Hello,
I just extended the HostPortValidator class to check proxy hostnames against a
regex defining a valid character set. It should allow letters (all languages),
numbers, '.' and '-', but no whitespace or any special characters.
See my attached patch.
Greetings,
Johannes
--
SUSE LINUX Products GmbH, HRB 16746 (AG Nürnberg)
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer
>From 9628af3c615588d24d6be31d999b19e0532fdf24 Mon Sep 17 00:00:00 2001
From: Johannes Renner <jren...@suse.de>
Date: Wed, 14 Nov 2012 14:54:35 +0100
Subject: [PATCH] Check hostnames for special characters and whitespace
---
.../com/redhat/rhn/common/validator/HostPortValidator.java | 7 +++++++
.../rhn/common/validator/test/HostPortValidatorTest.java | 10 ++++++++++
2 files changed, 17 insertions(+)
diff --git a/java/code/src/com/redhat/rhn/common/validator/HostPortValidator.java b/java/code/src/com/redhat/rhn/common/validator/HostPortValidator.java
index 0210d5b..2fc2322 100644
--- a/java/code/src/com/redhat/rhn/common/validator/HostPortValidator.java
+++ b/java/code/src/com/redhat/rhn/common/validator/HostPortValidator.java
@@ -31,6 +31,9 @@ public class HostPortValidator {
// Pattern to match IPv6 address in bracket notation
private static final Pattern IPV6_BRACKETS = Pattern.compile("^\\[(.*)\\](:(\\d*))?$");
+ // Allow letters (of all languages), numbers, '.' and '-'
+ private static final Pattern HOSTNAME = Pattern.compile("^[\\p{L}\\p{N}.-]*$");
+
// Private constructor
private HostPortValidator() {
}
@@ -85,6 +88,10 @@ public class HostPortValidator {
// Validate IP addresses externally (v4 and v6)
if (host.replaceAll("[\\d\\.]", "").isEmpty() || host.contains(":")) {
isValidHost = isValidIP(host);
+ } else {
+ // Validate hostname charset
+ Matcher matcher = HOSTNAME.matcher(host);
+ isValidHost = matcher.matches() ? isValidHost : false;
}
boolean isValidPort = true;
if (port != null) {
diff --git a/java/code/src/com/redhat/rhn/common/validator/test/HostPortValidatorTest.java b/java/code/src/com/redhat/rhn/common/validator/test/HostPortValidatorTest.java
index b934ec9..e4047a9 100644
--- a/java/code/src/com/redhat/rhn/common/validator/test/HostPortValidatorTest.java
+++ b/java/code/src/com/redhat/rhn/common/validator/test/HostPortValidatorTest.java
@@ -68,4 +68,14 @@ public class HostPortValidatorTest extends TestCase {
assertFalse(HostPortValidator.getInstance().isValid(
"http://proxy.example.com:8888";));
}
+
+ public void testHostnameCharset() {
+ assertTrue(HostPortValidator.getInstance().isValid("müller"));
+ assertTrue(HostPortValidator.getInstance().isValid("pröxy.com"));
+
+ assertFalse(HostPortValidator.getInstance().isValid("pröxy.com;8888"));
+ assertFalse(HostPortValidator.getInstance().isValid("pröxy com"));
+ assertFalse(HostPortValidator.getInstance().isValid("pro xy:8888"));
+ assertFalse(HostPortValidator.getInstance().isValid("p$r%o&x!y="));
+ }
}
--
1.7.10.4
_______________________________________________
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
