Hibernate
/
hibernate-orm
mirror of https://github.com/hibernate/hibernate-orm
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

HHH-15033 Restrict JNDI lookups to "java" scheme

This commit is contained in:
Sanne Grinovero 2022-01-04 16:54:13 +00:00
parent 157716095a
commit 30b0ad267e
2 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
hibernate-core/src/main/java/org/hibernate/engine/jndi/JndiException.java
View File

@ -22,4 +22,14 @@ public class JndiException extends HibernateException {
public JndiException(String message, Throwable cause) {
super( message, cause );
}
/**
* Constructs a JndiException
*
* @param message Message explaining the exception condition
*/
public JndiException(String message) {
super( message );
}
}

12
hibernate-core/src/main/java/org/hibernate/engine/jndi/internal/JndiServiceImpl.java
View File

@ -6,6 +6,8 @@
*/
package org.hibernate.engine.jndi.internal;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Hashtable;
import java.util.Map;
import java.util.Properties;
@ -114,6 +116,16 @@ public class JndiServiceImpl implements JndiService {
}
private Name parseName(String jndiName, Context context) {
try {
final URI uri = new URI( jndiName );
final String scheme = uri.getScheme();
if ( scheme != null && (! "java".equals( scheme ) ) ) {
throw new JndiException( "JNDI lookups for scheme '" + scheme + "' are not allowed" );
}
}
catch (URISyntaxException e) {
//Ok
}
try {
return context.getNameParser( "" ).parse( jndiName );
}