This is an automated email from the ASF dual-hosted git repository.
cziegeler pushed a commit to branch master
in repository
https://gitbox.apache.org/repos/asf/sling-org-apache-sling-engine.git
The following commit(s) were added to refs/heads/master by this push:
new 7d84c3d SLIGN-12201 : Regression introduced by SLING-12124
7d84c3d is described below
commit 7d84c3d3cde95421fe597f5977bf735e50ed55d3
Author: Carsten Ziegeler <cziege...@apache.org>
AuthorDate: Fri Dec 15 10:43:46 2023 +0100
SLIGN-12201 : Regression introduced by SLING-12124
---
.../sling/engine/impl/request/RequestData.java | 40 +++-----------------
.../sling/engine/impl/request/RequestDataTest.java | 43 +---------------------
2 files changed, 7 insertions(+), 76 deletions(-)
diff --git
a/src/main/java/org/apache/sling/engine/impl/request/RequestData.java
b/src/main/java/org/apache/sling/engine/impl/request/RequestData.java
index d8b170a..1c141c9 100644
--- a/src/main/java/org/apache/sling/engine/impl/request/RequestData.java
+++ b/src/main/java/org/apache/sling/engine/impl/request/RequestData.java
@@ -507,8 +507,7 @@ public class RequestData {
SlingHttpServletResponse response) throws IOException,
ServletException {
- if (!isValidRequest(request.getRequestPathInfo(),
-
request.getResource().getResourceMetadata().getResolutionPathInfo())) {
+ if (!isValidRequest(request.getRequestPathInfo().getResourcePath(),
request.getRequestPathInfo().getSelectors())) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST,
"Malformed request syntax");
return;
@@ -561,42 +560,13 @@ public class RequestData {
* Don't allow path segments that contain only dots or a mix of dots and
%5B.
* Additionally, check that we didn't have an empty selector from a dot
replacement.
*/
- static boolean isValidRequest(final RequestPathInfo info, final String
resourcePathInfo) {
- final String selectorString = info.getSelectorString();
- if (selectorString == null &&
pathInfoContainsEmptySelectors(resourcePathInfo)) {
- return false;
- }
-
- for (final String selector : info.getSelectors()) {
+ static boolean isValidRequest(String resourcePath, String... selectors) {
+ for (String selector : selectors) {
if (selector.trim().isEmpty()) {
return false;
}
}
- return info.getResourcePath() == null ||
!traversesParentPath(info.getResourcePath());
- }
-
- static boolean pathInfoContainsEmptySelectors(final String pathToParse) {
- if (pathToParse == null) {
- return false;
- }
-
- // look for consecutive dots in the path
- final int doubleDots = pathToParse.indexOf("..");
- if (doubleDots == -1) {
- return false;
- }
- // find suffix
- final String suffixPlusExtension;
- final int firstSlash = pathToParse.indexOf('/');
- if (firstSlash == -1) {
- suffixPlusExtension = pathToParse;
- } else {
- suffixPlusExtension = pathToParse.substring(0, firstSlash);
- }
- // find extension
- final int lastDot = suffixPlusExtension.lastIndexOf('.');
- // double dots before extension?
- return doubleDots < lastDot;
+ return resourcePath == null || !traversesParentPath(resourcePath);
}
// ---------- Content inclusion stacking
-----------------------------------
@@ -779,4 +749,4 @@ public class RequestData {
"to check for anonymous requests first.");
}
}
-}
+}
\ No newline at end of file
diff --git
a/src/test/java/org/apache/sling/engine/impl/request/RequestDataTest.java
b/src/test/java/org/apache/sling/engine/impl/request/RequestDataTest.java
index b5f67fe..1b2d1ac 100644
--- a/src/test/java/org/apache/sling/engine/impl/request/RequestDataTest.java
+++ b/src/test/java/org/apache/sling/engine/impl/request/RequestDataTest.java
@@ -27,7 +27,6 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
-import org.apache.sling.api.request.RequestPathInfo;
import org.apache.sling.api.request.RequestProgressTracker;
import org.apache.sling.api.request.TooManyCallsException;
import org.apache.sling.engine.impl.SlingHttpServletRequestImpl;
@@ -38,7 +37,6 @@ import org.jmock.Mockery;
import org.jmock.imposters.ByteBuddyClassImposteriser;
import org.junit.Before;
import org.junit.Test;
-import org.mockito.Mockito;
import java.io.IOException;
import java.util.Collections;
@@ -87,7 +85,6 @@ public class RequestDataTest {
will(returnValue(servletConfig));
allowing(contentData).getRequestPathInfo();
- allowing(contentData).getResource();
allowing(servlet).service(with(any(ServletRequest.class)),
with(any(ServletResponse.class)));
@@ -208,21 +205,6 @@ public class RequestDataTest {
assertValidRequest(true, "/a/.}[");
}
- @Test
- public void testRawSelectors() {
- String resourcePath = "/path/to/resource";
-
- assertValidRequest(false, resourcePath, ".....json/a/b/c");
-
- assertValidRequest(false, resourcePath, "..html");
-
- assertValidRequest(true, resourcePath, ".html");
-
- assertValidRequest(false, resourcePath, "..a...html/a/b/c", new
String[] {"", "a", "", ""});
-
- assertValidRequest(true, resourcePath, ".a.b.c.html/a/b/c", new
String[]{"a", "b", "c"});
- }
-
@Test
public void testValidRequest() {
//HttpRequest with valid path
@@ -230,30 +212,9 @@ public class RequestDataTest {
}
private static void assertValidRequest(boolean expected, String path) {
- final RequestPathInfo info = Mockito.mock(RequestPathInfo.class);
- Mockito.when(info.getResourcePath()).thenReturn(path);
- Mockito.when(info.getSelectorString()).thenReturn(null);
- Mockito.when(info.getSelectors()).thenReturn(new String[0]);
- assertEquals(
- "Expected " + expected + " for " + path,
- expected,
- RequestData.isValidRequest(info, null));
- }
-
- private static void assertValidRequest(boolean expected, String path,
String pathInfo, String... selectors) {
- final RequestPathInfo info = Mockito.mock(RequestPathInfo.class);
- Mockito.when(info.getResourcePath()).thenReturn(path);
- if (selectors == null || selectors.length == 0) {
- Mockito.when(info.getSelectorString()).thenReturn(null);
- Mockito.when(info.getSelectors()).thenReturn(new String[0]);
- } else {
-
Mockito.when(info.getSelectorString()).thenReturn(selectors.toString()); //
this is not correct, but doesn't matter for the test
- Mockito.when(info.getSelectors()).thenReturn(selectors);
- }
-
assertEquals(
"Expected " + expected + " for " + path,
expected,
- RequestData.isValidRequest(info, pathInfo));
+ RequestData.isValidRequest(path));
}
-}
+}
\ No newline at end of file
