This is an automated email from the ASF dual-hosted git repository.
dkulp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit a75bc16c1f3d8d41fe0ef8aa49cb007773fd6c44
Author: neseleznev <ne.selez...@gmail.com>
AuthorDate: Tue Nov 15 19:43:05 2022 +0200
CXF-8698: Use fallback domain in case parsed is not alphanumeric
---
.../org/apache/cxf/attachment/AttachmentUtil.java | 25 ++++++++++++++++------
.../apache/cxf/attachment/AttachmentUtilTest.java | 11 +++++-----
2 files changed, 25 insertions(+), 11 deletions(-)
diff --git a/core/src/main/java/org/apache/cxf/attachment/AttachmentUtil.java
b/core/src/main/java/org/apache/cxf/attachment/AttachmentUtil.java
index cf6274971d..747bf54454 100644
--- a/core/src/main/java/org/apache/cxf/attachment/AttachmentUtil.java
+++ b/core/src/main/java/org/apache/cxf/attachment/AttachmentUtil.java
@@ -45,6 +45,7 @@ import java.util.Set;
import java.util.UUID;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.logging.Logger;
+import java.util.regex.Pattern;
import jakarta.activation.CommandInfo;
import jakarta.activation.CommandMap;
@@ -80,8 +81,15 @@ public final class AttachmentUtil {
private static final Random BOUND_RANDOM = new Random();
private static final CommandMap DEFAULT_COMMAND_MAP =
CommandMap.getDefaultCommandMap();
private static final MailcapCommandMap COMMAND_MAP = new
EnhancedMailcapCommandMap();
-
-
+
+ /**
+ * Yet <a
href="https://datatracker.ietf.org/doc/html/rfc822#appendix-D";>RFC-822 Appendix
D (ALPHABETICAL LISTING OF SYNTAX RULES)</a>
+ * allows more characters in domain-literal,
+ * this regex is valid to check that the parsed domain is compliant,
+ * although it is stricter
+ */
+ private static final Pattern ALPHA_NUMERIC_DOMAIN_PATTERN =
Pattern.compile("^\\w+(\\.\\w+)*$");
+
static final class EnhancedMailcapCommandMap extends MailcapCommandMap {
@Override
public synchronized DataContentHandler createDataContentHandler(
@@ -255,22 +263,27 @@ public final class AttachmentUtil {
// tend to change
String cid = "cxf.apache.org";
if (ns != null && !ns.isEmpty()) {
+ if (isAlphaNumericDomain(ns)) {
+ cid = ns;
+ }
try {
URI uri = new URI(ns);
String host = uri.getHost();
- if (host != null) {
+ if (host != null && isAlphaNumericDomain(host)) {
cid = host;
- } else {
- cid = ns;
}
} catch (Exception e) {
- cid = ns;
+ // Could not parse domain => use fallback value
}
}
return ATT_UUID + '-' + Integer.toString(COUNTER.incrementAndGet()) +
'@'
+ URLEncoder.encode(cid, StandardCharsets.UTF_8);
}
+ private static boolean isAlphaNumericDomain(String string) {
+ return ALPHA_NUMERIC_DOMAIN_PATTERN.matcher(string).matches();
+ }
+
public static String getUniqueBoundaryValue() {
//generate a random UUID.
//we don't need the cryptographically secure random uuid that
diff --git
a/core/src/test/java/org/apache/cxf/attachment/AttachmentUtilTest.java
b/core/src/test/java/org/apache/cxf/attachment/AttachmentUtilTest.java
index ebe7dc8db2..eeebc24e2e 100644
--- a/core/src/test/java/org/apache/cxf/attachment/AttachmentUtilTest.java
+++ b/core/src/test/java/org/apache/cxf/attachment/AttachmentUtilTest.java
@@ -40,6 +40,10 @@ import static org.junit.Assert.assertNotEquals;
public class AttachmentUtilTest {
+ // Yet RFC822 allows more characters in domain-literal,
+ // this regex is enough to check that the fallback domain is compliant
+ public static final String CONTENT_ID_WITH_ALPHA_NUMERIC_DOMAIN_PATTERN =
".+@\\w+(\\.\\w+)*";
+
@Test
public void testContendDispositionFileNameNoQuotes() {
assertEquals("a.txt",
@@ -141,9 +145,7 @@ public class AttachmentUtilTest {
public void testCreateContentIDWithNullDomainNamePassed() {
String actual = AttachmentUtil.createContentID(null);
- // Yet RFC822 allows more characters in domain-literal,
- // this regex is enough to check that the fallback domain is compliant
- assertThat(actual, matchesPattern(".+@\\w+(\\.\\w+)*"));
+ assertThat(actual,
matchesPattern(CONTENT_ID_WITH_ALPHA_NUMERIC_DOMAIN_PATTERN));
}
@Test
@@ -176,14 +178,13 @@ public class AttachmentUtilTest {
}
@Test
- @Ignore //TODO:8698 Content-Id should contain valid domain, but IPv6 input
results in URL-encoded string
public void testCreateContentIDWithIPv6BasedUrlPassed() {
String domain = "[2001:0db8:11a3:09d7:1f34:8a2e:07a0:765d]";
String url = "http://"; + domain + "/a/b/c";
String actual = AttachmentUtil.createContentID(url);
- assertThat(actual, endsWith("@" + domain));
+ assertThat(actual,
matchesPattern(CONTENT_ID_WITH_ALPHA_NUMERIC_DOMAIN_PATTERN));
}
private CachedOutputStream testSetStreamedAttachmentProperties(final
String property, final Object value)
