Mercurial > hg > release > icedtea-web-1.6
changeset 1282:0d9faf51357d
Codebase resolution of jnlp-href is now aligned with oracle plugin
| author | Jiri Vanek <jvanek@redhat.com> |
|---|---|
| date | Thu, 07 Jan 2016 14:46:46 +0100 |
| parents | 97d5dcfd9ec0 |
| children | 090ff301b57d |
| files | ChangeLog NEWS netx/net/sourceforge/jnlp/PluginBridge.java netx/net/sourceforge/jnlp/SecurityDesc.java netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java netx/net/sourceforge/jnlp/util/UrlUtils.java tests/netx/unit/net/sourceforge/jnlp/ParserMalformedXml.java tests/netx/unit/net/sourceforge/jnlp/PluginBridgeTest.java tests/netx/unit/net/sourceforge/jnlp/runtime/CodeBaseClassLoaderTest.java tests/netx/unit/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmationTest.java tests/netx/unit/net/sourceforge/jnlp/util/UrlUtilsTest.java |
| diffstat | 11 files changed, 165 insertions(+), 66 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Thu Jan 07 12:17:43 2016 +0100 +++ b/ChangeLog Thu Jan 07 14:46:46 2016 +0100 @@ -1,3 +1,25 @@ +2016-01-07 Jiri Vanek <jvanek@redhat.com> + + Codebase resolution of jnlp-href is now aligned with oracle plugin + * netx/net/sourceforge/jnlp/PluginBridge.java: When jnlp href is used, codebase + is forced to become codebase of jnlp + * netx/net/sourceforge/jnlp/SecurityDesc.java: When file.getCodeBase() is null + then instead of NPE, codebase of file.fileLocation is used + * netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java: + stripFile and ensureSlashTail moved to UrlUtils + * netx/net/sourceforge/jnlp/util/UrlUtils.java: stripFile and ensureSlashTail + moved from UnsignedAppletTrustConfirmation + * tests/netx/unit/net/sourceforge/jnlp/PluginBridgeTest.java: removed empty lines + * tests/netx/unit/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmationTest.java: + adapted to moved methods + * tests/netx/unit/net/sourceforge/jnlp/util/UrlUtilsTest.java: added more tests + to removeFileName and enabled accidentlay disabled getHostAndPortTest and + getPortTest + * tests/netx/unit/net/sourceforge/jnlp/runtime/CodeBaseClassLoaderTest.java: + ensured manifest attributes are off for this test + * tests/netx/unit/net/sourceforge/jnlp/ParserMalformedXml.java: fixed bom tests + to use proper classloader + 2016-01-07 Jiri Vanek <jvanek@redhat.com> BOM character now dont cause error
--- a/NEWS Thu Jan 07 12:17:43 2016 +0100 +++ b/NEWS Thu Jan 07 14:46:46 2016 +0100 @@ -18,6 +18,7 @@ - in strict mode, main-class attribute checked for invalid characters * Plugin - RH1273691 - Escaped equals signs in deployment.properties not un-escaped when used + - PR2746 - IcedTea-Web Plugin 1.6.1: net.sourceforge.jnlp.LaunchException New in release 1.6.1 (2015-09-11): * Enabled Entry-Point attribute check
--- a/netx/net/sourceforge/jnlp/PluginBridge.java Thu Jan 07 12:17:43 2016 +0100 +++ b/netx/net/sourceforge/jnlp/PluginBridge.java Thu Jan 07 14:46:46 2016 +0100 @@ -40,6 +40,7 @@ import net.sourceforge.jnlp.cache.UpdatePolicy; import net.sourceforge.jnlp.runtime.JNLPRuntime; import net.sourceforge.jnlp.util.StreamUtils; +import net.sourceforge.jnlp.util.UrlUtils; import net.sourceforge.jnlp.util.logging.OutputController; import net.sourceforge.jnlp.util.replacements.BASE64Decoder; @@ -130,7 +131,10 @@ }.readStream(); } else { - jnlpFile = jnlpCreator.create(jnlp, null, defaultSettings, JNLPRuntime.getDefaultUpdatePolicy(), codeBase); + // see http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2746#c3 + URL codebaseRewriter=UrlUtils.ensureSlashTail(UrlUtils.removeFileName(jnlp)); + this.codeBase = codebaseRewriter; + jnlpFile = jnlpCreator.create(jnlp, null, defaultSettings, JNLPRuntime.getDefaultUpdatePolicy(), codebaseRewriter); debugJnlp = new StreamProvider() { @Override @@ -594,7 +598,7 @@ private static String getAllPermissionsElement() { return " <all-permissions/>\n"; } - + private abstract class StreamProvider {
--- a/netx/net/sourceforge/jnlp/SecurityDesc.java Thu Jan 07 12:17:43 2016 +0100 +++ b/netx/net/sourceforge/jnlp/SecurityDesc.java Thu Jan 07 14:46:46 2016 +0100 @@ -415,7 +415,11 @@ } } try { - final URI codebase = file.getCodeBase().toURI().normalize(); + URL codebaseOriginal = file.getCodeBase(); + if (codebaseOriginal == null){ + codebaseOriginal =file.fileLocation; + } + final URI codebase = codebaseOriginal.toURI().normalize(); final URI host = getHost(codebase); final String codebaseHostUriString = host.toString(); final String urlPermissionUrlString = appendRecursiveSubdirToCodebaseHostString(codebaseHostUriString);
--- a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java Thu Jan 07 12:17:43 2016 +0100 +++ b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java Thu Jan 07 14:46:46 2016 +0100 @@ -36,7 +36,6 @@ package net.sourceforge.jnlp.security.appletextendedsecurity; -import java.net.MalformedURLException; import static net.sourceforge.jnlp.runtime.Translator.R; import java.net.URL; @@ -49,8 +48,8 @@ import net.sourceforge.jnlp.JNLPFile; import net.sourceforge.jnlp.LaunchException; import net.sourceforge.jnlp.PluginBridge; +import net.sourceforge.jnlp.runtime.JNLPClassLoader.SecurityDelegate; import net.sourceforge.jnlp.runtime.JNLPRuntime; -import net.sourceforge.jnlp.runtime.JNLPClassLoader.SecurityDelegate; import net.sourceforge.jnlp.security.dialogs.apptrustwarningpanel.AppTrustWarningPanel.AppSigningWarningAction; import net.sourceforge.jnlp.security.CertVerifier; import net.sourceforge.jnlp.security.SecurityDialogs; @@ -140,7 +139,7 @@ /* Else, create a new entry */ UrlRegEx codebaseRegex = UrlRegEx.quote(codebase.toExternalForm()); - UrlRegEx documentbaseRegex = UrlRegEx.quoteAndStar(stripFile(documentbase)); // Match any from codebase and sourceFile "base" + UrlRegEx documentbaseRegex = UrlRegEx.quoteAndStar(UrlUtils.stripFile(documentbase)); // Match any from codebase and sourceFile "base" List<String> archiveMatches = null; // Match any from codebase if (!rememberForCodeBase) { @@ -278,48 +277,4 @@ } - static String stripFile(URL documentbase) { - //whenused in generation of regec, the trailing slash is very important - //see the result between http:/some.url/path.* and http:/some.url/path/.* - return ensureSlashTail(stripFileImp(documentbase)); - } - - private static String stripFileImp(URL documentbase) { - try { - String normalized = UrlUtils.normalizeUrlAndStripParams(documentbase).toExternalForm().trim(); - if (normalized.endsWith("/") || normalized.endsWith("\\")) { - return normalized; - } - URL middleway = new URL(normalized); - String file = middleway.getFile(); - int i = Math.max(file.lastIndexOf('/'), file.lastIndexOf('\\')); - if (i<0){ - return normalized; - } - String parent = file.substring(0, i+1); - String stripped = normalized.replace(file, parent); - return stripped; - } catch (Exception ex) { - OutputController.getLogger().log(ex); - return documentbase.toExternalForm(); - } - - } - - private static String ensureSlashTail(String s) { - if (s.endsWith("/")) { - return s; - } - if (s.endsWith("\\")) { - return s; - } - if (s.contains("/")) { - return s + "/"; - } - if (s.contains("\\")) { - return s + "\\"; - } - return s + "/"; - } - }
--- a/netx/net/sourceforge/jnlp/util/UrlUtils.java Thu Jan 07 12:17:43 2016 +0100 +++ b/netx/net/sourceforge/jnlp/util/UrlUtils.java Thu Jan 07 14:46:46 2016 +0100 @@ -346,5 +346,63 @@ public static String getHostAndPort(final URL url) { return url.getHost() + ":" + getSanitizedPort(url); } + + public static URL ensureSlashTail(URL u) { + if (u == null) { + return null; + } + String s = ensureSlashTail(u.toExternalForm()); + try { + return new URL(s); + } catch (MalformedURLException ex) { + OutputController.getLogger().log(ex); + return u; + } + + } + + public static String ensureSlashTail(String s) { + if (s.endsWith("/")) { + return s; + } + if (s.endsWith("\\")) { + return s; + } + if (s.contains("/")) { + return s + "/"; + } + if (s.contains("\\")) { + return s + "\\"; + } + return s + "/"; + } + + public static String stripFile(URL documentbase) { + //whenused in generation of regec, the trailing slash is very important + //see the result between http:/some.url/path.* and http:/some.url/path/.* + return UrlUtils.ensureSlashTail(stripFileImp(documentbase)); + } + + private static String stripFileImp(URL documentbase) { + try { + String normalized = UrlUtils.normalizeUrlAndStripParams(documentbase).toExternalForm().trim(); + if (normalized.endsWith("/") || normalized.endsWith("\\")) { + return normalized; + } + URL middleway = new URL(normalized); + String file = middleway.getFile(); + int i = Math.max(file.lastIndexOf('/'), file.lastIndexOf('\\')); + if (i < 0) { + return normalized; + } + String parent = file.substring(0, i + 1); + String stripped = normalized.replace(file, parent); + return stripped; + } catch (Exception ex) { + OutputController.getLogger().log(ex); + return documentbase.toExternalForm(); + } + + } }
--- a/tests/netx/unit/net/sourceforge/jnlp/ParserMalformedXml.java Thu Jan 07 12:17:43 2016 +0100 +++ b/tests/netx/unit/net/sourceforge/jnlp/ParserMalformedXml.java Thu Jan 07 14:46:46 2016 +0100 @@ -113,14 +113,14 @@ @Bug(id = "PR2690") @Test public void testXmlBomTagSoupOff() throws ParseException { - InputStream is = this.getClass().getClassLoader().getResourceAsStream("net/sourceforge/jnlp/templates/EFBBBF.jnlp"); + InputStream is = ClassLoader.getSystemClassLoader().getResourceAsStream("net/sourceforge/jnlp/templates/EFBBBF.jnlp"); Assert.assertNotNull(is); Parser.getRootNode(is, new ParserSettings(false, true, false)); } @Test public void testXmlBomTagSoupOn() throws ParseException { - InputStream is = this.getClass().getClassLoader().getResourceAsStream("net/sourceforge/jnlp/templates/EFBBBF.jnlp"); + InputStream is = ClassLoader.getSystemClassLoader().getResourceAsStream("net/sourceforge/jnlp/templates/EFBBBF.jnlp"); Assert.assertNotNull(is); Parser.getRootNode(is, new ParserSettings(false, true, true)); }
--- a/tests/netx/unit/net/sourceforge/jnlp/PluginBridgeTest.java Thu Jan 07 12:17:43 2016 +0100 +++ b/tests/netx/unit/net/sourceforge/jnlp/PluginBridgeTest.java Thu Jan 07 14:46:46 2016 +0100 @@ -520,7 +520,5 @@ String fixed = fixCommonIssues(source, true); checkIssuesFixed(fixed, true, false); } - - }
--- a/tests/netx/unit/net/sourceforge/jnlp/runtime/CodeBaseClassLoaderTest.java Thu Jan 07 12:17:43 2016 +0100 +++ b/tests/netx/unit/net/sourceforge/jnlp/runtime/CodeBaseClassLoaderTest.java Thu Jan 07 14:46:46 2016 +0100 @@ -42,13 +42,10 @@ import java.lang.reflect.Field; import java.net.URL; -import java.util.Locale; import net.sourceforge.jnlp.JNLPFile; import net.sourceforge.jnlp.NullJnlpFileException; -import net.sourceforge.jnlp.ResourcesDesc; import net.sourceforge.jnlp.SecurityDesc; -import net.sourceforge.jnlp.SecurityDescTest; import net.sourceforge.jnlp.ServerAccess; import net.sourceforge.jnlp.runtime.JNLPClassLoader.CodeBaseClassLoader; import net.sourceforge.jnlp.annotations.Bug; @@ -66,16 +63,21 @@ public class CodeBaseClassLoaderTest extends NoStdOutErrTest { private static AppletSecurityLevel level; + private static String macStatus; @BeforeClass public static void setPermissions() { level = AppletStartupSecuritySettings.getInstance().getSecurityLevel(); + macStatus = JNLPRuntime.getConfiguration().getProperty(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK); JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_SECURITY_LEVEL, AppletSecurityLevel.ALLOW_UNSIGNED.toChars()); + JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK, ManifestAttributesChecker.MANIFEST_ATTRIBUTES_CHECK.NONE.toString()); + } @AfterClass public static void resetPermissions() { JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_SECURITY_LEVEL, level.toChars()); + JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK, macStatus); } private static final String isWSA = "isWebstartApplication";
--- a/tests/netx/unit/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmationTest.java Thu Jan 07 12:17:43 2016 +0100 +++ b/tests/netx/unit/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmationTest.java Thu Jan 07 14:46:46 2016 +0100 @@ -55,6 +55,7 @@ import net.sourceforge.jnlp.security.appletextendedsecurity.impl.UnsignedAppletActionStorageImpl; import net.sourceforge.jnlp.security.dialogs.apptrustwarningpanel.UnsignedAppletTrustWarningPanel; import net.sourceforge.jnlp.util.FileUtils; +import net.sourceforge.jnlp.util.UrlUtils; import org.junit.AfterClass; import org.junit.Assert; import org.junit.BeforeClass; @@ -168,28 +169,28 @@ @Test public void testSripFile() throws Exception { String sample = "http://aa.bb/"; - String result = UnsignedAppletTrustConfirmation.stripFile(new URL(sample)); + String result = UrlUtils.stripFile(new URL(sample)); assertEquals(sample, result); sample = "http://aa.bb"; - result = UnsignedAppletTrustConfirmation.stripFile(new URL(sample)); + result = UrlUtils.stripFile(new URL(sample)); assertEquals(sample + "/", result); sample = "http://aa.bb/"; - result = UnsignedAppletTrustConfirmation.stripFile(new URL(sample + "cc")); + result = UrlUtils.stripFile(new URL(sample + "cc")); assertEquals(sample, result); sample = "http://aa.bb/cc/"; - result = UnsignedAppletTrustConfirmation.stripFile(new URL(sample)); + result = UrlUtils.stripFile(new URL(sample)); assertEquals(sample, result); sample = "http://aa.bb/some/complicated/"; - result = UnsignedAppletTrustConfirmation.stripFile(new URL(sample + "some")); + result = UrlUtils.stripFile(new URL(sample + "some")); assertEquals(sample, result); sample = "http://aa.bb/some/complicated/some/"; - result = UnsignedAppletTrustConfirmation.stripFile(new URL(sample)); + result = UrlUtils.stripFile(new URL(sample)); assertEquals(sample, result); sample = "http://aa.bb/some/"; - result = UnsignedAppletTrustConfirmation.stripFile(new URL(sample + "strange?a=b")); + result = UrlUtils.stripFile(new URL(sample + "strange?a=b")); assertEquals(sample, result); sample = "http://aa.bb/some/strange/"; - result = UnsignedAppletTrustConfirmation.stripFile(new URL(sample + "?a=b")); + result = UrlUtils.stripFile(new URL(sample + "?a=b")); assertEquals(sample, result); }
--- a/tests/netx/unit/net/sourceforge/jnlp/util/UrlUtilsTest.java Thu Jan 07 12:17:43 2016 +0100 +++ b/tests/netx/unit/net/sourceforge/jnlp/util/UrlUtilsTest.java Thu Jan 07 14:46:46 2016 +0100 @@ -246,6 +246,34 @@ } + @Test + public void removeFileName3() throws Exception { + URL l1 = UrlUtils.removeFileName(new URL("http://aaa.bb/xyz/hchkr/jar.jar?someParam=some¶m=very\\evil\\")); + assertEquals(l1, new URL("http://aaa.bb/xyz/hchkr")); + + URL l2 = UrlUtils.removeFileName(new URL("http://aaa.bb/xyz/hchkr/?another=Param¶m=very/evil/")); + assertEquals(l2, new URL("http://aaa.bb/xyz/hchkr")); + + URL l3 = UrlUtils.removeFileName(new URL("http://aaa.bb/xyz/hchkr?stillSomePArams=aa")); + assertEquals(l3, new URL("http://aaa.bb/xyz")); + + URL l4 = UrlUtils.removeFileName(new URL("http://aaa.bb/xyz/jar.jar?again=param/bad\\bad/params")); + assertEquals(l4, new URL("http://aaa.bb/xyz")); + + URL l5 = UrlUtils.removeFileName(new URL("http://aaa.bb/xyz/?goingOnWith=params/bad/params")); + assertEquals(l5, new URL("http://aaa.bb/xyz")); + + URL l6 = UrlUtils.removeFileName(new URL("http://aaa.bb/xyz?someParam=some")); + assertEquals(l6, new URL("http://aaa.bb")); + + URL l7 = UrlUtils.removeFileName(new URL("http://aaa.bb/jar.jar?someParam=some")); + assertEquals(l7, new URL("http://aaa.bb")); + + URL l8 = UrlUtils.removeFileName(new URL("http://aaa.bb/?someParam=some")); + assertEquals(l8, new URL("http://aaa.bb")); + + } + @Test public void testUrlEquals() throws Exception { final URL n1 = null, n2 = null, u1 = new URL("http://example.com"), u2 = u1, u3 = new URL("http://example.com"); @@ -340,6 +368,7 @@ } + @Test public void getPortTest() throws MalformedURLException { Assert.assertEquals(1, UrlUtils.getPort(new URL("http://aa.bb:1"))); Assert.assertEquals(10, UrlUtils.getPort(new URL("http://aa.bb:10/aa"))); @@ -349,6 +378,7 @@ Assert.assertEquals(80, UrlUtils.getPort(new URL("http://aa.bb:80/a/b/c"))); } + @Test public void getHostAndPortTest() throws MalformedURLException { Assert.assertEquals("aa.bb:2", UrlUtils.getHostAndPort(new URL("http://aa.bb:2"))); Assert.assertEquals("aa.bb:12", UrlUtils.getHostAndPort(new URL("http://aa.bb:12/aa"))); @@ -357,5 +387,29 @@ Assert.assertEquals("aa.bb:80", UrlUtils.getHostAndPort(new URL("http://aa.bb"))); Assert.assertEquals("aa.bb:80", UrlUtils.getHostAndPort(new URL("http://aa.bb:80/a/b/c"))); } - + + @Test + public void ensureSlashTailTest() { + Assert.assertEquals("a/", UrlUtils.ensureSlashTail("a")); + Assert.assertEquals("aa/a/", UrlUtils.ensureSlashTail("aa/a")); + Assert.assertEquals("aa/a/", UrlUtils.ensureSlashTail("aa/a/")); + Assert.assertEquals("/aa/a/", UrlUtils.ensureSlashTail("/aa/a/")); + Assert.assertEquals("/aa/a/", UrlUtils.ensureSlashTail("/aa/a")); + + Assert.assertEquals("aa\\a\\", UrlUtils.ensureSlashTail("aa\\a")); + Assert.assertEquals("aa\\a\\", UrlUtils.ensureSlashTail("aa\\a\\")); + Assert.assertEquals("\\aa\\a\\", UrlUtils.ensureSlashTail("\\aa\\a\\")); + Assert.assertEquals("\\aa\\a\\", UrlUtils.ensureSlashTail("\\aa\\a")); + + Assert.assertEquals("\\aa/a/", UrlUtils.ensureSlashTail("\\aa/a")); + Assert.assertEquals("//aa\\a/", UrlUtils.ensureSlashTail("//aa\\a")); + Assert.assertEquals("\\aa/a/", UrlUtils.ensureSlashTail("\\aa/a/")); + Assert.assertEquals("\\aa/a\\", UrlUtils.ensureSlashTail("\\aa/a\\")); + } + + @Test + public void ensureSlashTailTest3() throws MalformedURLException { + Assert.assertEquals("http://aa.bb:2/aa/", UrlUtils.ensureSlashTail(new URL("http://aa.bb:2/aa")).toExternalForm()); + Assert.assertEquals("http://aa.bb/aa/", UrlUtils.ensureSlashTail(new URL("http://aa.bb/aa/")).toExternalForm()); + } }