Vulnerabilities in Diamond theme files

Forum rules
Please note that response time for technical support is within 3-5 business days.
Post Reply
sasoc
Posts: 7
Joined: 24 Oct 2017, 19:35

29 May 2023, 10:59

Hi,

My customer checks my source code with Checkmarx and found Vulnerabilities
in Diamond theme files (version 4.1.0 jakarta):

You can see the part of the report taken from Checkmarx from:
https://drive.google.com/file/d/1PB9_xk ... sp=sharing

Do you have some fix for these Vulnerabilities or at least some comment/explanation, so I can explain to my customer, if this are not Vulnerabilities ... because you deal with them in "such and such manner".

Regards,
Saso

olgubasak
Posts: 98
Joined: 05 Jan 2023, 11:05

31 May 2023, 11:37

Hi,

Thank you very much for the file you sent.
Prism.js is a third-party application that we use to display our demos, so you can remove it and use it without any issues.
We will also be working on the problems found in the layouts and will keep you informed.

Thank you for your notification and your report.
Best Regards,

sasoc
Posts: 7
Joined: 24 Oct 2017, 19:35

01 Jun 2023, 11:08

Thank you very much for the response and the solution for Prism.js.
Do you have any idea when other problems will be resolved or at least explained (so I can ask my customer to consider these problems with lower severity and allow installation). Is this matter of 2 weeks or 2 months?

Regards,
Saso

olgubasak
Posts: 98
Joined: 05 Jan 2023, 11:05

01 Jun 2023, 15:23

Hi again,

We have started working on the issues with the layout. Additionally, the diamond template is currently being updated. I can assure you that once the update is complete, the related issues will be resolved. We will solve the problem without causing much delay for your customers.
Thank you very much for your interest.

Best Regards,
Olgu

sasoc
Posts: 7
Joined: 24 Oct 2017, 19:35

18 Jun 2023, 22:22

Hi,

maybe some new information regarding this problem?

Cheers,
Saso

olgubasak
Posts: 98
Joined: 05 Jan 2023, 11:05

21 Jun 2023, 08:51

Hi,

We will have a new meeting on Friday regarding the subject. The Diamond theme is being updated, and in this process, we are prioritizing the issue you mentioned. We will definitely keep you informed about the results.

Best Regards,

sasoc
Posts: 7
Joined: 24 Oct 2017, 19:35

09 Jul 2023, 12:29

Hi,

maybe some progress or information regarding the issue?

Cheers,
Saso

bkorosin
Posts: 1
Joined: 19 Jun 2014, 15:08

02 Aug 2023, 08:32

Hello!

Our customer also uses Checkermarx to test java code.
We would like to use Primefaces JSF with Diamond theme so I would like to know how far are you with the resolution of this issue.
Do you use the same javascript libraries also in other themes?

Best regards,
Borut

mert.sincan
Posts: 5281
Joined: 29 Jun 2013, 12:38

02 Aug 2023, 23:17

Hi,

Thanks a lot for the report! I have carefully reviewed all the issues.
As mentioned above, we use prism.js only to show our codes in preview mode. So you don't need to add prism.js to your own project.
All about 'attr' are the methods we use to show our theme change. You may not need this either. You can implement different structures to make a theme change as in the config menu.
I fixed the 'cookie' related ones. Please try the following layout.js.

Code: Select all

/** 
 * PrimeFaces Diamond Layout
 */
PrimeFaces.widget.Diamond = PrimeFaces.widget.BaseWidget.extend({

    init: function (cfg) {
        this._super(cfg);
        this.wrapper = $(document.body).children('.layout-wrapper');
        this.contentWrapper = this.wrapper.children('.layout-content-wrapper');
        this.topbar = this.contentWrapper.find('.layout-topbar');
        this.menuButton = this.topbar.find('> .topbar-left > .menu-button');
        this.sidebar = this.wrapper.children('.layout-sidebar');
        this.sidebarRight = this.wrapper.children('.layout-sidebar-right');
        this.menu = this.jq;
        this.menuContainer = this.sidebar.children('.layout-menu-container');
        this.menulinks = this.menu.find('a');
        this.layoutSearch = this.wrapper.children('.layout-search');
        this.layoutSearchContainer = this.layoutSearch.children('.search-container');
        this.layoutSearchInput = this.layoutSearchContainer.find('input:first');

        this.topbarMenu = this.topbar.find('.topbar-right > .topbar-menu');
        this.topbarItems = this.topbarMenu.children('li');
        this.topbarLinks = this.topbarItems.children('a');

        this.configButton = $('#layout-config-button');
        this.configurator = this.wrapper.children('.layout-config');

        this.mask = this.wrapper.children('.layout-mask');
   
        this.restoreMenuState();
        
        this._bindEvents();

        this.topbarMenuClick = false;
        this.menuClick = false;
        this.searchClick = false;
        this.sidebarRightClick = false;
        this.menuActive = false;
        this.configClicked = false;
    },
    
    _bindEvents: function () {
        var $this = this;

        this.sidebar.off('click.menu').on('click.menu', function () {
            $this.menuClick = true;
        });
        
        this.sidebarRight.off('click.menu').on('click.menu', function () {
            $this.sidebarRightClick = true;
        });

        this.menuButton.off('click.menu').on('click.menu', function (e) {
            $this.menuClick = true;

            if ($this.isMobile()) {
                $this.wrapper.toggleClass('layout-mobile-active');
                $(document.body).toggleClass('blocked-scroll');
            }
            else {
                if ($this.isStaticMenu()) {
                    $this.wrapper.toggleClass('layout-static-inactive');
                    $this.saveStaticMenuState();
                }
                else {
                    $this.wrapper.toggleClass('layout-overlay-active');
                }
            }

            e.preventDefault();
        });

        this.layoutSearchContainer.off('click').on('click', function(e) {
            $this.searchClick = true;
        });

        this.layoutSearchInput.off('keydown.search').on('keydown.search', function() {
            var key = event.which;
            
            //escape, tab and enter
            if (key === 27 || key === 9 || key === 13) {
                $this.hideSearch();
            }
        });

        this.menu.find('> li').off('mouseenter.menu').on('mouseenter.menu', function(e) {    
            if (($this.isSlimMenu()) && $this.menuActive) {
                var item = $(this);
                
                if (!item.hasClass('active-menuitem')) {
                    $this.menu.find('.active-menuitem').removeClass('active-menuitem');
                    item.find('.fade-in-right').removeClass('fade-in-right');
                    item.addClass('active-menuitem');
                }
            }
        });

        this.menulinks.off('click.menu').on('click.menu', function (e) {
            var link = $(this),
            item = link.parent('li'),
            submenu = item.children('ul');
            
            if ($this.isSlimMenu()) {
                submenu.css('display','');

                if (item.hasClass('active-menuitem')) {
                    if (submenu.length) {
                        e.preventDefault();
                    }
    
                    if (item.parent().is($this.jq)) {
                        $this.menuActive = false;
                        submenu.addClass('fade-out-right');

                        setTimeout(function () {
                            item.removeClass('active-menuitem');
                            submenu.removeClass('fade-out-right').addClass('fade-in-right');
                        }, 350);
                    }
                    else {
                        item.removeClass('active-menuitem');
                        e.preventDefault();
                    }
                }
                else {
                    if (submenu.length) {
                        e.preventDefault();
                    }

                    if (item.parent().is($this.jq)) {
                        $this.menuActive = true;
                        submenu.addClass('fade-in-right');
                        item.addClass('active-menuitem');
                    }
                    else {
                        item.siblings('.active-menuitem').removeClass('active-menuitem');
                        item.addClass('active-menuitem');
                    }
                }
            }
            else {
                if (submenu.length) {
                    if (item.hasClass('active-menuitem')) {
                        submenu.slideUp(400, function() {
                            item.removeClass('active-menuitem');
                        });
                    }
                    else {
                        $this.deactivateItems(item.siblings());
                        $this.activate(item);
                    }
    
                    e.preventDefault();
                }
                else {
                    link.addClass('active-route');
                    $this.menu.find('.active-route').removeClass('active-route');
                    localStorage.setItem('diamond_menu_scroll_state', link.attr('href') + ',' + $this.menuContainer.scrollTop());
                }
            }
        });

        this.topbarLinks.off('click.topbar').on('click.topbar', function (e) {
            var link = $(this),
            item = link.parent(),
            submenu = link.next();
            $this.topbarMenuClick = true;

            item.siblings('.active-menuitem').removeClass('active-menuitem');

            if (submenu.length) {
                if (item.hasClass('active-menuitem')) {
                    $this.hideTopBarSubMenu(item);
                }
                else {
                    item.addClass('active-menuitem');
                    submenu.addClass('fade-in-up');
                }
            }

            if (item.hasClass('search-item')) {
                $this.searchClick = true;
                $this.layoutSearch.addClass('layout-search-active');
                $this.layoutSearchInput.trigger('focus');
            }
            else if (item.hasClass('right-sidebar-item')) {
                $this.sidebarRightClick = true;
                $this.sidebarRight.addClass('layout-sidebar-right-active');
            }
        });
        
        this.configButton.off('click.configbutton').on('click.configbutton', function(e) {
            $this.configurator.toggleClass('layout-config-active');
            $this.configClicked = true;
        });
        
        this.configurator.off('click.config').on('click.config', function() {
            $this.configClicked = true;
        });

        $(document.body).off('click.layout').on('click.layout', function () {
            if (!$this.menuClick) {
                $this.wrapper.removeClass('layout-overlay-active layout-mobile-active');
                $(document.body).removeClass('blocked-scroll');

                if ($this.isSlimMenu()) {
                    var activeRootItem = $this.menu.children('.active-menuitem'),
                    submenu = activeRootItem.children('ul');
                    submenu.addClass('fade-out-right');

                    setTimeout(function () {
                        activeRootItem.removeClass('active-menuitem');
                        submenu.removeClass('fade-out-right').addClass('fade-in-right');
                        $this.menu.find('.active-menuitem').removeClass('active-menuitem');
                    }, 350);

                    $this.menuActive = false;
                } 
            }

            if (!$this.topbarMenuClick) {
                $this.hideTopBarSubMenu($this.topbarItems.filter('.active-menuitem'));
            }

            if (!$this.searchClick && $this.layoutSearch.hasClass('layout-search-active')) {
                $this.hideSearch();
            }

            if (!$this.sidebarRightClick && $this.sidebarRight.hasClass('layout-sidebar-right-active')) {
                $this.sidebarRight.removeClass('layout-sidebar-right-active');
            }
            
            if (!$this.configClicked && $this.configurator.hasClass('layout-config-active')) {
                $this.configurator.removeClass('layout-config-active');
            }

            $this.menuClick = false;
            $this.topbarMenuClick = false;
            $this.searchClick = false;
            $this.sidebarRightClick = false;
            $this.configClicked = false;
        });
    },

    hideSearch: function () {
        var $this = this;
        this.layoutSearch.children('.search-container').addClass('fade-out-down');

        setTimeout(function () {
            $this.layoutSearch.removeClass('layout-search-active').children('.search-container').removeClass('fade-out-down');
        }, 350);
    },

    hideTopBarSubMenu: function(item) {
        var submenu = item.children('ul');
        submenu.addClass('fade-out-down');

        setTimeout(function () {
            item.removeClass('active-menuitem');
            submenu.removeClass('fade-out-down');
        }, 350);
    },
    
    toggleClass: function(el, className) {
        if (el.hasClass(className)) {
            el.removeClass(className);
        }
        else {
            el.addClass(className);
        }
    },

    activate: function (item) {
        var submenu = item.children('ul');
        item.addClass('active-menuitem');

        if (submenu.length && !this.isHorizontalMenu() && !this.isSlimMenu()) {
            submenu.slideDown();  
        }
    },

    deactivate: function (item) {
        var submenu = item.children('ul');
        item.removeClass('active-menuitem');

        if (submenu.length && !this.isHorizontalMenu() && !this.isSlimMenu()) {
            submenu.hide();  
        }
    },

    deactivateItems: function (items) {
        var $this = this;

        for (var i = 0; i < items.length; i++) {
            var item = items.eq(i),
                submenu = item.children('ul');

            if (submenu.length) {
                if (item.hasClass('active-menuitem')) {
                    item.removeClass('active-menuitem');

                    submenu.slideUp('normal', function () {
                        $(this).parent().find('.active-menuitem').each(function () {
                            $this.deactivate($(this));
                        });
                    });
                }
                else {
                    item.find('.active-menuitem').each(function () {
                        var subItem = $(this);
                        $this.deactivate(subItem);
                    });
                }
            }
            else if (item.hasClass('active-menuitem')) {
                $this.deactivate(item);
            }
        }
    },
        
    clearActiveItems: function() {
        var activeItems = this.jq.find('li.active-menuitem'),
        subContainers = activeItems.children('ul');

        activeItems.removeClass('active-menuitem');
        if(subContainers && subContainers.length) {
            subContainers.hide();
        }
    },

    clearLayoutState: function() {
        this.clearMenuState();
        this.clearActiveItems();
    },

    clearMenuState: function() {
        localStorage.removeItem('diamond_static_menu_inactive');
    },

    saveStaticMenuState: function() {
        if (this.wrapper.hasClass('layout-static-inactive'))
            localStorage.setItem('diamond_static_menu_inactive', 'diamond_static_menu_inactive');
        else
            localStorage.removeItem('diamond_static_menu_inactive');
    },

    isMobile: function () {
        return window.innerWidth <= 991;
    },

    isStaticMenu: function () {
        return this.wrapper.hasClass('layout-static') && this.isDesktop();
    },

    isHorizontalMenu: function() {
        return this.wrapper.hasClass('layout-horizontal') && this.isDesktop();
    },

    isSlimMenu: function() {
        return this.wrapper.hasClass('layout-slim') && this.isDesktop();
    },

    isDesktop: function () {
        return window.innerWidth > 991;
    },

    restoreMenuState: function () {
        var isSlimMenu = this.wrapper.hasClass('layout-slim');
        var $this = this;

        if (!isSlimMenu && this.isDesktop()) {
            var link = $this.menu.find('a[href^="' + this.cfg.pathname + '"]');
            if (link.length) {               
                link.addClass('active-route');

                var menuitem = link.parents('li:not(.layout-root-menuitem)');
                menuitem.addClass('active-menuitem').children('ul').show();

                setTimeout(function() {
                    $this.restoreScrollState(menuitem);
                }, 100)
            }

            var staticMenuState = localStorage.getItem('diamond_static_menu_inactive');
            if (staticMenuState) {
                this.wrapper.addClass('layout-static-inactive layout-static-inactive-restore');
            }
        }
    },

    restoreScrollState: function(menuitem) {
        var scrollState = localStorage.getItem('diamond_menu_scroll_state');
        if (scrollState) {
            var state = scrollState.split(',');
            if (state[0].startsWith(this.cfg.pathname) || this.isScrolledIntoView(menuitem, state[1])) {
                this.menuContainer.scrollTop(parseInt(state[1], 10));
            }
            else {
                this.scrollIntoView(menuitem.get(0));
                localStorage.removeItem('diamond_menu_scroll_state');
            }
        }
        else if (!this.isScrolledIntoView(menuitem, menuitem.scrollTop())){
            this.scrollIntoView(menuitem.get(0));
        }
    },

    scrollIntoView: function(elem) {
        if (document.documentElement.scrollIntoView) {
            elem.scrollIntoView({ block: "nearest", inline: 'start' });

            var container = $('.layout-menu-container');
            var scrollTop = container.scrollTop();
            if (scrollTop > 0) {
                container.scrollTop(scrollTop + parseFloat(this.topbar.height()));
            }
        }
    },

    isScrolledIntoView: function(elem, scrollTop) {
        var viewBottom = parseInt(scrollTop, 10) + this.menuContainer.height();

        var elemTop = elem.position().top;
        var elemBottom = elemTop + elem.height();

        return ((elemBottom <= viewBottom) && (elemTop >= scrollTop));
    }
});

if (PrimeFaces.widget.InputSwitch) {
    PrimeFaces.widget.InputSwitch = PrimeFaces.widget.InputSwitch.extend({

        init: function (cfg) {
            this._super(cfg);

            if (this.input.prop('checked')) {
                this.jq.addClass('ui-inputswitch-checked');
            }
        },

        check: function () {
            var $this = this;

            this.input.prop('checked', true).trigger('change');
            setTimeout(function () {
                $this.jq.addClass('ui-inputswitch-checked');
            }, 100);
        },

        uncheck: function () {
            var $this = this;

            this.input.prop('checked', false).trigger('change');
            setTimeout(function () {
                $this.jq.removeClass('ui-inputswitch-checked');
            }, 100);
        }
    });
}

if (PrimeFaces.widget.AccordionPanel) {
    PrimeFaces.widget.AccordionPanel = PrimeFaces.widget.AccordionPanel.extend({

        init: function (cfg) {
            this._super(cfg);
            
            this.headers.last().addClass('ui-accordion-header-last');
        }
    });
}

/* Issue #924 is fixed for 5.3+ and 6.0. (compatibility with 5.3) */
if(window['PrimeFaces'] && window['PrimeFaces'].widget.Dialog) {
    PrimeFaces.widget.Dialog = PrimeFaces.widget.Dialog.extend({

        enableModality: function() {
            this._super();
            $(document.body).children(this.jqId + '_modal').addClass('ui-dialog-mask');
        },

        syncWindowResize: function() {}
    });
}

if (PrimeFaces.widget.SelectOneMenu) {
    PrimeFaces.widget.SelectOneMenu = PrimeFaces.widget.SelectOneMenu.extend({
        init: function (cfg) {
            this._super(cfg);

            var $this = this;
            if (this.jq.parent().hasClass('ui-float-label')) {
                this.m_panel = $(this.jqId + '_panel');
                this.m_focusInput = $(this.jqId + '_focus');

                this.m_panel.addClass('ui-input-overlay-panel');
                this.jq.addClass('ui-inputwrapper');

                if (this.input.val() != '') {
                    this.jq.addClass('ui-inputwrapper-filled');
                }

                this.input.off('change').on('change', function () {
                    $this.inputValueControl($(this));
                });

                this.m_focusInput.on('focus.ui-selectonemenu', function () {
                    $this.jq.addClass('ui-inputwrapper-focus');
                })
                    .on('blur.ui-selectonemenu', function () {
                        $this.jq.removeClass('ui-inputwrapper-focus');
                    });

                if (this.cfg.editable) {
                    this.label.on('input', function (e) {
                        $this.inputValueControl($(this));
                    }).on('focus', function () {
                        $this.jq.addClass('ui-inputwrapper-focus');
                    }).on('blur', function () {
                        $this.jq.removeClass('ui-inputwrapper-focus');
                        $this.inputValueControl($(this));
                    });
                }
            }
        },

        inputValueControl: function (input) {
            if (input.val() != '')
                this.jq.addClass('ui-inputwrapper-filled');
            else
                this.jq.removeClass('ui-inputwrapper-filled');
        }
    });
}

if (PrimeFaces.widget.Chips) {
    PrimeFaces.widget.Chips = PrimeFaces.widget.Chips.extend({
        init: function (cfg) {
            this._super(cfg);

            var $this = this;
            if (this.jq.parent().hasClass('ui-float-label')) {
                this.jq.addClass('ui-inputwrapper');

                if ($this.jq.find('.ui-chips-token').length !== 0) {
                    this.jq.addClass('ui-inputwrapper-filled');
                }

                this.input.on('focus.ui-chips', function () {
                    $this.jq.addClass('ui-inputwrapper-focus');
                }).on('input.ui-chips', function () {
                    $this.inputValueControl();
                }).on('blur.ui-chips', function () {
                    $this.jq.removeClass('ui-inputwrapper-focus');
                    $this.inputValueControl();
                });

            }
        },

        inputValueControl: function () {
            if (this.jq.find('.ui-chips-token').length !== 0 || this.input.val() != '')
                this.jq.addClass('ui-inputwrapper-filled');
            else
                this.jq.removeClass('ui-inputwrapper-filled');
        }
    });
}

if (PrimeFaces.widget.DatePicker) {
    PrimeFaces.widget.DatePicker = PrimeFaces.widget.DatePicker.extend({
        init: function (cfg) {
            this._super(cfg);

            var $this = this;
            if (this.jq.parent().hasClass('ui-float-label') && !this.cfg.inline) {
                if (this.input.val() != '') {
                    this.jq.addClass('ui-inputwrapper-filled');
                }

                this.jqEl.off('focus.ui-datepicker blur.ui-datepicker change.ui-datepicker')
                    .on('focus.ui-datepicker', function () {
                        $this.jq.addClass('ui-inputwrapper-focus');
                    })
                    .on('blur.ui-datepicker', function () {
                        $this.jq.removeClass('ui-inputwrapper-focus');
                    })
                    .on('change.ui-datepicker', function () {
                        $this.inputValueControl($(this));
                    });
            }
        },

        inputValueControl: function (input) {
            if (input.val() != '')
                this.jq.addClass('ui-inputwrapper-filled');
            else
                this.jq.removeClass('ui-inputwrapper-filled');
        }
    });
}

Post Reply

Return to “Diamond - PrimeFaces”

  • Information
  • Who is online

    Users browsing this forum: No registered users and 2 guests