Author: markt
Date: Thu Oct 16 13:44:18 2014
New Revision: 1632307
URL: http://svn.apache.org/r1632307
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=57099
Ensure that semi-colons are not permitted in JSP import page directives.
Added:
tomcat/trunk/test/org/apache/jasper/compiler/TestNode.java (with props)
Modified:
tomcat/trunk/java/org/apache/jasper/compiler/Node.java
tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/jasper/compiler/Node.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/compiler/Node.java?rev=1632307&r1=1632306&r2=1632307&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/compiler/Node.java (original)
+++ tomcat/trunk/java/org/apache/jasper/compiler/Node.java Thu Oct 16 13:44:18
2014
@@ -583,20 +583,35 @@ abstract class Node implements TagConsta
int start = 0;
int index;
while ((index = value.indexOf(',', start)) != -1) {
- imports.add(value.substring(start, index).trim());
+ imports.add(validateImport(value.substring(start, index)));
start = index + 1;
}
if (start == 0) {
// No comma found
- imports.add(value.trim());
+ imports.add(validateImport(value));
} else {
- imports.add(value.substring(start).trim());
+ imports.add(validateImport(value.substring(start)));
}
}
public List<String> getImports() {
return imports;
}
+
+ /**
+ * Just need enough validation to make sure nothing strange is going
on.
+ * The compiler will validate this thoroughly when it tries to compile
+ * the resulting .java file.
+ */
+ private String validateImport(String importEntry) {
+ // This should either be a fully-qualified class name or a package
+ // name with a wildcard
+ if (importEntry.indexOf(';') > -1) {
+ throw new IllegalArgumentException(
+ Localizer.getMessage("jsp.error.page.invaild.import"));
+ }
+ return importEntry.trim();
+ }
}
/**
Modified: tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties?rev=1632307&r1=1632306&r2=1632307&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties
(original)
+++ tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties Thu
Oct 16 13:44:18 2014
@@ -38,6 +38,7 @@ jsp.error.page.invalid.buffer=Page direc
jsp.error.page.conflict.autoflush=Page directive: illegal to have multiple
occurrences of 'autoFlush' with different values (old: {0}, new: {1})
jsp.error.page.conflict.isthreadsafe=Page directive: illegal to have multiple
occurrences of 'isThreadSafe' with different values (old: {0}, new: {1})
jsp.error.page.invalid.isthreadsafe=Page directive: invalid value for
isThreadSafe
+jsp.error.page.invaild.import=Page directive: invalid value for import
jsp.error.page.conflict.info=Page directive: illegal to have multiple
occurrences of 'info' with different values (old: {0}, new: {1})
jsp.error.page.invalid.info=Page directive: invalid value for info
jsp.error.page.conflict.iserrorpage=Page directive: illegal to have multiple
occurrences of 'isErrorPage' with different values (old: {0}, new: {1})
Added: tomcat/trunk/test/org/apache/jasper/compiler/TestNode.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/jasper/compiler/TestNode.java?rev=1632307&view=auto
==============================================================================
--- tomcat/trunk/test/org/apache/jasper/compiler/TestNode.java (added)
+++ tomcat/trunk/test/org/apache/jasper/compiler/TestNode.java Thu Oct 16
13:44:18 2014
@@ -0,0 +1,73 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jasper.compiler;
+
+import java.util.List;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import org.apache.jasper.compiler.Node.PageDirective;
+
+public class TestNode {
+
+ /*
+ * https://issues.apache.org/bugzilla/show_bug.cgi?id=57099
+ */
+ @Test(expected=IllegalArgumentException.class)
+ public void testPageDirectiveImport01() {
+ doTestPageDirectiveImport("java.io.*;\r\n\timport java.net.*");
+ }
+
+ @Test
+ public void testPageDirectiveImport02() {
+ doTestPageDirectiveImport("a,b,c");
+ }
+
+ @Test
+ public void testPageDirectiveImport03() {
+ doTestPageDirectiveImport(" a , b , c ");
+ }
+
+ @Test
+ public void testPageDirectiveImport04() {
+ doTestPageDirectiveImport(" a\n , \r\nb , \nc\r ");
+ }
+
+ @Test
+ public void testPageDirectiveImport05() {
+
doTestPageDirectiveImport("java.util.List,java.util.ArrayList,java.util.Set");
+ }
+
+ @Test(expected=IllegalArgumentException.class)
+ public void testPageDirectiveImport06() {
+ doTestPageDirectiveImport("java.util.List;import java.util.ArrayList;
import java.util.Set");
+ }
+
+ @Test
+ public void testPageDirectiveImport07() {
+ doTestPageDirectiveImport("java
.\nutil.List,java.util.ArrayList,java.util.Set");
+ }
+
+ private void doTestPageDirectiveImport(String importDirective) {
+ PageDirective pd = new PageDirective(null, null, null);
+ pd.addImport(importDirective);
+ List<String> imports = pd.getImports();
+
+ Assert.assertEquals(3, imports.size());
+ }
+}
Propchange: tomcat/trunk/test/org/apache/jasper/compiler/TestNode.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1632307&r1=1632306&r2=1632307&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Thu Oct 16 13:44:18 2014
@@ -161,6 +161,14 @@
</scode>
</changelog>
</subsection>
+ <subsection name="Jasper">
+ <changelog>
+ <fix>
+ <bug>57099</bug>: Ensure that semi-colons are not permitted in JSP
+ import page directives. (markt)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Cluster">
<changelog>
<fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
