Issue #6473 - canonicalPath refactor & fix alias check in PathResource
* Reverted %-escape handling for URI query parts.
* Performing canonicalization in ServletContext.getResource(),
and improving alias checking in ContextHandler.getResource().
* Performing canonicalization checks in Resource.addPath() to avoid
navigation above of the root.
* Test added and fixed.
* Various cleanups.
* Improved javadoc and comments
* Compliance mode HttpURI uses UriCompliance.Violation
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>
* fix some spotbug performance map iterations
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* cannot use computeIfAbsent because it is a PathMap
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* enable spotbugs in CI
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
record issues
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
use warning new generation
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
activate errorprone
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
fix Jenkinsfile
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
do not run spotbugs for jetty-runner as we do not want to fix all dependencies bugs :)
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
junit should allow empty results
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
maven console can be use only once...
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
one liner
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
recordissues only once
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
force id
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
aggregate results
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
configure a name for aggregated reports
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
mo more -T3 no need anymore of remote session test profile
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
I want to see what failing tests look like with new report.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
skip spotbugs for jetty-jmh
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
get rid of findbugs as we now have spotbugs
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
Revert "I want to see what failing tests look like with new report."
This reverts commit df0d13e4c53d7461872e1f925ec06bd36e4a66c9.
activate errorProne parser
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
make pmd quiet for CI
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
remove -fae flag and do not display transfer progress
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
try junitParser() to see what it does
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
junit parser is a bad idea...
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
increase timeout
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
no -T2 for javadoc
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
fix skip spotbugs and pmd verbose
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* remove -T options
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* Use File.list and File.walk within a try with resource
The API contract of File.list and File.walk requires them to be closed after use.
* Fix from review
Left out filter
* Fix from review
Factored out deleteFile with better debug
* Fix from review
Can delete files whilst walking
* Fix from review
Restored sweepFile
fixed minor code suggestions
* Fixes#5521 ResourceCollection NPE
Fix constructor and addPath so that all resources in a RC must exist when created.
* Fixes#5521 ResourceCollection NPE
Cleanup the vestiges of non existent directories detected by resource ending in /
* Fixes#5521 ResourceCollection NPE
Revert adding paths ending in / as jar:file resource needs them
* feedback from review
improved javadoc.
* SessionCookieConfig name may be null
Protect against NPE by make a null name in SessionCookieConfig deactive session cookies.
* SessionCookieConfig name may be null
Protect against NPE by make a null name in SessionCookieConfig deactive session cookies.
* SessionCookieConfig name may be null
Protect against NPE by make a null name in SessionCookieConfig deactive session cookies.
* feedback from review
added static method to convert null name to default.
* Issue #5357 - Updating to https://eclipse.org/
- Removing redundant <url> refs in pom.xml
- Correcting bad indenting from merge
- Correcting mailing list references
- Correcting bugs.eclipse.org references
- Correcting text file references
- Correcting html references
- Correcting further references
- Correcting download.eclipse.org reference
- Adding test for demo-base /proxy/current/
- Ensuring jetty-client is included in javadoc-proxy.war/WEB-INF/lib
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ Cleanup of test-servlet-spec webapp
+ Removing unused methods
+ Commented System.err.println moved to java.util.logging
+ General checkstyle cleanup (empty lines, spacing, etc)
+ Eliminate bogus WebApp LIB ordering tests.
+ No ClassLoader has a order guarantee.
+ Moving HttpSessionListenerTest contents to existing SessionListenerTest
+ Cleanup of SessionListenerTest with eye to resource cleanup
+ Removing ServletContextListenerTest as it duplicates tests
+ Restoring WebAppClassLoaderTest test method
+ `ordering()` is now `testClashingResource()` and properly
tests assumptions when dealing with a ClassLoader.
The old test assumed guaranteed order from a ClassLoader,
which is not a feature of any Java ClassLoader.
Especially so for URLClassLoader.
+ Restoring clashing resource test
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ Reverting name ResourceFactory.newResource(String)
to .getResource(String)
+ Reintroducing Resource.getResource(String)
+ ResourceHandler.getResource(String) cleaned up
in light of Exception handling requirement
+ Resource.addPath(String) implementations can
never return null now
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ Now parsed by WebAppContext into List<Resource>
+ Reintroduced Resource.fromList
+ Refactored ResourceFactory to never return null
and always throw an exception if unable to
get/create/resolve the Resource
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ Introduce new Resource.fromReferences to help with
parsing delimited resource reference lists.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ More tests for both relative and absolute path references
+ More testing that will trigger quirks on Windows builds
so that we can catch regressions faster
+ Reworked WebInfConfiguration to be glob aware in a way
similar to how WebAppClassLoader behaves.
+ Reworked Resource.newResource(String) to delegate
canonical path resolution to PathResource
+ Guarded PathResource's usage of Path.toAbsolutePath()
to ignore valid conditions where the Path cannot be
resolved to an absolute path (yet)
+ Normalize resolved paths in PathResource
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>