https://issues.apache.org/bugzilla/show_bug.cgi?id=49914
--- Comment #1 from Martin Gainty <mgai...@hotmail.com> 2010-09-12 09:03:17 EDT
---
/* same as TC 6 up until checkUnusualURLPattern */
/**
* Validate the syntax of a proposed <code><url-pattern></code>
* for conformance with specification requirements.
*
* @param urlPattern URL pattern to be validated
*/
private boolean validateURLPattern(String urlPattern) {
if (urlPattern == null)
return (false);
if (urlPattern.indexOf('\n') >= 0 || urlPattern.indexOf('\r') >= 0) {
return (false);
}
if (urlPattern.startsWith("*.")) {
if (urlPattern.indexOf('/') < 0) {
checkUnusualURLPattern(urlPattern);
return (true);
} else
return (false);
}
if ( (urlPattern.startsWith("/")) &&
(urlPattern.indexOf("*.") < 0)) {
checkUnusualURLPattern(urlPattern);
return (true);
} else
return (false);
}
/**
* Check for unusual but valid <code><url-pattern></code>s.
* See Bugzilla 34805, 43079 & 43080
*/
private void checkUnusualURLPattern(String urlPattern) {
if (log.isInfoEnabled()) {
if(urlPattern.endsWith("*") && (urlPattern.length() < 2 ||
urlPattern.charAt(urlPattern.length()-2) != '/')) {
log.info("Suspicious url pattern: \"" + urlPattern + "\"" +
" in context [" + getName() + "] - see" +
" section SRV.11.2 of the Servlet specification" );
}
}
}
/*TESTCASE: if the url-pattern is / then urlPattern.length() =1 and the
urlPattern.charAt(urlPattern.length()-2) is urlPattern.charAt(-1)
would throw NPE
fix would be to have checkUnusualURLPattern throw NPE as here */
private boolean validateURLPattern(String urlPattern) {
if (urlPattern == null)
return (false);
if (urlPattern.indexOf('\n') >= 0 || urlPattern.indexOf('\r') >= 0) {
return (false);
}
if (urlPattern.startsWith("*.")) {
if (urlPattern.indexOf('/') < 0) {
checkUnusualURLPattern(urlPattern);
return (true);
} else
return (false);
}
if ( (urlPattern.startsWith("/")) &&
(urlPattern.indexOf("*.") < 0))
{
try
{
checkUnusualURLPattern(urlPattern);
}
catch(NullPointerException npe)
{
System.err.println("checkUnusualURLPattern has thrown NPE for
urlPattern="+urlPattern+" message="+npe.getMessage());
}
return (true);
} else
return (false);
}
/*change checkUnusualURLPattern method to throw NPE */
private void checkUnusualURLPattern(String urlPattern) throws
NullPointerException {
if (log.isInfoEnabled())
{
try
{
if(urlPattern.endsWith("*") && (urlPattern.length() < 2 ||
urlPattern.charAt(urlPattern.length()-2) != '/'))
{
log.info("Suspicious url pattern: \"" + urlPattern + "\"" +
" in context [" + getName() + "] - see" +
" section SRV.11.2 of the Servlet specification" );
}
}
catch(NullPointerException npe)
{ //re throw NPE
throw NullPointerException(npe.getMessage());
}
}
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
