Defines new service to check accepted patterns
Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/b140faad Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/b140faad Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/b140faad Branch: refs/heads/feature/WW-4295-localization Commit: b140faad2813809c132ef75e4459f6dbbee664b8 Parents: 97ef7b5 Author: Lukasz Lenart <lukaszlen...@apache.org> Authored: Wed May 21 09:03:30 2014 +0200 Committer: Lukasz Lenart <lukaszlen...@apache.org> Committed: Wed May 21 09:03:30 2014 +0200 ---------------------------------------------------------------------- .../security/AcceptedPatternsChecker.java | 82 ++++++++++++++++++ .../DefaultAcceptedPatternsChecker.java | 88 ++++++++++++++++++++ 2 files changed, 170 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/struts/blob/b140faad/xwork-core/src/main/java/com/opensymphony/xwork2/security/AcceptedPatternsChecker.java ---------------------------------------------------------------------- diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/security/AcceptedPatternsChecker.java b/xwork-core/src/main/java/com/opensymphony/xwork2/security/AcceptedPatternsChecker.java new file mode 100644 index 0000000..6ea9ec9 --- /dev/null +++ b/xwork-core/src/main/java/com/opensymphony/xwork2/security/AcceptedPatternsChecker.java @@ -0,0 +1,82 @@ +package com.opensymphony.xwork2.security; + +import java.util.Set; +import java.util.regex.Pattern; + +/** + * Used across different interceptors to check if given string matches one of the excluded patterns. + */ +public interface AcceptedPatternsChecker { + + /** + * Checks if value matches any of patterns on exclude list + * + * @param value to check + * @return object containing result of matched pattern and pattern itself + */ + public IsAccepted isAccepted(String value); + + /** + * Allows add additional excluded patterns during runtime + * + * @param commaDelimitedPatterns comma delimited string with patterns + */ + public void addAcceptedPatterns(String commaDelimitedPatterns); + + /** + * Allows add additional excluded patterns during runtime + * + * @param additionalPatterns array of additional excluded patterns + */ + public void addAcceptedPatterns(String[] additionalPatterns); + + /** + * Allows add additional excluded patterns during runtime + * + * @param additionalPatterns set of additional patterns + */ + public void addAcceptedPatterns(Set<String> additionalPatterns); + + /** + * Allow access list of all defined excluded patterns + * + * @return set of excluded patterns + */ + public Set<Pattern> getAcceptedPatterns(); + + public final static class IsAccepted { + + private final boolean accepted; + private final Pattern acceptedPattern; + + public static IsAccepted yes(Pattern acceptedPattern) { + return new IsAccepted(true, acceptedPattern); + } + + public static IsAccepted no() { + return new IsAccepted(false, null); + } + + private IsAccepted(boolean accepted, Pattern acceptedPattern) { + this.accepted = accepted; + this.acceptedPattern = acceptedPattern; + } + + public boolean isAccepted() { + return accepted; + } + + public Pattern getAcceptedPattern() { + return acceptedPattern; + } + + @Override + public String toString() { + return "IsAccepted {" + + "accepted=" + accepted + + ", acceptedPattern=" + acceptedPattern + + " }"; + } + } + +} http://git-wip-us.apache.org/repos/asf/struts/blob/b140faad/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsChecker.java ---------------------------------------------------------------------- diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsChecker.java b/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsChecker.java new file mode 100644 index 0000000..fa1b8e1 --- /dev/null +++ b/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsChecker.java @@ -0,0 +1,88 @@ +package com.opensymphony.xwork2.security; + +import com.opensymphony.xwork2.XWorkConstants; +import com.opensymphony.xwork2.inject.Inject; +import com.opensymphony.xwork2.util.TextParseUtil; +import com.opensymphony.xwork2.util.logging.Logger; +import com.opensymphony.xwork2.util.logging.LoggerFactory; + +import java.util.Arrays; +import java.util.HashSet; +import java.util.Set; +import java.util.regex.Pattern; + +public class DefaultAcceptedPatternsChecker implements AcceptedPatternsChecker { + + private static final Logger LOG = LoggerFactory.getLogger(DefaultAcceptedPatternsChecker.class); + + public static final String[] ACCEPTED_PATTERNS = { + "\\w+((\\.\\w+)|(\\[\\d+\\])|(\\(\\d+\\))|(\\['(\\w|[\\u4e00-\\u9fa5])+'\\])|(\\('(\\w|[\\u4e00-\\u9fa5])+'\\)))*" + }; + + private Set<Pattern> acceptedPatterns; + + public DefaultAcceptedPatternsChecker() { + acceptedPatterns = new HashSet<Pattern>(); + for (String pattern : ACCEPTED_PATTERNS) { + acceptedPatterns.add(Pattern.compile(pattern)); + } + } + + @Inject(value = XWorkConstants.OVERRIDE_ACCEPTED_PATTERNS, required = false) + public void setOverrideAcceptedPatterns(String acceptablePatterns) { + if (LOG.isWarnEnabled()) { + LOG.warn("Overriding [#0] with [#1], be aware that this can affect safety of your application!", + XWorkConstants.OVERRIDE_ACCEPTED_PATTERNS, acceptablePatterns); + } + acceptedPatterns = new HashSet<Pattern>(); + for (String pattern : TextParseUtil.commaDelimitedStringToSet(acceptablePatterns)) { + acceptedPatterns.add(Pattern.compile(pattern)); + } + } + + @Inject(value = XWorkConstants.OVERRIDE_ACCEPTED_PATTERNS, required = false) + public void setOverrideExcludePatterns(String acceptPatterns) { + if (LOG.isWarnEnabled()) { + LOG.warn("Overriding [#0] with [#1], be aware that this can affect safety of your application!", + XWorkConstants.OVERRIDE_ACCEPTED_PATTERNS, acceptedPatterns); + } + acceptedPatterns = new HashSet<Pattern>(); + for (String pattern : TextParseUtil.commaDelimitedStringToSet(acceptPatterns)) { + acceptedPatterns.add(Pattern.compile(pattern)); + } + } + + public void addAcceptedPatterns(String commaDelimitedPatterns) { + addAcceptedPatterns(TextParseUtil.commaDelimitedStringToSet(commaDelimitedPatterns)); + } + + public void addAcceptedPatterns(String[] additionalPatterns) { + addAcceptedPatterns(new HashSet<String>(Arrays.asList(additionalPatterns))); + } + + public void addAcceptedPatterns(Set<String> additionalPatterns) { + if (LOG.isTraceEnabled()) { + LOG.trace("Adding additional excluded patterns [#0]", additionalPatterns); + } + for (String pattern : additionalPatterns) { + acceptedPatterns.add(Pattern.compile(pattern)); + } + } + + public IsAccepted isAccepted(String value) { + for (Pattern acceptedPattern : acceptedPatterns) { + if (acceptedPattern.matcher(value).matches()) { + if (LOG.isTraceEnabled()) { + LOG.trace("[#0] matches accepted pattern [#1]", value, acceptedPattern); + } + return IsAccepted.yes(acceptedPattern); + } + } + return IsAccepted.no(); + } + + public Set<Pattern> getAcceptedPatterns() { + return acceptedPatterns; + } + +}
