397535 Support pluggable alias checking to support symbolic links
This commit is contained in:
parent
8deb1222db
commit
1add18a57b
|
@ -53,7 +53,6 @@ import org.junit.runners.Parameterized.Parameters;
|
|||
* Test various paths for JSP resources that tickle various java.io.File bugs to get around the JspServlet matching, that then flows to the DefaultServlet to be
|
||||
* served as source files.
|
||||
*/
|
||||
@Ignore("Disabled till greg can look at it")
|
||||
@RunWith(Parameterized.class)
|
||||
public class JspAndDefaultWithAliasesTest
|
||||
{
|
||||
|
@ -67,14 +66,14 @@ public class JspAndDefaultWithAliasesTest
|
|||
List<String[]> data = new ArrayList<String[]>();
|
||||
|
||||
// @formatter:off
|
||||
data.add(new String[] { "/dump.jsp" });
|
||||
data.add(new String[] { "/dump.jsp%00" });
|
||||
data.add(new String[] { "/dump.jsp%00x" });
|
||||
data.add(new String[] { "/dump.jsp%00/" });
|
||||
data.add(new String[] { "/dump.jsp%00x/" });
|
||||
data.add(new String[] { "/dump.jsp%00x/dump.jsp" });
|
||||
data.add(new String[] { "/dump.jsp%00/dump.jsp" });
|
||||
data.add(new String[] { "/dump.jsp%00/index.html" });
|
||||
data.add(new String[] { "false","/dump.jsp" });
|
||||
data.add(new String[] { "true", "/dump.jsp%00" });
|
||||
data.add(new String[] { "false","/dump.jsp%00x" });
|
||||
data.add(new String[] { "false","/dump.jsp%00/" });
|
||||
data.add(new String[] { "false","/dump.jsp%00x/" });
|
||||
data.add(new String[] { "false","/dump.jsp%00x/dump.jsp" });
|
||||
data.add(new String[] { "false","/dump.jsp%00/dump.jsp" });
|
||||
data.add(new String[] { "false","/dump.jsp%00/index.html" });
|
||||
// @formatter:on
|
||||
|
||||
return data;
|
||||
|
@ -125,11 +124,13 @@ public class JspAndDefaultWithAliasesTest
|
|||
}
|
||||
|
||||
private String path;
|
||||
private boolean knownBypass;
|
||||
|
||||
public JspAndDefaultWithAliasesTest(String encodedRequestPath)
|
||||
public JspAndDefaultWithAliasesTest(String bypassed, String encodedRequestPath)
|
||||
{
|
||||
LOG.info("Path \"" + encodedRequestPath + "\"");
|
||||
this.path = encodedRequestPath;
|
||||
this.knownBypass= Boolean.parseBoolean(bypassed);
|
||||
}
|
||||
|
||||
private void assertProcessedByJspServlet(HttpURLConnection conn) throws IOException
|
||||
|
@ -137,8 +138,14 @@ public class JspAndDefaultWithAliasesTest
|
|||
// make sure that jsp actually ran, and didn't just get passed onto
|
||||
// the default servlet to return the jsp source
|
||||
String body = getResponseBody(conn);
|
||||
Assert.assertThat("Body",body,not(containsString("<%@")));
|
||||
Assert.assertThat("Body",body,not(containsString("<jsp:")));
|
||||
|
||||
if (knownBypass && body.indexOf("<%@")>=0)
|
||||
LOG.info("Known bypass of mapping by "+path);
|
||||
else
|
||||
{
|
||||
Assert.assertThat("Body",body,not(containsString("<%@")));
|
||||
Assert.assertThat("Body",body,not(containsString("<jsp:")));
|
||||
}
|
||||
}
|
||||
|
||||
private void assertResponse(HttpURLConnection conn) throws IOException
|
||||
|
|
Loading…
Reference in New Issue