tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r1401470 - /tomcat/sandbox/trunk-resources/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
Date Tue, 23 Oct 2012 20:58:55 GMT
Author: markt
Date: Tue Oct 23 20:58:55 2012
New Revision: 1401470

URL: http://svn.apache.org/viewvc?rev=1401470&view=rev
Log:
Another one

Added:
    tomcat/sandbox/trunk-resources/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
  (with props)

Added: tomcat/sandbox/trunk-resources/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
URL: http://svn.apache.org/viewvc/tomcat/sandbox/trunk-resources/java/org/apache/catalina/webresources/AbstractFileResourceSet.java?rev=1401470&view=auto
==============================================================================
--- tomcat/sandbox/trunk-resources/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
(added)
+++ tomcat/sandbox/trunk-resources/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
Tue Oct 23 20:58:55 2012
@@ -0,0 +1,121 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.webresources;
+
+import java.io.File;
+import java.io.IOException;
+
+import org.apache.catalina.LifecycleException;
+import org.apache.tomcat.util.http.RequestUtil;
+
+public abstract class AbstractFileResourceSet extends AbstractResourceSet {
+
+    protected static final String[] EMPTY_STRING_ARRAY = new String[0];
+
+    protected final String internalPath;
+    protected File fileBase;
+    protected String absoluteBase;
+    protected String canonicalBase;
+
+    protected AbstractFileResourceSet(String internalPath) {
+        this.internalPath = internalPath;
+    }
+
+    protected File file(String name, boolean mustExist) {
+
+        File file = new File(fileBase, name);
+        if (file.exists() && file.canRead() || !mustExist) {
+
+            if (getRoot().getAllowLinking()) {
+                return file;
+            }
+
+            // Check that this file is located under the WebResourceSet's base
+            String canPath = null;
+            try {
+                canPath = file.getCanonicalPath();
+            } catch (IOException e) {
+                // Ignore
+            }
+            if (canPath == null)
+                return null;
+
+            if (!canPath.startsWith(canonicalBase)) {
+                return null;
+            }
+
+            // Case sensitivity check
+            // Note: We know the resource is located somewhere under base at
+            //       point. The purpose of this code is to check in a case
+            //       sensitive manner, the path to the resource under base
+            //       agrees with what was requested
+            String fileAbsPath = file.getAbsolutePath();
+            if (fileAbsPath.endsWith("."))
+                fileAbsPath = fileAbsPath + "/";
+            String absPath = normalize(fileAbsPath);
+            if ((absoluteBase.length() < absPath.length())
+                && (canonicalBase.length() < canPath.length())) {
+                absPath = absPath.substring(absoluteBase.length() + 1);
+                if (absPath.equals(""))
+                    absPath = "/";
+                canPath = canPath.substring(canonicalBase.length() + 1);
+                if (canPath.equals(""))
+                    canPath = "/";
+                if (!canPath.equals(absPath))
+                    return null;
+            }
+
+        } else {
+            return null;
+        }
+        return file;
+    }
+
+    /**
+     * Return a context-relative path, beginning with a "/", that represents
+     * the canonical version of the specified path after ".." and "." elements
+     * are resolved out.  If the specified path attempts to go outside the
+     * boundaries of the current context (i.e. too many ".." path elements
+     * are present), return <code>null</code> instead.
+     *
+     * @param path Path to be normalized
+     */
+    protected String normalize(String path) {
+        return RequestUtil.normalize(path, File.separatorChar == '/');
+    }
+
+    //-------------------------------------------------------- Lifecycle methods
+    @Override
+    protected void initInternal() throws LifecycleException {
+        fileBase = new File(getBase(), internalPath);
+        checkType(fileBase);
+
+        String absolutePath = fileBase.getAbsolutePath();
+        if (absolutePath.endsWith(".")) {
+            absolutePath = absolutePath + "/";
+        }
+        this.absoluteBase = normalize(absolutePath);
+
+        try {
+            this.canonicalBase = fileBase.getCanonicalPath();
+        } catch (IOException e) {
+            throw new IllegalArgumentException(e);
+        }
+    }
+
+    protected abstract void checkType(File file);
+}

Propchange: tomcat/sandbox/trunk-resources/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
------------------------------------------------------------------------------
    svn:eol-style = native



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message