Mercurial > hg > release > icedtea-web-1.5
changeset 967:70d23452ac83
Restricted CodebaseMatcher to not match aaexample.com by *.example.com expression but still match example.com - as in specification.
author | Jiri Vanek <jvanek@redhat.com> |
---|---|
date | Tue, 01 Apr 2014 11:20:26 +0200 |
parents | dc0a77856cb4 |
children | d84effce2642 |
files | ChangeLog netx/net/sourceforge/jnlp/util/ClasspathMatcher.java tests/netx/unit/net/sourceforge/jnlp/util/ClasspathMatcherTest.java |
diffstat | 3 files changed, 54 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Mon Mar 31 13:27:48 2014 -0400 +++ b/ChangeLog Tue Apr 01 11:20:26 2014 +0200 @@ -1,3 +1,15 @@ +2013-04-01 Jiri Vanek <jvanek@redhat.com> + + Restricted CodebaseMatcher to not match aaexample.com by *.example.com expression + but still match example.com - as in specification. + * netx/net/sourceforge/jnlp/util/ClasspathMatcher.java: (domainToRegEx) consists + of original regex connected by or with second one in case of *. start. + (sourceToRegExString) part of the logic extracted to quote method. + * tests/netx/unit/net/sourceforge/jnlp/util/ClasspathMatcherTest.java: + (matchTest5) adapted. (wildCardSubdomainDoesNotMatchParentDomainPaths) new test, + focusing on aaexample.com/example.com/aaa.example.com in *.example.com both + path and domain. + 2013-03-31 Omair Majid <omajid@redhat.com> * netx/net/sourceforge/jnlp/resources/Messages.properties
--- a/netx/net/sourceforge/jnlp/util/ClasspathMatcher.java Mon Mar 31 13:27:48 2014 -0400 +++ b/netx/net/sourceforge/jnlp/util/ClasspathMatcher.java Tue Apr 01 11:20:26 2014 +0200 @@ -146,12 +146,16 @@ } private static Pattern domainToRegEx(String domain) { - // Although I have conisdered the "dot" as bug in specification, - // to many applications are depnding on it - while (domain.startsWith("*.")) { - domain = "*" + domain.substring(2); + String pre = ""; + String post = ""; + if (domain.startsWith("*.")) { + //this is handling case, when *.abc.xy + //should match also abc.xy except whatever.abc.xz + //but NOT whatewerabc.xy + pre = "(" + quote(domain.substring(2)) + ")|("; + post = ")"; } - return ClasspathMatcher.sourceToRegEx(domain); + return Pattern.compile(pre + ClasspathMatcher.sourceToRegExString(domain) + post); } } @@ -316,6 +320,10 @@ if (s.equals("*")) { return ".*"; } + return quote(s); + } + + private static String quote(String s) { /* * coment for lazybones: * \Q is start of citation
--- a/tests/netx/unit/net/sourceforge/jnlp/util/ClasspathMatcherTest.java Mon Mar 31 13:27:48 2014 -0400 +++ b/tests/netx/unit/net/sourceforge/jnlp/util/ClasspathMatcherTest.java Tue Apr 01 11:20:26 2014 +0200 @@ -427,8 +427,35 @@ Assert.assertFalse(p.match(urls[17])); //reasons for alowing "dot" issue Assert.assertTrue(p.match(new URL("http://www.example.com"))); - Assert.assertTrue(p.match(new URL("http://example.com"))); //yah, this is really nasty - //still the DOT issue is an BUG + Assert.assertTrue(p.match(new URL("http://example.com"))); + //reason for restricting dost issue + Assert.assertFalse(p.match(new URL("http://aaaexample.com"))); + } + + @Test + public void wildCardSubdomainDoesNotMatchParentDomainPaths() throws MalformedURLException { + ClasspathMatchers p1 = ClasspathMatchers.compile("*.example.com*/*.abc.cde*", true); + Assert.assertFalse(p1.matches(new URL("http://aaaexample.com/xyz.abc.cde"))); + + Assert.assertTrue(p1.matches(new URL("http://www.example.com/.abc.cde"))); + Assert.assertTrue(p1.matches(new URL("http://www.example.com/xyz.abc.cde"))); + Assert.assertFalse(p1.matches(new URL("http://www.example.com/abc.cde"))); + Assert.assertTrue(p1.matches(new URL("http://example.com/xyz.abc.cdeefg"))); + Assert.assertTrue(p1.matches(new URL("http://example.com/xyz.abc.cde.efg"))); + Assert.assertFalse(p1.matches(new URL("http://example.com/abc.cde.efg"))); + Assert.assertFalse(p1.matches(new URL("http://example.com"))); + + + ClasspathMatchers p = ClasspathMatchers.compile("*.example.com*/*.abc.cde*", false); + Assert.assertFalse(p.matches(new URL("http://aaaexample.com/xyz.abc.cde"))); + + Assert.assertTrue(p.matches(new URL("http://www.example.com/.abc.cde"))); + Assert.assertTrue(p.matches(new URL("http://www.example.com/xyz.abc.cde"))); + Assert.assertTrue(p.matches(new URL("http://www.example.com/abc.cde"))); + Assert.assertTrue(p.matches(new URL("http://example.com/xyz.abc.cdeefg"))); + Assert.assertTrue(p.matches(new URL("http://example.com/xyz.abc.cde.efg"))); + Assert.assertTrue(p.matches(new URL("http://example.com/abc.cde.efg"))); + Assert.assertTrue(p.matches(new URL("http://example.com"))); } @Test