This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 84d864d Always use DeploymentException for invalid paths and add more
checks
84d864d is described below
commit 84d864def79863324456f4ce0fa1039c2a899206
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Fri May 15 17:36:29 2020 +0100
Always use DeploymentException for invalid paths and add more checks
The additional paths should have been rejected later or would have never
have worked anyway.
---
.../websocket/server/LocalStrings.properties | 2 +-
.../tomcat/websocket/server/UriTemplate.java | 9 +++---
.../tomcat/websocket/server/TestUriTemplate.java | 37 +++++++++++++++++-----
webapps/docs/changelog.xml | 5 +++
4 files changed, 40 insertions(+), 13 deletions(-)
diff --git a/java/org/apache/tomcat/websocket/server/LocalStrings.properties
b/java/org/apache/tomcat/websocket/server/LocalStrings.properties
index 005c2f1..16fdaf2 100644
--- a/java/org/apache/tomcat/websocket/server/LocalStrings.properties
+++ b/java/org/apache/tomcat/websocket/server/LocalStrings.properties
@@ -24,7 +24,7 @@ serverContainer.servletContextMissing=No ServletContext was
specified
upgradeUtil.incompatibleRsv=Extensions were specified that have incompatible
RSV bit usage
uriTemplate.duplicateParameter=The parameter [{0}] appears more than once in
the path which is not permitted
-uriTemplate.emptySegment=The path [{0}] contains one or more empty segments
which are is not permitted
+uriTemplate.emptySegment=The path [{0}] contains one or more empty segments
which is not permitted
uriTemplate.invalidPath=The path [{0}] is not valid.
uriTemplate.invalidSegment=The segment [{0}] is not valid in the provided path
[{1}]
diff --git a/java/org/apache/tomcat/websocket/server/UriTemplate.java
b/java/org/apache/tomcat/websocket/server/UriTemplate.java
index 6419ed0..ab53395 100644
--- a/java/org/apache/tomcat/websocket/server/UriTemplate.java
+++ b/java/org/apache/tomcat/websocket/server/UriTemplate.java
@@ -43,7 +43,8 @@ public class UriTemplate {
public UriTemplate(String path) throws DeploymentException {
- if (path == null || path.length() ==0 || !path.startsWith("/")) {
+ if (path == null || path.length() == 0 || !path.startsWith("/") ||
path.contains("/../") ||
+ path.contains("/./") || path.contains("//")) {
throw new DeploymentException(
sm.getString("uriTemplate.invalidPath", path));
}
@@ -68,7 +69,7 @@ public class UriTemplate {
} else {
// As per EG discussion, all other empty segments are
// invalid
- throw new IllegalArgumentException(sm.getString(
+ throw new DeploymentException(sm.getString(
"uriTemplate.emptySegment", path));
}
}
@@ -81,12 +82,12 @@ public class UriTemplate {
normalized.append(paramCount++);
normalized.append('}');
if (!paramNames.add(segment)) {
- throw new IllegalArgumentException(sm.getString(
+ throw new DeploymentException(sm.getString(
"uriTemplate.duplicateParameter", segment));
}
} else {
if (segment.contains("{") || segment.contains("}")) {
- throw new IllegalArgumentException(sm.getString(
+ throw new DeploymentException(sm.getString(
"uriTemplate.invalidSegment", segment, path));
}
normalized.append(segment);
diff --git a/test/org/apache/tomcat/websocket/server/TestUriTemplate.java
b/test/org/apache/tomcat/websocket/server/TestUriTemplate.java
index f0b1c4e..96f8569 100644
--- a/test/org/apache/tomcat/websocket/server/TestUriTemplate.java
+++ b/test/org/apache/tomcat/websocket/server/TestUriTemplate.java
@@ -44,35 +44,35 @@ public class TestUriTemplate {
}
- @Test(expected=java.lang.IllegalArgumentException.class)
+ @Test(expected=jakarta.websocket.DeploymentException.class)
public void testBasicPrefix() throws Exception {
@SuppressWarnings("unused")
UriTemplate t = new UriTemplate("/x{a}/y{b}");
}
- @Test(expected=java.lang.IllegalArgumentException.class)
+ @Test(expected=jakarta.websocket.DeploymentException.class)
public void testPrefixOneOfTwo() throws Exception {
UriTemplate t = new UriTemplate("/x{a}/y{b}");
t.match(new UriTemplate("/xfoo"));
}
- @Test(expected=java.lang.IllegalArgumentException.class)
+ @Test(expected=jakarta.websocket.DeploymentException.class)
public void testPrefixTwoOfTwo() throws Exception {
UriTemplate t = new UriTemplate("/x{a}/y{b}");
t.match(new UriTemplate("/ybar"));
}
- @Test(expected=java.lang.IllegalArgumentException.class)
+ @Test(expected=jakarta.websocket.DeploymentException.class)
public void testQuote1() throws Exception {
UriTemplate t = new UriTemplate("/.{a}");
t.match(new UriTemplate("/yfoo"));
}
- @Test(expected=java.lang.IllegalArgumentException.class)
+ @Test(expected=jakarta.websocket.DeploymentException.class)
public void testQuote2() throws Exception {
@SuppressWarnings("unused")
UriTemplate t = new UriTemplate("/.{a}");
@@ -153,7 +153,7 @@ public class TestUriTemplate {
}
- @Test(expected=java.lang.IllegalArgumentException.class)
+ @Test(expected=jakarta.websocket.DeploymentException.class)
public void testDuplicate01() throws Exception {
@SuppressWarnings("unused")
UriTemplate t = new UriTemplate("/{var}/{var}");
@@ -196,7 +196,7 @@ public class TestUriTemplate {
}
- @Test(expected=java.lang.IllegalArgumentException.class)
+ @Test(expected=jakarta.websocket.DeploymentException.class)
public void testEgMailingList04() throws Exception {
UriTemplate t = new UriTemplate("/a/{var1}/{var2}");
@SuppressWarnings("unused")
@@ -204,10 +204,31 @@ public class TestUriTemplate {
}
- @Test(expected=java.lang.IllegalArgumentException.class)
+ @Test(expected=jakarta.websocket.DeploymentException.class)
public void testEgMailingList05() throws Exception {
UriTemplate t = new UriTemplate("/a/{var}/");
@SuppressWarnings("unused")
Map<String,String> result = t.match(new UriTemplate("/a/b/"));
}
+
+
+ @Test(expected=jakarta.websocket.DeploymentException.class)
+ public void testSpecIssue194a() throws Exception {
+ @SuppressWarnings("unused")
+ UriTemplate t = new UriTemplate("/a/../b");
+ }
+
+
+ @Test(expected=jakarta.websocket.DeploymentException.class)
+ public void testSpecIssue194b() throws Exception {
+ @SuppressWarnings("unused")
+ UriTemplate t = new UriTemplate("/./b");
+ }
+
+
+ @Test(expected=jakarta.websocket.DeploymentException.class)
+ public void testSpecIssue194c() throws Exception {
+ @SuppressWarnings("unused")
+ UriTemplate t = new UriTemplate("//b");
+ }
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 8171ca3..69e3336 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -68,6 +68,11 @@
<code>destroy()</code> to the <code>Encoder</code> and
<code>Decoder</code> interfaces. (markt)
</add>
+ <fix>
+ Consistently throw a <code>DeploymentException</code> when an invalid
+ endpoint path is specified and catch invalid endpoint paths earlier.
+ (markt)
+ </fix>
</changelog>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
