cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: [CXF-6479] restricting a custom separator to a single String character
Date Tue, 30 Jun 2015 12:13:40 GMT
Repository: cxf
Updated Branches:
  refs/heads/2.7.x-fixes bdb066bee -> cc834cef9


[CXF-6479] restricting a custom separator to a single String character


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/cc834cef
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/cc834cef
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/cc834cef

Branch: refs/heads/2.7.x-fixes
Commit: cc834cef9386537aa9773710e68c9615b7e8d5ac
Parents: bdb066b
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Tue Jun 30 13:10:16 2015 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Tue Jun 30 13:13:23 2015 +0100

----------------------------------------------------------------------
 .../cxf/jaxrs/impl/CacheControlHeaderProvider.java |  6 +++++-
 .../org/apache/cxf/jaxrs/impl/HttpHeadersImpl.java | 11 +++++++++--
 .../jaxrs/impl/CacheControlHeaderProviderTest.java | 13 +++++++++++++
 .../apache/cxf/jaxrs/impl/HttpHeadersImplTest.java | 17 +++++++++++++++++
 4 files changed, 44 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/cc834cef/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/CacheControlHeaderProvider.java
----------------------------------------------------------------------
diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/CacheControlHeaderProvider.java
b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/CacheControlHeaderProvider.java
index 7288e96..9845b1f 100644
--- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/CacheControlHeaderProvider.java
+++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/CacheControlHeaderProvider.java
@@ -31,6 +31,7 @@ import javax.ws.rs.core.CacheControl;
 import javax.ws.rs.ext.RuntimeDelegate.HeaderDelegate;
 
 import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.jaxrs.utils.ExceptionUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.phase.PhaseInterceptorChain;
 
@@ -224,7 +225,10 @@ public class CacheControlHeaderProvider implements HeaderDelegate<CacheControl>
         if (message != null) {
             Object sepProperty = message.getContextualProperty(CACHE_CONTROL_SEPARATOR_PROPERTY);
             if (sepProperty != null) {
-                separator = sepProperty.toString();
+                separator = sepProperty.toString().trim();
+                if (separator.length() != 1) {
+                    throw ExceptionUtils.toInternalServerErrorException(null, null);
+                }
             }
         }
         return separator;

http://git-wip-us.apache.org/repos/asf/cxf/blob/cc834cef/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/HttpHeadersImpl.java
----------------------------------------------------------------------
diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/HttpHeadersImpl.java
b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/HttpHeadersImpl.java
index 9a5bb8d..8755a77 100644
--- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/HttpHeadersImpl.java
+++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/HttpHeadersImpl.java
@@ -42,6 +42,7 @@ import javax.ws.rs.core.MultivaluedMap;
 
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.jaxrs.utils.ExceptionUtils;
 import org.apache.cxf.jaxrs.utils.HttpUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.message.Message;
@@ -123,8 +124,14 @@ public class HttpHeadersImpl implements HttpHeaders {
     private String getCookieSeparator() {
         Object cookiePropValue = message.getContextualProperty(COOKIE_SEPARATOR_PROPERTY);
         if (cookiePropValue != null) {
-            return COOKIE_SEPARATOR_CRLF.equals(cookiePropValue.toString()) 
-                ? "\r\n" : cookiePropValue.toString();
+            String separator = cookiePropValue.toString().trim();
+            if (COOKIE_SEPARATOR_CRLF.equals(separator)) {
+                return "\r\n";
+            }
+            if (separator.length() != 1) {
+                throw ExceptionUtils.toInternalServerErrorException(null, null);
+            }
+            return separator;
         } else {
             return DEFAULT_COOKIE_SEPARATOR;
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/cc834cef/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/CacheControlHeaderProviderTest.java
----------------------------------------------------------------------
diff --git a/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/CacheControlHeaderProviderTest.java
b/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/CacheControlHeaderProviderTest.java
index b140505..4a4e61b 100644
--- a/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/CacheControlHeaderProviderTest.java
+++ b/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/CacheControlHeaderProviderTest.java
@@ -22,6 +22,7 @@ package org.apache.cxf.jaxrs.impl;
 import java.util.List;
 import java.util.Map;
 
+import javax.ws.rs.InternalServerErrorException;
 import javax.ws.rs.core.CacheControl;
 
 import org.apache.cxf.message.Message;
@@ -77,6 +78,18 @@ public class CacheControlHeaderProviderTest extends Assert {
         
     }
     
+    @Test(expected = InternalServerErrorException.class)
+    public void testInvalidSeparator() {
+        CacheControlHeaderProvider cp = new CacheControlHeaderProvider() {
+            protected Message getCurrentMessage() {
+                Message m = new MessageImpl();
+                m.put(CacheControlHeaderProvider.CACHE_CONTROL_SEPARATOR_PROPERTY, "(e+)+");
+                return m;
+            }
+        };
+        cp.fromString("no-store");
+    }
+    
     
     @Test
     public void testToString() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/cc834cef/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/HttpHeadersImplTest.java
----------------------------------------------------------------------
diff --git a/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/HttpHeadersImplTest.java
b/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/HttpHeadersImplTest.java
index fb6c672..46efabd 100644
--- a/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/HttpHeadersImplTest.java
+++ b/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/HttpHeadersImplTest.java
@@ -28,6 +28,7 @@ import java.util.Locale;
 import java.util.Map;
 import java.util.TreeMap;
 
+import javax.ws.rs.InternalServerErrorException;
 import javax.ws.rs.core.Cookie;
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MediaType;
@@ -390,6 +391,7 @@ public class HttpHeadersImplTest extends Assert {
         assertEquals(1, cookie.getVersion());
     }
     
+    
     @Test
     public void testGetCookiesWithComma() throws Exception {
         
@@ -408,6 +410,21 @@ public class HttpHeadersImplTest extends Assert {
         assertEquals("d", cookies.get("c").getValue());
     }
     
+    @Test(expected = InternalServerErrorException.class)
+    public void testInvalidCookieSeparator() throws Exception {
+        
+        Message m = new MessageImpl();
+        Exchange ex = new ExchangeImpl();
+        ex.setInMessage(m);
+        ex.put("org.apache.cxf.http.cookie.separator", "(e+)+");
+        m.setExchange(ex);
+        MetadataMap<String, String> headers = createHeaders();
+        headers.putSingle(HttpHeaders.COOKIE, "a=b,c=d");
+        m.put(Message.PROTOCOL_HEADERS, headers);
+        HttpHeaders h = new HttpHeadersImpl(m);
+        h.getCookies();
+    }
+    
     @Test
     public void testMultipleAcceptableLanguages() throws Exception {
         


Mime
View raw message