svn commit: r1744194 - in /tomcat/trunk: java/org/apache/tomcat/util/scan/StandardJarScanner.java webapps/docs/changelog.xml

Tue, 17 May 2016 00:18:52 -0700 

Author: violetagg
Date: Tue May 17 07:18:38 2016
New Revision: 1744194

URL: http://svn.apache.org/viewvc?rev=1744194&view=rev
Log:
Ensure NPE will not be thrown during deployment when scanning jar files without 
MANIFEST.MF file.

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/scan/StandardJarScanner.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/tomcat/util/scan/StandardJarScanner.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/scan/StandardJarScanner.java?rev=1744194&r1=1744193&r2=1744194&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/scan/StandardJarScanner.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/scan/StandardJarScanner.java Tue 
May 17 07:18:38 2016
@@ -370,40 +370,42 @@ public class StandardJarScanner implemen
         }
 
         Manifest manifest = jar.getManifest();
-        Attributes attributes = manifest.getMainAttributes();
-        String classPathAttribute = attributes.getValue("Class-Path");
-        if (classPathAttribute == null) {
-            return;
-        }
-        String[] classPathEntries = classPathAttribute.split(" ");
-        for (String classPathEntry : classPathEntries) {
-            classPathEntry = classPathEntry.trim();
-            if (classPathEntry.length() == 0) {
-                continue;
+        if (manifest != null) {
+            Attributes attributes = manifest.getMainAttributes();
+            String classPathAttribute = attributes.getValue("Class-Path");
+            if (classPathAttribute == null) {
+                return;
             }
-            URL jarURL = jar.getJarFileURL();
-            URI jarURI;
-            try {
-                jarURI = jarURL.toURI();
-            } catch (URISyntaxException e) {
-                if (log.isDebugEnabled()) {
-                    log.debug(sm.getString("jarScan.invalidUri", jarURL));
+            String[] classPathEntries = classPathAttribute.split(" ");
+            for (String classPathEntry : classPathEntries) {
+                classPathEntry = classPathEntry.trim();
+                if (classPathEntry.length() == 0) {
+                    continue;
+                }
+                URL jarURL = jar.getJarFileURL();
+                URI jarURI;
+                try {
+                    jarURI = jarURL.toURI();
+                } catch (URISyntaxException e) {
+                    if (log.isDebugEnabled()) {
+                        log.debug(sm.getString("jarScan.invalidUri", jarURL));
+                    }
+                    continue;
                 }
-                continue;
+                /*
+                 * Note: Resolving the relative URLs from the manifest has the
+                 *       potential to introduce security concerns. However, 
since
+                 *       only JARs provided by the container and NOT those 
provided
+                 *       by web applications are processed, there should be no
+                 *       issues.
+                 *       If this feature is ever extended to include JARs 
provided
+                 *       by web applications, checks should be added to ensure 
that
+                 *       any relative URL does not step outside the web 
application.
+                 */
+                URI classPathEntryURI = jarURI.resolve(classPathEntry);
+                URL classPathEntryURL = classPathEntryURI.toURL();
+                classPathUrlsToProcess.add(classPathEntryURL);
             }
-            /*
-             * Note: Resolving the relative URLs from the manifest has the
-             *       potential to introduce security concerns. However, since
-             *       only JARs provided by the container and NOT those provided
-             *       by web applications are processed, there should be no
-             *       issues.
-             *       If this feature is ever extended to include JARs provided
-             *       by web applications, checks should be added to ensure that
-             *       any relative URL does not step outside the web 
application.
-             */
-            URI classPathEntryURI = jarURI.resolve(classPathEntry);
-            URL classPathEntryURL = classPathEntryURI.toURL();
-            classPathUrlsToProcess.add(classPathEntryURL);
         }
     }
 

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1744194&r1=1744193&r2=1744194&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue May 17 07:18:38 2016
@@ -53,6 +53,10 @@
         around. Therefore, start logging RMI Target related memory leaks on web
         application stop. (markt)
       </fix>
+      <fix>
+        Ensure NPE will not be thrown during deployment when scanning jar files
+        without MANIFEST.MF file. (violetagg)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to