svn commit: r1030599 - in /tomcat/tc6.0.x/trunk: STATUS.txt java/org/apache/el/parser/AstDotSuffix.java java/org/apache/el/parser/AstIdentifier.java java/org/apache/el/util/Validation.java webapps/docs/config/systemprops.xml

Wed, 03 Nov 2010 11:36:36 -0700 

Author: markt
Date: Wed Nov  3 18:35:15 2010
New Revision: 1030599

URL: http://svn.apache.org/viewvc?rev=1030599&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49217
Provide an option to check that EL identifiers conform to the Java Language 
Specification.

Added:
    tomcat/tc6.0.x/trunk/java/org/apache/el/util/Validation.java   (with props)
Modified:
    tomcat/tc6.0.x/trunk/STATUS.txt
    tomcat/tc6.0.x/trunk/java/org/apache/el/parser/AstDotSuffix.java
    tomcat/tc6.0.x/trunk/java/org/apache/el/parser/AstIdentifier.java
    tomcat/tc6.0.x/trunk/webapps/docs/config/systemprops.xml

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1030599&r1=1030598&r2=1030599&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Wed Nov  3 18:35:15 2010
@@ -89,18 +89,6 @@ PATCHES PROPOSED TO BACKPORT:
    cause confusion. I'd prefer not to invent a new name, but mention the
    one that we already have when documenting virtualClasspath.
 
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49217
-  Ensure EL identifiers conform to the Java Language Specification with an
-  option to disable this check.
-  https://issues.apache.org/bugzilla/attachment.cgi?id=25727
-  +1: markt
-  +1: kkolinko, rjung (if doc part is adjusted to the code)
-  -1:
-   kkolinko: doc says the SKIP_* property defaults to false, but in the code 
the
-    default is true. (Maybe tie it to STRICT_SERVLET_COMPLIANCE?)
-    Maybe document this in the "Specification" part of the systemprops.xml,
-    instead of "Expression Language" as done in 7.0.2?
-
 * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49555
   Correctly handle tag libraries that use functions defined in static inner
   classes

Modified: tomcat/tc6.0.x/trunk/java/org/apache/el/parser/AstDotSuffix.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/el/parser/AstDotSuffix.java?rev=1030599&r1=1030598&r2=1030599&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/el/parser/AstDotSuffix.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/el/parser/AstDotSuffix.java Wed Nov  3 
18:35:15 2010
@@ -21,6 +21,7 @@ package org.apache.el.parser;
 import javax.el.ELException;
 
 import org.apache.el.lang.EvaluationContext;
+import org.apache.el.util.Validation;
 
 
 /**
@@ -36,4 +37,13 @@ public final class AstDotSuffix extends 
             throws ELException {
         return this.image;
     }
+    
+    @Override
+    public void setImage(String image) {
+        if (!Validation.isIdentifier(image)) {
+            throw new ELException("[" + image +
+                    "] is not a valid Java identifier");
+        }
+        this.image = image;
+    }
 }

Modified: tomcat/tc6.0.x/trunk/java/org/apache/el/parser/AstIdentifier.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/el/parser/AstIdentifier.java?rev=1030599&r1=1030598&r2=1030599&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/el/parser/AstIdentifier.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/el/parser/AstIdentifier.java Wed Nov  
3 18:35:15 2010
@@ -28,6 +28,7 @@ import javax.el.VariableMapper;
 
 import org.apache.el.lang.EvaluationContext;
 import org.apache.el.util.MessageFactory;
+import org.apache.el.util.Validation;
 
 
 /**
@@ -136,6 +137,15 @@ public final class AstIdentifier extends
         return this.getMethodExpression(ctx).getMethodInfo(ctx.getELContext());
     }
 
+    @Override
+    public void setImage(String image) {
+        if (!Validation.isIdentifier(image)) {
+            throw new ELException("[" + image +
+                    "] is not a valid Java identifier");
+        }
+        this.image = image;
+    }
+
     private final MethodExpression getMethodExpression(EvaluationContext ctx)
             throws ELException {
         Object obj = null;

Added: tomcat/tc6.0.x/trunk/java/org/apache/el/util/Validation.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/el/util/Validation.java?rev=1030599&view=auto
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/el/util/Validation.java (added)
+++ tomcat/tc6.0.x/trunk/java/org/apache/el/util/Validation.java Wed Nov  3 
18:35:15 2010
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.el.util;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+public class Validation {
+
+    // Java keywords, boolean literals & the null literal in alphabetical order
+    private static final String invalidIdentifiers[] = { "abstract", "assert",
+        "boolean", "break", "byte", "case", "catch", "char", "class", "const",
+        "continue", "default", "do", "double", "else", "enum", "extends",
+        "false", "final", "finally", "float", "for", "goto", "if", 
"implements",
+        "import", "instanceof", "int", "interface", "long", "native", "new",
+        "null", "package", "private", "protected", "public", "return", "short",
+        "static", "strictfp", "super", "switch", "synchronized", "this",
+        "throw", "throws", "transient", "true", "try", "void", "volatile",
+        "while" };
+    
+    private static final boolean IS_SECURITY_ENABLED =
+        (System.getSecurityManager() != null);
+
+    private static final boolean SKIP_IDENTIFIER_CHECK;
+    
+    static {
+        if (IS_SECURITY_ENABLED) {
+            SKIP_IDENTIFIER_CHECK = AccessController.doPrivileged(
+                    new PrivilegedAction<Boolean>(){
+                        public Boolean run() {
+                            return Boolean.valueOf(System.getProperty(
+                                    
"org.apache.el.parser.SKIP_IDENTIFIER_CHECK",
+                                    "true"));
+                        }
+                    }
+            ).booleanValue();
+        } else {
+            SKIP_IDENTIFIER_CHECK = Boolean.valueOf(System.getProperty(
+                    "org.apache.el.parser.SKIP_IDENTIFIER_CHECK",
+                    "true")).booleanValue();
+        }
+    }
+    
+    
+    private Validation() {
+        // Utility class. Hide default constructor
+    }
+    
+    /**
+     * Test whether the argument is a Java identifier.
+     */
+    public static boolean isIdentifier(String key) {
+        
+        if (SKIP_IDENTIFIER_CHECK) {
+            return true;
+        }
+
+        // Should not be the case but check to be sure
+        if (key == null || key.length() == 0) {
+            return false;
+        }
+        
+        // Check the list of known invalid values
+        int i = 0;
+        int j = invalidIdentifiers.length;
+        while (i < j) {
+            int k = (i + j) / 2;
+            int result = invalidIdentifiers[k].compareTo(key);
+            if (result == 0) {
+                return false;
+            }
+            if (result < 0) {
+                i = k + 1;
+            } else {
+                j = k;
+            }
+        }
+
+        // Check the start character that has more restrictions
+        if (!Character.isJavaIdentifierStart(key.charAt(0))) {
+            return false;
+        }
+
+        // Check each remaining character used is permitted
+        for (int idx = 1; idx < key.length(); idx++) {
+            if (!Character.isJavaIdentifierPart(key.charAt(idx))) {
+                return false;
+            }
+        }
+        
+        return true;
+    }
+}

Propchange: tomcat/tc6.0.x/trunk/java/org/apache/el/util/Validation.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/systemprops.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/systemprops.xml?rev=1030599&r1=1030598&r2=1030599&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/systemprops.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/systemprops.xml Wed Nov  3 
18:35:15 2010
@@ -74,6 +74,13 @@
       </p>
     </property>
 
+    <property name="org.apache.el.parser.SKIP_IDENTIFIER_CHECK">
+      <p>If <code>true</code>, when parsing expressions, identifiers will not 
be
+      checked to ensure that they conform to the Java Language Specification 
for
+      Java identifiers. If not specified, the default value of
+      <code>true</code> will be used.</p>
+    </property>
+
   </properties>
 </section>
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to