resolve protected targets every time

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
This commit is contained in:
Lachlan Roberts 2024-01-17 00:16:08 +11:00
parent aaaf7aa67b
commit c3cc4c7092
1 changed files with 6 additions and 12 deletions

View File

@ -45,7 +45,7 @@ public class AllowedResourceAliasChecker extends AbstractLifeCycle implements Al
private final ContextHandler _contextHandler; private final ContextHandler _contextHandler;
private final Supplier<Resource> _resourceBaseSupplier; private final Supplier<Resource> _resourceBaseSupplier;
private final List<Resource> _protected = new ArrayList<>(); private final List<String> _protected = new ArrayList<>();
private final AllowedResourceAliasCheckListener _listener = new AllowedResourceAliasCheckListener(); private final AllowedResourceAliasCheckListener _listener = new AllowedResourceAliasCheckListener();
private boolean _initialized; private boolean _initialized;
protected Resource _baseResource; protected Resource _baseResource;
@ -92,16 +92,7 @@ public class AllowedResourceAliasChecker extends AbstractLifeCycle implements Al
{ {
String[] protectedTargets = getProtectedTargets(); String[] protectedTargets = getProtectedTargets();
if (protectedTargets != null) if (protectedTargets != null)
{ _protected.addAll(Arrays.asList(protectedTargets));
for (String s : protectedTargets)
{
Resource p = _baseResource.resolve(s);
// TODO: we still want to include the protected target if it does not exist.
if (p == null)
continue;
_protected.add(p);
}
}
} }
catch (Throwable t) catch (Throwable t)
{ {
@ -193,8 +184,11 @@ public class AllowedResourceAliasChecker extends AbstractLifeCycle implements Al
return true; return true;
// If the path is the same file as any protected resources, then it is protected. // If the path is the same file as any protected resources, then it is protected.
for (Resource p : _protected) for (String protectedTarget : _protected)
{ {
Resource p = _baseResource.resolve(protectedTarget);
if (p == null)
continue;
for (Resource r : p) for (Resource r : p)
{ {
if (isSameFile(path, r.getPath())) if (isSameFile(path, r.getPath()))