From efb43da46a6db4688b610387a596eef49e2f73e5 Mon Sep 17 00:00:00 2001 From: Jacques Le Roux Date: Thu, 24 Oct 2024 16:54:21 +0200 Subject: [PATCH] Improved: Rename 2 UtilValidate class methods for clarity (OFBIZ-13160) Daniel Watford proposed to rename and better describe the 2 UtilValidate class methods: isUrl and urlInString. I respectively suggested isUrlInString and isUrlInStringAndDoesNotStartByComponentProtocol. Daniel also provided an UtilValidateTests class. Thanks: Daniel --- .../apache/ofbiz/base/util/GroovyUtil.java | 2 +- .../apache/ofbiz/base/util/ScriptUtil.java | 4 +- .../org/apache/ofbiz/base/util/UtilHttp.java | 2 +- .../apache/ofbiz/base/util/UtilValidate.java | 12 ++--- .../ofbiz/base/util/UtilValidateTests.java | 46 +++++++++++++++++++ .../ofbiz/webapp/control/ControlFilter.java | 2 +- .../ofbiz/webtools/WebToolsServices.java | 2 +- .../ofbiz/widget/model/ScreenFactory.java | 2 +- 8 files changed, 59 insertions(+), 13 deletions(-) create mode 100644 framework/base/src/test/java/org/apache/ofbiz/base/util/UtilValidateTests.java diff --git a/framework/base/src/main/java/org/apache/ofbiz/base/util/GroovyUtil.java b/framework/base/src/main/java/org/apache/ofbiz/base/util/GroovyUtil.java index c2f8ed32e0a..457d36c17ec 100644 --- a/framework/base/src/main/java/org/apache/ofbiz/base/util/GroovyUtil.java +++ b/framework/base/src/main/java/org/apache/ofbiz/base/util/GroovyUtil.java @@ -142,7 +142,7 @@ public static Class getScriptClassFromLocation(String location) throws Genera Class scriptClass = PARSED_SCRIPTS.get(location); if (scriptClass == null) { URL scriptUrl = FlexibleLocation.resolveLocation(location); - if (scriptUrl == null || UtilValidate.urlInString(scriptUrl.toString())) { + if (scriptUrl == null || UtilValidate.isUrlInStringAndDoesNotStartByComponentProtocol(scriptUrl.toString())) { throw new GeneralException("Script not found at location [" + location + "]"); } scriptClass = parseClass(scriptUrl.openStream(), location); diff --git a/framework/base/src/main/java/org/apache/ofbiz/base/util/ScriptUtil.java b/framework/base/src/main/java/org/apache/ofbiz/base/util/ScriptUtil.java index cb673e0c306..b5cf491c5c1 100644 --- a/framework/base/src/main/java/org/apache/ofbiz/base/util/ScriptUtil.java +++ b/framework/base/src/main/java/org/apache/ofbiz/base/util/ScriptUtil.java @@ -125,7 +125,7 @@ private static CompiledScript compileScriptFile(String filePath) throws ScriptEx try { Compilable compilableEngine = (Compilable) engine; URL scriptUrl = FlexibleLocation.resolveLocation(filePath); - if (scriptUrl == null || UtilValidate.urlInString(scriptUrl.toString())) { + if (scriptUrl == null || UtilValidate.isUrlInStringAndDoesNotStartByComponentProtocol(scriptUrl.toString())) { throw new ScriptException("Script not found at location [" + filePath + "]"); } BufferedReader reader = new BufferedReader(new InputStreamReader(scriptUrl.openStream(), StandardCharsets.UTF_8)); @@ -357,7 +357,7 @@ public static Object executeScript(String filePath, String functionName, ScriptC } engine.setContext(scriptContext); URL scriptUrl = FlexibleLocation.resolveLocation(filePath); - if (scriptUrl == null || UtilValidate.urlInString(scriptUrl.toString())) { + if (scriptUrl == null || UtilValidate.isUrlInStringAndDoesNotStartByComponentProtocol(scriptUrl.toString())) { throw new ScriptException("Script not found at location [" + filePath + "]"); } try ( diff --git a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java index eb8515e2d1a..f9032237fd3 100644 --- a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java +++ b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java @@ -414,7 +414,7 @@ public static Map canonicalizeParameterMap(Map p // if the string contains only an URL beginning by http or ftp => no change to keep special chars if (UtilValidate.isValidUrl(s) && (s.indexOf("://") == 4 || s.indexOf("://") == 3)) { params = params + s + " "; - } else if (UtilValidate.isUrl(s) && !s.isEmpty()) { + } else if (UtilValidate.isUrlInString(s) && !s.isEmpty()) { // if the string contains not only an URL => concatenate possible canonicalized before and after, w/o changing the URL String url = extractUrls(s).get(0); // There should be only 1 URL in a block, makes no sense else int start = s.indexOf(url); diff --git a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilValidate.java b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilValidate.java index 9dd3735b6bb..3be7d81ba22 100644 --- a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilValidate.java +++ b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilValidate.java @@ -621,11 +621,11 @@ public static boolean isEmailList(String s) { } /** - * isUrl returns true if the string contains :// + * isUrlInString returns true if the string is empty or contains :// * @param s String to validate Note: this does not handle "component://" specific to OFBiz - * @return true if s contains :// + * @return true if s is empty or contains :// */ - public static boolean isUrl(String s) { + public static boolean isUrlInString(String s) { if (isEmpty(s)) { return DEFAULT_EMPTY_OK; } @@ -633,11 +633,11 @@ public static boolean isUrl(String s) { } /** - * urlInString returns true if the string contains :// and does not start with "component://" + * isUrlInStringAndDoesNotStartByComponentProtocol returns true if the string is non-empty, contains :// but does not start with "component://" * @param s String to validate - * @return true if s contains :// and does not start with "component://" + * @return true if s is non-empty, contains :// and does not start with "component://" */ - public static boolean urlInString(String s) { + public static boolean isUrlInStringAndDoesNotStartByComponentProtocol(String s) { if (isEmpty(s) || s.startsWith("component://")) { return false; } diff --git a/framework/base/src/test/java/org/apache/ofbiz/base/util/UtilValidateTests.java b/framework/base/src/test/java/org/apache/ofbiz/base/util/UtilValidateTests.java new file mode 100644 index 00000000000..dca3a6e38c2 --- /dev/null +++ b/framework/base/src/test/java/org/apache/ofbiz/base/util/UtilValidateTests.java @@ -0,0 +1,46 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ofbiz.base.util; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +import org.junit.Test; + +public class UtilValidateTests { + + @Test + public void testUrlValidations() throws Exception { + assertFalse(UtilValidate.isUrlInStringAndDoesNotStartByComponentProtocol("")); + assertFalse(UtilValidate.isUrlInStringAndDoesNotStartByComponentProtocol("non-url-string")); + assertFalse(UtilValidate.isUrlInStringAndDoesNotStartByComponentProtocol("component://foo/bar")); + assertTrue(UtilValidate.isUrlInStringAndDoesNotStartByComponentProtocol(" component://foo/bar")); + assertTrue(UtilValidate.isUrlInStringAndDoesNotStartByComponentProtocol("http://foo/bar")); + assertTrue(UtilValidate.isUrlInStringAndDoesNotStartByComponentProtocol("https://foo/bar")); + assertFalse(UtilValidate.isUrlInStringAndDoesNotStartByComponentProtocol("component://foo/bar?param=http://moo/far")); + + assertTrue(UtilValidate.isUrlInString("")); + assertFalse(UtilValidate.isUrlInString("non-url-string")); + assertTrue(UtilValidate.isUrlInString("component://foo/bar")); + assertTrue(UtilValidate.isUrlInString(" component://foo/bar")); + assertTrue(UtilValidate.isUrlInString("http://foo/bar")); + assertTrue(UtilValidate.isUrlInString("https://foo/bar")); + assertTrue(UtilValidate.isUrlInString("component://foo/bar?param=http://moo/far")); + } +} diff --git a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java index b696cd6367e..7a7511271f8 100644 --- a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java +++ b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java @@ -171,7 +171,7 @@ public void doFilter(HttpServletRequest req, HttpServletResponse resp, FilterCha if (queryString != null) { queryString = URLDecoder.decode(queryString, "UTF-8"); // wt=javabin allows Solr tests, see https://cwiki.apache.org/confluence/display/solr/javabin - if (UtilValidate.isUrl(queryString) + if (UtilValidate.isUrlInString(queryString) || !SecuredUpload.isValidText(queryString, Collections.emptyList()) && !(queryString.contains("JavaScriptEnabled=Y") || queryString.contains("wt=javabin"))) { diff --git a/framework/webtools/src/main/java/org/apache/ofbiz/webtools/WebToolsServices.java b/framework/webtools/src/main/java/org/apache/ofbiz/webtools/WebToolsServices.java index 77c8425059e..aa00b03bba9 100644 --- a/framework/webtools/src/main/java/org/apache/ofbiz/webtools/WebToolsServices.java +++ b/framework/webtools/src/main/java/org/apache/ofbiz/webtools/WebToolsServices.java @@ -147,7 +147,7 @@ public static Map entityImport(DispatchContext dctx, Map getScreensFromLocation(String resourceNam long startTime = System.currentTimeMillis(); URL screenFileUrl = null; screenFileUrl = FlexibleLocation.resolveLocation(resourceName); - if (screenFileUrl == null || UtilValidate.urlInString(screenFileUrl.toString())) { + if (screenFileUrl == null || UtilValidate.isUrlInStringAndDoesNotStartByComponentProtocol(screenFileUrl.toString())) { throw new IllegalArgumentException("Could not resolve location to URL: " + resourceName); } Document screenFileDoc = UtilXml.readXmlDocument(screenFileUrl, true, true);