Author: markt
Date: Mon Aug 17 14:07:49 2015
New Revision: 1696280
URL: http://svn.apache.org/r1696280
Log:
Fix Javadoc
Separate test cases into separate test methods and add some additional tests.
Clean up the code and fix a couple of edge cases
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/RequestUtil.java
tomcat/trunk/test/org/apache/tomcat/util/http/TestRequestUtil.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/RequestUtil.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/RequestUtil.java?rev=1696280&r1=1696279&r2=1696280&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/RequestUtil.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/RequestUtil.java Mon Aug 17
14:07:49 2015
@@ -30,6 +30,9 @@ public class RequestUtil {
* try to perform security checks for malicious input.
*
* @param path Relative path to be normalized
+ *
+ * @return The normalized path or <code>null</code> of the path cannot be
+ * normalized
*/
public static String normalize(String path) {
return normalize(path, true);
@@ -44,11 +47,15 @@ public class RequestUtil {
*
* @param path Relative path to be normalized
* @param replaceBackSlash Should '\\' be replaced with '/'
+ *
+ * @return The normalized path or <code>null</code> of the path cannot be
+ * normalized
*/
public static String normalize(String path, boolean replaceBackSlash) {
- if (path == null)
+ if (path == null) {
return null;
+ }
// Create a place for the normalized path
String normalized = path;
@@ -56,44 +63,50 @@ public class RequestUtil {
if (replaceBackSlash && normalized.indexOf('\\') >= 0)
normalized = normalized.replace('\\', '/');
- if (normalized.equals("/."))
- return "/";
-
// Add a leading "/" if necessary
if (!normalized.startsWith("/"))
normalized = "/" + normalized;
+ if (normalized.equals("/.")) {
+ return "/";
+ }
+
+ if (normalized.equals("/..")) {
+ return null; // Trying to go outside our context
+ }
+
// Resolve occurrences of "//" in the normalized path
while (true) {
int index = normalized.indexOf("//");
- if (index < 0)
+ if (index < 0) {
break;
- normalized = normalized.substring(0, index) +
- normalized.substring(index + 1);
+ }
+ normalized = normalized.substring(0, index) +
normalized.substring(index + 1);
}
// Resolve occurrences of "/./" in the normalized path
while (true) {
int index = normalized.indexOf("/./");
- if (index < 0)
+ if (index < 0) {
break;
- normalized = normalized.substring(0, index) +
- normalized.substring(index + 2);
+ }
+ normalized = normalized.substring(0, index) +
normalized.substring(index + 2);
}
// Resolve occurrences of "/../" in the normalized path
while (true) {
int index = normalized.indexOf("/../");
- if (index < 0)
+ if (index < 0) {
break;
- if (index == 0)
- return (null); // Trying to go outside our context
+ }
+ if (index == 0) {
+ return null; // Trying to go outside our context
+ }
int index2 = normalized.lastIndexOf('/', index - 1);
- normalized = normalized.substring(0, index2) +
- normalized.substring(index + 3);
+ normalized = normalized.substring(0, index2) +
normalized.substring(index + 3);
}
// Return the normalized path that we have completed
- return (normalized);
+ return normalized;
}
}
Modified: tomcat/trunk/test/org/apache/tomcat/util/http/TestRequestUtil.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestRequestUtil.java?rev=1696280&r1=1696279&r2=1696280&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/http/TestRequestUtil.java
(original)
+++ tomcat/trunk/test/org/apache/tomcat/util/http/TestRequestUtil.java Mon Aug
17 14:07:49 2015
@@ -23,11 +23,71 @@ import org.junit.Test;
public class TestRequestUtil {
@Test
- public void testNormalizeString() {
- assertEquals("/something",RequestUtil.normalize("//something"));
- assertEquals("/some/thing",RequestUtil.normalize("some//thing"));
- assertEquals("/something/",RequestUtil.normalize("something//"));
- assertEquals("/",RequestUtil.normalize("//"));
+ public void testNormalize01() {
+ doTestNormalize("//something", "/something");
}
+ @Test
+ public void testNormalize02() {
+ doTestNormalize("some//thing", "/some/thing");
+ }
+
+ @Test
+ public void testNormalize03() {
+ doTestNormalize("something//", "/something/");
+ }
+
+ @Test
+ public void testNormalize04() {
+ doTestNormalize("//", "/");
+ }
+
+ @Test
+ public void testNormalize05() {
+ doTestNormalize("//", "/");
+ }
+
+ @Test
+ public void testNormalize06() {
+ doTestNormalize("///", "/");
+ }
+
+ @Test
+ public void testNormalize07() {
+ doTestNormalize("////", "/");
+ }
+
+ @Test
+ public void testNormalize08() {
+ doTestNormalize("/.", "/");
+ }
+
+ @Test
+ public void testNormalize09() {
+ doTestNormalize("/./", "/");
+ }
+
+ @Test
+ public void testNormalize10() {
+ doTestNormalize(".", "/");
+ }
+
+ @Test
+ public void testNormalize11() {
+ doTestNormalize("/..", null);
+ }
+
+ @Test
+ public void testNormalize12() {
+ doTestNormalize("/../", null);
+ }
+
+ @Test
+ public void testNormalize13() {
+ doTestNormalize("..", null);
+ }
+
+ private void doTestNormalize(String input, String expected) {
+ assertEquals(expected,RequestUtil.normalize(input));
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
