397535 Support pluggable alias checking to support symbolic links

This commit is contained in:
Greg Wilkins 2013-01-10 13:23:11 +11:00
parent 8deb1222db
commit 1add18a57b
1 changed files with 20 additions and 13 deletions

View File

@ -53,7 +53,6 @@ import org.junit.runners.Parameterized.Parameters;
* Test various paths for JSP resources that tickle various java.io.File bugs to get around the JspServlet matching, that then flows to the DefaultServlet to be
* served as source files.
*/
@Ignore("Disabled till greg can look at it")
@RunWith(Parameterized.class)
public class JspAndDefaultWithAliasesTest
{
@ -67,14 +66,14 @@ public class JspAndDefaultWithAliasesTest
List<String[]> data = new ArrayList<String[]>();
// @formatter:off
data.add(new String[] { "/dump.jsp" });
data.add(new String[] { "/dump.jsp%00" });
data.add(new String[] { "/dump.jsp%00x" });
data.add(new String[] { "/dump.jsp%00/" });
data.add(new String[] { "/dump.jsp%00x/" });
data.add(new String[] { "/dump.jsp%00x/dump.jsp" });
data.add(new String[] { "/dump.jsp%00/dump.jsp" });
data.add(new String[] { "/dump.jsp%00/index.html" });
data.add(new String[] { "false","/dump.jsp" });
data.add(new String[] { "true", "/dump.jsp%00" });
data.add(new String[] { "false","/dump.jsp%00x" });
data.add(new String[] { "false","/dump.jsp%00/" });
data.add(new String[] { "false","/dump.jsp%00x/" });
data.add(new String[] { "false","/dump.jsp%00x/dump.jsp" });
data.add(new String[] { "false","/dump.jsp%00/dump.jsp" });
data.add(new String[] { "false","/dump.jsp%00/index.html" });
// @formatter:on
return data;
@ -125,11 +124,13 @@ public class JspAndDefaultWithAliasesTest
}
private String path;
private boolean knownBypass;
public JspAndDefaultWithAliasesTest(String encodedRequestPath)
public JspAndDefaultWithAliasesTest(String bypassed, String encodedRequestPath)
{
LOG.info("Path \"" + encodedRequestPath + "\"");
this.path = encodedRequestPath;
this.knownBypass= Boolean.parseBoolean(bypassed);
}
private void assertProcessedByJspServlet(HttpURLConnection conn) throws IOException
@ -137,8 +138,14 @@ public class JspAndDefaultWithAliasesTest
// make sure that jsp actually ran, and didn't just get passed onto
// the default servlet to return the jsp source
String body = getResponseBody(conn);
Assert.assertThat("Body",body,not(containsString("<%@")));
Assert.assertThat("Body",body,not(containsString("<jsp:")));
if (knownBypass && body.indexOf("<%@")>=0)
LOG.info("Known bypass of mapping by "+path);
else
{
Assert.assertThat("Body",body,not(containsString("<%@")));
Assert.assertThat("Body",body,not(containsString("<jsp:")));
}
}
private void assertResponse(HttpURLConnection conn) throws IOException
@ -158,7 +165,7 @@ public class JspAndDefaultWithAliasesTest
public void testGetReference() throws Exception
{
URI uri = serverURI.resolve(path);
HttpURLConnection conn = null;
try
{