Hello, I just extended the HostPortValidator class to check proxy hostnames against a regex defining a valid character set. It should allow letters (all languages), numbers, '.' and '-', but no whitespace or any special characters.
See my attached patch. Greetings, Johannes -- SUSE LINUX Products GmbH, HRB 16746 (AG Nürnberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer
>From 9628af3c615588d24d6be31d999b19e0532fdf24 Mon Sep 17 00:00:00 2001 From: Johannes Renner <jren...@suse.de> Date: Wed, 14 Nov 2012 14:54:35 +0100 Subject: [PATCH] Check hostnames for special characters and whitespace --- .../com/redhat/rhn/common/validator/HostPortValidator.java | 7 +++++++ .../rhn/common/validator/test/HostPortValidatorTest.java | 10 ++++++++++ 2 files changed, 17 insertions(+) diff --git a/java/code/src/com/redhat/rhn/common/validator/HostPortValidator.java b/java/code/src/com/redhat/rhn/common/validator/HostPortValidator.java index 0210d5b..2fc2322 100644 --- a/java/code/src/com/redhat/rhn/common/validator/HostPortValidator.java +++ b/java/code/src/com/redhat/rhn/common/validator/HostPortValidator.java @@ -31,6 +31,9 @@ public class HostPortValidator { // Pattern to match IPv6 address in bracket notation private static final Pattern IPV6_BRACKETS = Pattern.compile("^\\[(.*)\\](:(\\d*))?$"); + // Allow letters (of all languages), numbers, '.' and '-' + private static final Pattern HOSTNAME = Pattern.compile("^[\\p{L}\\p{N}.-]*$"); + // Private constructor private HostPortValidator() { } @@ -85,6 +88,10 @@ public class HostPortValidator { // Validate IP addresses externally (v4 and v6) if (host.replaceAll("[\\d\\.]", "").isEmpty() || host.contains(":")) { isValidHost = isValidIP(host); + } else { + // Validate hostname charset + Matcher matcher = HOSTNAME.matcher(host); + isValidHost = matcher.matches() ? isValidHost : false; } boolean isValidPort = true; if (port != null) { diff --git a/java/code/src/com/redhat/rhn/common/validator/test/HostPortValidatorTest.java b/java/code/src/com/redhat/rhn/common/validator/test/HostPortValidatorTest.java index b934ec9..e4047a9 100644 --- a/java/code/src/com/redhat/rhn/common/validator/test/HostPortValidatorTest.java +++ b/java/code/src/com/redhat/rhn/common/validator/test/HostPortValidatorTest.java @@ -68,4 +68,14 @@ public class HostPortValidatorTest extends TestCase { assertFalse(HostPortValidator.getInstance().isValid( "http://proxy.example.com:8888")); } + + public void testHostnameCharset() { + assertTrue(HostPortValidator.getInstance().isValid("müller")); + assertTrue(HostPortValidator.getInstance().isValid("pröxy.com")); + + assertFalse(HostPortValidator.getInstance().isValid("pröxy.com;8888")); + assertFalse(HostPortValidator.getInstance().isValid("pröxy com")); + assertFalse(HostPortValidator.getInstance().isValid("pro xy:8888")); + assertFalse(HostPortValidator.getInstance().isValid("p$r%o&x!y=")); + } } -- 1.7.10.4
_______________________________________________ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel