This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new cbe8769f28 Allow build-age check to be disabled, and disable it by
default.
cbe8769f28 is described below
commit cbe8769f28cbd1f9f4eaaa5e1bc47fc09f974833
Author: Christopher Schultz <ch...@christopherschultz.net>
AuthorDate: Fri Mar 15 09:37:27 2024 -0400
Allow build-age check to be disabled, and disable it by default.
---
.../catalina/security/.SecurityListener.java.swp | Bin 0 -> 20480 bytes
.../apache/catalina/security/SecurityListener.java | 30 +++++++-------
java/org/apache/catalina/util/StringUtil.java | 43 +++++++++++++++++++++
webapps/docs/config/.listeners.xml.swp | Bin 0 -> 45056 bytes
webapps/docs/config/listeners.xml | 3 +-
5 files changed, 61 insertions(+), 15 deletions(-)
diff --git a/java/org/apache/catalina/security/.SecurityListener.java.swp
b/java/org/apache/catalina/security/.SecurityListener.java.swp
new file mode 100644
index 0000000000..5d9801fde0
Binary files /dev/null and
b/java/org/apache/catalina/security/.SecurityListener.java.swp differ
diff --git a/java/org/apache/catalina/security/SecurityListener.java
b/java/org/apache/catalina/security/SecurityListener.java
index e92f7fbbc4..7917b9a6a4 100644
--- a/java/org/apache/catalina/security/SecurityListener.java
+++ b/java/org/apache/catalina/security/SecurityListener.java
@@ -47,7 +47,7 @@ public class SecurityListener implements LifecycleListener {
private static final String UMASK_FORMAT = "%04o";
- private static final int DEFAULT_BUILD_DATE_WARNING_AGE_DAYS = 180;
+ private static final int DEFAULT_BUILD_DATE_WARNING_AGE_DAYS = -1;
/**
* The list of operating system users not permitted to run Tomcat.
@@ -221,24 +221,26 @@ public class SecurityListener implements
LifecycleListener {
}
protected void checkServerBuildAge() {
- String buildDateString = ServerInfo.getServerBuiltISO();
+ int allowedAgeDays = getBuildDateWarningAgeDays();
- if (null == buildDateString || buildDateString.length() < 1 ||
!Character.isDigit(buildDateString.charAt(0))) {
- log.warn(sm.getString("SecurityListener.buildDateUnreadable",
buildDateString));
- } else {
- try {
- Date buildDate = new
SimpleDateFormat("yyyy-MM-dd").parse(buildDateString);
+ if (allowedAgeDays >= 0) {
+ String buildDateString = ServerInfo.getServerBuiltISO();
- int allowedAgeDays = getBuildDateWarningAgeDays();
+ if (null == buildDateString || buildDateString.length() < 1 ||
!Character.isDigit(buildDateString.charAt(0))) {
+ log.warn(sm.getString("SecurityListener.buildDateUnreadable",
buildDateString));
+ } else {
+ try {
+ Date buildDate = new
SimpleDateFormat("yyyy-MM-dd").parse(buildDateString);
- Calendar old = Calendar.getInstance();
- old.add(Calendar.DATE, -allowedAgeDays); // Subtract X days
from today
+ Calendar old = Calendar.getInstance();
+ old.add(Calendar.DATE, -allowedAgeDays); // Subtract X
days from today
- if (buildDate.before(old.getTime())) {
- log.warn(sm.getString("SecurityListener.buildDateIsOld",
String.valueOf(allowedAgeDays)));
+ if (buildDate.before(old.getTime())) {
+
log.warn(sm.getString("SecurityListener.buildDateIsOld",
String.valueOf(allowedAgeDays)));
+ }
+ } catch (ParseException pe) {
+
log.warn(sm.getString("SecurityListener.buildDateUnreadable", buildDateString));
}
- } catch (ParseException pe) {
- log.warn(sm.getString("SecurityListener.buildDateUnreadable",
buildDateString));
}
}
}
diff --git a/java/org/apache/catalina/util/StringUtil.java
b/java/org/apache/catalina/util/StringUtil.java
new file mode 100644
index 0000000000..41062af232
--- /dev/null
+++ b/java/org/apache/catalina/util/StringUtil.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.util;
+
+import java.util.regex.Pattern;
+
+public class StringUtil {
+ /**
+ * {@link Pattern} for a comma delimited string that support whitespace
characters
+ */
+ private static final Pattern commaSeparatedValuesPattern =
Pattern.compile("\\s*,\\s*");
+
+ /**
+ * Splits a comma-separated string into an array of String values.
+ *
+ * Whitespace around the commas is removed.
+ *
+ * Null or empty values will return a zero-element array.
+ *
+ * @param s The string to split by commas.
+ *
+ * @return An array of String values.
+ */
+ public static String[] splitCommaSeparated(String s) {
+ return (s == null || s.length() == 0) ? new String[0] :
+ commaSeparatedValuesPattern.split(s);
+
+ }
+}
\ No newline at end of file
diff --git a/webapps/docs/config/.listeners.xml.swp
b/webapps/docs/config/.listeners.xml.swp
new file mode 100644
index 0000000000..1640f231dd
Binary files /dev/null and b/webapps/docs/config/.listeners.xml.swp differ
diff --git a/webapps/docs/config/listeners.xml
b/webapps/docs/config/listeners.xml
index f26537db43..76d993ebe9 100644
--- a/webapps/docs/config/listeners.xml
+++ b/webapps/docs/config/listeners.xml
@@ -419,7 +419,8 @@
<attribute name="buildDateWarningAgeDays" required="false">
<p>The maximim number of days between the build-date of this instance
of Tomcat and its startup date can be before warnings will be logged.
- If not specified, the default value of <b>180</b> is used.</p>
+ Set to anything less than 0 (e.g. -1) to disable this check.
+ If not specified, the default value of <b>-1</b> is used.</p>
</attribute>
</attributes>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
