add string escape to captcha confirm id and replace favicon, merge br…

…anch 'dev'

gateway/gateway_response.go

@@ -83,7 +83,7 @@ func rewriteResponse(resp *http.Response) (err error) {
 				vulnName, _ := firewall.VulnMap.Load(policy.VulnID)
 				hitInfo := &models.HitInfo{TypeID: 2, PolicyID: policy.ID, VulnName: vulnName.(string)}
 				go firewall.LogGroupHitRequest(r, app.ID, srcIP, policy)
-				blockContent := GenerateBlockConcent(hitInfo)
+				blockContent := GenerateBlockContent(hitInfo)
 				resp.StatusCode = 403
 				resp.Body = io.NopCloser(bytes.NewBuffer(blockContent))
 				resp.ContentLength = int64(len(blockContent))

gateway/waf_block.go

@@ -31,15 +31,15 @@ func GenerateBlockPage(w http.ResponseWriter, hitInfo *models.HitInfo) {
 	}
 }
 
-// GenerateBlockConcent ...
-func GenerateBlockConcent(hitInfo *models.HitInfo) []byte {
+// GenerateBlockContent ...
+func GenerateBlockContent(hitInfo *models.HitInfo) []byte {
 	if tmplBlockResp == nil {
 		tmplBlockResp, _ = template.New("blockResp").Parse(data.NodeSetting.BlockHTML)
 	}
 	buf := &bytes.Buffer{}
 	err := tmplBlockResp.Execute(buf, hitInfo)
 	if err != nil {
-		utils.DebugPrintln("GenerateBlockConcent tmpl.Execute error", err)
+		utils.DebugPrintln("GenerateBlockContent tmpl.Execute error", err)
 	}
 	return buf.Bytes()
 }

gateway/waf_captcha.go

@@ -8,6 +8,7 @@
 package gateway
 
 import (
+	"html"
 	"net/http"
 	"sync"
 	"text/template"
@@ -32,7 +33,7 @@ const (
 // ShowCaptchaHandlerFunc ...
 func ShowCaptchaHandlerFunc(w http.ResponseWriter, r *http.Request) {
 	go ClearExpiredCapthchaHitInfo()
-	id := r.FormValue("id")
+	id := html.EscapeString(r.FormValue("id"))
 	captchaContext := models.CaptchaContext{CaptchaId: captcha.New(), ClientID: id}
 	if err := formTemplate.Execute(w, &captchaContext); err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)

static/janusec-admin/index.html

@@ -1,14 +1,17 @@
 <!doctype html>
 <html lang="en">
+
 <head><base href="/janusec-admin/">
   <meta charset="utf-8">
-  <title>JANUSEC</title>
+  <title>Janusec Application Gateway</title>
   <meta name="viewport" content="width=device-width, initial-scale=1">
   <meta http-equiv="Content-Security-Policy" content="img-src 'self' data:;" />
   <link href="/janusec-admin/assets/material-icons/material-icons.css" rel="stylesheet">
   <link rel="icon" type="image/x-icon" href="favicon.ico">
 <link rel="stylesheet" href="/janusec-admin/styles.5b315bea3caf382abdf2.css"></head>
+
 <body>
   <app-root></app-root>
- <script src="/janusec-admin/runtime-es2015.871528d607deca2f7955.js" type="module"></script><script src="/janusec-admin/runtime-es5.871528d607deca2f7955.js" nomodule defer></script><script src="/janusec-admin/polyfills-es5.aa2ca4297f425c58cd1c.js" nomodule defer></script><script src="/janusec-admin/polyfills-es2015.bf3b0982128d918baf6a.js" type="module"></script><script src="/janusec-admin/main-es2015.3d249a116c0e53e1af34.js" type="module"></script><script src="/janusec-admin/main-es5.3d249a116c0e53e1af34.js" nomodule defer></script></body>
-</html>
+<script src="/janusec-admin/runtime-es2015.871528d607deca2f7955.js" type="module"></script><script src="/janusec-admin/runtime-es5.871528d607deca2f7955.js" nomodule defer></script><script src="/janusec-admin/polyfills-es5.aa2ca4297f425c58cd1c.js" nomodule defer></script><script src="/janusec-admin/polyfills-es2015.bf3b0982128d918baf6a.js" type="module"></script><script src="/janusec-admin/main-es2015.9b510fd27c80e2436f66.js" type="module"></script><script src="/janusec-admin/main-es5.9b510fd27c80e2436f66.js" nomodule defer></script></body>
+
+</html>