Re: [security-discuss] gnuradio project DoS attacks GNU wget users

[Alfred M. Szmidt]

     > even any browser more advanced than curl or wget), you would
     > have noticed that those links are part of the dropbox which
     > itself is part of the search field.

   The use of Dropbox is a possible concern.  What job is Dropbox
   being used for, here?  Can you tell me where in the pages to find
   that?

It is a GUI element dropbox -- then one annoying ones where you click
and they expand.

     > There is absolutely no way to make that functionality without
     > javascript,

   Nothing can justify sending users nonfree JS code, but it is
   acceptable for a GNU package web site to send Javascript code
   provided that code is free.  It is best if the site does function
   with JS disabled (it's ok if that is ugly; ugly is better than
   malfunctioning).

   Can someone please tell me precisely where in the site this
   Javascript code appears?

I attached the full main page for GNU radio's manual (and the input
file for that).  It uses jquery, which is free software, but Doxygen
(GNU radio is only using Doxygen to generate the pages) is doing
something and no license is added.  The other files (dynsections.js,
resize.js, navtree.js, ...) are from Doxygen as well, but also do not
carry proper license notifications.

   Does it visibly carry a free license?  

No.

   Is it distributed as true source code?

>From the looks, no.

       The searchbox is the standard doxygen's searchbox which
       implements documentation search in javascript to avoid having
       to have a search engine on the server. So, if you don't like
       that searchbox, go to doxygen.org and tell them.

   You're saying that this Javascript code has somehing to do with
   doxygen.org.  What is the relationship between this Javascript code
   and doxygen.org?  Those words suggest multiple possibilities.

Doxygen is used to generated the web page manual for GNU Radio.  For
the web page to get dynamic GUI elements (dropdowns, search boxes,
collapsable navigation tree, ...) it uses Javascript.

So Doxygen is generating output without license headers for their
Javascript.  I think one can contact the Doxygen maintainers at
address@hidden

The GNU Radio manual also does not carry any license, or a copy of a
license from what I could see.

===File ~/index.html========================================
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml";>
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
<meta name="generator" content="Doxygen 1.8.8"/>
<title>GNU Radio Manual and C++ API Reference: Main Page</title>
<script type="text/javascript">
//<![CDATA[
try{if (!window.CloudFlare) {var 
CloudFlare=[{verbose:0,p:0,byc:0,owlid:"cf",bag2:1,mirage2:0,oracle:0,paths:{cloudflare:"/cdn-cgi/nexp/dok3v=1613a3a185/"},atok:"04ed2f8d793d27d7a270e9b100cc19f9",petok:"addc01398e0f27dc7d0efff5df61220729dab2cd-1488612990-1800",zone:"gnuradio.org",rocket:"m",apps:{"ga_key":{"ua":"UA-40259801-1","ga_bs":"2"}}}];document.write('<script
 type="text/javascript" 
src="//ajax.cloudflare.com/cdn-cgi/nexp/dok3v=f2befc48d1/cloudflare.min.js"><'+'\/script>');}}catch(e){};
//]]>
</script>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="dynsections.js"></script>
<link href="navtree.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="resize.js"></script>
<script type="text/javascript" src="navtree.js"></script>
<script type="text/javascript">
  $(document).ready(initResizable);
  $(window).load(resizeHeight);
</script>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="search/search.js"></script>
<script type="text/javascript">
  $(document).ready(function() { searchBox.OnSelectItem(0); });
</script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript">
/* <![CDATA[ */
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-40259801-1']);
_gaq.push(['_trackPageview']);

(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; 
ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 
'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; 
s.parentNode.insertBefore(ga, s);
})();

(function(b){(function(a){"__CF"in b&&"DJS"in 
b.__CF?b.__CF.DJS.push(a):"addEventListener"in 
b?b.addEventListener("load",a,!1):b.attachEvent("onload",a)})(function(){"FB"in 
b&&"Event"in FB&&"subscribe"in 
FB.Event&&(FB.Event.subscribe("edge.create",function(a){_gaq.push(["_trackSocial","facebook","like",a])}),FB.Event.subscribe("edge.remove",function(a){_gaq.push(["_trackSocial","facebook","unlike",a])}),FB.Event.subscribe("message.send",function(a){_gaq.push(["_trackSocial","facebook","send",a])}));"twttr"in
 b&&"events"in twttr&&"bind"in 
twttr.events&&twttr.events.bind("tweet",function(a){if(a){var 
b;if(a.target&&a.target.nodeName=="IFRAME")a:{if(a=a.target.src){a=a.split("#")[0].match(/[^?=&]+=([^&]*)?/g);b=0;for(var
 c;c=a[b];++b)if(c.indexOf("url")===0){b=unescape(c.split("=")[1]);break 
a}}b=void 0}_gaq.push(["_trackSocial","twitter","tweet",b])}})})})(window);
/* ]]> */
</script>
</head>
<body>
<div id="top"> 
<div id="titlearea">
<table cellspacing="0" cellpadding="0">
<tbody>
<tr style="height: 56px;">
<td id="projectlogo"><img alt="Logo" src="gnuradio_logo_icon.png"/></td>
<td style="padding-left: 0.5em;">
<div id="projectname">GNU Radio Manual and C++ API Reference
&#160;<span id="projectnumber">3.7.10.1</span>
</div>
<div id="projectbrief">The Free &amp; Open Software Radio Ecosystem</div>
</td>
<td> <div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png" onmouseover="return 
searchBox.OnSearchSelectShow()" onmouseout="return 
searchBox.OnSearchSelectHide()" alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S" 
onfocus="searchBox.OnSearchFieldFocus(true)" 
onblur="searchBox.OnSearchFieldFocus(false)" 
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img 
id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</td>
</tr>
</tbody>
</table>
</div>
 
 
<script type="text/javascript">
var searchBox = new SearchBox("searchBox", "search",false,'Search');
</script>
</div> 
<div id="side-nav" class="ui-resizable side-nav-resizable">
<div id="nav-tree">
<div id="nav-tree-contents">
<div id="nav-sync" class="sync"></div>
</div>
</div>
<div id="splitbar" style="-moz-user-select:none;" class="ui-resizable-handle">
</div>
</div>
<script type="text/javascript">
$(document).ready(function(){initNavTree('index.html','');});
</script>
<div id="doc-content">
 
<div id="MSearchSelectWindow" onmouseover="return 
searchBox.OnSearchSelectShow()" onmouseout="return 
searchBox.OnSearchSelectHide()" onkeydown="return 
searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" 
onclick="searchBox.OnSelectItem(0)"><span 
class="SelectionMark">&#160;</span>All</a><a class="SelectItem" 
href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span 
class="SelectionMark">&#160;</span>Classes</a><a class="SelectItem" 
href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span 
class="SelectionMark">&#160;</span>Namespaces</a><a class="SelectItem" 
href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span 
class="SelectionMark">&#160;</span>Files</a><a class="SelectItem" 
href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span 
class="SelectionMark">&#160;</span>Functions</a><a class="SelectItem" 
href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span 
class="SelectionMark">&#160;</span>Variables</a><a class="SelectItem" 
href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span 
class="SelectionMark">&#160;</span>Typedefs</a><a class="SelectItem" 
href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span 
class="SelectionMark">&#160;</span>Enumerations</a><a class="SelectItem" 
href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span 
class="SelectionMark">&#160;</span>Enumerator</a><a class="SelectItem" 
href="javascript:void(0)" onclick="searchBox.OnSelectItem(9)"><span 
class="SelectionMark">&#160;</span>Friends</a><a class="SelectItem" 
href="javascript:void(0)" onclick="searchBox.OnSelectItem(10)"><span 
class="SelectionMark">&#160;</span>Macros</a><a class="SelectItem" 
href="javascript:void(0)" onclick="searchBox.OnSelectItem(11)"><span 
class="SelectionMark">&#160;</span>Modules</a><a class="SelectItem" 
href="javascript:void(0)" onclick="searchBox.OnSelectItem(12)"><span 
class="SelectionMark">&#160;</span>Pages</a></div>
 
<div id="MSearchResultsWindow">
<iframe src="javascript:void(0)" frameborder="0" name="MSearchResults" 
id="MSearchResults">
</iframe>
</div>
<div class="header">
<div class="headertitle">
<div class="title">GNU Radio Manual and C++ API Reference Documentation</div> 
</div>
</div> 
<div class="contents">
<div class="textblock"><div class="image">
<img src="gnuradio-logo.svg" alt="gnuradio-logo.svg"/>
</div>
<p>Welcome to GNU Radio!</p>
<p>For details about GNU Radio and using it, please see the <a 
href="http://gnuradio.org"; target="_blank"><b>main project page</b></a>.</p>
<p>Other information about the project and discussion about GNU Radio, software 
radio, and communication theory in general can be found at the <a 
href="http://www.trondeau.com"; target="_blank"><b>GNU Radio blog</b></a>.</p>
<p>This manual is split into two parts: A usage manual and a reference. The 
usage manual deals with concepts of GNU Radio, introductions, how to build GNU 
Radio etc. The reference contains a list of all GNU Radio components, sorted by 
in-tree components, modules, files, namespaces and classes.</p>
<p>To access these parts, follow these links or use the tree browser in the 
left sidebar. A search function is also available at the top right.</p>
<ul>
<li><a class="el" href="page_usage.html">Part I - GNU Radio Usage</a> </li>
<li><a class="el" href="page_components.html">Part II - Reference</a> </li>
</ul>
</div></div> 
</div> 
 
<div id="nav-path" class="navpath"> 
<ul>
<li class="footer">Generated on Thu Aug 18 2016 11:37:34 for GNU Radio Manual 
and C++ API Reference by
<a href="http://www.doxygen.org/index.html";>
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.8.8 </li>
</ul>
</div>
</body>
</html>
============================================================

===File ~/GNU/gnuradio/docs/doxygen/other/main_page.dox===
/*! \mainpage

\image html gnuradio-logo.svg

Welcome to GNU Radio!

For details about GNU Radio and using it, please see the
<a href="http://gnuradio.org"; target="_blank"><b>main project page</b></a>.

Other information about the project and discussion about GNU Radio,
software radio, and communication theory in general can be found at
the <a href="http://www.trondeau.com"; target="_blank"><b>GNU Radio blog</b></a>.

This manual is split into two parts: A usage manual and a reference. The usage 
manual
deals with concepts of GNU Radio, introductions, how to build GNU Radio etc.
The reference contains a list of all GNU Radio components, sorted by in-tree 
components,
modules, files, namespaces and classes.

To access these parts, follow these links or use the tree browser in the left 
sidebar.
A search function is also available at the top right.

\li \subpage page_usage "Part I - GNU Radio Usage"
\li \subpage page_components "Part II - Reference"

*/
============================================================