Mercurial > hg > release > icedtea-web-1.5

changeset 967:70d23452ac83

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Restricted CodebaseMatcher to not match aaexample.com by *.example.com expression but still match example.com - as in specification.
author Jiri Vanek <jvanek@redhat.com>
date Tue, 01 Apr 2014 11:20:26 +0200
parents dc0a77856cb4
children d84effce2642
files ChangeLog netx/net/sourceforge/jnlp/util/ClasspathMatcher.java tests/netx/unit/net/sourceforge/jnlp/util/ClasspathMatcherTest.java
diffstat 3 files changed, 54 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Mon Mar 31 13:27:48 2014 -0400
+++ b/ChangeLog	Tue Apr 01 11:20:26 2014 +0200
@@ -1,3 +1,15 @@
+2013-04-01  Jiri Vanek  <jvanek@redhat.com>
+
+	Restricted CodebaseMatcher to not match aaexample.com by *.example.com expression
+	but still match example.com - as in specification.
+	* netx/net/sourceforge/jnlp/util/ClasspathMatcher.java: (domainToRegEx) consists
+	of original regex connected by or with second one in case of *. start.
+	(sourceToRegExString) part of the logic extracted to quote method.
+	* tests/netx/unit/net/sourceforge/jnlp/util/ClasspathMatcherTest.java:
+	(matchTest5) adapted. (wildCardSubdomainDoesNotMatchParentDomainPaths) new test,
+	focusing on aaexample.com/example.com/aaa.example.com in *.example.com both
+	path and domain.
+
 2013-03-31  Omair Majid  <omajid@redhat.com>
 
 	* netx/net/sourceforge/jnlp/resources/Messages.properties
--- a/netx/net/sourceforge/jnlp/util/ClasspathMatcher.java	Mon Mar 31 13:27:48 2014 -0400
+++ b/netx/net/sourceforge/jnlp/util/ClasspathMatcher.java	Tue Apr 01 11:20:26 2014 +0200
@@ -146,12 +146,16 @@
         }
 
         private static Pattern domainToRegEx(String domain) {
-            // Although I have conisdered the "dot" as bug in specification, 
-            // to many applications are depnding on it
-            while (domain.startsWith("*.")) {
-                domain = "*" + domain.substring(2);
+            String pre = "";
+            String post = "";
+            if (domain.startsWith("*.")) {
+                //this is handling case, when *.abc.xy
+                //should match also abc.xy except whatever.abc.xz
+                //but NOT whatewerabc.xy
+                pre = "(" + quote(domain.substring(2)) + ")|(";
+                post = ")";
             }
-            return ClasspathMatcher.sourceToRegEx(domain);
+            return Pattern.compile(pre + ClasspathMatcher.sourceToRegExString(domain) + post);
         }
     }
 
@@ -316,6 +320,10 @@
         if (s.equals("*")) {
             return ".*";
         }
+        return quote(s);
+    }
+    
+    private static String quote(String s) {
         /*
          * coment for lazybones:
          * \Q is start of citation
--- a/tests/netx/unit/net/sourceforge/jnlp/util/ClasspathMatcherTest.java	Mon Mar 31 13:27:48 2014 -0400
+++ b/tests/netx/unit/net/sourceforge/jnlp/util/ClasspathMatcherTest.java	Tue Apr 01 11:20:26 2014 +0200
@@ -427,8 +427,35 @@
         Assert.assertFalse(p.match(urls[17]));
         //reasons for alowing "dot" issue
         Assert.assertTrue(p.match(new URL("http://www.example.com")));
-        Assert.assertTrue(p.match(new URL("http://example.com"))); //yah, this is really nasty
-        //still the DOT issue is an BUG
+        Assert.assertTrue(p.match(new URL("http://example.com")));
+        //reason for restricting dost issue
+        Assert.assertFalse(p.match(new URL("http://aaaexample.com")));
+    }
+
+    @Test
+    public void wildCardSubdomainDoesNotMatchParentDomainPaths() throws MalformedURLException {
+        ClasspathMatchers p1 = ClasspathMatchers.compile("*.example.com*/*.abc.cde*", true);
+        Assert.assertFalse(p1.matches(new URL("http://aaaexample.com/xyz.abc.cde")));
+
+        Assert.assertTrue(p1.matches(new  URL("http://www.example.com/.abc.cde")));
+        Assert.assertTrue(p1.matches(new  URL("http://www.example.com/xyz.abc.cde")));
+        Assert.assertFalse(p1.matches(new URL("http://www.example.com/abc.cde")));
+        Assert.assertTrue(p1.matches(new  URL("http://example.com/xyz.abc.cdeefg")));
+        Assert.assertTrue(p1.matches(new  URL("http://example.com/xyz.abc.cde.efg")));
+        Assert.assertFalse(p1.matches(new URL("http://example.com/abc.cde.efg")));
+        Assert.assertFalse(p1.matches(new URL("http://example.com")));
+
+
+        ClasspathMatchers p = ClasspathMatchers.compile("*.example.com*/*.abc.cde*", false);
+        Assert.assertFalse(p.matches(new URL("http://aaaexample.com/xyz.abc.cde")));
+
+        Assert.assertTrue(p.matches(new URL("http://www.example.com/.abc.cde")));
+        Assert.assertTrue(p.matches(new URL("http://www.example.com/xyz.abc.cde")));
+        Assert.assertTrue(p.matches(new URL("http://www.example.com/abc.cde")));
+        Assert.assertTrue(p.matches(new URL("http://example.com/xyz.abc.cdeefg")));
+        Assert.assertTrue(p.matches(new URL("http://example.com/xyz.abc.cde.efg")));
+        Assert.assertTrue(p.matches(new URL("http://example.com/abc.cde.efg")));
+        Assert.assertTrue(p.matches(new URL("http://example.com")));
     }
 
     @Test