[Bug 62371] Improve logging in AbstractProcessor.parseHost()
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #24 from ZhiFeng Hu --- How to remove the validation for host name? I want to use any string as the host name . Would you please let us choice ? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62371] Improve logging in AbstractProcessor.parseHost()
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #25 from Mark Thomas --- The Host validation is not optional. It is a specification requirement. The changes discussed in comment #14 and comment #15 (using the same rules for the final segment as the other segments) have been made in the versions listed in comment #17. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62371] Improve logging in AbstractProcessor.parseHost()
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #26 from ZhiFeng Hu --- Though it was a specification. why not gave us an setting or configuration to disable the check ? Gave us a switch please. or we can not upgrade our projects to latest tomcat. or we should have to switch to other (Jetty, undertow) -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62371] Improve logging in AbstractProcessor.parseHost()
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #27 from Mark Thomas --- Simply wait (until early next month) for next release round and upgrade then. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1832105 - in /tomcat/trunk: java/org/apache/catalina/valves/ java/org/apache/tomcat/util/net/ test/org/apache/tomcat/util/net/ webapps/docs/ webapps/docs/config/
Author: markt
Date: Wed May 23 14:23:01 2018
New Revision: 1832105
URL: http://svn.apache.org/viewvc?rev=1832105&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=51497
Add an option, ipv6Canonical, to the AccessLogValve that causes IPv6 addresses
to be output in canonical form defined by RFC 5952.
Based on a patch by ognjen.
Added:
tomcat/trunk/java/org/apache/tomcat/util/net/IPv6Utils.java (with props)
tomcat/trunk/test/org/apache/tomcat/util/net/IPv6UtilsTest.java (with
props)
Modified:
tomcat/trunk/java/org/apache/catalina/valves/AbstractAccessLogValve.java
tomcat/trunk/java/org/apache/catalina/valves/ExtendedAccessLogValve.java
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/config/valve.xml
Modified:
tomcat/trunk/java/org/apache/catalina/valves/AbstractAccessLogValve.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/AbstractAccessLogValve.java?rev=1832105&r1=1832104&r2=1832105&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/valves/AbstractAccessLogValve.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/valves/AbstractAccessLogValve.java
Wed May 23 14:23:01 2018
@@ -52,6 +52,7 @@ import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.ExceptionUtils;
import org.apache.tomcat.util.collections.SynchronizedStack;
+import org.apache.tomcat.util.net.IPv6Utils;
/**
@@ -174,6 +175,11 @@ public abstract class AbstractAccessLogV
*/
protected boolean enabled = true;
+ /**
+ * Use IPv6 canonical representation format as defined by RFC 5952.
+ */
+private boolean ipv6Canonical = false;
+
/**
* The pattern used to format our access log lines.
*/
@@ -480,6 +486,16 @@ public abstract class AbstractAccessLogV
// - Properties
+public boolean getIpv6Canonical() {
+return ipv6Canonical;
+}
+
+
+public void setIpv6Canonical(boolean ipv6Canonical) {
+this.ipv6Canonical = ipv6Canonical;
+}
+
+
/**
* {@inheritDoc}
* Default is false.
@@ -489,6 +505,7 @@ public abstract class AbstractAccessLogV
this.requestAttributesEnabled = requestAttributesEnabled;
}
+
/**
* {@inheritDoc}
*/
@@ -792,11 +809,11 @@ public abstract class AbstractAccessLogV
/**
* write local IP address - %A
*/
-protected static class LocalAddrElement implements AccessLogElement {
+protected class LocalAddrElement implements AccessLogElement {
-private static final String LOCAL_ADDR_VALUE;
+private final String localAddrValue;
-static {
+public LocalAddrElement(boolean ipv6Canonical) {
String init;
try {
init = InetAddress.getLocalHost().getHostAddress();
@@ -804,13 +821,18 @@ public abstract class AbstractAccessLogV
ExceptionUtils.handleThrowable(e);
init = "127.0.0.1";
}
-LOCAL_ADDR_VALUE = init;
+
+if (ipv6Canonical) {
+localAddrValue = IPv6Utils.canonize(init);
+} else {
+localAddrValue = init;
+}
}
@Override
public void addElement(CharArrayWriter buf, Date date, Request request,
Response response, long time) {
-buf.append(LOCAL_ADDR_VALUE);
+buf.append(localAddrValue);
}
}
@@ -821,16 +843,22 @@ public abstract class AbstractAccessLogV
@Override
public void addElement(CharArrayWriter buf, Date date, Request request,
Response response, long time) {
+String value = null;
if (requestAttributesEnabled) {
Object addr = request.getAttribute(REMOTE_ADDR_ATTRIBUTE);
if (addr == null) {
-buf.append(request.getRemoteAddr());
+value = request.getRemoteAddr();
} else {
-buf.append(addr.toString());
+value = addr.toString();
}
} else {
-buf.append(request.getRemoteAddr());
+value = request.getRemoteAddr();
+}
+
+if (ipv6Canonical) {
+value = IPv6Utils.canonize(value);
}
+buf.append(value);
}
}
@@ -854,6 +882,10 @@ public abstract class AbstractAccessLogV
if (value == null || value.length() == 0) {
value = "-";
}
+
+if (ipv6Canonical) {
+value = IPv6Utils.canonize(value);
+}
buf.append(value);
}
}
@@ -1348,11 +1380,15 @@ public abstract class AbstractAccessLogV
/**
* w
[Bug 51497] Use canonical IPv6 text representation in logs
https://bz.apache.org/bugzilla/show_bug.cgi?id=51497 Mark Thomas changed: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #12 from Mark Thomas --- Added with some minor modifications (including disabled by default) to 9.0.x for 9.0.9 onwards. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot failure in on tomcat-trunk
The Buildbot has detected a new failure on builder tomcat-trunk while building . Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/3296 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1832105 Blamelist: markt BUILD FAILED: failed compile Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1832106 - /tomcat/trunk/java/org/apache/tomcat/util/net/IPv6Utils.java
Author: markt
Date: Wed May 23 14:36:29 2018
New Revision: 1832106
URL: http://svn.apache.org/viewvc?rev=1832106&view=rev
Log:
Fix Javadoc
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/IPv6Utils.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/IPv6Utils.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/IPv6Utils.java?rev=1832106&r1=1832105&r2=1832106&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/IPv6Utils.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/IPv6Utils.java Wed May 23
14:36:29 2018
@@ -28,14 +28,14 @@ public class IPv6Utils {
/**
* Convert IPv6 address into RFC 5952 form.
- * E.g. 2001:db8:0:1:0:0:0:1 -> 2001:db8:0:1::1
+ * E.g. 2001:db8:0:1:0:0:0:1 -> 2001:db8:0:1::1
*
* Method is null safe, and if IPv4 address or host name is passed to
the
* method it is returned without any processing.
*
- * Method also supports IPv4 in IPv6 (e.g. 0:0:0:0:0::192.0.2.1 ->
+ * Method also supports IPv4 in IPv6 (e.g. 0:0:0:0:0::192.0.2.1
->
* :::192.0.2.1), and zone ID (e.g. fe80:0:0:0:f0f0:c0c0:1919:1234%4
- * -> fe80::f0f0:c0c0:1919:1234%4).
+ * -> fe80::f0f0:c0c0:1919:1234%4).
*
* The behaviour of this method is undefined if an invalid IPv6 address
* is passed in as input.
@@ -221,7 +221,7 @@ public class IPv6Utils {
/**
* Heuristic check if string might be an IPv6 address.
*
- * @param address Any string or null
+ * @param input Any string or null
* @return true, if input string contains only hex digits and at least two
colons, before '.' or '%' character
*/
static boolean mayBeIPv6Address(String input) {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1832108 - in /tomcat/trunk: java/org/apache/catalina/filters/ java/org/apache/catalina/loader/ java/org/apache/catalina/mapper/ java/org/apache/catalina/security/ java/org/apache/catalina
Author: markt
Date: Wed May 23 14:47:45 2018
New Revision: 1832108
URL: http://svn.apache.org/viewvc?rev=1832108&view=rev
Log:
Fix some Javadoc errors reported by Eclipse.
Modified:
tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java
tomcat/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java
tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java
tomcat/trunk/java/org/apache/catalina/mapper/MapperListener.java
tomcat/trunk/java/org/apache/catalina/security/SecurityUtil.java
tomcat/trunk/java/org/apache/catalina/servlets/WebdavServlet.java
tomcat/trunk/java/org/apache/jasper/compiler/ELParser.java
tomcat/trunk/java/org/apache/jasper/compiler/JspReader.java
tomcat/trunk/java/org/apache/jasper/el/JasperELResolver.java
tomcat/trunk/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnection.java
tomcat/trunk/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/PooledConnectionImpl.java
tomcat/trunk/java/org/apache/tomcat/dbcp/pool2/PoolUtils.java
tomcat/trunk/java/org/apache/tomcat/dbcp/pool2/impl/AbandonedConfig.java
tomcat/trunk/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java
tomcat/trunk/java/org/apache/tomcat/util/bcel/classfile/ConstantLong.java
tomcat/trunk/java/org/apache/tomcat/util/bcel/classfile/JavaClass.java
tomcat/trunk/java/org/apache/tomcat/util/http/fileupload/IOUtils.java
tomcat/trunk/java/org/apache/tomcat/util/http/parser/Cookie.java
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
tomcat/trunk/test/org/apache/catalina/startup/TesterServletEncodeUrl.java
Modified: tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java?rev=1832108&r1=1832107&r2=1832108&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java (original)
+++ tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java Wed May 23
14:47:45 2018
@@ -193,8 +193,6 @@ public class CorsFilter extends GenericF
* This method returns the parameter's value if it exists, or defaultValue
* if not.
*
- * @param filterConfig The configuration for the filter
- *
* @param name The parameter's name
*
* @param defaultValue The default value to return if the parameter does
@@ -203,7 +201,7 @@ public class CorsFilter extends GenericF
* @return The parameter's value or the default value if the parameter does
* not exist
*/
-private String getInitParameter(String name, String defaultValue){
+private String getInitParameter(String name, String defaultValue) {
String value = getInitParameter(name);
if (value != null) {
Modified:
tomcat/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java?rev=1832108&r1=1832107&r2=1832108&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java Wed
May 23 14:47:45 2018
@@ -169,11 +169,8 @@ public class CsrfPreventionFilter extend
return addNonce(super.encodeURL(url));
}
-/**
+/*
* Return the specified URL with the nonce added to the query string.
- *
- * @param url URL to be modified
- * @param nonce The nonce to add
*/
private String addNonce(String url) {
Modified:
tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java?rev=1832108&r1=1832107&r2=1832108&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java Wed
May 23 14:47:45 2018
@@ -344,7 +344,8 @@ public abstract class WebappClassLoaderB
private boolean clearReferencesStopTimerThreads = false;
/**
- * Should Tomcat call {@link org.apache.juli.logging.LogFactory#release()}
+ * Should Tomcat call
+ * {@link org.apache.juli.logging.LogFactory#release(ClassLoader)}
* when the class loader is stopped? If not specified, the default value
* of true is used. Changing the default setting is likely to
* lead to memory leaks and other issues.
Modified: tomcat/trunk/java/org/apache/catalina/mapper/MapperListener.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/mapper/MapperListener.java?rev=1832108&r1=1832107&r2=1832108&view=diff
==
buildbot success in on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building . Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/3297 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1832106 Blamelist: markt Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 51587] Implement status and uptime commands
https://bz.apache.org/bugzilla/show_bug.cgi?id=51587 Mark Thomas changed: What|Removed |Added Resolution|--- |WONTFIX Status|NEW |RESOLVED --- Comment #3 from Mark Thomas --- I've spent a little time thinking about what to do with this enhancement request. Given that: - two interested committers haven't progressed in in 6, almost 7 years; - I don't recall this sort of feature being discussed on the users list; - the OS will provide utilities for this; and - the original request on the wiki could have been met by monitoring the Tomcat HTTP port directly. I've opted to close it as WONTFIX. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 51953] Proposal: netmask filtering valve and filter [PATCH]
https://bz.apache.org/bugzilla/show_bug.cgi?id=51953 --- Comment #24 from Mark Thomas --- It has been rather too long since this was last looked at. Apologies for that. I'm looking at this now. The good news is that the patch applies cleanly to trunk (9.0.x). There are some compilation issues to take care of (e.g. Comet has been removed) but nothing major. I'm planning on starting with the NetMask and associated unit tests. I've tidied up some Checkstyle / formatting issues and I'm now looking at refactoring the unit test coverage to a) use a parameterized test and b) expand the test cases. I also want to look at the Exception messages as the current message look slightly odd and I want to switch them over to the StringManager for i18n support. I'll look at the Valve and Filter once the netmask work is complete. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62391] Unable to Install Windows Service with Server JRE
https://bz.apache.org/bugzilla/show_bug.cgi?id=62391 --- Comment #2 from Christopher Schultz --- IIRC, java.exe will always open a command-prompt to run the command. That's why javaw.exe exists. For a "server install", does that mean that a console needs to be available because java.exe will run instead of javaw.exe? Windows Service probably works regardless. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62391] Unable to Install Windows Service with Server JRE
https://bz.apache.org/bugzilla/show_bug.cgi?id=62391 --- Comment #3 from Mark Thomas --- Take a look at the svn history. As far as I can tell, javaw.exe has never been used. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62391] Unable to Install Windows Service with Server JRE
https://bz.apache.org/bugzilla/show_bug.cgi?id=62391 --- Comment #4 from Igal Sapir --- > IIRC, java.exe will always open a command-prompt to run the command. That's > why javaw.exe exists. Right, but that is for Windowed, GUI applications where you don't want a console window to open with the application. I believe that that's where the `w` comes from in `javaw`. > Take a look at the svn history. As far as I can tell, javaw.exe has never > been used. I have been using Tomcat with the Server JRE on Windows for a few years now. The Windows service runs well with the `java.exe` only. The only problem is with the installation of the Windows Service via `service.bat`. If there is no objection then I will go ahead and remove the offensive line. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62404] New: Visibility issue on field org.apache.catalina.util.LifecycleBase.throwOnFailure
https://bz.apache.org/bugzilla/show_bug.cgi?id=62404 Bug ID: 62404 Summary: Visibility issue on field org.apache.catalina.util.LifecycleBase.throwOnFailure Product: Tomcat 9 Version: unspecified Hardware: PC Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: magyar...@gmail.com Target Milestone: - Within class org.apache.catalina.util.LifecycleBase field throwOnFailure should be volatile. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62404] Visibility issue on field org.apache.catalina.util.LifecycleBase.throwOnFailure
https://bz.apache.org/bugzilla/show_bug.cgi?id=62404 Mark Thomas changed: What|Removed |Added OS||All --- Comment #1 from Mark Thomas --- On what basis? While there is a theoretical case to make nearly all of the fields used for configuration volatile, in practice it has never been an issue. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62404] Visibility issue on field org.apache.catalina.util.LifecycleBase.throwOnFailure
https://bz.apache.org/bugzilla/show_bug.cgi?id=62404 --- Comment #2 from Laszlo Magyar --- It seems to me this class was thread safe before this field was added. I just thought it is a bug to violate this. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62391] Unable to Install Windows Service with Server JRE
https://bz.apache.org/bugzilla/show_bug.cgi?id=62391 --- Comment #5 from Igal Sapir --- (In reply to Mark Thomas from comment #1) > > 2. Does the Windows installer have a similar problem? I just ran the Windows Service Installer executable of Tomcat 9.0.8 on Windows 10 and pointed it to the Server JRE which does not have the `javaw.exe` file. The installation completed with no errors and the service started successfully, so this issue does not affect the Windows Service Installer. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1832124 - in /tomcat/trunk: java/org/apache/catalina/util/LocalStrings.properties java/org/apache/catalina/util/NetMask.java test/org/apache/catalina/util/TestNetMask.java
Author: markt
Date: Wed May 23 20:33:35 2018
New Revision: 1832124
URL: http://svn.apache.org/viewvc?rev=1832124&view=rev
Log:
First part of implementation for BZ 51953
Add a NetMask utility class and some test cases
Added:
tomcat/trunk/java/org/apache/catalina/util/NetMask.java (with props)
tomcat/trunk/test/org/apache/catalina/util/TestNetMask.java (with props)
Modified:
tomcat/trunk/java/org/apache/catalina/util/LocalStrings.properties
Modified: tomcat/trunk/java/org/apache/catalina/util/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/util/LocalStrings.properties?rev=1832124&r1=1832123&r2=1832124&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/util/LocalStrings.properties
(original)
+++ tomcat/trunk/java/org/apache/catalina/util/LocalStrings.properties Wed May
23 20:33:35 2018
@@ -38,6 +38,12 @@ lifecycleBase.stopFail=Failed to stop co
lifecycleMBeanBase.registerFail=Failed to register object [{0}] with name
[{1}] during component initialisation
lifecycleMBeanBase.unregisterFail=Failed to unregister MBean with name [{0}]
during component destruction
lifecycleMBeanBase.unregisterNoServer=No MBean server was available to
unregister the MBean [{0}]
+
+netmask.cidrNegative=The CIDR [{0}] is negative
+netmask.cidrNotNumeric=The CIDR [{0}] is not numeric
+netmask.cidrTooBig=The CIDR [{0}] is greater than the address length [{1}]
+netmask.invalidAddress=The address [{0}] is not valid
+
SecurityUtil.doAsPrivilege=An exception occurs when running the
PrivilegedExceptionAction block.
sessionIdGeneratorBase.createRandom=Creation of SecureRandom instance for
session ID generation using [{0}] took [{1}] milliseconds.
sessionIdGeneratorBase.random=Exception initializing random number generator
of class [{0}]. Falling back to java.secure.SecureRandom
Added: tomcat/trunk/java/org/apache/catalina/util/NetMask.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/util/NetMask.java?rev=1832124&view=auto
==
--- tomcat/trunk/java/org/apache/catalina/util/NetMask.java (added)
+++ tomcat/trunk/java/org/apache/catalina/util/NetMask.java Wed May 23 20:33:35
2018
@@ -0,0 +1,241 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.util;
+
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+
+import org.apache.catalina.tribes.util.StringManager;
+
+/**
+ * A class representing a CIDR netmask.
+ *
+ *
+ * The constructor takes a string as an argument which represents a netmask, as
+ * per the CIDR notation -- whether this netmask be IPv4 or IPv6. It then
+ * extracts the network address (before the /) and the CIDR prefix (after the
+ * /), and tells through the #matches() method whether a candidate
+ * {@link InetAddress} object fits in the recorded range.
+ *
+ *
+ *
+ * As byte arrays as returned by InetAddress.getByName() are
always
+ * in network byte order, finding a match is therefore as simple as testing
+ * whether the n first bits (where n is the CIDR) are the same in both byte
+ * arrays (the one of the network address and the one of the candidate
address).
+ * We do that by first doing byte comparisons, then testing the last bits if
any
+ * (that is, if the remainder of the integer division of the CIDR by 8 is not
+ * 0).
+ *
+ *
+ *
+ * As a bonus, if no '/' is found in the input, it is assumed that an exact
+ * address match is required.
+ *
+ */
+public final class NetMask {
+
+private static final StringManager sm =
StringManager.getManager(NetMask.class);
+
+/**
+ * The argument to the constructor, used for .toString()
+ */
+private final String expression;
+
+/**
+ * The byte array representing the address extracted from the expression
+ */
+private final byte[] netaddr;
+
+/**
+ * The number of bytes to test for equality (CIDR / 8)
+ */
+private final int nrBytes;
+
+/**
+ * The right shift to apply to the last byte if CIDR % 8 is not 0; if it is
+ * 0, this variable is set to 0
[Bug 51953] Proposal: netmask filtering valve and filter [PATCH]
https://bz.apache.org/bugzilla/show_bug.cgi?id=51953 --- Comment #25 from Mark Thomas --- I've just committed the NetMask class and associated test case. Can I just say "Nice code". An elegant solution and very clearly commented. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1832124 - in /tomcat/trunk: java/org/apache/catalina/util/LocalStrings.properties java/org/apache/catalina/util/NetMask.java test/org/apache/catalina/util/TestNetMask.java
On 23/05/18 21:33, ma...@apache.org wrote:
> Author: markt
> Date: Wed May 23 20:33:35 2018
> New Revision: 1832124
>
> URL: http://svn.apache.org/viewvc?rev=1832124&view=rev
> Log:
> First part of implementation for BZ 51953
> Add a NetMask utility class and some test cases
The code looks good to me but given how this is going to be used, I'd
welcome additional eyes on this and especially some more test cases.
Thanks,
Mark
>
> Added:
> tomcat/trunk/java/org/apache/catalina/util/NetMask.java (with props)
> tomcat/trunk/test/org/apache/catalina/util/TestNetMask.java (with props)
> Modified:
> tomcat/trunk/java/org/apache/catalina/util/LocalStrings.properties
>
> Modified: tomcat/trunk/java/org/apache/catalina/util/LocalStrings.properties
> URL:
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/util/LocalStrings.properties?rev=1832124&r1=1832123&r2=1832124&view=diff
> ==
> --- tomcat/trunk/java/org/apache/catalina/util/LocalStrings.properties
> (original)
> +++ tomcat/trunk/java/org/apache/catalina/util/LocalStrings.properties Wed
> May 23 20:33:35 2018
> @@ -38,6 +38,12 @@ lifecycleBase.stopFail=Failed to stop co
> lifecycleMBeanBase.registerFail=Failed to register object [{0}] with name
> [{1}] during component initialisation
> lifecycleMBeanBase.unregisterFail=Failed to unregister MBean with name [{0}]
> during component destruction
> lifecycleMBeanBase.unregisterNoServer=No MBean server was available to
> unregister the MBean [{0}]
> +
> +netmask.cidrNegative=The CIDR [{0}] is negative
> +netmask.cidrNotNumeric=The CIDR [{0}] is not numeric
> +netmask.cidrTooBig=The CIDR [{0}] is greater than the address length [{1}]
> +netmask.invalidAddress=The address [{0}] is not valid
> +
> SecurityUtil.doAsPrivilege=An exception occurs when running the
> PrivilegedExceptionAction block.
> sessionIdGeneratorBase.createRandom=Creation of SecureRandom instance for
> session ID generation using [{0}] took [{1}] milliseconds.
> sessionIdGeneratorBase.random=Exception initializing random number generator
> of class [{0}]. Falling back to java.secure.SecureRandom
>
> Added: tomcat/trunk/java/org/apache/catalina/util/NetMask.java
> URL:
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/util/NetMask.java?rev=1832124&view=auto
> ==
> --- tomcat/trunk/java/org/apache/catalina/util/NetMask.java (added)
> +++ tomcat/trunk/java/org/apache/catalina/util/NetMask.java Wed May 23
> 20:33:35 2018
> @@ -0,0 +1,241 @@
> +/*
> + * Licensed to the Apache Software Foundation (ASF) under one or more
> + * contributor license agreements. See the NOTICE file distributed with
> + * this work for additional information regarding copyright ownership.
> + * The ASF licenses this file to You under the Apache License, Version 2.0
> + * (the "License"); you may not use this file except in compliance with
> + * the License. You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +package org.apache.catalina.util;
> +
> +import java.net.InetAddress;
> +import java.net.UnknownHostException;
> +
> +import org.apache.catalina.tribes.util.StringManager;
> +
> +/**
> + * A class representing a CIDR netmask.
> + *
> + *
> + * The constructor takes a string as an argument which represents a netmask,
> as
> + * per the CIDR notation -- whether this netmask be IPv4 or IPv6. It then
> + * extracts the network address (before the /) and the CIDR prefix (after the
> + * /), and tells through the #matches() method whether a candidate
> + * {@link InetAddress} object fits in the recorded range.
> + *
> + *
> + *
> + * As byte arrays as returned by InetAddress.getByName() are
> always
> + * in network byte order, finding a match is therefore as simple as testing
> + * whether the n first bits (where n is the CIDR) are the same in both byte
> + * arrays (the one of the network address and the one of the candidate
> address).
> + * We do that by first doing byte comparisons, then testing the last bits if
> any
> + * (that is, if the remainder of the integer division of the CIDR by 8 is not
> + * 0).
> + *
> + *
> + *
> + * As a bonus, if no '/' is found in the input, it is assumed that an exact
> + * address match is required.
> + *
> + */
> +public final class NetMask {
> +
> +private static final StringManager sm =
> StringManager.getManager(NetMask.class);
> +
> +/**
> + * The argument to the constructor, used for .toString(
svn commit: r1832125 - /tomcat/trunk/test/org/apache/catalina/util/TestNetMask.java
Author: markt
Date: Wed May 23 20:46:01 2018
New Revision: 1832125
URL: http://svn.apache.org/viewvc?rev=1832125&view=rev
Log:
Few more test cases
Modified:
tomcat/trunk/test/org/apache/catalina/util/TestNetMask.java
Modified: tomcat/trunk/test/org/apache/catalina/util/TestNetMask.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/util/TestNetMask.java?rev=1832125&r1=1832124&r2=1832125&view=diff
==
--- tomcat/trunk/test/org/apache/catalina/util/TestNetMask.java (original)
+++ tomcat/trunk/test/org/apache/catalina/util/TestNetMask.java Wed May 23
20:46:01 2018
@@ -71,6 +71,26 @@ public final class TestNetMask {
result.add(new Object[] { "1.2.3.4/31", "1.2.3.5", Boolean.TRUE,
Boolean.TRUE });
result.add(new Object[] { "1.2.3.4/31", "1.2.3.6", Boolean.TRUE,
Boolean.FALSE });
+result.add(new Object[] { "10.0.0.0/22", "9.255.255.255",
Boolean.TRUE, Boolean.FALSE });
+result.add(new Object[] { "10.0.0.0/22", "10.0.0.0", Boolean.TRUE,
Boolean.TRUE });
+result.add(new Object[] { "10.0.0.0/22", "10.0.3.255", Boolean.TRUE,
Boolean.TRUE });
+result.add(new Object[] { "10.0.0.0/22", "10.0.4.0", Boolean.TRUE,
Boolean.FALSE });
+
+// IPv6
+result.add(new Object[] { "::5:1/128", "::4:", Boolean.TRUE,
Boolean.FALSE });
+result.add(new Object[] { "::5:1/128", "::5:1", Boolean.TRUE,
Boolean.TRUE });
+result.add(new Object[] { "::5:1/128", "::5:2", Boolean.TRUE,
Boolean.FALSE });
+
+result.add(new Object[] { "::5:1/127", "::4:", Boolean.TRUE,
Boolean.FALSE });
+result.add(new Object[] { "::5:1/127", "::5:0", Boolean.TRUE,
Boolean.TRUE });
+result.add(new Object[] { "::5:1/127", "::5:1", Boolean.TRUE,
Boolean.TRUE });
+result.add(new Object[] { "::5:1/127", "::5:2", Boolean.TRUE,
Boolean.FALSE });
+
+result.add(new Object[] { "a::5:1/42",
"9:::::::", Boolean.TRUE, Boolean.FALSE });
+result.add(new Object[] { "a::5:1/42", "a::0", Boolean.TRUE,
Boolean.TRUE });
+result.add(new Object[] { "a::5:1/42",
"a:0:3f:::::", Boolean.TRUE, Boolean.TRUE });
+result.add(new Object[] { "a::5:1/42", "a:0:40::", Boolean.TRUE,
Boolean.FALSE });
+
return result;
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1832127 - /tomcat/trunk/java/org/apache/catalina/util/NetMask.java
Author: markt Date: Wed May 23 20:48:14 2018 New Revision: 1832127 URL: http://svn.apache.org/viewvc?rev=1832127&view=rev Log: Fix import Modified: tomcat/trunk/java/org/apache/catalina/util/NetMask.java Modified: tomcat/trunk/java/org/apache/catalina/util/NetMask.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/util/NetMask.java?rev=1832127&r1=1832126&r2=1832127&view=diff == --- tomcat/trunk/java/org/apache/catalina/util/NetMask.java (original) +++ tomcat/trunk/java/org/apache/catalina/util/NetMask.java Wed May 23 20:48:14 2018 @@ -19,7 +19,7 @@ package org.apache.catalina.util; import java.net.InetAddress; import java.net.UnknownHostException; -import org.apache.catalina.tribes.util.StringManager; +import org.apache.tomcat.util.res.StringManager; /** * A class representing a CIDR netmask. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1832129 - /tomcat/trunk/test/org/apache/catalina/util/TestNetMask.java
Author: markt
Date: Wed May 23 20:57:55 2018
New Revision: 1832129
URL: http://svn.apache.org/viewvc?rev=1832129&view=rev
Log:
Additional test cases to get to 100% code coverage of the new utility class.
Modified:
tomcat/trunk/test/org/apache/catalina/util/TestNetMask.java
Modified: tomcat/trunk/test/org/apache/catalina/util/TestNetMask.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/util/TestNetMask.java?rev=1832129&r1=1832128&r2=1832129&view=diff
==
--- tomcat/trunk/test/org/apache/catalina/util/TestNetMask.java (original)
+++ tomcat/trunk/test/org/apache/catalina/util/TestNetMask.java Wed May 23
20:57:55 2018
@@ -62,6 +62,8 @@ public final class TestNetMask {
result.add(new Object[] { "ae31::27:ef2:1/129", null, Boolean.FALSE,
null });
// IPv4
+result.add(new Object[] { "1.2.3.4", "1.2.3.4", Boolean.TRUE,
Boolean.TRUE });
+
result.add(new Object[] { "1.2.3.4/32", "1.2.3.3", Boolean.TRUE,
Boolean.FALSE });
result.add(new Object[] { "1.2.3.4/32", "1.2.3.4", Boolean.TRUE,
Boolean.TRUE });
result.add(new Object[] { "1.2.3.4/32", "1.2.3.5", Boolean.TRUE,
Boolean.FALSE });
@@ -77,6 +79,8 @@ public final class TestNetMask {
result.add(new Object[] { "10.0.0.0/22", "10.0.4.0", Boolean.TRUE,
Boolean.FALSE });
// IPv6
+result.add(new Object[] { "::5:1", "::5:1", Boolean.TRUE, Boolean.TRUE
});
+
result.add(new Object[] { "::5:1/128", "::4:", Boolean.TRUE,
Boolean.FALSE });
result.add(new Object[] { "::5:1/128", "::5:1", Boolean.TRUE,
Boolean.TRUE });
result.add(new Object[] { "::5:1/128", "::5:2", Boolean.TRUE,
Boolean.FALSE });
@@ -91,6 +95,9 @@ public final class TestNetMask {
result.add(new Object[] { "a::5:1/42",
"a:0:3f:::::", Boolean.TRUE, Boolean.TRUE });
result.add(new Object[] { "a::5:1/42", "a:0:40::", Boolean.TRUE,
Boolean.FALSE });
+// Mixed
+result.add(new Object[] { "10.0.0.0/22", "::1", Boolean.TRUE,
Boolean.FALSE });
+
return result;
}
@@ -124,5 +131,7 @@ public final class TestNetMask {
}
Assert.assertEquals(matches,
Boolean.valueOf(netMask.matches(inetAddress)));
+
+Assert.assertEquals(mask, netMask.toString());
}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62405] New: Add Rereadable Request Filter
https://bz.apache.org/bugzilla/show_bug.cgi?id=62405 Bug ID: 62405 Summary: Add Rereadable Request Filter Product: Tomcat 9 Version: unspecified Hardware: PC Status: NEW Severity: enhancement Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: d...@21solutions.net Target Milestone: - Many times Filters need to read the body of the Request in order to inspect it, e.g. a security filter that might inspect incoming request for XSS or SQL Injection values. But if that filter is not written properly, inspecting the request by calling getInputStream() or getReader(), will put the Request in an illigal state for subsequent reads, and if the Servlet or any other filter in the chain will try to call getReader() again an IllegalStateException will be thrown: From https://docs.oracle.com/javaee/7/api/javax/servlet/ServletRequest.html#getInputStream-- > IllegalStateException - if the getReader() method has already been called for > this request https://docs.oracle.com/javaee/7/api/javax/servlet/ServletRequest.html#getReader-- > IllegalStateException - if getInputStream() method has been called on this > request I propose to add a general purpose, RereadableRequestFilter (working title), that will allow to re-read a request's body by caching it on the first read, and returning the value from cache on subsequent reads. That way a Filter that need to inspect the Request can simply wrap it with the RereadableRequestFilter and not worry about those details. I already have the code for such a filter which I've written a while back, so I can tweak it as needed and add it rather easily if there is no objection for this enhancement. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62405] Add Rereadable Request Filter
https://bz.apache.org/bugzilla/show_bug.cgi?id=62405 George Stanchev changed: What|Removed |Added OS||All --- Comment #1 from George Stanchev --- I am just curious, what happens if a bad actor decides to send a 10 gig request and the filter is engaged. Obviously you have to read the whole thing to memory in order to rewind it or you have a cap on how much you read from the socket? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62405] Add Rereadable Request Filter
https://bz.apache.org/bugzilla/show_bug.cgi?id=62405 --- Comment #2 from Igal Sapir --- (In reply to George Stanchev from comment #1) > I am just curious, what happens if a bad actor decides to send a 10 gig > request and the filter is engaged. Obviously you have to read the whole > thing to memory in order to rewind it or you have a cap on how much you read > from the socket? I don't have that part implemented, but it's possible to add configuration settings with a size limit that will throw an error, or even a size threshold that will use disk instead of memory. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
