mirror of https://github.com/apache/lucene.git
LUCENE-5072: Automatically patch javadocs generated by JDK versions before 7u25 to work around the frame injection vulnerability (CVE-2013-1571, VU#225657)
git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1495954 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
6ae55f1417
commit
084d39ce19
|
@ -263,6 +263,10 @@ Build
|
||||||
forbidden-api signatures, and parts of resources folders. (Ryan Ernst,
|
forbidden-api signatures, and parts of resources folders. (Ryan Ernst,
|
||||||
Uwe Schindler)
|
Uwe Schindler)
|
||||||
|
|
||||||
|
* LUCENE-5072: Automatically patch javadocs generated by JDK versions
|
||||||
|
before 7u25 to work around the frame injection vulnerability (CVE-2013-1571,
|
||||||
|
VU#225657). (Uwe Schindler)
|
||||||
|
|
||||||
Tests
|
Tests
|
||||||
|
|
||||||
* LUCENE-4901: TestIndexWriterOnJRECrash should work on any
|
* LUCENE-4901: TestIndexWriterOnJRECrash should work on any
|
||||||
|
|
|
@ -1816,7 +1816,69 @@ ${tests-output}/junit4-*.suites - per-JVM executed suites
|
||||||
</condition>
|
</condition>
|
||||||
</fail>
|
</fail>
|
||||||
|
|
||||||
|
<patch-javadoc dir="@{destdir}" docencoding="${javadoc.charset}"/>
|
||||||
|
</sequential>
|
||||||
|
</macrodef>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Patch frame injection bugs in javadoc generated files - see CVE-2013-1571, http://www.kb.cert.org/vuls/id/225657
|
||||||
|
|
||||||
|
Feel free to use this macro in your own Ant build file. This macro works together with the javadoc task on Ant
|
||||||
|
and should be invoked directly after its execution to patch broken javadocs, e.g.:
|
||||||
|
<patch-javadoc dir="..." docencoding="UTF-8"/>
|
||||||
|
Please make sure that the docencoding parameter uses the same charset like javadoc's docencoding. Default
|
||||||
|
is the platform default encoding (like the javadoc task).
|
||||||
|
The specified dir is the destination directory of the javadoc task.
|
||||||
|
-->
|
||||||
|
<macrodef name="patch-javadoc">
|
||||||
|
<attribute name="dir"/>
|
||||||
|
<attribute name="docencoding" default="${file.encoding}"/>
|
||||||
|
<sequential>
|
||||||
|
<replace encoding="@{docencoding}" summary="true" taskname="patch-javadoc">
|
||||||
|
<restrict>
|
||||||
|
<fileset dir="@{dir}" casesensitive="false" includes="**/index.html,**/index.htm,**/toc.html,**/toc.htm"/>
|
||||||
|
<!-- TODO: add encoding="@{docencoding}" to contains check, when we are on ANT 1.9.0: -->
|
||||||
|
<not><contains text="function validURL(url) {" casesensitive="true" /></not>
|
||||||
|
</restrict>
|
||||||
|
<replacetoken><![CDATA[function loadFrames() {]]></replacetoken>
|
||||||
|
<replacevalue expandProperties="false"><![CDATA[if (targetPage != "" && !validURL(targetPage))
|
||||||
|
targetPage = "undefined";
|
||||||
|
function validURL(url) {
|
||||||
|
var pos = url.indexOf(".html");
|
||||||
|
if (pos == -1 || pos != url.length - 5)
|
||||||
|
return false;
|
||||||
|
var allowNumber = false;
|
||||||
|
var allowSep = false;
|
||||||
|
var seenDot = false;
|
||||||
|
for (var i = 0; i < url.length - 5; i++) {
|
||||||
|
var ch = url.charAt(i);
|
||||||
|
if ('a' <= ch && ch <= 'z' ||
|
||||||
|
'A' <= ch && ch <= 'Z' ||
|
||||||
|
ch == '$' ||
|
||||||
|
ch == '_') {
|
||||||
|
allowNumber = true;
|
||||||
|
allowSep = true;
|
||||||
|
} else if ('0' <= ch && ch <= '9'
|
||||||
|
|| ch == '-') {
|
||||||
|
if (!allowNumber)
|
||||||
|
return false;
|
||||||
|
} else if (ch == '/' || ch == '.') {
|
||||||
|
if (!allowSep)
|
||||||
|
return false;
|
||||||
|
allowNumber = false;
|
||||||
|
allowSep = false;
|
||||||
|
if (ch == '.')
|
||||||
|
seenDot = true;
|
||||||
|
if (ch == '/' && seenDot)
|
||||||
|
return false;
|
||||||
|
} else {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
function loadFrames() {]]></replacevalue>
|
||||||
|
</replace>
|
||||||
</sequential>
|
</sequential>
|
||||||
</macrodef>
|
</macrodef>
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue