Changes for page Engine_XalanJ

Last modified by Nicolas Gregoire on 2012/01/31 17:35

From version Icon 35.1 Icon
edited by Nicolas Gregoire
on 2012/01/11 23:21
Change comment: There is no comment for this version
To version Icon 45.1 Icon
edited by Nicolas Gregoire
on 2012/01/11 23:38
Change comment: Upload new attachment xalanj-java-date.xsl

Summary

Details

Icon Page properties
Content
... ... @@ -19,22 +19,23 @@
19 19  
20 20  == Special features ==
21 21  
22 -* File creation
23 -* Code execution
24 -* JDBC connectivity
25 25  * Java properties disclosure
26 26  * Java environment disclosure
24 +* Java code execution
25 +* OS command execution
26 +* File creation
27 +* JDBC connectivity
27 27  
28 28  == Java properties disclosure ==
29 29  
30 -The xsl:system-property() standard function can be called with non standard arguments, mapped to Java properties.
31 +The xsl:system-property() standard function can be called with non standard arguments, mapped to Java properties. In this example, the name of the Java properties is stored in a separate XML file ([[properties.xml>>attach:properties.xml]]). The XSLT code will, for each property, display its name and its value.
31 31  
32 -|=Namespace|=Extension function|=PoC|=Sample output
33 -|http:~/~/xml.apache.org/xalan|checkEnvironment()|[[xalanj-checkenv.xsl>>attach:xalanj-checkenv.xsl]]|[[xalanj-checkenv-output.txt>>attach:xalanj-checkenv-output.txt]]
33 +|=Namespace|=Function|=PoC|=Sample output
34 +|http:~/~/www.w3.org/1999/XSL/Transform|system-property()|[[xalanj-java-properties.xsl>>attach:xalanj-java-properties.xsl]]|[[xalanj-java-properties-output.txt>>attach:xalanj-java-properties-output.txt]]
34 34  
35 35  == Java environment disclosure ==
36 36  
37 -The checkEnvironment() extension function (documented [[here>>http://xml.apache.org/xalan-j/faq.html#faq-N10064||rel="__blank"]]) will display some information about the execution context (packages, paths, versions, ...).
38 +The checkEnvironment() extension function (documented [[here>>http://xml.apache.org/xalan-j/faq.html#faq-N10064||rel="__blank"]]) will display some information about the execution context (including available packages, paths, versions, ...).
38 38  
39 39  |=Namespace|=Extension function|=PoC|=Sample output
40 40  |http:~/~/xml.apache.org/xalan|checkEnvironment()|[[xalanj-checkenv.xsl>>attach:xalanj-checkenv.xsl]]|[[xalanj-checkenv-output.txt>>attach:xalanj-checkenv-output.txt]]
... ... @@ -43,12 +43,11 @@
43 43  
44 44  The attached code will display the current date using a newly created "java.util.Date" object. This should be enough to demonstrate Java code execution.
45 45  
46 -
47 47  |=Namespace|=Extension function|=PoC|=Sample output
48 48  |http:~/~/xml.apache.org/xalan/java/java.util.Date|new()|[[xalanj-java-date.xsl>>attach:xalanj-java-date.xsl]]|Current date:
49 49  Wed Jan 11 22:45:07 CET 2012
50 50  
51 -== Execution of external commands ==
51 +== OS command execution ==
52 52  
53 53  The following code will execute the command "touch /tmp/hello" :
54 54  
Icon properties.xml
Author
... ... @@ -1,0 +1,1 @@
1 +xwiki:XWiki.NicolasGregoire
Size
... ... @@ -1,0 +1,1 @@
1 +2.7 KB
Content
... ... @@ -1,0 +1,73 @@
1 +<properties>
2 +<property>awt.toolkit</property>
3 +<property>browser</property>
4 +<property>browser.vendor</property>
5 +<property>browser.version</property>
6 +<property>file.encoding</property>
7 +<property>file.encoding.pkg</property>
8 +<property>file.separator</property>
9 +<property>file.separator.applet</property>
10 +<property>http.agent</property>
11 +<property>java.awt.graphicsenv</property>
12 +<property>java.awt.printerjob</property>
13 +<property>java.class.path</property>
14 +<property>java.class.version</property>
15 +<property>java.class.version.applet</property>
16 +<property>java.endorsed.dirs</property>
17 +<property>java.ext.dirs</property>
18 +<property>java.home</property>
19 +<property>java.io.tmpdir</property>
20 +<property>java.library.path</property>
21 +<property>java.runtime.name</property>
22 +<property>java.runtime.version</property>
23 +<property>java.specification.name</property>
24 +<property>java.specification.vendor</property>
25 +<property>java.specification.version</property>
26 +<property>java.vendor</property>
27 +<property>java.vendor.applet</property>
28 +<property>java.vendor.url</property>
29 +<property>java.vendor.url.applet</property>
30 +<property>java.vendor.url.bug</property>
31 +<property>java.version</property>
32 +<property>java.version.applet</property>
33 +<property>java.vm.info</property>
34 +<property>java.vm.name</property>
35 +<property>java.vm.specification.name</property>
36 +<property>java.vm.specification.vendor</property>
37 +<property>java.vm.specification.version</property>
38 +<property>java.vm.vendor</property>
39 +<property>java.vm.version</property>
40 +<property>javax.accessibility.assistive_technologies</property>
41 +<property>line.separator</property>
42 +<property>line.separator.applet</property>
43 +<property>os.arch</property>
44 +<property>os.arch.applet</property>
45 +<property>os.name</property>
46 +<property>os.name.applet</property>
47 +<property>os.version</property>
48 +<property>os.version.applet</property>
49 +<property>package.restrict.definition.java</property>
50 +<property>package.restrict.definition.sun</property>
51 +<property>path.separator</property>
52 +<property>path.separator.applet</property>
53 +<property>sun.arch.data.model</property>
54 +<property>sun.boot.class.path</property>
55 +<property>sun.boot.library.path</property>
56 +<property>sun.cpu.endian</property>
57 +<property>sun.cpu.isalist</property>
58 +<property>sun.desktop</property>
59 +<property>sun.io.unicode.encoding</property>
60 +<property>sun.java.launcher</property>
61 +<property>sun.jnu.encoding</property>
62 +<property>sun.management.compiler</property>
63 +<property>sun.os.patch.level</property>
64 +<property>user.country</property>
65 +<property>user.dir</property>
66 +<property>user.home</property>
67 +<property>user.language</property>
68 +<property>user.name</property>
69 +<property>user.timezone</property>
70 +<property>user.variant</property>
71 +<property>user.zoneinfo.dir</property>
72 +</properties>
73 +
Icon xalanj-java-date.xsl
Author
... ... @@ -1,0 +1,1 @@
1 +xwiki:XWiki.NicolasGregoire
Size
... ... @@ -1,0 +1,1 @@
1 +409 bytes
Content
... ... @@ -1,0 +1,11 @@
1 +<xsl:stylesheet version="1.0"
2 + xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
3 + xmlns:date="http://xml.apache.org/xalan/java/java.util.Date"
4 + exclude-result-prefixes="date">
5 + <xsl:output method="text"/>
6 + <xsl:template match="/">
7 + <xsl:variable name="dateObject" select="date:new()"/>
8 + <xsl:text>Current date: </xsl:text><xsl:value-of select="$dateObject"/>
9 + </xsl:template>
10 +</xsl:stylesheet>
11 +
Icon xalanj-java-properties-output.txt
Author
... ... @@ -1,0 +1,1 @@
1 +xwiki:XWiki.NicolasGregoire
Size
... ... @@ -1,0 +1,1 @@
1 +2.8 KB
Content
... ... @@ -1,0 +1,73 @@
1 +<?xml version="1.0" encoding="UTF-8"?>
2 +awt.toolkit:
3 +browser:
4 +browser.vendor:
5 +browser.version:
6 +file.encoding: UTF-8
7 +file.encoding.pkg: sun.io
8 +file.separator: /
9 +file.separator.applet:
10 +http.agent:
11 +java.awt.graphicsenv: sun.awt.X11GraphicsEnvironment
12 +java.awt.printerjob: sun.print.PSPrinterJob
13 +java.class.path: /usr/share/java/xalan2.jar:/usr/share/java/xml-apis.jar:/usr/share/java/xercesImpl.jar:/usr/share/java/serializer.jar:/usr/share/java/xsltc.jar
14 +java.class.version: 50.0
15 +java.class.version.applet:
16 +java.endorsed.dirs: /usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/endorsed
17 +java.ext.dirs: /usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/ext:/usr/java/packages/lib/ext
18 +java.home: /usr/lib/jvm/java-6-sun-1.6.0.26/jre
19 +java.io.tmpdir: /tmp
20 +java.library.path: /usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/i386/client:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/i386:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib
21 +java.runtime.name: Java(TM) SE Runtime Environment
22 +java.runtime.version: 1.6.0_26-b03
23 +java.specification.name: Java Platform API Specification
24 +java.specification.vendor: Sun Microsystems Inc.
25 +java.specification.version: 1.6
26 +java.vendor: Sun Microsystems Inc.
27 +java.vendor.applet:
28 +java.vendor.url: http://java.sun.com/
29 +java.vendor.url.applet:
30 +java.vendor.url.bug: http://java.sun.com/cgi-bin/bugreport.cgi
31 +java.version: 1.6.0_26
32 +java.version.applet:
33 +java.vm.info: mixed mode, sharing
34 +java.vm.name: Java HotSpot(TM) Client VM
35 +java.vm.specification.name: Java Virtual Machine Specification
36 +java.vm.specification.vendor: Sun Microsystems Inc.
37 +java.vm.specification.version: 1.0
38 +java.vm.vendor: Sun Microsystems Inc.
39 +java.vm.version: 20.1-b02
40 +javax.accessibility.assistive_technologies:
41 +line.separator:
42 +
43 +line.separator.applet:
44 +os.arch: i386
45 +os.arch.applet:
46 +os.name: Linux
47 +os.name.applet:
48 +os.version: 2.6.32-37-generic
49 +os.version.applet:
50 +package.restrict.definition.java:
51 +package.restrict.definition.sun:
52 +path.separator: :
53 +path.separator.applet:
54 +sun.arch.data.model: 32
55 +sun.boot.class.path: /usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/resources.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/rt.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/sunrsasign.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/jsse.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/jce.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/charsets.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/modules/jdk.boot.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/classes
56 +sun.boot.library.path: /usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/i386
57 +sun.cpu.endian: little
58 +sun.cpu.isalist:
59 +sun.desktop: gnome
60 +sun.io.unicode.encoding: UnicodeLittle
61 +sun.java.launcher: SUN_STANDARD
62 +sun.jnu.encoding: UTF-8
63 +sun.management.compiler: HotSpot Client Compiler
64 +sun.os.patch.level: unknown
65 +user.country: FR
66 +user.dir: /home/bob/foobar
67 +user.home: /home/bob
68 +user.language: fr
69 +user.name: bob
70 +user.timezone:
71 +user.variant:
72 +user.zoneinfo.dir:
73 +
Icon xalanj-java-properties.xsl
Author
... ... @@ -1,0 +1,1 @@
1 +xwiki:XWiki.NicolasGregoire
Size
... ... @@ -1,0 +1,1 @@
1 +276 bytes
Content
... ... @@ -1,0 +1,7 @@
1 +<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" >
2 + <xsl:template match="//property">
3 + <xsl:variable name="p" select="text()"/>
4 + <xsl:value-of select="$p"/>: <xsl:value-of select="system-property($p)"/>
5 + </xsl:template>
6 +</xsl:stylesheet>
7 +