Skip to content
Snippets Groups Projects
Commit 3c2e7690 authored by Sonia Zorba's avatar Sonia Zorba
Browse files

Handled other special chars edge cases

parent a9ec1449
No related branches found
No related tags found
No related merge requests found
Pipeline #1011 passed
Stage: build
Stage: test
Stage: deploy
Hide whitespace changes
Inline Side-by-side
src/main/java/it/inaf/oats/vospace/datamodel/NodeUtils.java
+ 2
2
View file @ 3c2e7690
...@@ -18,7 +18,7 @@ public class NodeUtils { ...@@ -18,7 +18,7 @@ public class NodeUtils {
* characters are allowed. Front end needs to pay attention to other allowed * characters are allowed. Front end needs to pay attention to other allowed
* characters like & and parenthesis in any case, also to avoid XSS attacks. * characters like & and parenthesis in any case, also to avoid XSS attacks.
*/ */
private static final Pattern FORBIDDEN_CHARS = Pattern.compile("[\\x00\\x08\\x0B\\x0C\\x0E-\\x1F" + Pattern.quote("<>?\":\\|'*") + "]"); private static final Pattern FORBIDDEN_CHARS = Pattern.compile("[\\x00\\x08\\x0B\\x0C\\x0E-\\x1F" + Pattern.quote("<>?\":\\|/'`*") + "]");
/** /**
* Slash is a special character in defining REST endpoints and trying to * Slash is a special character in defining REST endpoints and trying to
...@@ -54,7 +54,7 @@ public class NodeUtils { ...@@ -54,7 +54,7 @@ public class NodeUtils {
public static String urlEncodePath(String path) { public static String urlEncodePath(String path) {
String[] parts = path.split("/"); String[] parts = path.split("/");
return String.join("/", Arrays.stream(parts) return String.join("/", Arrays.stream(parts)
.map(p -> URLEncoder.encode(p, StandardCharsets.UTF_8)) .map(p -> URLEncoder.encode(p, StandardCharsets.UTF_8).replace("+", "%20"))
.collect(Collectors.toList())); .collect(Collectors.toList()));
} }
......
src/test/java/it/inaf/oats/vospace/datamodel/NodeUtilsTest.java
+ 8
3
View file @ 3c2e7690
...@@ -16,15 +16,15 @@ public class NodeUtilsTest { ...@@ -16,15 +16,15 @@ public class NodeUtilsTest {
@Test @Test
public void testGetPathWithSpacesFromRequestURLString() { public void testGetPathWithSpacesFromRequestURLString() {
String requestUrl = "http://localhost/vospace/nodes/a/b/c%20d%20%C3%A4.pdf"; String requestUrl = "http://localhost/vospace/nodes/a/b/c%20d%20%C3%A4+%2B.pdf";
assertEquals("/a/b/c d ä.pdf", NodeUtils.getPathFromRequestURLString(requestUrl)); assertEquals("/a/b/c d ä +.pdf", NodeUtils.getPathFromRequestURLString(requestUrl));
} }
@Test @Test
public void testEncodePathSpecialChars() { public void testEncodePathSpecialChars() {
String specialChars = "ä è#+ /other/+-ò@"; String specialChars = "ä è#+ /other/+-ò@";
assertEquals("%C3%A4+%C3%A8%23%2B+/other/%2B-%C3%B2%40", NodeUtils.urlEncodePath(specialChars)); assertEquals("%C3%A4%20%C3%A8%23%2B%20/other/%2B-%C3%B2%40", NodeUtils.urlEncodePath(specialChars));
} }
@Test @Test
...@@ -41,6 +41,11 @@ public class NodeUtilsTest { ...@@ -41,6 +41,11 @@ public class NodeUtilsTest {
public void testIllegalQuotes() { public void testIllegalQuotes() {
testIllegalChars("\"'.pdf"); testIllegalChars("\"'.pdf");
} }
@Test
public void testIllegalSlashEncoded() {
testIllegalChars("%2F.pdf");
}
private void testIllegalChars(String illegalString) { private void testIllegalChars(String illegalString) {
boolean exception = false; boolean exception = false;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment