Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/jetty-9.3.x'

This commit is contained in:
Greg Wilkins 2015-11-18 15:11:17 +11:00
parent ff0d1b4c14 12ec44894b
commit 0d647fc95a
3 changed files with 99 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
jetty-server/src/main/java/org/eclipse/jetty/server/handler/AllowSymLinkAliasChecker.java
View File

@ -69,25 +69,42 @@ public class AllowSymLinkAliasChecker implements AliasCheck
return true;
}
}
// No, so let's check each element ourselves
Path d = path.getRoot();
for (Path e:path)
boolean linked=true;
Path target=path;
int loops=0;
while (linked)
{
d=d.resolve(e);
while (Files.exists(d) && Files.isSymbolicLink(d))
if (++loops>100)
{
Path link=Files.readSymbolicLink(d);
if (!link.isAbsolute())
link=d.resolve(link);
d=link;
if (LOG.isDebugEnabled())
LOG.debug("Too many symlinks {} --> {}",resource,target);
return false;
}
linked=false;
Path d = target.getRoot();
for (Path e:target)
{
Path r=d.resolve(e);
d=r;
while (Files.exists(d) && Files.isSymbolicLink(d))
{
Path link=Files.readSymbolicLink(d);
if (!link.isAbsolute())
link=d.getParent().resolve(link);
d=link;
linked=true;
}
}
target=d;
}
if (pathResource.getAliasPath().equals(d))
if (pathResource.getAliasPath().equals(target))
{
if (LOG.isDebugEnabled())
LOG.debug("Allow path symlink {} --> {}",resource,d);
LOG.debug("Allow path symlink {} --> {}",resource,target);
return true;
}
}

35
jetty-server/src/test/java/org/eclipse/jetty/server/handler/ContextHandlerGetResourceTest.java
View File

@ -85,6 +85,18 @@ public class ContextHandlerGetResourceTest
Files.createSymbolicLink(new File(docroot,"other").toPath(),new File("../transit").toPath());
Files.createSymbolicLink(transit.toPath(),otherroot.toPath());
// /web/logs -> /var/logs -> /media/internal/logs
// where /media/internal -> /media/internal-physical/
new File(docroot,"media/internal-physical/logs").mkdirs();
Files.createSymbolicLink(new File(docroot,"media/internal").toPath(),new File(docroot,"media/internal-physical").toPath());
new File(docroot,"var").mkdir();
Files.createSymbolicLink(new File(docroot,"var/logs").toPath(),new File(docroot,"media/internal/logs").toPath());
new File(docroot,"web").mkdir();
Files.createSymbolicLink(new File(docroot,"web/logs").toPath(),new File(docroot,"var/logs").toPath());
new File(docroot,"media/internal-physical/logs/file.log").createNewFile();
System.err.println("docroot="+docroot);
}
OS_ALIAS_SUPPORTED = new File(sub, "TEXTFI~1.TXT").exists();
@ -383,6 +395,29 @@ public class ContextHandlerGetResourceTest
}
}
@Test
public void testSymlinkNested() throws Exception
{
Assume.assumeTrue(OS.IS_UNIX);
try
{
allowSymlinks.set(true);
final String path="/web/logs/file.log";
Resource resource=context.getResource(path);
assertNotNull(resource);
assertEquals("file.log",resource.getFile().getName());
assertTrue(resource.exists());
}
finally
{
allowSymlinks.set(false);
}
}
@Test
public void testSymlinkUnknown() throws Exception

41
jetty-servlet/src/test/java/org/eclipse/jetty/servlet/DefaultServletTest.java
View File

@ -25,6 +25,7 @@ import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.EnumSet;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@ -409,13 +410,18 @@ public class DefaultServletTest
}
@Test
public void testResourceBase() throws Exception
public void testSymLinks() throws Exception
{
testdir.ensureEmpty();
File resBase = testdir.getPathFile("docroot").toFile();
FS.ensureDirExists(resBase);
File foobar = new File(resBase, "foobar.txt");
File link = new File(resBase, "link.txt");
File dir = new File(resBase,"dir");
File dirLink = new File(resBase,"dirlink");
File dirRLink = new File(resBase,"dirrlink");
FS.ensureDirExists(dir);
File foobar = new File(dir, "foobar.txt");
File link = new File(dir, "link.txt");
File rLink = new File(dir,"rlink.txt");
createFile(foobar, "Foo Bar");
String resBasePath = resBase.getAbsolutePath();
@ -426,20 +432,43 @@ public class DefaultServletTest
String response;
response = connector.getResponses("GET /context/foobar.txt HTTP/1.0\r\n\r\n");
response = connector.getResponses("GET /context/dir/foobar.txt HTTP/1.0\r\n\r\n");
assertResponseContains("Foo Bar", response);
if (!OS.IS_WINDOWS)
{
context.clearAliasChecks();
Files.createSymbolicLink(dirLink.toPath(),dir.toPath());
Files.createSymbolicLink(dirRLink.toPath(),new File("dir").toPath());
Files.createSymbolicLink(link.toPath(),foobar.toPath());
response = connector.getResponses("GET /context/link.txt HTTP/1.0\r\n\r\n");
Files.createSymbolicLink(rLink.toPath(),new File("foobar.txt").toPath());
response = connector.getResponses("GET /context/dir/link.txt HTTP/1.0\r\n\r\n");
assertResponseContains("404", response);
response = connector.getResponses("GET /context/dir/rlink.txt HTTP/1.0\r\n\r\n");
assertResponseContains("404", response);
response = connector.getResponses("GET /context/dirlink/foobar.txt HTTP/1.0\r\n\r\n");
assertResponseContains("404", response);
response = connector.getResponses("GET /context/dirrlink/foobar.txt HTTP/1.0\r\n\r\n");
assertResponseContains("404", response);
response = connector.getResponses("GET /context/dirlink/link.txt HTTP/1.0\r\n\r\n");
assertResponseContains("404", response);
response = connector.getResponses("GET /context/dirrlink/rlink.txt HTTP/1.0\r\n\r\n");
assertResponseContains("404", response);
context.addAliasCheck(new AllowSymLinkAliasChecker());
response = connector.getResponses("GET /context/link.txt HTTP/1.0\r\n\r\n");
response = connector.getResponses("GET /context/dir/link.txt HTTP/1.0\r\n\r\n");
assertResponseContains("Foo Bar", response);
response = connector.getResponses("GET /context/dir/rlink.txt HTTP/1.0\r\n\r\n");
assertResponseContains("Foo Bar", response);
response = connector.getResponses("GET /context/dirlink/foobar.txt HTTP/1.0\r\n\r\n");
assertResponseContains("Foo Bar", response);
response = connector.getResponses("GET /context/dirrlink/foobar.txt HTTP/1.0\r\n\r\n");
assertResponseContains("Foo Bar", response);
response = connector.getResponses("GET /context/dirlink/link.txt HTTP/1.0\r\n\r\n");
assertResponseContains("Foo Bar", response);
response = connector.getResponses("GET /context/dirrlink/link.txt HTTP/1.0\r\n\r\n");
assertResponseContains("Foo Bar", response);
}
}