Handled other special chars edge cases

3c2e7690 · Sonia Zorba · a9ec1449 · 3c2e7690 · 3c2e7690
Commit 3c2e7690 authored 4 years ago by Sonia Zorba
--- a/src/main/java/it/inaf/oats/vospace/datamodel/NodeUtils.java
+++ b/src/main/java/it/inaf/oats/vospace/datamodel/NodeUtils.java
@@ -18,7 +18,7 @@ public class NodeUtils {
     * characters are allowed. Front end needs to pay attention to other allowed
     * characters like & and parenthesis in any case, also to avoid XSS attacks.
     */
-    private static final Pattern FORBIDDEN_CHARS = Pattern.compile("[\\x00\\x08\\x0B\\x0C\\x0E-\\x1F" + Pattern.quote("<>?\":\\|'*") + "]");
+    private static final Pattern FORBIDDEN_CHARS = Pattern.compile("[\\x00\\x08\\x0B\\x0C\\x0E-\\x1F" + Pattern.quote("<>?\":\\|/'`*") + "]");

    /**
     * Slash is a special character in defining REST endpoints and trying to
@@ -54,7 +54,7 @@ public class NodeUtils {
    public static String urlEncodePath(String path) {
        String[] parts = path.split("/");
        return String.join("/", Arrays.stream(parts)
-                .map(p -> URLEncoder.encode(p, StandardCharsets.UTF_8))
+                .map(p -> URLEncoder.encode(p, StandardCharsets.UTF_8).replace("+", "%20"))
                .collect(Collectors.toList()));
    }


--- a/src/test/java/it/inaf/oats/vospace/datamodel/NodeUtilsTest.java
+++ b/src/test/java/it/inaf/oats/vospace/datamodel/NodeUtilsTest.java
@@ -16,15 +16,15 @@ public class NodeUtilsTest {
    @Test
    public void testGetPathWithSpacesFromRequestURLString() {

-        String requestUrl = "http://localhost/vospace/nodes/a/b/c%20d%20%C3%A4.pdf";
-        assertEquals("/a/b/c d ä.pdf", NodeUtils.getPathFromRequestURLString(requestUrl));
+        String requestUrl = "http://localhost/vospace/nodes/a/b/c%20d%20%C3%A4+%2B.pdf";
+        assertEquals("/a/b/c d ä +.pdf", NodeUtils.getPathFromRequestURLString(requestUrl));
    }

    @Test
    public void testEncodePathSpecialChars() {

        String specialChars = "ä è#+ /other/+-ò@";
-        assertEquals("%C3%A4+%C3%A8%23%2B+/other/%2B-%C3%B2%40", NodeUtils.urlEncodePath(specialChars));
+        assertEquals("%C3%A4%20%C3%A8%23%2B%20/other/%2B-%C3%B2%40", NodeUtils.urlEncodePath(specialChars));
    }

    @Test
@@ -41,6 +41,11 @@ public class NodeUtilsTest {
    public void testIllegalQuotes() {
        testIllegalChars("\"'.pdf");
    }
+    
+    @Test
+    public void testIllegalSlashEncoded() {
+        testIllegalChars("%2F.pdf");
+    }

    private void testIllegalChars(String illegalString) {
        boolean exception = false;