Repository: wicket Updated Branches: refs/heads/master 6b62b86ae -> f1586b3cf
removed scope, since it is no longer used; path is absolute already Project: http://git-wip-us.apache.org/repos/asf/wicket/repo Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/f1586b3c Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/f1586b3c Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/f1586b3c Branch: refs/heads/master Commit: f1586b3cf5fcbdb59caa68806cd01bb51d0be6b2 Parents: 6b62b86 Author: svenmeier <[email protected]> Authored: Wed Aug 20 13:18:31 2014 +0200 Committer: svenmeier <[email protected]> Committed: Wed Aug 20 13:18:31 2014 +0200 ---------------------------------------------------------------------- .../markup/html/IPackageResourceGuard.java | 11 +- .../markup/html/PackageResourceGuard.java | 19 +-- .../markup/html/SecurePackageResourceGuard.java | 4 +- .../request/resource/PackageResource.java | 12 +- .../markup/html/PackageResourceGuardTest.java | 45 ++--- .../wicket/markup/html/PackageResourceTest.java | 25 +-- .../html/SecurePackageResourceGuardTest.java | 164 +++++++++---------- 7 files changed, 129 insertions(+), 151 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/wicket/blob/f1586b3c/wicket-core/src/main/java/org/apache/wicket/markup/html/IPackageResourceGuard.java ---------------------------------------------------------------------- diff --git a/wicket-core/src/main/java/org/apache/wicket/markup/html/IPackageResourceGuard.java b/wicket-core/src/main/java/org/apache/wicket/markup/html/IPackageResourceGuard.java index 9c90af6..a8f5347 100644 --- a/wicket-core/src/main/java/org/apache/wicket/markup/html/IPackageResourceGuard.java +++ b/wicket-core/src/main/java/org/apache/wicket/markup/html/IPackageResourceGuard.java @@ -26,17 +26,16 @@ import org.apache.wicket.request.resource.PackageResource; */ public interface IPackageResourceGuard { + /** * Whether the package resource that can be reached using the provided parameters may be * accessed. * - * @param scope - * This argument will be used to get the class loader for loading the package - * resource - * @param absolutePath - * The absolute path to the resource + * @param path + * The absolute path, starting from the class root (packages are separated with + * forward slashes instead of dots). * * @return True if access is permitted, false otherwise */ - boolean accept(final Class<?> scope, final String absolutePath); + boolean accept(final String absolutePath); } http://git-wip-us.apache.org/repos/asf/wicket/blob/f1586b3c/wicket-core/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java ---------------------------------------------------------------------- diff --git a/wicket-core/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java b/wicket-core/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java index dba581a..8cd8fe7 100644 --- a/wicket-core/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java +++ b/wicket-core/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java @@ -62,24 +62,9 @@ public class PackageResourceGuard implements IPackageResourceGuard } /** - * @see org.apache.wicket.markup.html.IPackageResourceGuard#accept(java.lang.Class, - * java.lang.String) + * @see org.apache.wicket.markup.html.IPackageResourceGuard#accept(java.lang.String) */ - public boolean accept(Class<?> scope, String absolutePath) - { - // path is already absolute - return acceptAbsolutePath(absolutePath); - } - - /** - * Whether the provided absolute path is accepted. - * - * @param path - * The absolute path, starting from the class root (packages are separated with - * forward slashes instead of dots). - * @return True if accepted, false otherwise. - */ - protected boolean acceptAbsolutePath(String path) + public boolean accept(String path) { int ixExtension = path.lastIndexOf('.'); int len = path.length(); http://git-wip-us.apache.org/repos/asf/wicket/blob/f1586b3c/wicket-core/src/main/java/org/apache/wicket/markup/html/SecurePackageResourceGuard.java ---------------------------------------------------------------------- diff --git a/wicket-core/src/main/java/org/apache/wicket/markup/html/SecurePackageResourceGuard.java b/wicket-core/src/main/java/org/apache/wicket/markup/html/SecurePackageResourceGuard.java index 4890465..f964d1f 100644 --- a/wicket-core/src/main/java/org/apache/wicket/markup/html/SecurePackageResourceGuard.java +++ b/wicket-core/src/main/java/org/apache/wicket/markup/html/SecurePackageResourceGuard.java @@ -148,7 +148,7 @@ public class SecurePackageResourceGuard extends PackageResourceGuard * @return True if accepted, false otherwise. */ @Override - protected boolean acceptAbsolutePath(String path) + public boolean accept(String path) { // First check the cache if (cache != null) @@ -161,7 +161,7 @@ public class SecurePackageResourceGuard extends PackageResourceGuard } // Check typical files such as log4j.xml etc. - if (super.acceptAbsolutePath(path) == false) + if (super.accept(path) == false) { return false; } http://git-wip-us.apache.org/repos/asf/wicket/blob/f1586b3c/wicket-core/src/main/java/org/apache/wicket/request/resource/PackageResource.java ---------------------------------------------------------------------- diff --git a/wicket-core/src/main/java/org/apache/wicket/request/resource/PackageResource.java b/wicket-core/src/main/java/org/apache/wicket/request/resource/PackageResource.java index 26d060b..767a863 100644 --- a/wicket-core/src/main/java/org/apache/wicket/request/resource/PackageResource.java +++ b/wicket-core/src/main/java/org/apache/wicket/request/resource/PackageResource.java @@ -433,7 +433,6 @@ public class PackageResource extends AbstractResource implements IStaticCacheabl .getResourceStreamLocator(); IResourceStream resourceStream = resourceStreamLocator.locate(getScope(), absolutePath, style, variation, locale, null, false); - Class<?> realScope = getScope(); String realPath = absolutePath; if (resourceStream instanceof IFixedLocationResourceStream) { @@ -445,11 +444,6 @@ public class PackageResource extends AbstractResource implements IStaticCacheabl { realPath = realPath.substring(index); } - else - { - // just fall back on the full path without a scope.. - realScope = null; - } } else { @@ -458,7 +452,7 @@ public class PackageResource extends AbstractResource implements IStaticCacheabl } - if (accept(realScope, realPath) == false) + if (accept(realPath) == false) { throw new PackageResourceBlockedException( "Access denied to (static) package resource " + absolutePath + @@ -524,13 +518,13 @@ public class PackageResource extends AbstractResource implements IStaticCacheabl * resource path * @return <code>true<code> if resource access is granted */ - protected boolean accept(Class<?> scope, String path) + protected boolean accept(String path) { IPackageResourceGuard guard = Application.get() .getResourceSettings() .getPackageResourceGuard(); - return guard.accept(scope, path); + return guard.accept(path); } /** http://git-wip-us.apache.org/repos/asf/wicket/blob/f1586b3c/wicket-core/src/test/java/org/apache/wicket/markup/html/PackageResourceGuardTest.java ---------------------------------------------------------------------- diff --git a/wicket-core/src/test/java/org/apache/wicket/markup/html/PackageResourceGuardTest.java b/wicket-core/src/test/java/org/apache/wicket/markup/html/PackageResourceGuardTest.java index 70dd39b..bafd8c4 100644 --- a/wicket-core/src/test/java/org/apache/wicket/markup/html/PackageResourceGuardTest.java +++ b/wicket-core/src/test/java/org/apache/wicket/markup/html/PackageResourceGuardTest.java @@ -35,10 +35,10 @@ public class PackageResourceGuardTest extends WicketTestCase PackageResourceGuard guard = new PackageResourceGuard(); guard.setAllowAccessToRootResources(false); - assertFalse(guard.accept(Integer.TYPE, "test.gif")); + assertFalse(guard.accept("test.gif")); guard.setAllowAccessToRootResources(true); - assertTrue(guard.accept(Integer.TYPE, "test.gif")); + assertTrue(guard.accept("test.gif")); } @@ -53,21 +53,21 @@ public class PackageResourceGuardTest extends WicketTestCase PackageResourceGuard guard = new PackageResourceGuard(); guard.setAllowAccessToRootResources(false); - assertTrue(guard.acceptAbsolutePath("/test/test.js")); - assertFalse(guard.acceptAbsolutePath("/test.js")); + assertTrue(guard.accept("/test/test.js")); + assertFalse(guard.accept("/test.js")); if ("\\".equals(File.pathSeparator)) { - assertTrue(guard.acceptAbsolutePath("c:\\test\\org\\apache\\test.js")); - assertTrue(guard.acceptAbsolutePath("\\test\\org\\apache\\test.js")); - assertFalse(guard.acceptAbsolutePath("c:\\test.js")); - assertFalse(guard.acceptAbsolutePath("\\test.js")); + assertTrue(guard.accept("c:\\test\\org\\apache\\test.js")); + assertTrue(guard.accept("\\test\\org\\apache\\test.js")); + assertFalse(guard.accept("c:\\test.js")); + assertFalse(guard.accept("\\test.js")); // java also generates file paths with '/' on windows - assertTrue(guard.acceptAbsolutePath("c:/test/org/apache/test.js")); - assertTrue(guard.acceptAbsolutePath("/test/org/apache/test.js")); - assertFalse(guard.acceptAbsolutePath("c:/test.js")); - assertFalse(guard.acceptAbsolutePath("/test.js")); + assertTrue(guard.accept("c:/test/org/apache/test.js")); + assertTrue(guard.accept("/test/org/apache/test.js")); + assertFalse(guard.accept("c:/test.js")); + assertFalse(guard.accept("/test.js")); } } @@ -84,13 +84,20 @@ public class PackageResourceGuardTest extends WicketTestCase assertNotNull(getClass().getResource( "/org/apache/wicket/markup/html/PackageResourceGuardTest$MyClass.class")); - assertFalse(guard.acceptAbsolutePath("org/apache/wicket/markup/html/PackageResourceGuardTest$MyClass.html")); - assertFalse(guard.acceptAbsolutePath("org/apache/wicket/markup/html/PackageResourceGuardTest$MyClass_de.html")); - assertFalse(guard.acceptAbsolutePath("org/apache/wicket/markup/html/PackageResourceGuardTest$MyClass_SomeHTMLSnippetIWantServed.html")); - assertFalse(guard.acceptAbsolutePath("org/apache/wicket/markup/html/PackageResourceGuardTest$MyOtherClass_WithCrazyName.html")); - assertFalse(guard.acceptAbsolutePath("org/apache/wicket/markup/html/PackageResourceGuardTest$MyOtherClass_WithCrazyName_de.html")); - assertFalse(guard.acceptAbsolutePath("org/apache/wicket/markup/html/PackageResourceGuardTest$MyOtherClass_WithCrazyName_en.html")); - assertTrue(guard.acceptAbsolutePath("org/apache/wicket/markup/html/PackageResourceGuardTest$MyOtherClass.html")); + assertFalse(guard + .accept("org/apache/wicket/markup/html/PackageResourceGuardTest$MyClass.html")); + assertFalse(guard + .accept("org/apache/wicket/markup/html/PackageResourceGuardTest$MyClass_de.html")); + assertFalse(guard + .accept("org/apache/wicket/markup/html/PackageResourceGuardTest$MyClass_SomeHTMLSnippetIWantServed.html")); + assertFalse(guard + .accept("org/apache/wicket/markup/html/PackageResourceGuardTest$MyOtherClass_WithCrazyName.html")); + assertFalse(guard + .accept("org/apache/wicket/markup/html/PackageResourceGuardTest$MyOtherClass_WithCrazyName_de.html")); + assertFalse(guard + .accept("org/apache/wicket/markup/html/PackageResourceGuardTest$MyOtherClass_WithCrazyName_en.html")); + assertTrue(guard + .accept("org/apache/wicket/markup/html/PackageResourceGuardTest$MyOtherClass.html")); } private class MyClass extends WebComponent http://git-wip-us.apache.org/repos/asf/wicket/blob/f1586b3c/wicket-core/src/test/java/org/apache/wicket/markup/html/PackageResourceTest.java ---------------------------------------------------------------------- diff --git a/wicket-core/src/test/java/org/apache/wicket/markup/html/PackageResourceTest.java b/wicket-core/src/test/java/org/apache/wicket/markup/html/PackageResourceTest.java index a995e4e..9249f46 100644 --- a/wicket-core/src/test/java/org/apache/wicket/markup/html/PackageResourceTest.java +++ b/wicket-core/src/test/java/org/apache/wicket/markup/html/PackageResourceTest.java @@ -73,22 +73,15 @@ public class PackageResourceTest extends WicketTestCase PackageResourceGuard guard = new PackageResourceGuard(); assertTrue(guard.acceptExtension("txt")); assertFalse(guard.acceptExtension("java")); - assertTrue(guard.acceptAbsolutePath("foo/Bar.txt")); - assertFalse(guard.acceptAbsolutePath("foo/Bar.java")); - assertTrue(guard.accept(PackageResourceTest.class, - Packages.absolutePath(PackageResourceTest.class, "Bar.txt"))); - assertTrue(guard.accept(PackageResourceTest.class, - Packages.absolutePath(PackageResourceTest.class, "Bar.txt."))); - assertTrue(guard.accept(PackageResourceTest.class, - Packages.absolutePath(PackageResourceTest.class, ".Bar.txt"))); - assertTrue(guard.accept(PackageResourceTest.class, - Packages.absolutePath(PackageResourceTest.class, ".Bar.txt."))); - assertTrue(guard.accept(PackageResourceTest.class, - Packages.absolutePath(PackageResourceTest.class, ".Bar"))); - assertTrue(guard.accept(PackageResourceTest.class, - Packages.absolutePath(PackageResourceTest.class, ".java"))); - assertFalse(guard.accept(PackageResourceTest.class, - Packages.absolutePath(PackageResourceTest.class, "Bar.java"))); + assertTrue(guard.accept("foo/Bar.txt")); + assertFalse(guard.accept("foo/Bar.java")); + assertTrue(guard.accept(Packages.absolutePath(PackageResourceTest.class, "Bar.txt"))); + assertTrue(guard.accept(Packages.absolutePath(PackageResourceTest.class, "Bar.txt."))); + assertTrue(guard.accept(Packages.absolutePath(PackageResourceTest.class, ".Bar.txt"))); + assertTrue(guard.accept(Packages.absolutePath(PackageResourceTest.class, ".Bar.txt."))); + assertTrue(guard.accept(Packages.absolutePath(PackageResourceTest.class, ".Bar"))); + assertTrue(guard.accept(Packages.absolutePath(PackageResourceTest.class, ".java"))); + assertFalse(guard.accept(Packages.absolutePath(PackageResourceTest.class, "Bar.java"))); } /** http://git-wip-us.apache.org/repos/asf/wicket/blob/f1586b3c/wicket-core/src/test/java/org/apache/wicket/markup/html/SecurePackageResourceGuardTest.java ---------------------------------------------------------------------- diff --git a/wicket-core/src/test/java/org/apache/wicket/markup/html/SecurePackageResourceGuardTest.java b/wicket-core/src/test/java/org/apache/wicket/markup/html/SecurePackageResourceGuardTest.java index 3c859ce..5b8fb9a 100644 --- a/wicket-core/src/test/java/org/apache/wicket/markup/html/SecurePackageResourceGuardTest.java +++ b/wicket-core/src/test/java/org/apache/wicket/markup/html/SecurePackageResourceGuardTest.java @@ -35,28 +35,28 @@ public class SecurePackageResourceGuardTest extends WicketTestCase SecurePackageResourceGuard guard = new SecurePackageResourceGuard(); guard.setAllowAccessToRootResources(false); guard.addPattern("+*.gif"); - assertTrue(guard.accept(Application.class, + assertTrue(guard.accept( Packages.absolutePath(Application.class, "test.gif"))); - assertTrue(guard.accept(Application.class, + assertTrue(guard.accept( Packages.absolutePath(Application.class, "mydir/test.gif"))); - assertTrue(guard.accept(Application.class, "/root/mydir/test.gif")); - assertTrue(guard.accept(Application.class, + assertTrue(guard.accept("/root/mydir/test.gif")); + assertTrue(guard.accept( Packages.absolutePath(Application.class, "../test.gif"))); - assertTrue(guard.accept(Application.class, + assertTrue(guard.accept( Packages.absolutePath(Application.class, "../../test.gif"))); // web-inf (root package) - assertFalse(guard.accept(Application.class, + assertFalse(guard.accept( Packages.absolutePath(Application.class, "../../../test.gif"))); guard.setAllowAccessToRootResources(true); - assertTrue(guard.accept(Application.class, + assertTrue(guard.accept( Packages.absolutePath(Application.class, "../../../test.gif"))); boolean hit = false; try { // you can not go below root - assertTrue(guard.accept(Application.class, + assertTrue(guard.accept( Packages.absolutePath(Application.class, "../../../../test.gif"))); } catch (IllegalArgumentException ex) @@ -74,10 +74,10 @@ public class SecurePackageResourceGuardTest extends WicketTestCase { SecurePackageResourceGuard guard = new SecurePackageResourceGuard(); guard.addPattern("+*.gif"); - assertFalse(guard.acceptAbsolutePath("test.gif")); - assertFalse(guard.acceptAbsolutePath("/test.gif")); - assertTrue(guard.acceptAbsolutePath("mydir/test.gif")); - assertTrue(guard.acceptAbsolutePath("/root/mydir/test.gif")); + assertFalse(guard.accept("test.gif")); + assertFalse(guard.accept("/test.gif")); + assertTrue(guard.accept("mydir/test.gif")); + assertTrue(guard.accept("/root/mydir/test.gif")); } /** @@ -93,16 +93,16 @@ public class SecurePackageResourceGuardTest extends WicketTestCase guard.addPattern("+*.gi*"); guard.addPattern("+test*.gif"); - assertTrue(guard.acceptAbsolutePath("test.gif")); - assertTrue(guard.acceptAbsolutePath("mydir/test.gif")); - assertTrue(guard.acceptAbsolutePath("/root/mydir/test.gif")); + assertTrue(guard.accept("test.gif")); + assertTrue(guard.accept("mydir/test.gif")); + assertTrue(guard.accept("/root/mydir/test.gif")); - assertTrue(guard.acceptAbsolutePath("test.giX")); - assertTrue(guard.acceptAbsolutePath("mydir/test.gifABCD")); - assertTrue(guard.acceptAbsolutePath("mydir/testXXX.gif")); + assertTrue(guard.accept("test.giX")); + assertTrue(guard.accept("mydir/test.gifABCD")); + assertTrue(guard.accept("mydir/testXXX.gif")); guard.addPattern("-**/testA.gif"); - assertFalse(guard.acceptAbsolutePath("mydir/testA.gif")); + assertFalse(guard.accept("mydir/testA.gif")); } @Test @@ -112,7 +112,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase tester.getApplication().getResourceSettings().setParentFolderPlaceholder("::"); SecurePackageResourceGuard guard = new SecurePackageResourceGuard(); guard.addPattern("+test*.gif"); - assertTrue(guard.acceptAbsolutePath("../test.gif")); + assertTrue(guard.accept("../test.gif")); } @Test @@ -122,7 +122,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase tester.getApplication().getResourceSettings().setParentFolderPlaceholder(null); SecurePackageResourceGuard guard = new SecurePackageResourceGuard(); guard.addPattern("+test*.gif"); - assertFalse(guard.acceptAbsolutePath("../test.gif")); + assertFalse(guard.accept("../test.gif")); } /** @@ -135,11 +135,11 @@ public class SecurePackageResourceGuardTest extends WicketTestCase guard.getPattern().clear(); guard.addPattern("+mydir/*/*.gif"); - assertFalse(guard.acceptAbsolutePath("test.gif")); - assertFalse(guard.acceptAbsolutePath("mydir/test.gif")); - assertFalse(guard.acceptAbsolutePath("/mydir/test.gif")); - assertTrue(guard.acceptAbsolutePath("mydir/dir2/xxx.gif")); - assertFalse(guard.acceptAbsolutePath("mydir/dir2/dir3/xxx.gif")); + assertFalse(guard.accept("test.gif")); + assertFalse(guard.accept("mydir/test.gif")); + assertFalse(guard.accept("/mydir/test.gif")); + assertTrue(guard.accept("mydir/dir2/xxx.gif")); + assertFalse(guard.accept("mydir/dir2/dir3/xxx.gif")); } /** @@ -152,11 +152,11 @@ public class SecurePackageResourceGuardTest extends WicketTestCase guard.getPattern().clear(); guard.addPattern("+mydir/**/*.gif"); - assertFalse(guard.acceptAbsolutePath("test.gif")); - assertTrue(guard.acceptAbsolutePath("mydir/test.gif")); - assertTrue(guard.acceptAbsolutePath("mydir/dir2/xxx.gif")); - assertTrue(guard.acceptAbsolutePath("mydir/dir2/dir3/xxx.gif")); - assertFalse(guard.acceptAbsolutePath("/mydir/test.gif")); + assertFalse(guard.accept("test.gif")); + assertTrue(guard.accept("mydir/test.gif")); + assertTrue(guard.accept("mydir/dir2/xxx.gif")); + assertTrue(guard.accept("mydir/dir2/dir3/xxx.gif")); + assertFalse(guard.accept("/mydir/test.gif")); } /** @@ -169,14 +169,14 @@ public class SecurePackageResourceGuardTest extends WicketTestCase guard.getPattern().clear(); guard.addPattern("+*my*dir*/*/*.gif"); - assertFalse(guard.acceptAbsolutePath("test.gif")); - assertFalse(guard.acceptAbsolutePath("mydir/test.gif")); - assertTrue(guard.acceptAbsolutePath("mydir/dir2/xxx.gif")); - assertTrue(guard.acceptAbsolutePath("mydirXX/dir2/xxx.gif")); - assertTrue(guard.acceptAbsolutePath("AAmydirXX/dir2/xxx.gif")); - assertTrue(guard.acceptAbsolutePath("myBBdirXX/dir2/xxx.gif")); - assertFalse(guard.acceptAbsolutePath("mydir/dir2/dir3/xxx.gif")); - assertFalse(guard.acceptAbsolutePath("/mydir/test.gif")); + assertFalse(guard.accept("test.gif")); + assertFalse(guard.accept("mydir/test.gif")); + assertTrue(guard.accept("mydir/dir2/xxx.gif")); + assertTrue(guard.accept("mydirXX/dir2/xxx.gif")); + assertTrue(guard.accept("AAmydirXX/dir2/xxx.gif")); + assertTrue(guard.accept("myBBdirXX/dir2/xxx.gif")); + assertFalse(guard.accept("mydir/dir2/dir3/xxx.gif")); + assertFalse(guard.accept("/mydir/test.gif")); } /** @@ -189,14 +189,14 @@ public class SecurePackageResourceGuardTest extends WicketTestCase guard.getPattern().clear(); guard.addPattern("+mydir**/*X/*.gif"); - assertFalse(guard.acceptAbsolutePath("test.gif")); - assertFalse(guard.acceptAbsolutePath("mydir/test.gif")); - assertFalse(guard.acceptAbsolutePath("mydir/dir2/xxx.gif")); - assertTrue(guard.acceptAbsolutePath("mydirAA/dir2X/xxx.gif")); - assertFalse(guard.acceptAbsolutePath("mydirAA/dir2/xxx.gif")); - assertTrue(guard.acceptAbsolutePath("mydir/dir2X/xxx.gif")); - assertFalse(guard.acceptAbsolutePath("mydir/dir2/dir3/xxx.gif")); - assertFalse(guard.acceptAbsolutePath("/mydir/test.gif")); + assertFalse(guard.accept("test.gif")); + assertFalse(guard.accept("mydir/test.gif")); + assertFalse(guard.accept("mydir/dir2/xxx.gif")); + assertTrue(guard.accept("mydirAA/dir2X/xxx.gif")); + assertFalse(guard.accept("mydirAA/dir2/xxx.gif")); + assertTrue(guard.accept("mydir/dir2X/xxx.gif")); + assertFalse(guard.accept("mydir/dir2/dir3/xxx.gif")); + assertFalse(guard.accept("/mydir/test.gif")); } /** @@ -209,22 +209,22 @@ public class SecurePackageResourceGuardTest extends WicketTestCase guard.getPattern().clear(); guard.addPattern("+mydir/**/xxx/**/*.gif"); - assertFalse(guard.acceptAbsolutePath("test.gif")); - assertFalse(guard.acceptAbsolutePath("mydir/test.gif")); - assertTrue(guard.acceptAbsolutePath("mydir/xxx/test.gif")); - assertTrue(guard.acceptAbsolutePath("mydir/dir2/xxx/test.gif")); - assertTrue(guard.acceptAbsolutePath("mydir/dir2/xxx/yyy/test.gif")); - assertTrue(guard.acceptAbsolutePath("mydir/dir1/xxx/test.gif")); - assertTrue(guard.acceptAbsolutePath("mydir/dir1/dir2/xxx/test.gif")); - assertTrue(guard.acceptAbsolutePath("mydir/dir1/xxx/dir3/xxx.gif")); + assertFalse(guard.accept("test.gif")); + assertFalse(guard.accept("mydir/test.gif")); + assertTrue(guard.accept("mydir/xxx/test.gif")); + assertTrue(guard.accept("mydir/dir2/xxx/test.gif")); + assertTrue(guard.accept("mydir/dir2/xxx/yyy/test.gif")); + assertTrue(guard.accept("mydir/dir1/xxx/test.gif")); + assertTrue(guard.accept("mydir/dir1/dir2/xxx/test.gif")); + assertTrue(guard.accept("mydir/dir1/xxx/dir3/xxx.gif")); - assertFalse(guard.acceptAbsolutePath("mydir/dir2/aaa/test.gif")); - assertFalse(guard.acceptAbsolutePath("mydir/dir2/aaa/yyy/test.gif")); - assertFalse(guard.acceptAbsolutePath("mydir/dir1/aaa/test.gif")); - assertFalse(guard.acceptAbsolutePath("mydir/dir1/dir2/aaa/test.gif")); - assertFalse(guard.acceptAbsolutePath("mydir/dir1/aaa/dir3/test.gif")); + assertFalse(guard.accept("mydir/dir2/aaa/test.gif")); + assertFalse(guard.accept("mydir/dir2/aaa/yyy/test.gif")); + assertFalse(guard.accept("mydir/dir1/aaa/test.gif")); + assertFalse(guard.accept("mydir/dir1/dir2/aaa/test.gif")); + assertFalse(guard.accept("mydir/dir1/aaa/dir3/test.gif")); - assertFalse(guard.acceptAbsolutePath("/mydir/test.gif")); + assertFalse(guard.accept("/mydir/test.gif")); } /** @@ -237,12 +237,12 @@ public class SecurePackageResourceGuardTest extends WicketTestCase guard.getPattern().clear(); guard.addPattern("+/**/*.gif"); - assertFalse(guard.acceptAbsolutePath("test.gif")); - assertFalse(guard.acceptAbsolutePath("mydir/test.gif")); - assertFalse(guard.acceptAbsolutePath("mydir/dir2/xxx.gif")); - assertFalse(guard.acceptAbsolutePath("mydir/dir2/dir3/xxx.gif")); - assertTrue(guard.acceptAbsolutePath("/mydir/test.gif")); - assertTrue(guard.acceptAbsolutePath("/mydir/dir2/test.gif")); + assertFalse(guard.accept("test.gif")); + assertFalse(guard.accept("mydir/test.gif")); + assertFalse(guard.accept("mydir/dir2/xxx.gif")); + assertFalse(guard.accept("mydir/dir2/dir3/xxx.gif")); + assertTrue(guard.accept("/mydir/test.gif")); + assertTrue(guard.accept("/mydir/dir2/test.gif")); } /** @@ -256,11 +256,11 @@ public class SecurePackageResourceGuardTest extends WicketTestCase guard.getPattern().clear(); guard.addPattern("+**/*.gif"); - assertTrue(guard.acceptAbsolutePath("test.gif")); - assertTrue(guard.acceptAbsolutePath("mydir/test.gif")); - assertTrue(guard.acceptAbsolutePath("mydir/dir2/xxx.gif")); - assertTrue(guard.acceptAbsolutePath("mydir/dir2/dir3/xxx.gif")); - assertFalse(guard.acceptAbsolutePath("/mydir/test.gif")); + assertTrue(guard.accept("test.gif")); + assertTrue(guard.accept("mydir/test.gif")); + assertTrue(guard.accept("mydir/dir2/xxx.gif")); + assertTrue(guard.accept("mydir/dir2/dir3/xxx.gif")); + assertFalse(guard.accept("/mydir/test.gif")); } /** @@ -273,11 +273,11 @@ public class SecurePackageResourceGuardTest extends WicketTestCase guard.getPattern().clear(); guard.addPattern("+*/*.gif"); - assertFalse(guard.acceptAbsolutePath("test.gif")); - assertTrue(guard.acceptAbsolutePath("mydir/test.gif")); - assertFalse(guard.acceptAbsolutePath("mydir/dir2/xxx.gif")); - assertFalse(guard.acceptAbsolutePath("mydir/dir2/dir3/xxx.gif")); - assertFalse(guard.acceptAbsolutePath("/mydir/test.gif")); + assertFalse(guard.accept("test.gif")); + assertTrue(guard.accept("mydir/test.gif")); + assertFalse(guard.accept("mydir/dir2/xxx.gif")); + assertFalse(guard.accept("mydir/dir2/dir3/xxx.gif")); + assertFalse(guard.accept("/mydir/test.gif")); } /** @@ -290,10 +290,10 @@ public class SecurePackageResourceGuardTest extends WicketTestCase guard.getPattern().clear(); guard.addPattern("+/*/*.gif"); - assertFalse(guard.acceptAbsolutePath("test.gif")); - assertFalse(guard.acceptAbsolutePath("mydir/test.gif")); - assertTrue(guard.acceptAbsolutePath("/mydir/test.gif")); - assertFalse(guard.acceptAbsolutePath("/mydir/dir2/xxx.gif")); - assertFalse(guard.acceptAbsolutePath("/mydir/dir2/dir3/xxx.gif")); + assertFalse(guard.accept("test.gif")); + assertFalse(guard.accept("mydir/test.gif")); + assertTrue(guard.accept("/mydir/test.gif")); + assertFalse(guard.accept("/mydir/dir2/xxx.gif")); + assertFalse(guard.accept("/mydir/dir2/dir3/xxx.gif")); } }
