Actionscript 3.0 Disable navigateToURL - security

A web game I play on that allows user uploaded content has been having a lot of issues with people using the navigateToURL function to send players to random websites. I was curious if there was a way to disable this function using Actionscript 2 or 3. I have seen a way to do it using the HTML embed but I do not have administrative access to the website.

After doing some more research, I have come up with a solid answer:
You should use a combination of PHP and an executable called swfdump on the server side to validate the user uploaded content.
swfdump is an exe file located in the bin folder of the Flex SDK. You can run it from PHP using exec.
It will read the bytecode of the swf and produce a report. From that you can easily locate which files contain navigateToURL() and reject the files.
I tested a file of my own using swfdump -abc -out myfilereport.swfx myfile.swf
and in that output I found this:
findpropstrict flash.net:navigateToURL
findpropstrict flash.net:URLRequest
pushstring "http://www.plasticsturgeon.com"
constructprop flash.net:URLRequest (1)
callproperty flash.net:navigateToURL (1)
The url I was using was "http://www.plasticsturgeon.com". But it would be far easuer to just eliminate any swf that includes flash.net.navigateToURL. Once you identify tha is present you can generate an error notice to your end user.
So using this method you can find and reject any swf that is using navigate to URL. You could even create a batch to run and invalidate any existing assert with this problem.
More information about using bytecode:
http://code.google.com/p/redtamarin/wiki/ABC
And about decompiling ASbytecode:
http://dougmccune.com/flex/FOTB_Decompiling_Doug_McCune.pdf

Related

Need to run the EB.BARCODE function from another application

We need to run the EB.barcode function from another application. To test this, we built the tutorial provided by Zebra, barcode.html, which references ebapi-modules.js. We put this in a folder called ZebraScanner – just those two files.
When this folder is placed in the /Android/data/com.symbol.enterprisebrowser folder – and the Config.xml file is modified to set barcode.html as the start page – it works perfectly.
When this folder is placed in the /Download folder .. this popup appears:
{"method":"getDefaultID","params":
[],"_rhoClass":"Rho.Barcode","_rhoID
":"0","jsonrpc":"2.0","id":1}
_rhoNativeApiCall:prompt
You can only run the EB.Barcode function from within Zebra's Enterprise Browser. The webview exposed by that product exposes several addJavaScriptInterface calls that are required to execute the logic in ebapi-modules.js, hence why you are seeing that error. If you are trying to scan from within another browser such as Chrome or FireFox then a good approach is to use DataWedge with KeyPress & there is an article explaining how to do that at https://developer.zebra.com/blog/listening-keypress-events-datawedge

How to download and write a jar file in Node.js?

So I'm working on a Minecraft launcher (because why not, good experience), and I'm stuck when it comes to downloading the libraries.
I have a valid jar URL here. When you download it in the browser, it works fine. But, when you download it with Node.js, 7-zip gives this error when trying to open it:
An attempt was made to move the file pointer before the beginning of the file.
I'm using a module called snekfetch, but I've also tried it with request. Both items gave the same issue. Here's my current test code:
request.get('https://libraries.minecraft.net/com/google/code/gson/gson/2.8.0/gson-2.8.0.jar').then(r => {
fs.writeFileSync('./mything.jar', r.body);
});
Am I doing something wrong to download the jar file?
Okay, so now that I've seen this answer, I need to modify the question. I've gotten it to work using pipes, but I need inline-code because this is a for loop that's downloading (hence my usage of writeFileSync, and in my actual code I use await for the request). Is it even possible to download and write without piping?
It turns out this is an issue with the snekfetch library. Switching to snekfetch v3 fixed it.
You can check out the status of the issue here.

GET / POST using Clarion

I have Clarion 9 app that I want to be able to communicate with HTTP servers. I come from PHP background. I have 0 idea on what to do.
What I wish to be able to do:
Parse JSON data and convert QUEUE data to JSON [Done]
Have a global variable like 'baseURL' that points to e.g. http://localhost.com [Done]
Call functions such apiConnection.get('/users') would return me the contents of the page. [I'm stuck here]
apiConnection.post('/users', myQueueData) would POST myQueueData contents.
I tried using winhttp.dll by reading it from LibMaker but it didn't read it. Instead, I'm now using wininet.dll which LibMaker successfully created a .lib file for it.
I'm currently using the PROTOTYPE procedures from this code on GitHub https://gist.github.com/ddur/34033ed1392cdce1253c
What I did was include them like:
SimpleApi.clw
PROGRAM
INCLUDE('winInet.equ')
ApiLog QUEUE, PRE(log)
LogTitle STRING(10)
LogMessage STRING(50)
END
MAP
INCLUDE('winInetMap.clw')
END
INCLUDE('equates.clw'),ONCE
INCLUDE('DreamyConnection.inc'),ONCE
ApiConnection DreamyConnection
CODE
IF DreamyConnection.initiateConnection('http://localhost')
ELSE
log:LogTitle = 'Info'
log:LogMessage = 'Failed'
ADD(apiLog)
END
But the buffer that winInet's that uses always returns 0.
I have created a GitHub repository https://github.com/spacemudd/clarion-api with all the code to look at.
I'm really lost in this because I can't find proper documentation of Clarion.
I do not want a paid solution.
It kind of depends which version of Clarion you have.
Starting around v9 they added ClaRunExt which provides this kind of functionality via .NET Interop.
From the help:
Use HTTP or HTTPS to download web pages, or any other type of file. You can also post form data to web servers. Very easy way to send HTTP web requests (and receive responses) to Web Servers, REST Web Services, or standard Web Services, with the most commonly used HTTP verbs; POST, GET, PUT, and DELETE.
Otherwise, search the LibSrc\ directory for "http" and you will get an idea of what is already there. abapi.inc for example, appears to provide a wrapper around wininet.lib.

node.js - secure image file upload

We had to implement an image uploader for a node.js project. As framework we are using express.js We did it like described here: http://howtonode.org/really-simple-file-uploads
But we are not sure how to secure this image uploader. What we did so far is:
checking the file size
checking extension and header
rename the file
file is only accessible over a special route and is not in the root folder
Is this enough? We don't feel very comfortable with the following line:
// CHECKING FOR FILESIZE, EXTENSION, HEADERS
fs.readFile(req.files.displayImage.path, function (err, data) {
...
...
...
// RENAMING FILE
// SAVE FILE
...
...
...
}
Is it save to read the image this way? We are afraid, there could be malicious code in req.files.displayImage.path. Do we need to add more checks or are our checks sufficient? What attack vectors do we offer an attacker if we use the code as described?
Thank you for your advices
Tschoartschi
If you are concerned for opening malicious images on client side as posted in your comments. Try opening third party scripts and untrusted files inside a sandboxed iframe this will protect your users.

Launch Documents To Go app from third party Blackberry App

I was wondering if it's possible to open doc, xls, pdf, etc files using the "Documents To Go" app from a third party blackberry app.
If you want to open a specific document, since Docs ToGo registers to handle these extensions, you can use the Registry invocation and it will be handled for you. Take a look at the Registry and Invocation classes, the following code will open the document in the given path, Docs ToGo will take over through the Registry:
Invocation invocation = new Invocation(path);
Ragistry reg = = Registry.getRegistry("<your app namespace.class>");
reg.invoke(invocation);
If there is no registered handler for the file content type a ContentHandlerException will be thrown with error code ContentHandlerException.NO_REGISTERED_HANDLER.
Note: there's a small bug in Docs ToGo - closing the document or clicking the back button might not lead the user back to your application.
EDIT: The getRegistry function takes a class fully qualified name e.g. com.softartisans.SilverDust, where SilverDust is the class mane. You can find more info about the use of the Registry in this online book starting page 291 - Client use of Registry. I originally linked to the javax Registry, but it is more useful to look at the BlackBerry Registry docs.
You can use the ApplicationManager class to launch other applications, for example by looking up its descriptor and using runApplication(). You can also pass arguments in the descriptor and if the application looks at arguments passed into it, it may actually open the specified file.

Resources