This is an automated email from the ASF dual-hosted git repository. cziegeler pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-engine.git
The following commit(s) were added to refs/heads/master by this push: new 7d84c3d SLIGN-12201 : Regression introduced by SLING-12124 7d84c3d is described below commit 7d84c3d3cde95421fe597f5977bf735e50ed55d3 Author: Carsten Ziegeler <cziege...@apache.org> AuthorDate: Fri Dec 15 10:43:46 2023 +0100 SLIGN-12201 : Regression introduced by SLING-12124 --- .../sling/engine/impl/request/RequestData.java | 40 +++----------------- .../sling/engine/impl/request/RequestDataTest.java | 43 +--------------------- 2 files changed, 7 insertions(+), 76 deletions(-) diff --git a/src/main/java/org/apache/sling/engine/impl/request/RequestData.java b/src/main/java/org/apache/sling/engine/impl/request/RequestData.java index d8b170a..1c141c9 100644 --- a/src/main/java/org/apache/sling/engine/impl/request/RequestData.java +++ b/src/main/java/org/apache/sling/engine/impl/request/RequestData.java @@ -507,8 +507,7 @@ public class RequestData { SlingHttpServletResponse response) throws IOException, ServletException { - if (!isValidRequest(request.getRequestPathInfo(), - request.getResource().getResourceMetadata().getResolutionPathInfo())) { + if (!isValidRequest(request.getRequestPathInfo().getResourcePath(), request.getRequestPathInfo().getSelectors())) { response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Malformed request syntax"); return; @@ -561,42 +560,13 @@ public class RequestData { * Don't allow path segments that contain only dots or a mix of dots and %5B. * Additionally, check that we didn't have an empty selector from a dot replacement. */ - static boolean isValidRequest(final RequestPathInfo info, final String resourcePathInfo) { - final String selectorString = info.getSelectorString(); - if (selectorString == null && pathInfoContainsEmptySelectors(resourcePathInfo)) { - return false; - } - - for (final String selector : info.getSelectors()) { + static boolean isValidRequest(String resourcePath, String... selectors) { + for (String selector : selectors) { if (selector.trim().isEmpty()) { return false; } } - return info.getResourcePath() == null || !traversesParentPath(info.getResourcePath()); - } - - static boolean pathInfoContainsEmptySelectors(final String pathToParse) { - if (pathToParse == null) { - return false; - } - - // look for consecutive dots in the path - final int doubleDots = pathToParse.indexOf(".."); - if (doubleDots == -1) { - return false; - } - // find suffix - final String suffixPlusExtension; - final int firstSlash = pathToParse.indexOf('/'); - if (firstSlash == -1) { - suffixPlusExtension = pathToParse; - } else { - suffixPlusExtension = pathToParse.substring(0, firstSlash); - } - // find extension - final int lastDot = suffixPlusExtension.lastIndexOf('.'); - // double dots before extension? - return doubleDots < lastDot; + return resourcePath == null || !traversesParentPath(resourcePath); } // ---------- Content inclusion stacking ----------------------------------- @@ -779,4 +749,4 @@ public class RequestData { "to check for anonymous requests first."); } } -} +} \ No newline at end of file diff --git a/src/test/java/org/apache/sling/engine/impl/request/RequestDataTest.java b/src/test/java/org/apache/sling/engine/impl/request/RequestDataTest.java index b5f67fe..1b2d1ac 100644 --- a/src/test/java/org/apache/sling/engine/impl/request/RequestDataTest.java +++ b/src/test/java/org/apache/sling/engine/impl/request/RequestDataTest.java @@ -27,7 +27,6 @@ import javax.servlet.http.HttpServletResponse; import org.apache.sling.api.SlingHttpServletRequest; import org.apache.sling.api.SlingHttpServletResponse; -import org.apache.sling.api.request.RequestPathInfo; import org.apache.sling.api.request.RequestProgressTracker; import org.apache.sling.api.request.TooManyCallsException; import org.apache.sling.engine.impl.SlingHttpServletRequestImpl; @@ -38,7 +37,6 @@ import org.jmock.Mockery; import org.jmock.imposters.ByteBuddyClassImposteriser; import org.junit.Before; import org.junit.Test; -import org.mockito.Mockito; import java.io.IOException; import java.util.Collections; @@ -87,7 +85,6 @@ public class RequestDataTest { will(returnValue(servletConfig)); allowing(contentData).getRequestPathInfo(); - allowing(contentData).getResource(); allowing(servlet).service(with(any(ServletRequest.class)), with(any(ServletResponse.class))); @@ -208,21 +205,6 @@ public class RequestDataTest { assertValidRequest(true, "/a/.}["); } - @Test - public void testRawSelectors() { - String resourcePath = "/path/to/resource"; - - assertValidRequest(false, resourcePath, ".....json/a/b/c"); - - assertValidRequest(false, resourcePath, "..html"); - - assertValidRequest(true, resourcePath, ".html"); - - assertValidRequest(false, resourcePath, "..a...html/a/b/c", new String[] {"", "a", "", ""}); - - assertValidRequest(true, resourcePath, ".a.b.c.html/a/b/c", new String[]{"a", "b", "c"}); - } - @Test public void testValidRequest() { //HttpRequest with valid path @@ -230,30 +212,9 @@ public class RequestDataTest { } private static void assertValidRequest(boolean expected, String path) { - final RequestPathInfo info = Mockito.mock(RequestPathInfo.class); - Mockito.when(info.getResourcePath()).thenReturn(path); - Mockito.when(info.getSelectorString()).thenReturn(null); - Mockito.when(info.getSelectors()).thenReturn(new String[0]); - assertEquals( - "Expected " + expected + " for " + path, - expected, - RequestData.isValidRequest(info, null)); - } - - private static void assertValidRequest(boolean expected, String path, String pathInfo, String... selectors) { - final RequestPathInfo info = Mockito.mock(RequestPathInfo.class); - Mockito.when(info.getResourcePath()).thenReturn(path); - if (selectors == null || selectors.length == 0) { - Mockito.when(info.getSelectorString()).thenReturn(null); - Mockito.when(info.getSelectors()).thenReturn(new String[0]); - } else { - Mockito.when(info.getSelectorString()).thenReturn(selectors.toString()); // this is not correct, but doesn't matter for the test - Mockito.when(info.getSelectors()).thenReturn(selectors); - } - assertEquals( "Expected " + expected + " for " + path, expected, - RequestData.isValidRequest(info, pathInfo)); + RequestData.isValidRequest(path)); } -} +} \ No newline at end of file