This is an automated email from the ASF dual-hosted git repository. dkulp pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/cxf.git
commit a75bc16c1f3d8d41fe0ef8aa49cb007773fd6c44 Author: neseleznev <ne.selez...@gmail.com> AuthorDate: Tue Nov 15 19:43:05 2022 +0200 CXF-8698: Use fallback domain in case parsed is not alphanumeric --- .../org/apache/cxf/attachment/AttachmentUtil.java | 25 ++++++++++++++++------ .../apache/cxf/attachment/AttachmentUtilTest.java | 11 +++++----- 2 files changed, 25 insertions(+), 11 deletions(-) diff --git a/core/src/main/java/org/apache/cxf/attachment/AttachmentUtil.java b/core/src/main/java/org/apache/cxf/attachment/AttachmentUtil.java index cf6274971d..747bf54454 100644 --- a/core/src/main/java/org/apache/cxf/attachment/AttachmentUtil.java +++ b/core/src/main/java/org/apache/cxf/attachment/AttachmentUtil.java @@ -45,6 +45,7 @@ import java.util.Set; import java.util.UUID; import java.util.concurrent.atomic.AtomicInteger; import java.util.logging.Logger; +import java.util.regex.Pattern; import jakarta.activation.CommandInfo; import jakarta.activation.CommandMap; @@ -80,8 +81,15 @@ public final class AttachmentUtil { private static final Random BOUND_RANDOM = new Random(); private static final CommandMap DEFAULT_COMMAND_MAP = CommandMap.getDefaultCommandMap(); private static final MailcapCommandMap COMMAND_MAP = new EnhancedMailcapCommandMap(); - - + + /** + * Yet <a href="https://datatracker.ietf.org/doc/html/rfc822#appendix-D">RFC-822 Appendix D (ALPHABETICAL LISTING OF SYNTAX RULES)</a> + * allows more characters in domain-literal, + * this regex is valid to check that the parsed domain is compliant, + * although it is stricter + */ + private static final Pattern ALPHA_NUMERIC_DOMAIN_PATTERN = Pattern.compile("^\\w+(\\.\\w+)*$"); + static final class EnhancedMailcapCommandMap extends MailcapCommandMap { @Override public synchronized DataContentHandler createDataContentHandler( @@ -255,22 +263,27 @@ public final class AttachmentUtil { // tend to change String cid = "cxf.apache.org"; if (ns != null && !ns.isEmpty()) { + if (isAlphaNumericDomain(ns)) { + cid = ns; + } try { URI uri = new URI(ns); String host = uri.getHost(); - if (host != null) { + if (host != null && isAlphaNumericDomain(host)) { cid = host; - } else { - cid = ns; } } catch (Exception e) { - cid = ns; + // Could not parse domain => use fallback value } } return ATT_UUID + '-' + Integer.toString(COUNTER.incrementAndGet()) + '@' + URLEncoder.encode(cid, StandardCharsets.UTF_8); } + private static boolean isAlphaNumericDomain(String string) { + return ALPHA_NUMERIC_DOMAIN_PATTERN.matcher(string).matches(); + } + public static String getUniqueBoundaryValue() { //generate a random UUID. //we don't need the cryptographically secure random uuid that diff --git a/core/src/test/java/org/apache/cxf/attachment/AttachmentUtilTest.java b/core/src/test/java/org/apache/cxf/attachment/AttachmentUtilTest.java index ebe7dc8db2..eeebc24e2e 100644 --- a/core/src/test/java/org/apache/cxf/attachment/AttachmentUtilTest.java +++ b/core/src/test/java/org/apache/cxf/attachment/AttachmentUtilTest.java @@ -40,6 +40,10 @@ import static org.junit.Assert.assertNotEquals; public class AttachmentUtilTest { + // Yet RFC822 allows more characters in domain-literal, + // this regex is enough to check that the fallback domain is compliant + public static final String CONTENT_ID_WITH_ALPHA_NUMERIC_DOMAIN_PATTERN = ".+@\\w+(\\.\\w+)*"; + @Test public void testContendDispositionFileNameNoQuotes() { assertEquals("a.txt", @@ -141,9 +145,7 @@ public class AttachmentUtilTest { public void testCreateContentIDWithNullDomainNamePassed() { String actual = AttachmentUtil.createContentID(null); - // Yet RFC822 allows more characters in domain-literal, - // this regex is enough to check that the fallback domain is compliant - assertThat(actual, matchesPattern(".+@\\w+(\\.\\w+)*")); + assertThat(actual, matchesPattern(CONTENT_ID_WITH_ALPHA_NUMERIC_DOMAIN_PATTERN)); } @Test @@ -176,14 +178,13 @@ public class AttachmentUtilTest { } @Test - @Ignore //TODO:8698 Content-Id should contain valid domain, but IPv6 input results in URL-encoded string public void testCreateContentIDWithIPv6BasedUrlPassed() { String domain = "[2001:0db8:11a3:09d7:1f34:8a2e:07a0:765d]"; String url = "http://" + domain + "/a/b/c"; String actual = AttachmentUtil.createContentID(url); - assertThat(actual, endsWith("@" + domain)); + assertThat(actual, matchesPattern(CONTENT_ID_WITH_ALPHA_NUMERIC_DOMAIN_PATTERN)); } private CachedOutputStream testSetStreamedAttachmentProperties(final String property, final Object value)