tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 49914] Filter on url-pattern of "/" is not invoked
Date Sun, 12 Sep 2010 13:03:21 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=49914

--- Comment #1 from Martin Gainty <mgainty@hotmail.com> 2010-09-12 09:03:17 EDT ---
  /* same as TC 6 up until checkUnusualURLPattern  */
    /**
     * Validate the syntax of a proposed <code>&lt;url-pattern&gt;</code>
     * for conformance with specification requirements.
     *
     * @param urlPattern URL pattern to be validated
     */
    private boolean validateURLPattern(String urlPattern) {
        if (urlPattern == null)
            return (false);
        if (urlPattern.indexOf('\n') >= 0 || urlPattern.indexOf('\r') >= 0) {
            return (false);
        }
        if (urlPattern.startsWith("*.")) {
            if (urlPattern.indexOf('/') < 0) {
                checkUnusualURLPattern(urlPattern);
                return (true);
            } else
                return (false);
        }
        if ( (urlPattern.startsWith("/")) &&
                (urlPattern.indexOf("*.") < 0)) {
            checkUnusualURLPattern(urlPattern);
            return (true);
        } else
            return (false);
    }

    /**
     * Check for unusual but valid <code>&lt;url-pattern&gt;</code>s.
     * See Bugzilla 34805, 43079 & 43080
     */
    private void checkUnusualURLPattern(String urlPattern) {
        if (log.isInfoEnabled()) {
            if(urlPattern.endsWith("*") && (urlPattern.length() < 2 ||
                    urlPattern.charAt(urlPattern.length()-2) != '/')) {
                log.info("Suspicious url pattern: \"" + urlPattern + "\"" +
                        " in context [" + getName() + "] - see" +
                        " section SRV.11.2 of the Servlet specification" );
            }
        }
    }

/*TESTCASE: if the url-pattern is / then urlPattern.length() =1 and the
  urlPattern.charAt(urlPattern.length()-2) is urlPattern.charAt(-1)
  would throw NPE
  fix would be to have checkUnusualURLPattern throw NPE as here */
    private boolean validateURLPattern(String urlPattern) {
        if (urlPattern == null)
            return (false);
        if (urlPattern.indexOf('\n') >= 0 || urlPattern.indexOf('\r') >= 0) {
            return (false);
        }
        if (urlPattern.startsWith("*.")) {
            if (urlPattern.indexOf('/') < 0) {
                checkUnusualURLPattern(urlPattern);
                return (true);
            } else
                return (false);
        }
        if ( (urlPattern.startsWith("/")) &&
                (urlPattern.indexOf("*.") < 0)) 
        {
          try
          {
            checkUnusualURLPattern(urlPattern);
          }
          catch(NullPointerException npe)
          {
           System.err.println("checkUnusualURLPattern has thrown NPE for
urlPattern="+urlPattern+" message="+npe.getMessage());
          }
          return (true);
        } else
            return (false);
    }
/*change checkUnusualURLPattern method to throw NPE */
    private void checkUnusualURLPattern(String urlPattern) throws
NullPointerException {
        if (log.isInfoEnabled()) 
        {
         try
         {
            if(urlPattern.endsWith("*") && (urlPattern.length() < 2 ||
                    urlPattern.charAt(urlPattern.length()-2) != '/')) 
            {
                log.info("Suspicious url pattern: \"" + urlPattern + "\"" +
                        " in context [" + getName() + "] - see" +
                        " section SRV.11.2 of the Servlet specification" );
            }
        }
        catch(NullPointerException npe)
        { //re throw NPE
          throw NullPointerException(npe.getMessage());
        }
    }

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message