Attachment #229125 for bug #395274

Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Lines 65-70 public class BundleResourceTests extends CoreTest { Link Here

(-)a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/bundles/BundleResourceTests.java (+16 lines)
65	assertNotNull("Did not find resource!", paths);	65	assertNotNull("Did not find resource!", paths);
66	}	66	}
67		67
		68	public void testBug395274() throws Exception {
		69	Bundle bundle = installer.installBundle("test"); //$NON-NLS-1$
		70	URL path = bundle.getEntry("META-INF./MANIFEST.MF");
		71	assertNull("found resource!", path);
		72	path = bundle.getEntry("META-INF/MANIFEST.MF");
		73	assertNotNull("Did not find resource!", path);
		74	path = bundle.getEntry("folder/file1.TXT");
		75	assertNull("found resource!", path);
		76	path = bundle.getEntry("folder/file1.txt");
		77	assertNotNull("Did not find resource!", path);
		78	}
		79
68	public void testBug328795() throws BundleException {	80	public void testBug328795() throws BundleException {
69	Bundle bundle = installer.installBundle("test"); //$NON-NLS-1$	81	Bundle bundle = installer.installBundle("test"); //$NON-NLS-1$
70	checkEntries(bundle, "notFound\\", 0); // this results in invalid syntax exception which is logged because of trailing escape	82	checkEntries(bundle, "notFound\\", 0); // this results in invalid syntax exception which is logged because of trailing escape
Lines 97-102 public class BundleResourceTests extends CoreTest { Link Here
97	checkEntries(bundle, "(", 2);	109	checkEntries(bundle, "(", 2);
98	checkEntries(bundle, "\\)", 2);	110	checkEntries(bundle, "\\)", 2);
99	checkEntries(bundle, "\\(", 2);	111	checkEntries(bundle, "\\(", 2);
		112	checkEntries(bundle, "/./file1.txt", 1);
		113	checkEntries(bundle, "//file1.txt", 1);
		114	checkEntries(bundle, "/", 1);
		115	checkEntries(bundle, "/.", 1);
100	}	116	}
101		117
102	public void testBug338081() throws BundleException {	118	public void testBug338081() throws BundleException {

Lines 24-29 import org.eclipse.osgi.util.NLS; Link Here

(-)a/bundles/org.eclipse.osgi/defaultAdaptor/src/org/eclipse/osgi/baseadaptor/bundlefile/DirBundleFile.java (-7 / +40 lines)
24	*/	24	*/
25	public class DirBundleFile extends BundleFile {	25	public class DirBundleFile extends BundleFile {
26		26
		27	private static final String POINTER_SAME_DIRECTORY_1 = "/.";//$NON-NLS-1$
		28	private static final String POINTER_SAME_DIRECTORY_2 = "//";//$NON-NLS-1$
		29	private static final String POINTER_UPPER_DIRECTORY = "..";//$NON-NLS-1$
		30
		31	private String baseFileCanonicalPath;
		32
27	/**	33	/**
28	* Constructs a DirBundleFile	34	* Constructs a DirBundleFile
29	* @param basefile the base file	35	* @param basefile the base file
Lines 34-55 public class DirBundleFile extends BundleFile { Link Here
34	if (!BundleFile.secureAction.exists(basefile) \|\| !BundleFile.secureAction.isDirectory(basefile)) {	40	if (!BundleFile.secureAction.exists(basefile) \|\| !BundleFile.secureAction.isDirectory(basefile)) {
35	throw new IOException(NLS.bind(AdaptorMsg.ADAPTOR_DIRECTORY_EXCEPTION, basefile));	41	throw new IOException(NLS.bind(AdaptorMsg.ADAPTOR_DIRECTORY_EXCEPTION, basefile));
36	}	42	}
		43	this.baseFileCanonicalPath = BundleFile.secureAction.getCanonicalPath(basefile);
37	}	44	}
38		45
39	public File getFile(String path, boolean nativeCode) {	46	public File getFile(String path, boolean nativeCode) {
40	boolean checkInBundle = path != null && path.indexOf("..") >= 0; //$NON-NLS-1$	47	File file = new File(baseFileCanonicalPath, path);
41	File file = new File(basefile, path);
42	if (!BundleFile.secureAction.exists(file)) {	48	if (!BundleFile.secureAction.exists(file)) {
43	return null;	49	return null;
44	}	50	}
		51	boolean checkInBundle = false;
		52	boolean normalize = false;
		53	boolean isBundleRoot = false;
		54	if (path != null) {
		55	isBundleRoot = path.equals("/");//$NON-NLS-1$
		56	if (!isBundleRoot) {
		57	checkInBundle = path.indexOf(POINTER_UPPER_DIRECTORY) >= 0;
		58	normalize = checkInBundle \|\| path.indexOf(POINTER_SAME_DIRECTORY_1) >= 0 \|\| path.indexOf(POINTER_SAME_DIRECTORY_2) >= 0;
		59	}
		60	}
		61	File canonicalFile;
		62	try {
		63	canonicalFile = BundleFile.secureAction.getCanonicalFile(file);
		64	if (!isBundleRoot) {
		65	File absoluteFile = BundleFile.secureAction.getAbsoluteFile(file);
		66	String canonicalPath;
		67	String absolutePath;
		68	if (normalize) {
		69	canonicalPath = canonicalFile.toURI().getPath();
		70	absolutePath = absoluteFile.toURI().normalize().getPath();
		71	} else {
		72	canonicalPath = canonicalFile.getPath();
		73	absolutePath = absoluteFile.getPath();
		74	}
		75	if (!canonicalPath.equals(absolutePath)) {
		76	return null;
		77	}
		78	}
		79	} catch (IOException e) {
		80	return null;
		81	}
45	// must do an extra check to make sure file is within the bundle (bug 320546)	82	// must do an extra check to make sure file is within the bundle (bug 320546)
46	if (checkInBundle) {	83	if (checkInBundle) {
47	try {	84	if (!canonicalFile.getPath().startsWith(baseFileCanonicalPath))
48	if (!BundleFile.secureAction.getCanonicalPath(file).startsWith(BundleFile.secureAction.getCanonicalPath(basefile)))
49	return null;
50	} catch (IOException e) {
51	return null;	85	return null;
52	}
53	}	86	}
54	return file;	87	return file;
55	}	88	}




	}

	/**
	 * Returns the absolute file.  Same as calling
	 * file.getAbsoluteFile().
	 * @param file a file object
	 * @return the absolute file.
	 */
	public File getAbsoluteFile(final File file) {
		if (System.getSecurityManager() == null)
			return file.getAbsoluteFile();
		return AccessController.doPrivileged(new PrivilegedAction<File>() {
			public File run() {
				return file.getAbsoluteFile();
			}
		}, controlContext);
	}

	/**
	 * Returns the canonical file.  Same as calling
	 * file.getCanonicalFile().
	 * @param file a file object
	 * @return the canonical file.
	 */
	public File getCanonicalFile(final File file) throws IOException {
		if (System.getSecurityManager() == null)
			return file.getCanonicalFile();
		try {
			return AccessController.doPrivileged(new PrivilegedExceptionAction<File>() {
				public File run() throws IOException {
					return file.getCanonicalFile();
				}
			}, controlContext);
		} catch (PrivilegedActionException e) {
			if (e.getException() instanceof IOException)
				throw (IOException) e.getException();
			throw (RuntimeException) e.getException();
		}
	}

	/**
	 * Returns true if a file exists, otherwise false is returned.  Same as calling
	 * file.exists().
	 * @param file a file object

Return to bug 395274

Lines 198-203 public class SecureAction { Link Here

(-)a/bundles/org.eclipse.osgi/supplement/src/org/eclipse/osgi/framework/util/SecureAction.java (+38 lines)
198	}	198	}
199		199
200	/**	200	/**
		201	* Returns the absolute file. Same as calling
		202	* file.getAbsoluteFile().
		203	* @param file a file object
		204	* @return the absolute file.
		205	*/
		206	public File getAbsoluteFile(final File file) {
		207	if (System.getSecurityManager() == null)
		208	return file.getAbsoluteFile();
		209	return AccessController.doPrivileged(new PrivilegedAction<File>() {
		210	public File run() {
		211	return file.getAbsoluteFile();
		212	}
		213	}, controlContext);
		214	}
		215
		216	/**
		217	* Returns the canonical file. Same as calling
		218	* file.getCanonicalFile().
		219	* @param file a file object
		220	* @return the canonical file.
		221	*/
		222	public File getCanonicalFile(final File file) throws IOException {
		223	if (System.getSecurityManager() == null)
		224	return file.getCanonicalFile();
		225	try {
		226	return AccessController.doPrivileged(new PrivilegedExceptionAction<File>() {
		227	public File run() throws IOException {
		228	return file.getCanonicalFile();
		229	}
		230	}, controlContext);
		231	} catch (PrivilegedActionException e) {
		232	if (e.getException() instanceof IOException)
		233	throw (IOException) e.getException();
		234	throw (RuntimeException) e.getException();
		235	}
		236	}
		237
		238	/**
201	* Returns true if a file exists, otherwise false is returned. Same as calling	239	* Returns true if a file exists, otherwise false is returned. Same as calling
202	* file.exists().	240	* file.exists().
203	* @param file a file object	241	* @param file a file object