem'),
submenu = activeRootItem.children('ul');
submenu.addClass('fade-out-right');
setTimeout(function () {
activeRootItem.removeClass('active-menuitem');
submenu.removeClass('fade-out-right').addClass('fade-in-right');
$this.menu.find('.active-menuitem').removeClass('active-menuitem');
}, 350);
$this.menuActive = false;
}
}
if (!$this.topbarMenuClick) {
$this.hideTopBarSubMenu($this.topbarItems.filter('.active-menuitem'));
}
if (!$this.searchClick && $this.layoutSearch.hasClass('layout-search-active')) {
$this.hideSearch();
}
if (!$this.sidebarRightClick && $this.sidebarRight.hasClass('layout-sidebar-right-active')) {
$this.sidebarRight.removeClass('layout-sidebar-right-active');
}
if (!$this.configClicked && $this.configurator.hasClass('layout-config-active')) {
$this.configurator.removeClass('layout-config-active');
}
$this.menuClick = false;
$this.topbarMenuClick = false;
$this.searchClick = false;
$this.sidebarRightClick = false;
$this.configClicked = false;
});
},
hideSearch: function () {
var $this = this;
this.layoutSearch.children('.search-container').addClass('fade-out-down');
setTimeout(function () {
$this.layoutSearch.removeClass('layout-search-active').children('.search-container').removeClass('fade-out-down');
}, 350);
},
hideTopBarSubMenu: function(item) {
var submenu = item.children('ul');
submenu.addClass('fade-out-down');
setTimeout(function () {
item.removeClass('active-menuitem');
submenu.removeClass('fade-out-down');
}, 350);
},
toggleClass: function(el, className) {
if (el.hasClass(className)) {
el.removeClass(className);
}
else {
el.addClass(className);
}
},
activate: function (item) {
var submenu = item.children('ul');
item.addClass('active-menuitem');
if (submenu.length && !this.isHorizontalMenu() && !this.isSlimMenu()) {
submenu.slideDown();
}
},
deactivate: function (item) {
var submenu = item.children('ul');
item.removeClass('active-menuitem');
if (submenu.length && !this.isHorizontalMenu() && !this.isSlimMenu()) {
submenu.hide();
}
},
deactivateItems: function (items) {
var $this = this;
for (var i = 0; i < items.length; i++) {
var item = items.eq(i),
submenu = item.children('ul');
if (submenu.length) {
if (item.hasClass('active-menuitem')) {
item.removeClass('active-menuitem');
submenu.slideUp('normal', function () {
$(this).parent().find('.active-menuitem').each(function () {
$this.deactivate($(this));
});
});
}
else {
item.find('.active-menuitem').each(function () {
var subItem = $(this);
$this.deactivate(subItem);
});
}
}
else if (item.hasClass('active-menuitem')) {
$this.deactivate(item);
}
}
},
clearActiveItems: function() {
var activeItems = this.jq.find('li.active-menuitem'),
subContainers = activeItems.children('ul');
activeItems.removeClass('active-menuitem');
if(subContainers && subContainers.length) {
subContainers.hide();
}
},
clearLayoutState: function() {
this.clearMenuState();
this.clearActiveItems();
},
clearMenuState: function() {
localStorage.removeItem('diamond_static_menu_inactive');
},
saveStaticMenuState: function() {
if (this.wrapper.hasClass('layout-static-inactive'))
localStorage.setItem('diamond_static_menu_inactive', 'diamond_static_menu_inactive');
else
localStorage.removeItem('diamond_static_menu_inactive');
},
isMobile: function () {
return window.innerWidth <= 991;
},
isStaticMenu: function () {
return this.wrapper.hasClass('layout-static') && this.isDesktop();
},
isHorizontalMenu: function() {
return this.wrapper.hasClass('layout-horizontal') && this.isDesktop();
},
isSlimMenu: function() {
return this.wrapper.hasClass('layout-slim') && this.isDesktop();
},
isDesktop: function () {
return window.innerWidth > 991;
},
restoreMenuState: function () {
var isSlimMenu = this.wrapper.hasClass('layout-slim');
var $this = this;
if (!isSlimMenu && this.isDesktop()) {
var link = $this.menu.find('a[href^="' + this.cfg.pathname + '"]');
if (link.length) {
link.addClass('active-route');
var menuitem = link.parents('li:not(.layout-root-menuitem)');
menuitem.addClass('active-menuitem').children('ul').show();
setTimeout(function() {
$this.restoreScrollState(menuitem);
}, 100)
}
var staticMenuState = localStorage.getItem('diamond_static_menu_inactive');
if (staticMenuState) {
this.wrapper.addClass('layout-static-inactive layout-static-inactive-restore');
}
}
},
restoreScrollState: function(menuitem) {
var scrollState = localStorage.getItem('diamond_menu_scroll_state');
if (scrollState) {
var state = scrollState.split(',');
if (state[0].startsWith(this.cfg.pathname) || this.isScrolledIntoView(menuitem, state[1])) {
this.menuContainer.scrollTop(parseInt(state[1], 10));
}
else {
this.scrollIntoView(menuitem.get(0));
localStorage.removeItem('diamond_menu_scroll_state');
}
}
else if (!this.isScrolledIntoView(menuitem, menuitem.scrollTop())){
this.scrollIntoView(menuitem.get(0));
}
},
scrollIntoView: function(elem) {
if (document.documentElement.scrollIntoView) {
elem.scrollIntoView({ block: "nearest", inline: 'start' });
var container = $('.layout-menu-container');
var scrollTop = container.scrollTop();
if (scrollTop > 0) {
container.scrollTop(scrollTop + parseFloat(this.topbar.height()));
}
}
},
isScrolledIntoView: function(elem, scrollTop) {
var viewBottom = parseInt(scrollTop, 10) + this.menuContainer.height();
var elemTop = elem.position().top;
var elemBottom = elemTop + elem.height();
return ((elemBottom <= viewBottom) && (elemTop >= scrollTop));
}
});
if (PrimeFaces.widget.InputSwitch) {
PrimeFaces.widget.InputSwitch = PrimeFaces.widget.InputSwitch.extend({
init: function (cfg) {
this._super(cfg);
if (this.input.prop('checked')) {
this.jq.addClass('ui-inputswitch-checked');
}
},
check: function () {
var $this = this;
this.input.prop('checked', true).trigger('change');
setTimeout(function () {
$this.jq.addClass('ui-inputswitch-checked');
}, 100);
},
uncheck: function () {
var $this = this;
this.input.prop('checked', false).trigger('change');
setTimeout(function () {
$this.jq.removeClass('ui-inputswitch-checked');
}, 100);
}
});
}
if (PrimeFaces.widget.AccordionPanel) {
PrimeFaces.widget.AccordionPanel = PrimeFaces.widget.AccordionPanel.extend({
init: function (cfg) {
this._super(cfg);
this.headers.last().addClass('ui-accordion-header-last');
}
});
}
/* Issue #924 is fixed for 5.3+ and 6.0. (compatibility with 5.3) */
if(window['PrimeFaces'] && window['PrimeFaces'].widget.Dialog) {
PrimeFaces.widget.Dialog = PrimeFaces.widget.Dialog.extend({
enableModality: function() {
this._super();
$(document.body).children(this.jqId + '_modal').addClass('ui-dialog-mask');
},
syncWindowResize: function() {}
});
}
if (PrimeFaces.widget.SelectOneMenu) {
PrimeFaces.widget.SelectOneMenu = PrimeFaces.widget.SelectOneMenu.extend({
init: function (cfg) {
this._super(cfg);
var $this = this;
if (this.jq.parent().hasClass('ui-float-label')) {
this.m_panel = $(this.jqId + '_panel');
this.m_focusInput = $(this.jqId + '_focus');
this.m_panel.addClass('ui-input-overlay-panel');
this.jq.addClass('ui-inputwrapper');
if (this.input.val() != '') {
this.jq.addClass('ui-inputwrapper-filled');
}
this.input.off('change').on('change', function () {
$this.inputValueControl($(this));
});
this.m_focusInput.on('focus.ui-selectonemenu', function () {
$this.jq.addClass('ui-inputwrapper-focus');
})
.on('blur.ui-selectonemenu', function () {
$this.jq.removeClass('ui-inputwrapper-focus');
});
if (this.cfg.editable) {
this.label.on('input', function (e) {
$this.inputValueControl($(this));
}).on('focus', function () {
$this.jq.addClass('ui-inputwrapper-focus');
}).on('blur', function () {
$this.jq.removeClass('ui-inputwrapper-focus');
$this.inputValueControl($(this));
});
}
}
},
inputValueControl: function (input) {
if (input.val() != '')
this.jq.addClass('ui-inputwrapper-filled');
else
this.jq.removeClass('ui-inputwrapper-filled');
}
});
}
if (PrimeFaces.widget.Chips) {
PrimeFaces.widget.Chips = PrimeFaces.widget.Chips.extend({
init: function (cfg) {
this._super(cfg);
var $this = this;
if (this.jq.parent().hasClass('ui-float-label')) {
this.jq.addClass('ui-inputwrapper');
if ($this.jq.find('.ui-chips-token').length !== 0) {
this.jq.addClass('ui-inputwrapper-filled');
}
this.input.on('focus.ui-chips', function () {
$this.jq.addClass('ui-inputwrapper-focus');
}).on('input.ui-chips', function () {
$this.inputValueControl();
}).on('blur.ui-chips', function () {
$this.jq.removeClass('ui-inputwrapper-focus');
$this.inputValueControl();
});
}
},
inputValueControl: function () {
if (this.jq.find('.ui-chips-token').length !== 0 || this.input.val() != '')
this.jq.addClass('ui-inputwrapper-filled');
else
this.jq.removeClass('ui-inputwrapper-filled');
}
});
}
if (PrimeFaces.widget.DatePicker) {
PrimeFaces.widget.DatePicker = PrimeFaces.widget.DatePicker.extend({
init: function (cfg) {
this._super(cfg);
var $this = this;
if (this.jq.parent().hasClass('ui-float-label') && !this.cfg.inline) {
if (this.input.val() != '') {
this.jq.addClass('ui-inputwrapper-filled');
}
this.jqEl.off('focus.ui-datepicker blur.ui-datepicker change.ui-datepicker')
.on('focus.ui-datepicker', function () {
$this.jq.addClass('ui-inputwrapper-focus');
})
.on('blur.ui-datepicker', function () {
$this.jq.removeClass('ui-inputwrapper-focus');
})
.on('change.ui-datepicker', function () {
$this.inputValueControl($(this));
});
}
},
inputValueControl: function (input) {
if (input.val() != '')
this.jq.addClass('ui-inputwrapper-filled');
else
this.jq.removeClass('ui-inputwrapper-filled');
}
});
}
Github Profile: https://github.com/mertsincan
-
- Information
-
Who is online
Users browsing this forum: No registered users and 1 guest