Download
Getting Started
Members
Projects
Community
Marketplace
Events
Planet Eclipse
Newsletter
Videos
Participate
Report a Bug
Forums
Mailing Lists
Wiki
IRC
How to Contribute
Working Groups
Automotive
Internet of Things
LocationTech
Long-Term Support
PolarSys
Science
OpenMDM
More
Community
Marketplace
Events
Planet Eclipse
Newsletter
Videos
Participate
Report a Bug
Forums
Mailing Lists
Wiki
IRC
How to Contribute
Working Groups
Automotive
Internet of Things
LocationTech
Long-Term Support
PolarSys
Science
OpenMDM
Toggle navigation
Bugzilla – Attachment 226730 Details for
Bug 395274
Equinox returns valid bundle entries for invalid paths
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
Terms of Use
|
Copyright Agent
Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read
this important communication.
[patch]
patch proposal
patch.patch (text/plain), 5.79 KB, created by
Violeta Georgieva
on 2013-02-07 15:20:24 EST
(
hide
)
Description:
patch proposal
Filename:
MIME Type:
Creator:
Violeta Georgieva
Created:
2013-02-07 15:20:24 EST
Size:
5.79 KB
patch
obsolete
>diff --git a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleResourceTests.java b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleResourceTests.java >index b97c1a0..beeeea8 100644 >--- a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleResourceTests.java >+++ b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleResourceTests.java >@@ -65,6 +65,18 @@ public class BundleResourceTests extends CoreTest { > assertNotNull("Did not find resource!", paths); > } > >+ public void testBug395274() throws Exception { >+ Bundle bundle = installer.installBundle("test"); //$NON-NLS-1$ >+ URL path = bundle.getEntry("META-INF./MANIFEST.MF"); >+ assertNull("found resource!", path); >+ path = bundle.getEntry("META-INF/MANIFEST.MF"); >+ assertNotNull("Did not find resource!", path); >+ path = bundle.getEntry("folder/file1.TXT"); >+ assertNull("found resource!", path); >+ path = bundle.getEntry("folder/file1.txt"); >+ assertNotNull("Did not find resource!", path); >+ } >+ > public void testBug328795() throws BundleException { > Bundle bundle = installer.installBundle("test"); //$NON-NLS-1$ > checkEntries(bundle, "notFound\\", 0); // this results in invalid syntax exception which is logged because of trailing escape >@@ -97,6 +109,10 @@ public class BundleResourceTests extends CoreTest { > checkEntries(bundle, "*(*", 2); > checkEntries(bundle, "*\\)*", 2); > checkEntries(bundle, "*\\(*", 2); >+ checkEntries(bundle, "/./file1.txt", 1); >+ checkEntries(bundle, "//file1.txt", 1); >+ checkEntries(bundle, "/", 1); >+ checkEntries(bundle, "/.", 1); > } > > public void testBug338081() throws BundleException { >diff --git a/bundles/org.eclipse.osgi/defaultAdaptor/src/org/eclipse/osgi/baseadaptor/bundlefile/DirBundleFile.java b/bundles/org.eclipse.osgi/defaultAdaptor/src/org/eclipse/osgi/baseadaptor/bundlefile/DirBundleFile.java >index 64c3f71..23d2b0c 100644 >--- a/bundles/org.eclipse.osgi/defaultAdaptor/src/org/eclipse/osgi/baseadaptor/bundlefile/DirBundleFile.java >+++ b/bundles/org.eclipse.osgi/defaultAdaptor/src/org/eclipse/osgi/baseadaptor/bundlefile/DirBundleFile.java >@@ -24,6 +24,10 @@ import org.eclipse.osgi.util.NLS; > */ > public class DirBundleFile extends BundleFile { > >+ private static final String POINTER_SAME_DIRECTORY_1 = "/.";//$NON-NLS-1$ >+ private static final String POINTER_SAME_DIRECTORY_2 = "//";//$NON-NLS-1$ >+ private static final String POINTER_UPPER_DIRECTORY = "..";//$NON-NLS-1$ >+ > /** > * Constructs a DirBundleFile > * @param basefile the base file >@@ -37,15 +41,39 @@ public class DirBundleFile extends BundleFile { > } > > public File getFile(String path, boolean nativeCode) { >- boolean checkInBundle = path != null && path.indexOf("..") >= 0; //$NON-NLS-1$ > File file = new File(basefile, path); > if (!BundleFile.secureAction.exists(file)) { > return null; > } >+ boolean checkInBundle = false; >+ boolean normalize = false; >+ if (path != null) { >+ checkInBundle = path.indexOf(POINTER_UPPER_DIRECTORY) >= 0; >+ normalize = checkInBundle || path.indexOf(POINTER_SAME_DIRECTORY_1) >= 0 || path.indexOf(POINTER_SAME_DIRECTORY_2) >= 0; >+ } >+ File canonicalFile; >+ try { >+ canonicalFile = BundleFile.secureAction.getCanonicalFile(file); >+ File absoluteFile = BundleFile.secureAction.getAbsoluteFile(file); >+ String canonicalPath; >+ String absolutePath; >+ if (normalize) { >+ canonicalPath = canonicalFile.toURI().getPath(); >+ absolutePath = absoluteFile.toURI().normalize().getPath(); >+ } else { >+ canonicalPath = canonicalFile.getPath(); >+ absolutePath = absoluteFile.getPath(); >+ } >+ if (!canonicalPath.equals(absolutePath)) { >+ return null; >+ } >+ } catch (IOException e) { >+ return null; >+ } > // must do an extra check to make sure file is within the bundle (bug 320546) > if (checkInBundle) { > try { >- if (!BundleFile.secureAction.getCanonicalPath(file).startsWith(BundleFile.secureAction.getCanonicalPath(basefile))) >+ if (!canonicalFile.getPath().startsWith(BundleFile.secureAction.getCanonicalPath(basefile))) > return null; > } catch (IOException e) { > return null; >diff --git a/bundles/org.eclipse.osgi/supplement/src/org/eclipse/osgi/framework/util/SecureAction.java b/bundles/org.eclipse.osgi/supplement/src/org/eclipse/osgi/framework/util/SecureAction.java >index 2e654b1..2ff8a2c 100644 >--- a/bundles/org.eclipse.osgi/supplement/src/org/eclipse/osgi/framework/util/SecureAction.java >+++ b/bundles/org.eclipse.osgi/supplement/src/org/eclipse/osgi/framework/util/SecureAction.java >@@ -198,6 +198,44 @@ public class SecureAction { > } > > /** >+ * Returns the absolute file. Same as calling >+ * file.getAbsoluteFile(). >+ * @param file a file object >+ * @return the absolute file. >+ */ >+ public File getAbsoluteFile(final File file) { >+ if (System.getSecurityManager() == null) >+ return file.getAbsoluteFile(); >+ return AccessController.doPrivileged(new PrivilegedAction<File>() { >+ public File run() { >+ return file.getAbsoluteFile(); >+ } >+ }, controlContext); >+ } >+ >+ /** >+ * Returns the canonical file. Same as calling >+ * file.getCanonicalFile(). >+ * @param file a file object >+ * @return the canonical file. >+ */ >+ public File getCanonicalFile(final File file) throws IOException { >+ if (System.getSecurityManager() == null) >+ return file.getCanonicalFile(); >+ try { >+ return AccessController.doPrivileged(new PrivilegedExceptionAction<File>() { >+ public File run() throws IOException { >+ return file.getCanonicalFile(); >+ } >+ }, controlContext); >+ } catch (PrivilegedActionException e) { >+ if (e.getException() instanceof IOException) >+ throw (IOException) e.getException(); >+ throw (RuntimeException) e.getException(); >+ } >+ } >+ >+ /** > * Returns true if a file exists, otherwise false is returned. Same as calling > * file.exists(). > * @param file a file object
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=226730">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 395274
:
224051
|
226730
|
229125
|
229500
|
229529
|
229550
