Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'jetty-9.4.x' into jetty-10.0.x

This commit is contained in:
olivier lamy 2019-09-11 17:23:38 +10:00
parent 5a5320c551 37f96bdf2b
commit 3de6d6f6e7
2 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
jetty-http/src/main/java/org/eclipse/jetty/http/pathmap/ServletPathSpec.java
View File

@ -20,9 +20,14 @@ package org.eclipse.jetty.http.pathmap;
import org.eclipse.jetty.util.StringUtil; import org.eclipse.jetty.util.StringUtil;
import org.eclipse.jetty.util.URIUtil; import org.eclipse.jetty.util.URIUtil;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
public class ServletPathSpec extends PathSpec public class ServletPathSpec extends PathSpec
{ {
private static final Logger LOG = Log.getLogger(ServletPathSpec.class);
/** /**
* If a servlet or filter path mapping isn't a suffix mapping, ensure * If a servlet or filter path mapping isn't a suffix mapping, ensure
* it starts with '/' * it starts with '/'
@ -213,13 +218,13 @@ public class ServletPathSpec extends PathSpec
super.pathDepth = 0; super.pathDepth = 0;
char lastChar = servletPathSpec.charAt(specLength - 1); char lastChar = servletPathSpec.charAt(specLength - 1);
// prefix based // prefix based
if ((servletPathSpec.charAt(0) == '/') && (specLength > 1) && (lastChar == '*')) if (servletPathSpec.charAt(0) == '/' && servletPathSpec.endsWith("/*"))
{ {
this.group = PathSpecGroup.PREFIX_GLOB; this.group = PathSpecGroup.PREFIX_GLOB;
this.prefix = servletPathSpec.substring(0, specLength - 2); this.prefix = servletPathSpec.substring(0, specLength - 2);
} }
// suffix based // suffix based
else if (servletPathSpec.charAt(0) == '*') else if (servletPathSpec.charAt(0) == '*' && servletPathSpec.length() > 1)
{ {
this.group = PathSpecGroup.SUFFIX_GLOB; this.group = PathSpecGroup.SUFFIX_GLOB;
this.suffix = servletPathSpec.substring(2, specLength); this.suffix = servletPathSpec.substring(2, specLength);
@ -228,6 +233,11 @@ public class ServletPathSpec extends PathSpec
{ {
this.group = PathSpecGroup.EXACT; this.group = PathSpecGroup.EXACT;
this.prefix = servletPathSpec; this.prefix = servletPathSpec;
if (servletPathSpec.endsWith("*") )
{
LOG.warn("Suspicious URL pattern: '{}'; see sections 12.1 and 12.2 of the Servlet specification",
servletPathSpec);
}
} }
for (int i = 0; i < specLength; i++) for (int i = 0; i < specLength; i++)
@ -276,11 +286,6 @@ public class ServletPathSpec extends PathSpec
{ {
throw new IllegalArgumentException("Servlet Spec 12.2 violation: glob '*' can only exist at end of prefix based matches: bad spec \"" + servletPathSpec + "\""); throw new IllegalArgumentException("Servlet Spec 12.2 violation: glob '*' can only exist at end of prefix based matches: bad spec \"" + servletPathSpec + "\"");
} }
if (idx < 1 || servletPathSpec.charAt(idx - 1) != '/')
{
throw new IllegalArgumentException("Servlet Spec 12.2 violation: suffix glob '*' can only exist after '/': bad spec \"" + servletPathSpec + "\"");
}
} }
else if (servletPathSpec.startsWith("*.")) else if (servletPathSpec.startsWith("*."))
{ {

3
jetty-http/src/test/java/org/eclipse/jetty/http/pathmap/PathMappingsTest.java
View File

@ -231,6 +231,8 @@ public class PathMappingsTest
assertTrue(!new ServletPathSpec("/foo/*").matches("/bar/anything"), "!match /foo/*"); assertTrue(!new ServletPathSpec("/foo/*").matches("/bar/anything"), "!match /foo/*");
assertTrue(new ServletPathSpec("*.foo").matches("anything.foo"), "match *.foo"); assertTrue(new ServletPathSpec("*.foo").matches("anything.foo"), "match *.foo");
assertTrue(!new ServletPathSpec("*.foo").matches("anything.bar"), "!match *.foo"); assertTrue(!new ServletPathSpec("*.foo").matches("anything.bar"), "!match *.foo");
assertTrue(new ServletPathSpec("/On*").matches("/On*"), "match /On*");
assertTrue(!new ServletPathSpec("/On*").matches("/One"), "!match /One");
assertEquals("10", p.getMatch("/").getResource(), "match / with ''"); assertEquals("10", p.getMatch("/").getResource(), "match / with ''");
@ -287,7 +289,6 @@ public class PathMappingsTest
@ValueSource(strings = { @ValueSource(strings = {
"*", "*",
"/foo/*/bar", "/foo/*/bar",
"/foo*",
"*/foo", "*/foo",
"*.foo/*" "*.foo/*"
}) })