This is an automated email from the ASF dual-hosted git repository. kwin pushed a commit to branch feature/OAK-11683-prevent-registration-of-invalid-namespace-uris in repository https://gitbox.apache.org/repos/asf/jackrabbit-oak.git
commit 6db729ffcd1d945b4cfc9710cee01c4e9763948b Author: Konrad Windszus <[email protected]> AuthorDate: Mon Apr 28 17:15:55 2025 +0200 OAK-11683: Optionally prevent registration of invalid namespace URIs This feature is off by default and can be enabled by setting framework/system property "oak.allowInvalidNamespaceUris" to "false". --- .../oak/plugins/name/ReadWriteNamespaceRegistry.java | 10 ++++++---- .../plugins/name/ReadWriteNamespaceRegistryTest.java | 20 +++++++++++++++++++- 2 files changed, 25 insertions(+), 5 deletions(-) diff --git a/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/name/ReadWriteNamespaceRegistry.java b/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/name/ReadWriteNamespaceRegistry.java index adea1bbad6..601e37ed56 100644 --- a/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/name/ReadWriteNamespaceRegistry.java +++ b/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/name/ReadWriteNamespaceRegistry.java @@ -71,11 +71,13 @@ public abstract class ReadWriteNamespaceRegistry // sanity check for legal namespace names (excluding the "internal" // namespace, see OAK-74) - if (!NamespaceConstants.NAMESPACE_REP.equals(uri)) { - if (!uri.contains(":")) { + if (!NamespaceConstants.NAMESPACE_REP.equals(uri) && !uri.contains(":")) { + if (Boolean.parseBoolean(System.getProperty("oak.allowInvalidNamespaceUris", "true"))) { LOG.error("Registering invalid namespace name '" + uri + "' for prefix '" + prefix - + "', please see https://developer.adobe.com/experience-manager/reference-materials/spec/jcr/2.0/3_Repository_Model.html#3.2.1%20Namespaces";, - new Exception("call stack")); + + "', please see https://s.apache.org/jcr-2.0-spec/3_Repository_Model.html#3.2.1%20Namespaces";, + new Exception("call stack")); + } else { + throw new NamespaceException("Invalid namespace URI given: " + uri + ". It must not contain a colon."); } } diff --git a/oak-it/src/test/java/org/apache/jackrabbit/oak/plugins/name/ReadWriteNamespaceRegistryTest.java b/oak-it/src/test/java/org/apache/jackrabbit/oak/plugins/name/ReadWriteNamespaceRegistryTest.java index 30d70c9e46..46e5bb8c1a 100644 --- a/oak-it/src/test/java/org/apache/jackrabbit/oak/plugins/name/ReadWriteNamespaceRegistryTest.java +++ b/oak-it/src/test/java/org/apache/jackrabbit/oak/plugins/name/ReadWriteNamespaceRegistryTest.java @@ -17,6 +17,7 @@ package org.apache.jackrabbit.oak.plugins.name; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertThrows; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; @@ -87,7 +88,7 @@ public class ReadWriteNamespaceRegistryTest extends OakBaseTest { } @Test - public void testInvalidNamespace() throws Exception { + public void testInvalidNamespaceInDefaultMode() throws Exception { final ContentSession session = createContentSession(); final Root root = session.getLatestRoot(); NamespaceRegistry r = getNamespaceRegistry(session, root); @@ -106,6 +107,23 @@ public class ReadWriteNamespaceRegistryTest extends OakBaseTest { } } + @Test + public void testInvalidNamespaceInStrictMode() { + final ContentSession session = createContentSession(); + final Root root = session.getLatestRoot(); + NamespaceRegistry r = getNamespaceRegistry(session, root); + String oldValue = System.setProperty("oak.allowInvalidNamespaceUris", "false"); + try { + assertThrows(NamespaceException.class, () -> r.registerNamespace("foo", "example.com")); + } + finally { + if (oldValue != null) { + System.setProperty("oak.allowInvalidNamespaceUris", oldValue); + } else { + System.clearProperty("oak.allowInvalidNamespaceUris"); + } + } + } private static NamespaceRegistry getNamespaceRegistry(ContentSession session, Root root) { return new ReadWriteNamespaceRegistry(root) { @Override
